Re: WARNING in bpf_int_jit_compile
On 05/26/2018 11:29 AM, syzbot wrote: > syzbot has found a reproducer for the following crash on: > > HEAD commit: 62d18ecfa641 Merge tag 'arm64-fixes' of git://git.kernel.o.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14c6bf5780 > kernel config: https://syzkaller.appspot.com/x/.config?x=982e2df1b9e60b02 > dashboard link: https://syzkaller.appspot.com/bug?extid=9e762b52dd17e616a7a5 > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=130e42b780 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+9e762b52dd17e616a...@syzkaller.appspotmail.com > > RAX: ffda RBX: 02542914 RCX: 00455a09 > RDX: 0048 RSI: 2240 RDI: 0005 > RBP: 0072bea0 R08: R09: > R10: R11: 0246 R12: 0003 > R13: 0046 R14: 006f4730 R15: 0023 > WARNING: CPU: 0 PID: 4752 at include/linux/filter.h:667 > bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] > WARNING: CPU: 0 PID: 4752 at include/linux/filter.h:667 > bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 > Kernel panic - not syncing: panic_on_warn set ... > > CPU: 0 PID: 4752 Comm: syz-executor0 Not tainted 4.17.0-rc6+ #67 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1b9/0x294 lib/dump_stack.c:113 > panic+0x22f/0x4de kernel/panic.c:184 > __warn.cold.8+0x163/0x1b3 kernel/panic.c:536 > report_bug+0x252/0x2d0 lib/bug.c:186 > fixup_bug arch/x86/kernel/traps.c:178 [inline] > do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296 > do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 > RIP: 0010:bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] Been looking into this last Friday already. What seems to happen here is that there's fault injection from inside set_memory_ro(), meaning it will eventually return an error there, and we throw a WARN_ON_ONCE() to bark that making the memory read-only didn't work out. I'd be in preference to notify the user on such issue rather than keeping completely silent about it so that there's awareness that read-only protections are not in place / guaranteed. > RIP: 0010:bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 > RSP: 0018:8801d85ff920 EFLAGS: 00010293 > RAX: 8801d78c40c0 RBX: 0046 RCX: 81445d89 > RDX: RSI: 81445d97 RDI: 0005 > RBP: 8801d85ffa40 R08: 8801d78c40c0 R09: > R10: R11: R12: c9000194e002 > R13: 8801d85ffa18 R14: fff4 R15: 0003 > bpf_prog_select_runtime+0x131/0x640 kernel/bpf/core.c:1541 > bpf_prog_load+0x16c2/0x2070 kernel/bpf/syscall.c:1333 > __do_sys_bpf kernel/bpf/syscall.c:2073 [inline] > __se_sys_bpf kernel/bpf/syscall.c:2035 [inline] > __x64_sys_bpf+0x389/0x4c0 kernel/bpf/syscall.c:2035 > do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x455a09 > RSP: 002b:7ffec3da2868 EFLAGS: 0246 ORIG_RAX: 0141 > RAX: ffda RBX: 02542914 RCX: 00455a09 > RDX: 0048 RSI: 2240 RDI: 0005 > RBP: 0072bea0 R08: R09: > R10: R11: 0246 R12: 0003 > R13: 0046 R14: 006f4730 R15: 0023 > Dumping ftrace buffer: > (ftrace buffer empty) > Kernel Offset: disabled > Rebooting in 86400 seconds.. >
Re: WARNING in bpf_int_jit_compile
syzbot has found a reproducer for the following crash on: HEAD commit:62d18ecfa641 Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14c6bf5780 kernel config: https://syzkaller.appspot.com/x/.config?x=982e2df1b9e60b02 dashboard link: https://syzkaller.appspot.com/bug?extid=9e762b52dd17e616a7a5 compiler: gcc (GCC) 8.0.1 20180413 (experimental) syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=130e42b780 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+9e762b52dd17e616a...