From: "Björn Töpel" <bjorn@kernel.org>
To: Levi Zim <rsworktech@outlook.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
John Fastabend <john.fastabend@gmail.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>, David Ahern <dsahern@kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 0/2] Fix NPE discovered by running bpf kselftest
Date: Thu, 19 Dec 2024 10:17:02 +0100 [thread overview]
Message-ID: <87msgs9gmp.fsf@all.your.base.are.belong.to.us> (raw)
In-Reply-To: <87y10e1fij.fsf@all.your.base.are.belong.to.us>
Björn Töpel <bjorn@kernel.org> writes:
> Levi Zim <rsworktech@outlook.com> writes:
>
>> On 2024-12-04 09:01, Cong Wang wrote:
>>> On Sun, Dec 01, 2024 at 09:42:08AM +0800, Levi Zim wrote:
>>>> On 2024-11-30 21:38, Levi Zim via B4 Relay wrote:
>>>>> I found that bpf kselftest sockhash::test_txmsg_cork_hangs in
>>>>> test_sockmap.c triggers a kernel NULL pointer dereference:
>>> Interesting, I also ran this test recently and I didn't see such a
>>> crash.
>>
>> I am also curious about why other people or the CI didn't hit such crash.
>
> FWIW, I'm hitting it on RISC-V:
>
> | Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000008
> | Oops [#1]
> | Modules linked in: sch_fq_codel drm fuse drm_panel_orientation_quirks backlight
> | CPU: 7 UID: 0 PID: 732 Comm: test_sockmap Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #1
> | Hardware name: riscv-virtio qemu/qemu, BIOS 2025.01-rc3-00042-gacab6e78aca7 01/01/2025
> | epc : splice_to_socket+0x376/0x49a
> | ra : splice_to_socket+0x37c/0x49a
> | epc : ffffffff803d9ffc ra : ffffffff803da002 sp : ff20000001c3b8b0
> | gp : ffffffff827aefa8 tp : ff60000083450040 t0 : ff6000008a12d001
> | t1 : 0000100100001001 t2 : 0000000000000000 s0 : ff20000001c3bae0
> | s1 : ffffffffffffefff a0 : ff6000008245e200 a1 : ff60000087dd0450
> | a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
> | a5 : 0000000000000000 a6 : ff20000001c3b450 a7 : ff6000008a12c004
> | s2 : 000000000000000f s3 : ff6000008245e2d0 s4 : ff6000008245e280
> | s5 : 0000000000000000 s6 : 0000000000000002 s7 : 0000000000001001
> | s8 : 0000000000003001 s9 : 0000000000000002 s10: 0000000000000002
> | s11: ff6000008245e200 t3 : ffffffff8001e78c t4 : 0000000000000000
> | t5 : 0000000000000000 t6 : ff6000008869f230
> | status: 0000000200000120 badaddr: 0000000000000008 cause: 000000000000000d
> | [<ffffffff803d9ffc>] splice_to_socket+0x376/0x49a
> | [<ffffffff803d8bc0>] direct_splice_actor+0x44/0x216
> | [<ffffffff803d8532>] splice_direct_to_actor+0xb6/0x1e8
> | [<ffffffff803d8780>] do_splice_direct+0x70/0xa2
> | [<ffffffff80392e40>] do_sendfile+0x26e/0x2d4
> | [<ffffffff803939d4>] __riscv_sys_sendfile64+0xf2/0x10e
> | [<ffffffff80fdfb64>] do_trap_ecall_u+0x1f8/0x26c
> | [<ffffffff80fedaee>] _new_vmalloc_restore_context_a0+0xc6/0xd2
> | Code: c5d8 9e35 c590 8bb3 40db eb01 6998 b823 0005 856e (6718) 2d05
> | ---[ end trace 0000000000000000 ]---
> | Kernel panic - not syncing: Fatal exception
> | SMP: stopping secondary CPUs
> | ---[ end Kernel panic - not syncing: Fatal exception ]---
>
> This is commit f44d154d6e3d ("Merge tag 'soc-fixes-6.13' of
> git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc").
>
> (Yet to bisect!)
Took the series for a run, and it does solve crash, but I'm getting
additional failures:
| [TEST 298]: (512, 1, 3, sendpage, pass,pop (1,3),ktls,): socket(peer2) kTLS enabled
| socket(client1) kTLS enabled
| recv failed(): Invalid argument
| rx thread exited with err 1.
| FAILED
| [TEST 299]: (100, 1, 5, sendpage, pass,pop (1,3),ktls,): socket(peer2) kTLS enabled
| socket(client1) kTLS enabled
| recv failed(): Invalid argument
| rx thread exited with err 1.
| FAILED
| [TEST 300]: (2, 32, 8192, sendpage, pass,pop (4096,8192),ktls,): socket(peer2) kTLS enabled
| socket(client1) kTLS enabled
| recv failed(): Bad message
| rx thread exited with err 1.
| FAILED
| ...
| #42/ 9 sockhash:ktls:txmsg test pop-data:FAIL
| ...
| [TEST 308]: (2, 32, 8192, sendpage, pass,pop (5,21),ktls,): socket(peer2) kTLS enabled
| socket(client1) kTLS enabled
| recv failed(): Bad message
| rx thread exited with err 1.
| FAILED
| [TEST 309]: (2, 32, 8192, sendpage, pass,pop (1,11),ktls,): socket(peer2) kTLS enabled
| socket(client1) kTLS enabled
| recv failed(): Bad message
| rx thread exited with err 1.
| FAILED
| ...
| #43/ 6 sockhash:ktls:txmsg test push/pop data:FAIL
next prev parent reply other threads:[~2024-12-19 9:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-30 13:38 [PATCH net 0/2] Fix NPE discovered by running bpf kselftest Levi Zim via B4 Relay
2024-11-30 13:38 ` [PATCH net 1/2] skmsg: return copied bytes in sk_msg_memcopy_from_iter Levi Zim via B4 Relay
2024-11-30 13:38 ` [PATCH net 2/2] tcp_bpf: fix copied value in tcp_bpf_sendmsg Levi Zim via B4 Relay
2024-12-09 7:02 ` John Fastabend
2024-12-09 11:56 ` Levi Zim
2024-12-10 6:14 ` John Fastabend
2024-12-01 1:42 ` [PATCH net 0/2] Fix NPE discovered by running bpf kselftest Levi Zim
2024-12-04 1:01 ` Cong Wang
2024-12-04 6:49 ` Levi Zim
2024-12-17 15:43 ` Björn Töpel
2024-12-19 9:17 ` Björn Töpel [this message]
2024-12-20 7:56 ` John Fastabend
2024-12-20 9:00 ` Levi Zim
2024-12-20 9:03 ` Björn Töpel
2024-12-20 16:56 ` John Fastabend
2024-12-02 23:04 ` Jakub Kicinski
2024-12-03 6:42 ` Levi Zim
2024-12-20 22:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msgs9gmp.fsf@all.your.base.are.belong.to.us \
--to=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rsworktech@outlook.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox