On Fri, Feb 27, 2026 at 09:40:12AM -0800, Ihor Solodrai wrote: > On 12/30/25 6:50 AM, Jiri Olsa wrote: > > Using single ftrace_ops for direct calls update instead of allocating > > ftrace_ops object for each trampoline. > > > > With single ftrace_ops object we can use update_ftrace_direct_* api > > that allows multiple ip sites updates on single ftrace_ops object. > > > > Adding HAVE_SINGLE_FTRACE_DIRECT_OPS config option to be enabled on > > each arch that supports this. > > > > At the moment we can enable this only on x86 arch, because arm relies > > on ftrace_ops object representing just single trampoline image (stored > > in ftrace_ops::direct_call). Archs that do not support this will continue > > to use *_ftrace_direct api. > > > > Signed-off-by: Jiri Olsa <[email protected]> > > Hi Jiri, > > Me and Kumar stumbled on kernel splats with "ftrace failed to modify", > and if running with KASAN: > > BUG: KASAN: slab-use-after-free in __get_valid_kprobe+0x224/0x2a0 > > Pasting a full splat example at the bottom. > > I was able to create a reproducer with AI, and then used it to bisect > to this patch. You can run it with ./test_progs -t ftrace_direct_race > > Below is my (human-generated, haha) summary of AI's analysis of what's > happening. It makes sense to me conceptually, but I don't know enough > details here to call bullshit. Please take a look:
hi, nice :) > > With CONFIG_HAVE_SINGLE_FTRACE_DIRECT_OPS ftrace_replace_code() > operates on all call sites in the shared ops. Then if a concurrent > ftrace user (like kprobe) modifies a call site in between > ftrace_replace_code's verify pass and its patch pass, then ftrace_bug > fires and sets ftrace_disabled to 1. hum, I'd think that's all under ftrace_lock/direct_mutex, but we might be missing some paths > > Once ftrace is disabled, direct_ops_del silently fails to unregister > the direct call, and the call site still redirects to the stale > trampoline. After the BPF program is freed, we'll get use-after-free > on the next trace hit. > > The reproducer is not great, because if everything is fine it just hangs. > But with the bug the kernel crashes pretty fast. perfect, I reproduced it on first run.. will check > Maybe it makes sense to refine it to a proper "stress" selftest? it might, let's see what's the problem great report, thanks a lot for all the details and reproducer, jirka > > Reproducer patch: > > From c595ef5a0ad9bc62d768080ff09502bc982c40e6 Mon Sep 17 00:00:00 2001 > From: Ihor Solodrai <[email protected]> > Date: Thu, 26 Feb 2026 17:00:39 -0800 > Subject: [PATCH] reproducer > > --- > .../bpf/prog_tests/ftrace_direct_race.c | 243 ++++++++++++++++++ > 1 file changed, 243 insertions(+) > create mode 100644 > tools/testing/selftests/bpf/prog_tests/ftrace_direct_race.c > > diff --git a/tools/testing/selftests/bpf/prog_tests/ftrace_direct_race.c > b/tools/testing/selftests/bpf/prog_tests/ftrace_direct_race.c > new file mode 100644 > index 000000000000..369c55364d05 > --- /dev/null > +++ b/tools/testing/selftests/bpf/prog_tests/ftrace_direct_race.c > @@ -0,0 +1,243 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */ > + > +/* Test to reproduce ftrace race between BPF trampoline attach/detach > + * and kprobe attach/detach on the same function. > + * > + * With CONFIG_HAVE_SINGLE_FTRACE_DIRECT_OPS, all BPF trampolines share > + * a single ftrace_ops. Concurrent modifications (BPF trampoline vs kprobe) > + * can race in ftrace_replace_code's verify-then-patch sequence, causing > + * ftrace to become permanently disabled and leaving stale trampolines > + * that reference freed BPF programs. > + * > + * Run with: ./test_progs -t ftrace_direct_race > + */ > +#include <test_progs.h> > +#include <bpf/libbpf.h> > +#include <pthread.h> > +#include <sys/ioctl.h> > +#include <linux/perf_event.h> > +#include <sys/syscall.h> > + > +#include "fentry_test.lskel.h" > + > +#define NUM_ITERATIONS 200 > + > +static volatile bool stop; > + > +/* Thread 1: Rapidly attach and detach fentry BPF trampolines */ > +static void *fentry_thread_fn(void *arg) > +{ > + int i; > + > + for (i = 0; i < NUM_ITERATIONS && !stop; i++) { > + struct fentry_test_lskel *skel; > + int err; > + > + skel = fentry_test_lskel__open(); > + if (!skel) > + continue; > + > + skel->keyring_id = KEY_SPEC_SESSION_KEYRING; > + err = fentry_test_lskel__load(skel); > + if (err) { > + fentry_test_lskel__destroy(skel); > + continue; > + } > + > + err = fentry_test_lskel__attach(skel); > + if (err) { > + fentry_test_lskel__destroy(skel); > + continue; > + } > + > + /* Brief sleep to let the trampoline be live while kprobes race > */ > + usleep(100 + rand() % 500); > + > + fentry_test_lskel__detach(skel); > + fentry_test_lskel__destroy(skel); > + } > + > + return NULL; > +} > + > +/* Thread 2: Rapidly create and destroy kprobes via tracefs on > + * bpf_fentry_test* functions (the same functions the fentry thread targets). > + * Creating/removing kprobe events goes through the ftrace code patching > + * path that can race with BPF trampoline direct call operations. > + */ > +static void *kprobe_thread_fn(void *arg) > +{ > + const char *funcs[] = { > + "bpf_fentry_test1", > + "bpf_fentry_test2", > + "bpf_fentry_test3", > + "bpf_fentry_test4", > + "bpf_fentry_test5", > + "bpf_fentry_test6", > + }; > + int i; > + > + for (i = 0; i < NUM_ITERATIONS && !stop; i++) { > + int j; > + > + for (j = 0; j < 6 && !stop; j++) { > + char cmd[256]; > + > + /* Create kprobe via tracefs */ > + snprintf(cmd, sizeof(cmd), > + "echo 'p:kprobe_race_%d %s' >> > /sys/kernel/debug/tracing/kprobe_events 2>/dev/null", > + j, funcs[j]); > + system(cmd); > + > + /* Small delay */ > + usleep(50 + rand() % 200); > + > + /* Remove kprobe */ > + snprintf(cmd, sizeof(cmd), > + "echo '-:kprobe_race_%d' >> > /sys/kernel/debug/tracing/kprobe_events 2>/dev/null", > + j); > + system(cmd); > + } > + } > + > + return NULL; > +} > + > +/* Thread 3: Create kprobes via perf_event_open (the ftrace-based kind) > + * which go through the arm_kprobe / disarm_kprobe ftrace path. > + */ > +static void *perf_kprobe_thread_fn(void *arg) > +{ > + const char *funcs[] = { > + "bpf_fentry_test1", > + "bpf_fentry_test2", > + "bpf_fentry_test3", > + }; > + int i; > + > + for (i = 0; i < NUM_ITERATIONS && !stop; i++) { > + int fds[3] = {-1, -1, -1}; > + int j; > + > + for (j = 0; j < 3 && !stop; j++) { > + struct perf_event_attr attr = {}; > + char path[256]; > + char buf[32]; > + char cmd[256]; > + int id_fd, id; > + > + /* Create kprobe event */ > + snprintf(cmd, sizeof(cmd), > + "echo 'p:perf_race_%d %s' >> > /sys/kernel/debug/tracing/kprobe_events 2>/dev/null", > + j, funcs[j]); > + system(cmd); > + > + /* Try to get the event id */ > + snprintf(path, sizeof(path), > + > "/sys/kernel/debug/tracing/events/kprobes/perf_race_%d/id", j); > + id_fd = open(path, O_RDONLY); > + if (id_fd < 0) > + continue; > + > + memset(buf, 0, sizeof(buf)); > + if (read(id_fd, buf, sizeof(buf) - 1) > 0) > + id = atoi(buf); > + else > + id = -1; > + close(id_fd); > + > + if (id < 0) > + continue; > + > + /* Open perf event to arm the kprobe via ftrace */ > + attr.type = PERF_TYPE_TRACEPOINT; > + attr.size = sizeof(attr); > + attr.config = id; > + attr.sample_type = PERF_SAMPLE_RAW; > + attr.sample_period = 1; > + attr.wakeup_events = 1; > + > + fds[j] = syscall(__NR_perf_event_open, &attr, -1, 0, > -1, 0); > + if (fds[j] >= 0) > + ioctl(fds[j], PERF_EVENT_IOC_ENABLE, 0); > + } > + > + usleep(100 + rand() % 300); > + > + /* Close perf events (disarms kprobes via ftrace) */ > + for (j = 0; j < 3; j++) { > + char cmd[256]; > + > + if (fds[j] >= 0) > + close(fds[j]); > + > + snprintf(cmd, sizeof(cmd), > + "echo '-:perf_race_%d' >> > /sys/kernel/debug/tracing/kprobe_events 2>/dev/null", > + j); > + system(cmd); > + } > + } > + > + return NULL; > +} > + > +void test_ftrace_direct_race(void) > +{ > + pthread_t fentry_tid, kprobe_tid, perf_kprobe_tid; > + int err; > + > + /* Check if ftrace is currently operational */ > + if (!ASSERT_OK(access("/sys/kernel/debug/tracing/kprobe_events", W_OK), > + "tracefs_access")) > + return; > + > + stop = false; > + > + err = pthread_create(&fentry_tid, NULL, fentry_thread_fn, NULL); > + if (!ASSERT_OK(err, "create_fentry_thread")) > + return; > + > + err = pthread_create(&kprobe_tid, NULL, kprobe_thread_fn, NULL); > + if (!ASSERT_OK(err, "create_kprobe_thread")) { > + stop = true; > + pthread_join(fentry_tid, NULL); > + return; > + } > + > + err = pthread_create(&perf_kprobe_tid, NULL, perf_kprobe_thread_fn, > NULL); > + if (!ASSERT_OK(err, "create_perf_kprobe_thread")) { > + stop = true; > + pthread_join(fentry_tid, NULL); > + pthread_join(kprobe_tid, NULL); > + return; > + } > + > + pthread_join(fentry_tid, NULL); > + pthread_join(kprobe_tid, NULL); > + pthread_join(perf_kprobe_tid, NULL); > + > + /* If we get here without a kernel panic/oops, the test passed. > + * The real check is in dmesg: look for > + * "WARNING: arch/x86/kernel/ftrace.c" or > + * "BUG: KASAN: vmalloc-out-of-bounds in __bpf_prog_enter_recur" > + * > + * A more robust check: verify ftrace is still operational. > + */ > + ASSERT_OK(access("/sys/kernel/debug/tracing/kprobe_events", W_OK), > + "ftrace_still_operational"); > + > + /* Check that ftrace wasn't disabled */ > + { > + char buf[64] = {}; > + int fd = open("/proc/sys/kernel/ftrace_enabled", O_RDONLY); > + > + if (ASSERT_GE(fd, 0, "open_ftrace_enabled")) { > + int