From: John Fastabend <john.fastabend@gmail.com>
To: "Björn Töpel" <bjorn@kernel.org>,
"Levi Zim" <rsworktech@outlook.com>,
"Cong Wang" <xiyou.wangcong@gmail.com>,
"John Fastabend" <john.fastabend@gmail.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
David Ahern <dsahern@kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 0/2] Fix NPE discovered by running bpf kselftest
Date: Thu, 19 Dec 2024 23:56:12 -0800 [thread overview]
Message-ID: <6765231ce87bd_4e17208be@john.notmuch> (raw)
In-Reply-To: <87msgs9gmp.fsf@all.your.base.are.belong.to.us>
Björn Töpel wrote:
> Björn Töpel <bjorn@kernel.org> writes:
>
> > Levi Zim <rsworktech@outlook.com> writes:
> >
> >> On 2024-12-04 09:01, Cong Wang wrote:
> >>> On Sun, Dec 01, 2024 at 09:42:08AM +0800, Levi Zim wrote:
> >>>> On 2024-11-30 21:38, Levi Zim via B4 Relay wrote:
> >>>>> I found that bpf kselftest sockhash::test_txmsg_cork_hangs in
> >>>>> test_sockmap.c triggers a kernel NULL pointer dereference:
> >>> Interesting, I also ran this test recently and I didn't see such a
> >>> crash.
> >>
> >> I am also curious about why other people or the CI didn't hit such crash.
> >
> > FWIW, I'm hitting it on RISC-V:
> >
> > | Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000008
> > | Oops [#1]
> > | Modules linked in: sch_fq_codel drm fuse drm_panel_orientation_quirks backlight
> > | CPU: 7 UID: 0 PID: 732 Comm: test_sockmap Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #1
> > | Hardware name: riscv-virtio qemu/qemu, BIOS 2025.01-rc3-00042-gacab6e78aca7 01/01/2025
> > | epc : splice_to_socket+0x376/0x49a
> > | ra : splice_to_socket+0x37c/0x49a
> > | epc : ffffffff803d9ffc ra : ffffffff803da002 sp : ff20000001c3b8b0
> > | gp : ffffffff827aefa8 tp : ff60000083450040 t0 : ff6000008a12d001
> > | t1 : 0000100100001001 t2 : 0000000000000000 s0 : ff20000001c3bae0
> > | s1 : ffffffffffffefff a0 : ff6000008245e200 a1 : ff60000087dd0450
> > | a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
> > | a5 : 0000000000000000 a6 : ff20000001c3b450 a7 : ff6000008a12c004
> > | s2 : 000000000000000f s3 : ff6000008245e2d0 s4 : ff6000008245e280
> > | s5 : 0000000000000000 s6 : 0000000000000002 s7 : 0000000000001001
> > | s8 : 0000000000003001 s9 : 0000000000000002 s10: 0000000000000002
> > | s11: ff6000008245e200 t3 : ffffffff8001e78c t4 : 0000000000000000
> > | t5 : 0000000000000000 t6 : ff6000008869f230
> > | status: 0000000200000120 badaddr: 0000000000000008 cause: 000000000000000d
> > | [<ffffffff803d9ffc>] splice_to_socket+0x376/0x49a
> > | [<ffffffff803d8bc0>] direct_splice_actor+0x44/0x216
> > | [<ffffffff803d8532>] splice_direct_to_actor+0xb6/0x1e8
> > | [<ffffffff803d8780>] do_splice_direct+0x70/0xa2
> > | [<ffffffff80392e40>] do_sendfile+0x26e/0x2d4
> > | [<ffffffff803939d4>] __riscv_sys_sendfile64+0xf2/0x10e
> > | [<ffffffff80fdfb64>] do_trap_ecall_u+0x1f8/0x26c
> > | [<ffffffff80fedaee>] _new_vmalloc_restore_context_a0+0xc6/0xd2
> > | Code: c5d8 9e35 c590 8bb3 40db eb01 6998 b823 0005 856e (6718) 2d05
> > | ---[ end trace 0000000000000000 ]---
> > | Kernel panic - not syncing: Fatal exception
> > | SMP: stopping secondary CPUs
> > | ---[ end Kernel panic - not syncing: Fatal exception ]---
> >
> > This is commit f44d154d6e3d ("Merge tag 'soc-fixes-6.13' of
> > git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc").