@syzkaller.appspotmail.com RAX: ffda RBX: 02542914 RCX: 00455a09 RDX: 0048 RSI: 2240 RDI: 0005 RBP: 0072bea0 R08: R09: R10: R11: 0246 R12: 0003 R13: 0046 R14: 006f4730 R15: 0023 WARNING: CPU: 0 PID: 4752 at include/linux/filter.h:667 bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] WARNING: CPU: 0 PID: 4752 at include/linux/filter.h:667 bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 4752 Comm: syz-executor0 Not tainted 4.17.0-rc6+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 panic+0x22f/0x4de kernel/panic.c:184 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536 report_bug+0x252/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 RIP: 0010:bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] RIP: 0010:bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 RSP: 0018:8801d85ff920 EFLAGS: 00010293 RAX: 8801d78c40c0 RBX: 0046 RCX: 81445d89 RDX: RSI: 81445d97 RDI: 0005 RBP: 8801d85ffa40 R08: 8801d78c40c0 R09: R10: R11: R12: c9000194e002 R13: 8801d85ffa18 R14: fff4 R15: 0003 bpf_prog_select_runtime+0x131/0x640 kernel/bpf/core.c:1541 bpf_prog_load+0x16c2/0x2070 kernel/bpf/syscall.c:1333 __do_sys_bpf kernel/bpf/syscall.c:2073 [inline] __se_sys_bpf kernel/bpf/syscall.c:2035 [inline] __x64_sys_bpf+0x389/0x4c0 kernel/bpf/syscall.c:2035 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:7ffec3da2868 EFLAGS: 0246 ORIG_RAX: 0141 RAX: ffda RBX: 02542914 RCX: 00455a09 RDX: 0048 RSI: 2240 RDI: 0005 RBP: 0072bea0 R08: R09: R10: R11: 0246 R12: 0003 R13: 0046 R14: 006f4730 R15: 0023 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..
WARNING in bpf_int_jit_compile
Hello, syzbot found the following crash on: HEAD commit:203ec2fed17a Merge tag 'armsoc-fixes' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14f0d5a780 kernel config: https://syzkaller.appspot.com/x/.config?x=f3b4e30da84ec1ed dashboard link: https://syzkaller.appspot.com/bug?extid=9e762b52dd17e616a7a5 compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+9e762b52dd17e616a...@syzkaller.appspotmail.com RAX: ffda RBX: 7f9da107d6d4 RCX: 00455a09 RDX: 0048 RSI: 2000e000 RDI: 0005 RBP: 0072bea0 R08: R09: R10: R11: 0246 R12: 0014 R13: 0046 R14: 006f4730 R15: 0021 WARNING: CPU: 0 PID: 20757 at include/linux/filter.h:667 bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] WARNING: CPU: 0 PID: 20757 at include/linux/filter.h:667 bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 20757 Comm: syz-executor6 Not tainted 4.17.0-rc5+ #60 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 panic+0x22f/0x4de kernel/panic.c:184 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536 report_bug+0x252/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 RIP: 0010:bpf_jit_binary_lock_ro include/linux/filter.h:667 [inline] RIP: 0010:bpf_int_jit_compile+0xbf7/0xef7 arch/x86/net/bpf_jit_comp.c:1271 RSP: 0018:8801b3fbf920 EFLAGS: 00010246 RAX: 0004 RBX: 0047 RCX: c900050da000 RDX: 0004 RSI: 81444d37 RDI: 0005 RBP: 8801b3fbfa40 R08: 8801b4c18040 R09: R10: R11: R12: c90001932002 R13: 8801b3fbfa18 R14: fff4 R15: 0003 bpf_prog_select_runtime+0x131/0x640 kernel/bpf/core.c:1491 bpf_prog_load+0x16c2/0x2070 kernel/bpf/syscall.c:1333 __do_sys_bpf kernel/bpf/syscall.c:2073 [inline] __se_sys_bpf kernel/bpf/syscall.c:2035 [inline] __x64_sys_bpf+0x389/0x4c0 kernel/bpf/syscall.c:2035 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:7f9da107cc68 EFLAGS: 0246 ORIG_RAX: 0141 RAX: ffda RBX: 7f9da107d6d4 RCX: 00455a09 RDX: 0048 RSI: 2000e000 RDI: 0005 RBP: 0072bea0 R08: R09: R10: R11: 0246 R12: 0014 R13: 0046 R14: 006f4730 R15: 0021 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds.. --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot.