From: syzbot <syzbot+44c2416196b7c607f226@syzkaller.appspotmail.com>
To: kdipendra88@gmail.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_bpf
Date: Thu, 09 Nov 2023 11:43:04 -0800 [thread overview]
Message-ID: <000000000000890e560609bd69aa@google.com> (raw)
In-Reply-To: <20231109192355.108550-1-kdipendra88@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in nsim_xdp_set_prog
Unable to handle kernel paging request at virtual address dfff800000000004
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000004] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6540 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nsim_prog_set_loaded drivers/net/netdevsim/bpf.c:100 [inline]
pc : nsim_bpf_offload drivers/net/netdevsim/bpf.c:113 [inline]
pc : nsim_xdp_offload_prog drivers/net/netdevsim/bpf.c:189 [inline]
pc : nsim_xdp_set_prog+0x3f4/0x568 drivers/net/netdevsim/bpf.c:208
lr : nsim_prog_set_loaded drivers/net/netdevsim/bpf.c:99 [inline]
lr : nsim_bpf_offload drivers/net/netdevsim/bpf.c:113 [inline]
lr : nsim_xdp_offload_prog drivers/net/netdevsim/bpf.c:189 [inline]
lr : nsim_xdp_set_prog+0x3d0/0x568 drivers/net/netdevsim/bpf.c:208
sp : ffff800097047730
x29: ffff800097047730 x28: dfff800000000000 x27: 1fffe000196b819f
x26: ffff800094eee000 x25: 1ffff000129ddc07 x24: dfff800000000000
x23: 0000000000000001 x22: ffff800094eee038 x21: 0000000000000020
x20: ffff0000cb5c0d18 x19: ffff800097047820 x18: ffff800097047580
x17: ffff8000805c1258 x16: ffff80008030c738 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800094eee000 x4 : 0000000000000000 x3 : ffff80008030c754
x2 : ffff0000cb5c0d18 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
nsim_prog_set_loaded drivers/net/netdevsim/bpf.c:100 [inline]
nsim_bpf_offload drivers/net/netdevsim/bpf.c:113 [inline]
nsim_xdp_offload_prog drivers/net/netdevsim/bpf.c:189 [inline]
nsim_xdp_set_prog+0x3f4/0x568 drivers/net/netdevsim/bpf.c:208
nsim_bpf+0x5ac/0xaec
dev_xdp_install+0x124/0x2f0 net/core/dev.c:9199
dev_xdp_attach+0xa4c/0xcc8 net/core/dev.c:9351
dev_xdp_attach_link net/core/dev.c:9370 [inline]
bpf_xdp_link_attach+0x300/0x710 net/core/dev.c:9540
link_create+0x2c0/0x68c kernel/bpf/syscall.c:4954
__sys_bpf+0x4d4/0x5dc kernel/bpf/syscall.c:5414
__do_sys_bpf kernel/bpf/syscall.c:5448 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5446 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5446
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Code: 96b36ecd f94002a8 91008115 d343fea8 (38f86908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 96b36ecd bl 0xfffffffffacdbb34
4: f94002a8 ldr x8, [x21]
8: 91008115 add x21, x8, #0x20
c: d343fea8 lsr x8, x21, #3
* 10: 38f86908 ldrsb w8, [x8, x24] <-- trapping instruction
Tested on:
commit: 8de1e7af Merge branch 'for-next/core' into for-kernelci
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1097a35b680000
kernel config: https://syzkaller.appspot.com/x/.config?x=3e6feaeda5dcbc27
dashboard link: https://syzkaller.appspot.com/bug?extid=44c2416196b7c607f226
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=120c37df680000
next parent reply other threads:[~2023-11-09 19:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20231109192355.108550-1-kdipendra88@gmail.com>
2023-11-09 19:43 ` syzbot [this message]
[not found] <20231110044426.109448-1-kdipendra88@gmail.com>
2023-11-10 5:33 ` [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_bpf syzbot
2023-11-09 5:10 syzbot
2023-11-10 0:21 ` Stanislav Fomichev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000890e560609bd69aa@google.com \
--to=syzbot+44c2416196b7c607f226@syzkaller.appspotmail.com \
--cc=kdipendra88@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.