n = read(fd, buf, sizeof(buf) - 1); > + > + close(fd); > + if (n > 0) > + ASSERT_EQ(atoi(buf), 1, "ftrace_enabled"); > + } > + } > +} > -- > 2.47.3 > > > ---- > > Splat: > > [ 24.170803] ------------[ cut here ]------------ > > > [ 24.171055] WARNING: kernel/trace/ftrace.c:2715 at > ftrace_get_addr_curr+0x149/0x190, CPU#13: kworker/13:6/873 > > [ 24.171315] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > > [ 24.171561] CPU: 13 UID: 0 PID: 873 Comm: kworker/13:6 Tainted: G > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > > [ 24.171827] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > > > [ 24.171941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > > [ 24.172132] Workqueue: events bpf_link_put_deferred > > > [ 24.172261] RIP: 0010:ftrace_get_addr_curr+0x149/0x190 > > > [ 24.172376] Code: 00 4c 89 f7 e8 88 f8 ff ff 84 c0 75 92 4d 8b 7f 08 e8 fb > b3 c1 00 4d 85 ff 0f 94 c0 49 81 ff b0 1c 6e 83 0f 94 c1 08 c1 74 96 <0f> 0b > c6 05 > 62 e8 2b 02 01 c7 05 54 e8 2b 02 00 00 00 00 48 c7 05 > > > [ 24.172745] RSP: 0018:ffa0000504cafb78 EFLAGS: 00010202 > > > [ 24.172861] RAX: 0000000000000000 RBX: ff110001000e48d0 RCX: > ff1100011cd3a201 > > [ 24.173034] RDX: 6e21cb51d943709c RSI: 0000000000000000 RDI: > ffffffff81d416d4 > > [ 24.173194] RBP: 0000000000000001 R08: 0000000080000000 R09: > ffffffffffffffff > > [ 24.173366] R10: ffffffff81285522 R11: 0000000000000000 R12: > ff110001000e48d0 > > [ 24.173530] R13: ffffffff81d416d4 R14: ffffffff81d416d4 R15: > ffffffff836e1cb0 > > [ 24.173691] FS: 0000000000000000(0000) GS:ff1100203becc000(0000) > knlGS:0000000000000000 > > [ 24.173849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > [ 24.173995] CR2: 00007f615e966270 CR3: 000000010bd9d005 CR4: > 0000000000771ef0 > > [ 24.174155] PKRU: 55555554 > > > [ 24.174214] Call Trace: > > > [ 24.174285] <TASK> > > > [ 24.174348] ftrace_replace_code+0x7e/0x210 > > > [ 24.174443] ftrace_modify_all_code+0x59/0x110 > > > [ 24.174553] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > > > [ 24.174659] ? kfree+0x1ac/0x4c0 > > > [ 24.174751] ? srso_return_thunk+0x5/0x5f > > > [ 24.174834] ? kfree+0x250/0x4c0 > > > [ 24.174926] ? kfree+0x1ac/0x4c0 > > > [ 24.175010] ? bpf_lsm_sk_alloc_security+0x4/0x20 > > > [ 24.175132] ftrace_update_ops+0x40/0x80 > > > [ 24.175217] update_ftrace_direct_del+0x263/0x290 > > > [ 24.175341] ? bpf_lsm_sk_alloc_security+0x4/0x20 > > > [ 24.175456] ? 0xffffffffc0006a80 > > > [ 24.175543] bpf_trampoline_update+0x1fb/0x810 > > > [ 24.175654] bpf_trampoline_unlink_prog+0x103/0x1a0 > > > [ 24.175767] ? process_scheduled_works+0x271/0x640 > > > [ 24.175886] bpf_shim_tramp_link_release+0x20/0x40 > > > [ 24.176001] bpf_link_free+0x54/0xd0 > > > [ 24.176092] process_scheduled_works+0x2c2/0x640 > > [ 24.176222] worker_thread+0x22a/0x340 > 21:11:27 > [422/10854] > [ 24.176319] ? srso_return_thunk+0x5/0x5f > [ 24.176405] ? __pfx_worker_thread+0x10/0x10 > [ 24.176522] kthread+0x10c/0x140 > [ 24.176611] ? __pfx_kthread+0x10/0x10 > [ 24.176698] ret_from_fork+0x148/0x290 > [ 24.176785] ? __pfx_kthread+0x10/0x10 > [ 24.176872] ret_from_fork_asm+0x1a/0x30 > [ 