> >
> > (Yet to bisect!)
>
> Took the series for a run, and it does solve crash, but I'm getting
> additional failures:
Hi Bjorn,
Thanks! I'm guessing those tests were failing even without the patch
though right?
Thanks,
John
>
> | [TEST 298]: (512, 1, 3, sendpage, pass,pop (1,3),ktls,): socket(peer2) kTLS enabled
> | socket(client1) kTLS enabled
> | recv failed(): Invalid argument
> | rx thread exited with err 1.
> | FAILED
> | [TEST 299]: (100, 1, 5, sendpage, pass,pop (1,3),ktls,): socket(peer2) kTLS enabled
> | socket(client1) kTLS enabled
> | recv failed(): Invalid argument
> | rx thread exited with err 1.
> | FAILED
> | [TEST 300]: (2, 32, 8192, sendpage, pass,pop (4096,8192),ktls,): socket(peer2) kTLS enabled
> | socket(client1) kTLS enabled
> | recv failed(): Bad message
> | rx thread exited with err 1.
> | FAILED
> | ...
> | #42/ 9 sockhash:ktls:txmsg test pop-data:FAIL
> | ...
> | [TEST 308]: (2, 32, 8192, sendpage, pass,pop (5,21),ktls,): socket(peer2) kTLS enabled
> | socket(client1) kTLS enabled
> | recv failed(): Bad message
> | rx thread exited with err 1.
> | FAILED
> | [TEST 309]: (2, 32, 8192, sendpage, pass,pop (1,11),ktls,): socket(peer2) kTLS enabled
> | socket(client1) kTLS enabled
> | recv failed(): Bad message
> | rx thread exited with err 1.
> | FAILED
> | ...
> | #43/ 6 sockhash:ktls:txmsg test push/pop data:FAIL
>
next prev parent reply other threads:[~2024-12-20 7:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-30 13:38 [PATCH net 0/2] Fix NPE discovered by running bpf kselftest Levi Zim via B4 Relay
2024-11-30 13:38 ` Levi Zim
2024-11-30 13:38 ` [PATCH net 1/2] skmsg: return copied bytes in sk_msg_memcopy_from_iter Levi Zim via B4 Relay
2024-11-30 13:38 ` Levi Zim
2024-11-30 13:38 ` [PATCH net 2/2] tcp_bpf: fix copied value in tcp_bpf_sendmsg Levi Zim via B4 Relay
2024-11-30 13:38 ` Levi Zim
2024-12-09 7:02 ` John Fastabend
2024-12-09 11:56 ` Levi Zim
2024-12-10 6:14 ` John Fastabend
2024-12-01 1:42 ` [PATCH net 0/2] Fix NPE discovered by running bpf kselftest Levi Zim
2024-12-04 1:01 ` Cong Wang
2024-12-04 6:49 ` Levi Zim
2024-12-17 15:43 ` Björn Töpel
2024-12-19 9:17 ` Björn Töpel
2024-12-20 7:56 ` John Fastabend [this message]
2024-12-20 9:00 ` Levi Zim
2024-12-20 9:03 ` Björn Töpel
2024-12-20 16:56 ` John Fastabend
2024-12-02 23:04 ` Jakub Kicinski
2024-12-03 6:42 ` Levi Zim
2024-12-20 22:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6765231ce87bd_4e17208be@john.notmuch \
--to=john.fastabend@gmail.com \
--cc=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jakub@cloudflare.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rsworktech@outlook.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.