Re: [LKP] [bpf] 3ea693a925: BUG:unable_to_handle_kernel

[Ye Xiaolong]

On 10/25, Ye Xiaolong wrote:
>On 10/25, Michael S. Tsirkin wrote:
>>On Thu, Oct 26, 2017 at 12:53:23AM +0800, kernel test robot wrote:
>>> FYI, we noticed the following commit (built with gcc-6):
>>> 
>>> commit: 3ea693a925e14c1fc54c7d8bebe6f9fd9441b47d ("bpf: introduce new bpf 
>>> cpu map type BPF_MAP_TYPE_CPUMAP")
>>> url: 
>>> https://github.com/0day-ci/linux/commits/Jesper-Dangaard-Brouer/New-bpf-cpumap-type-for-XDP_REDIRECT/20171006-024959
>>> 
>>> 
>>> in testcase: syzkaller
>>> with following parameters:
>>> 
>>>     runtime: 10
>>>     repro_program: repro-68782ef7
>>> 
>>> 
>>> 
>>> on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G
>>> 
>>> caused below changes (please refer to attached dmesg/kmsg for entire 
>>> log/backtrace):
>>> 
>>> 
>>> +------------------------------------------+------------+------------+
>>> |                                          | 14a0d032f4 | 3ea693a925 |
>>> +------------------------------------------+------------+------------+
>>> | boot_successes                           | 8          | 4          |
>>> | boot_failures                            | 0          | 3          |
>>> | BUG:unable_to_handle_kernel              | 0          | 3          |
>>> | Oops:#[##]                               | 0          | 3          |
>>> | Kernel_panic-not_syncing:Fatal_exception | 0          | 3          |
>>> +------------------------------------------+------------+------------+
>>> 
>>> 
>>> 
>>> [   55.527578] BUG: unable to handle kernel paging request at 
>>> ffffffff871ae788
>>> [   55.527597] IP: cpu_map_update_elem+0x4d/0x2e0
>>> [   55.527600] PGD 4e26067 P4D 4e26067 PUD 4e27063 PMD 0 
>>> [   55.527610] Oops: 0000 [#1] SMP KASAN
>>> [   55.527613] Modules linked in:
>>> [   55.527622] CPU: 0 PID: 6619 Comm: repro-68782ef7 Not tainted 
>>> 4.14.0-rc1-00610-g3ea693a #1
>>> [   55.527625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
>>> 1.10.2-1 04/01/2014
>>> [   55.527629] task: ffff8800ae0d48c0 task.stack: ffff8800af840000
>>> [   55.527636] RIP: 0010:cpu_map_update_elem+0x4d/0x2e0
>>> [   55.527638] RSP: 0018:ffff8800af847d50 EFLAGS: 00010246
>>> [   55.527643] RAX: 000000000e601b02 RBX: ffff880118909c18 RCX: 
>>> 0000000000000002
>>> [   55.527647] RDX: 0000000000000000 RSI: ffff880118909c18 RDI: 
>>> ffff88007ed5e300
>>> [   55.527650] RBP: ffff8800af847d78 R08: ffffed0023121386 R09: 
>>> ffffed0023121386
>>> [   55.527653] R10: 0000000000000003 R11: ffffed0023121387 R12: 
>>> ffff88007ed5e300
>>> [   55.527656] R13: ffff880118909c30 R14: 0000000000000002 R15: 
>>> 000000000e601b02
>>> [   55.527660] FS:  00007f8f76205800(0000) GS:ffff88011ac00000(0000) 
>>> knlGS:0000000000000000
>>> [   55.527663] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [   55.527666] CR2: ffffffff871ae788 CR3: 00000000af118000 CR4: 
>>> 00000000000006f0
>>> [   55.527673] Call Trace:
>>> [   55.527682]  SyS_bpf+0x2977/0x3600
>>> [   55.527690]  ? bpf_prog_get+0x20/0x20
>>> [   55.527700]  ? lock_downgrade+0x650/0x650
>>> [   55.527708]  ? vmacache_find+0x59/0x260
>>> [   55.527716]  ? up_read+0x1a/0x40
>>> [   55.527724]  ? __do_page_fault+0x350/0xae0
>>> [   55.527735]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
>>> [   55.527743]  ? trace_hardirqs_on_thunk+0x1a/0x1c
>>> [   55.527753]  entry_SYSCALL_64_fastpath+0x1f/0xbe
>>> [   55.527758] RIP: 0033:0x7f8f75d2cd49
>>> [   55.527760] RSP: 002b:00007fffed5cc7d8 EFLAGS: 00000216 ORIG_RAX: 
>>> 0000000000000141
>>> [   55.527765] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 
>>> 00007f8f75d2cd49
>>> [   55.527768] RDX: 0000000000000020 RSI: 00000000202ebfe0 RDI: 
>>> 0000000000000002
>>> [   55.527771] RBP: 0000000000000046 R08: 0000000000000000 R09: 
>>> 0000000000000000
>>> [   55.527774] R10: 0000000000000000 R11: 0000000000000216 R12: 
>>> 0000000000400a70
>>> [   55.527777] R13: 00007fffed5cc980 R14: 0000000000000000 R15: 
>>> 0000000000000000
>>> [   55.527786] Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 48 
>>> 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 54 02 00 00 8b 03 49 89 c7 
>>> <48> 0f a3 05 f3 0d fa 03 0f 83 6f 02 00 00 e8 c0 64 f2 ff 49 83 
>>> [   55.527870] RIP: cpu_map_update_elem+0x4d/0x2e0 RSP: ffff8800af847d50
>>> [   55.527872] CR2: ffffffff871ae788
>>> [   55.527881] ---[ end trace 1f2b13c8215f4b2c ]---
>>> 
>>> 
>>> To reproduce:
>>> 
>>>         git clone https://github.com/intel/lkp-tests.git
>>>         cd lkp-tests
>>>         bin/lkp qemu -k <bzImage> job-script  # job-script is attached in 
>>> this email
>>> 
>>> 
>>> 
>>> Thanks,
>>> lkp
>>
>>That commit has a different hash in net-next:
>>
>>commit 6710e1126934d8b4372b4d2f9ae1646cd3f151bf
>>Author: Jesper Dangaard Brouer <bro...@redhat.com>
>>Date:   Mon Oct 16 12:19:28 2017 +0200
>>
>>    bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP
>>
>>Is this from a private tree?
>
>This patch was captured from netdev mailing list by 0day bot and applied to
>0day's private tree, it should be the v4 I think according to its changelog.
>I'll queue tests for 6710e1126934d8b4372b4d2f9ae1646cd3f151bf to see whether
>this bug persists.

Test result shows the bug is gone for commit 
6710e1126934d8b4372b4d2f9ae1646cd3f151bf.

Thanks,
Xiaolong
>
>Thanks,
>Xiaolong
>
>>
>>-- 
>>MST
>>_______________________________________________
>>LKP mailing list
>>l...@lists.01.org
>>https://lists.01.org/mailman/listinfo/lkp
>_______________________________________________
>LKP mailing list
>l...@lists.01.org
>https://lists.01.org/mailman/listinfo/lkp