LinuxLists.cc - Re: [PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension

2022-12-02 04:35:57

Subject: Re: [PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension

Greeting,

FYI, we noticed BUG:unable_to_handle_page_fault_for_address due to commit (built with gcc-11):

commit: 55f4010ffda9ca23ffea329ab4a32173c08dfa90 ("[PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension")
url: https://github.com/intel-lab-lkp/linux/commits/Yang-Jihong/bpf-Support-kernel-function-call-in-32-bit-ARM/20221126-175041
base: https://git.kernel.org/cgit/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/all/[email protected]/
patch subject: [PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):

[ 15.084098][ T1] BUG: unable to handle page fault for address: 0000000000002800
[ 15.085808][ T1] #PF: supervisor read access in kernel mode
[ 15.087049][ T1] #PF: error_code(0x0000) - not-present page
[ 15.088246][ T1] PGD 0 P4D 0
[ 15.089034][ T1] Oops: 0000 [#1] SMP PTI
[ 15.089826][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-01174-g55f4010ffda9 #1
[ 15.091616][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 15.093546][ T1] RIP: 0010:insn_def_regno (verifier.c:?)
[ 15.094644][ T1] Code: e7 48 c7 04 24 00 00 00 00 48 c7 44 24 08 00 00 00 00 48 c7 44 24 10 00 00 00 00 48 8b 40 38 89 54 24 20 48 8b b0 d8 00 00 00 <8b> 96 00 28 00 00 e8 4a 69 38 00 80 38 00 75 8b b8 ff ff ff ff e9
All code
========
0: e7 48 out %eax,$0x48
2: c7 04 24 00 00 00 00 movl $0x0,(%rsp)
9: 48 c7 44 24 08 00 00 movq $0x0,0x8(%rsp)
10: 00 00
12: 48 c7 44 24 10 00 00 movq $0x0,0x10(%rsp)
19: 00 00
1b: 48 8b 40 38 mov 0x38(%rax),%rax
1f: 89 54 24 20 mov %edx,0x20(%rsp)
23: 48 8b b0 d8 00 00 00 mov 0xd8(%rax),%rsi
2a:* 8b 96 00 28 00 00 mov 0x2800(%rsi),%edx <-- trapping instruction
30: e8 4a 69 38 00 callq 0x38697f
35: 80 38 00 cmpb $0x0,(%rax)
38: 75 8b jne 0xffffffffffffffc5
3a: b8 ff ff ff ff mov $0xffffffff,%eax
3f: e9 .byte 0xe9

Code starting with the faulting instruction
===========================================
0: 8b 96 00 28 00 00 mov 0x2800(%rsi),%edx
6: e8 4a 69 38 00 callq 0x386955
b: 80 38 00 cmpb $0x0,(%rax)
e: 75 8b jne 0xffffffffffffff9b
10: b8 ff ff ff ff mov $0xffffffff,%eax
15: e9 .byte 0xe9
[ 15.098134][ T1] RSP: 0000:ffffc900000138c8 EFLAGS: 00010246
[ 15.099340][ T1] RAX: ffff88816567b000 RBX: ffffc90000013928 RCX: 0000000000000028
[ 15.100892][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900000138c8
[ 15.102493][ T1] RBP: 000000000000002e R08: ffffffff81221490 R09: 0000000000000038
[ 15.104099][ T1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888100b8a000
[ 15.105642][ T1] R13: 000000000000002e R14: 000000000000002e R15: 0000000000000002
[ 15.107274][ T1] FS: 0000000000000000(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000
[ 15.109060][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.110337][ T1] CR2: 0000000000002800 CR3: 0000000002c16000 CR4: 00000000000406e0
[ 15.111896][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 15.113444][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 15.114878][ T1] Call Trace:
[ 15.117928][ T1] <TASK>
[ 15.118985][ T1] opt_subreg_zext_lo32_rnd_hi32+0x17c/0x270
[ 15.120228][ T1] bpf_check (??:?)
[ 15.121087][ T1] bpf_prog_load (syscall.c:?)
[ 15.122088][ T1] ? bpf_map_update_value (syscall.c:?)
[ 15.123180][ T1] ? map_update_elem (syscall.c:?)
[ 15.124165][ T1] __sys_bpf (syscall.c:?)
[ 15.125016][ T1] bpf_sys_bpf (??:?)
[ 15.125877][ T1] bpf_prog_99a0cd861b84ee07___loader.prog+0x4bc/0x51c
[ 15.127203][ T1] kern_sys_bpf (??:?)
[ 15.128096][ T1] bpf_load_and_run+0x154/0x1ba
[ 15.129180][ T1] ? __kmalloc_node (??:?)
[ 15.130186][ T1] load_skel (bpf_preload_kern.c:?)
[ 15.131003][ T1] ? btf_vmlinux_init (bpf_preload_kern.c:?)
[ 15.131905][ T1] load (bpf_preload_kern.c:?)
[ 15.132632][ T1] do_one_initcall (??:?)
[ 15.133524][ T1] do_initcalls (main.c:?)
[ 15.134460][ T1] kernel_init_freeable (main.c:?)
[ 15.135544][ T1] ? rest_init (main.c:?)
[ 15.136437][ T1] kernel_init (main.c:?)
[ 15.137317][ T1] ret_from_fork (??:?)
[ 15.138244][ T1] </TASK>
[ 15.138892][ T1] Modules linked in:
[ 15.139733][ T1] CR2: 0000000000002800
[ 15.140542][ T1] ---[ end trace 0000000000000000 ]---

If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <[email protected]>
| Link: https://lore.kernel.org/oe-lkp/[email protected]

To reproduce:

# build kernel
cd linux
cp config-6.1.0-rc4-01174-g55f4010ffda9 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz

git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.

--
0-DAY CI Kernel Test Service
https://01.org/lkp

Attachments:

(No filename) (5.77 kB)
config-6.1.0-rc4-01174-g55f4010ffda9 (172.84 kB)
job-script (4.92 kB)
dmesg.xz (25.10 kB)
Download all attachments