The interpreter does not recognize the arena ST/LDX/STX insns.
Thereafter, it would hit the BUG_ON() in ___bpf_prog_run() at run time.

[    2.579196] BPF interpreter: unknown opcode a2 (imm: 0x0)
[    2.579998] ------------[ cut here ]------------
[    2.580652] kernel BUG at kernel/bpf/core.c:2349!
[    2.581314] Oops: invalid opcode: 0000 [#1] SMP PTI

On the fallback path from JIT in __bpf_prog_select_runtime(), reject
the BPF_PROBE_MEM32/BPF_PROBE_MEM32SX insn to avoid the BUG.

Fixes: 2fe99eb0ccf2 ("bpf: Add x86-64 JIT support for PROBE_MEM32 pseudo instructions.")
Fixes: a91ae3c89311 ("bpf, x86: Add support for signed arena loads")
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
---
 kernel/bpf/core.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index e92eb8b7f945..37b2fac22aa2 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2613,6 +2613,22 @@ static bool bpf_insn_requires_jit(struct bpf_insn *insn)
 	if (insn_is_cast_user(insn))
 		return true;
 
+	switch (BPF_CLASS(insn->code)) {
+	case BPF_ST:
+	case BPF_LDX:
+	case BPF_STX:
+		/* arena ST/LDX/STX insns */
+		if (BPF_MODE(insn->code) == BPF_PROBE_MEM32)
+			return true;
+		if (BPF_MODE(insn->code) == BPF_PROBE_MEM32SX &&
+		    BPF_CLASS(insn->code) == BPF_LDX &&
+		    BPF_SIZE(insn->code) != BPF_DW)
+			return true;
+		break;
+	default:
+		return false;
+	}
+
 	return false;
 }
 
-- 
2.54.0