24.176985] </TASK> > [ 24.177043] irq event stamp: 6965 > [ 24.177126] hardirqs last enabled at (6973): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.177325] hardirqs last disabled at (6982): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.177520] softirqs last enabled at (6524): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.177675] softirqs last disabled at (6123): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.177844] ---[ end trace 0000000000000000 ]--- > [ 24.177963] Bad trampoline accounting at: 000000003143da54 > (bpf_fentry_test3+0x4/0x20) > [ 24.178134] ------------[ cut here ]------------ > [ 24.178261] WARNING: arch/x86/kernel/ftrace.c:105 at > ftrace_replace_code+0xf7/0x210, CPU#13: kworker/13:6/873 > [ 24.178476] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.178680] CPU: 13 UID: 0 PID: 873 Comm: kworker/13:6 Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.178925] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.179059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.179258] Workqueue: events bpf_link_put_deferred > [ 24.179374] RIP: 0010:ftrace_replace_code+0xf7/0x210 > [ 24.179485] Code: c0 0f 85 ec 00 00 00 8b 44 24 03 41 33 45 00 0f b6 4c 24 > 07 41 32 4d 04 0f b6 c9 09 c1 0f 84 49 ff ff ff 4c 89 2d b9 df 8b 03 <0f> 0b > bf ea > ff ff ff e9 c4 00 00 00 e8 f8 e5 19 00 48 85 c0 0f 84 > [ 24.179847] RSP: 0018:ffa0000504cafb98 EFLAGS: 00010202 > [ 24.179965] RAX: 0000000038608000 RBX: 0000000000000001 RCX: > 00000000386080c1 > [ 24.180126] RDX: ffffffff81d41000 RSI: 0000000000000005 RDI: > ffffffff81d416d4 > [ 24.180295] RBP: 0000000000000001 R08: 000000000000ffff R09: > ffffffff82e98430 > [ 24.180455] R10: 000000000002fffd R11: 00000000fffeffff R12: > ff110001000e48d0 > [ 24.180617] R13: ffffffff83ec0f2d R14: ffffffff84b43820 R15: > ffa0000504cafb9b > [ 24.180777] FS: 0000000000000000(0000) GS:ff1100203becc000(0000) > knlGS:0000000000000000 > [ 24.180939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.181077] CR2: 00007f615e966270 CR3: 000000010bd9d005 CR4: > 0000000000771ef0 > [ 24.181247] PKRU: 55555554 > [ 24.181303] Call Trace: > [ 24.181360] <TASK> > [ 24.181424] ftrace_modify_all_code+0x59/0x110 > [ 24.181536] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.181650] ? kfree+0x1ac/0x4c0 > [ 24.181743] ? srso_return_thunk+0x5/0x5f > [ 24.181828] ? kfree+0x250/0x4c0 > [ 24.181916] ? kfree+0x1ac/0x4c0 > [ 24.182004] ? bpf_lsm_sk_alloc_security+0x4/0x20 > [ 24.182123] ftrace_update_ops+0x40/0x80 > [ 24.182213] update_ftrace_direct_del+0x263/0x290 > [ 24.182337] ? bpf_lsm_sk_alloc_security+0x4/0x20 > [ 24.182455] ? 0xffffffffc0006a80 > [ 24.182543] bpf_trampoline_update+0x1fb/0x810 > [ 24.182655] bpf_trampoline_unlink_prog+0x103/0x1a0 > [ 24.182768] ? process_scheduled_works+0x271/0x640 > [ 24.182887] bpf_shim_tramp_link_release+0x20/0x40 > [ 24.183001] bpf_link_free+0x54/0xd0 > [ 24.183088] process_scheduled_works+0x2c2/0x640 > [ 24.183220] worker_thread+0x22a/0x340 > 21:11:27 > [367/10854] > [ 24.183319] ? srso_return_thunk+0x5/0x5f > [ 24.183405] ? __pfx_worker_thread+0x10/0x10 > [ 24.183521] kthread+0x10c/0x140 > [ 24.183610] ? __pfx_kthread+0x10/0x10 > [ 24.183697] ret_from_fork+0x148/0x290 > [ 24.183783] ? __pfx_kthread+0x10/0x10 > [ 24.183868] ret_from_fork_asm+0x1a/0x30 > [ 24.183979] </TASK> > [ 24.184056] irq event stamp: 7447 > [ 24.184138] hardirqs last enabled at (7455): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.184339] hardirqs last disabled at (7464): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.184522] softirqs last enabled at (6524): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.184675] softirqs last disabled at (6123): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.184836] ---[ end trace 0000000000000000 ]--- > [ 24.185177] ------------[ ftrace bug ]------------ > [ 24.185310] ftrace failed to modify > [ 24.185312] [<ffffffff81d416d4>] bpf_fentry_test3+0x4/0x20 > [ 24.185544] actual: e8:27:29:6c:3e > [ 24.185627] expected: e8:a7:49:54:ff > [ 24.185717] ftrace record flags: e8180000 > [ 24.185798] (0) R tramp: ERROR! > [ 24.185798] expected tramp: ffffffffc0404000 > [ 24.185975] ------------[ cut here ]------------ > [ 24.186086] WARNING: kernel/trace/ftrace.c:2254 at ftrace_bug+0x101/0x290, > CPU#13: kworker/13:6/873 > [ 24.186285] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.186484] CPU: 13 UID: 0 PID: 873 Comm: kworker/13:6 Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.186728] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.186863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.187057] Workqueue: events bpf_link_put_deferred > [ 24.187172] RIP: 0010:ftrace_bug+0x101/0x290 > [ 24.187294] Code: 05 72 03 83 f8 02 7f 13 83 f8 01 74 46 83 f8 02 75 13 48 > c7 c7 41 a3 69 82 eb 51 83 f8 03 74 3c 83 f8 04 74 40 48 85 db 75 4c <0f> 0b > c6 05 > ba eb 2b 02 01 c7 05 ac eb 2b 02 00 00 00 00 48 c7 05 > [ 24.187663] RSP: 0018:ffa0000504cafb70 EFLAGS: 00010246 > [ 24.187772] RAX: 0000000000000022 RBX: ff110001000e48d0 RCX: > e5ff63967b168c00 > [ 24.187934] RDX: 0000000000000000 RSI: 00000000fffeffff RDI: > ffffffff83018490 > [ 24.188096] RBP: 00000000ffffffea R08: 000000000000ffff R09: > ffffffff82e98430 > [ 24.188267] R10: 000000000002fffd R11: 00000000fffeffff R12: > ff110001000e48d0 > [ 24.188423] R13: ffffffff83ec0f2d R14: ffffffff81d416d4 R15: > ffffffff836e1cb0 > [ 24.188581] FS: 0000000000000000(0000) GS:ff1100203becc000(0000) > knlGS:0000000000000000 > [ 24.188738] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.188870] CR2: 00007f615e966270 CR3: 000000010bd9d005 CR4: > 0000000000771ef0 > [ 24.189032] PKRU: 55555554 > [ 24.189088] Call Trace: > [ 24.189144] <TASK> > [ 24.189204] ftrace_replace_code+0x1d6/0x210 > [ 24.189335] ftrace_modify_all_code+0x59/0x110 > [ 24.189443] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.189554] ? kfree+0x1ac/0x4c0 > [ 24.189638] ? srso_return_thunk+0x5/0x5f > [ 24.189720] ? kfree+0x250/0x4c0 > [ 24.189802] ? kfree+0x1ac/0x4c0 > [ 24.189889] ? bpf_lsm_sk_alloc_security+0x4/0x20 > [ 24.190010] ftrace_update_ops+0x40/0x80 > [ 24.190095] update_ftrace_direct_del+0x263/0x290 > [ 24.190205] ? bpf_lsm_sk_alloc_security+0x4/0x20 > 21:11:28 > [312/10854] > [ 24.190335] ? 0xffffffffc0006a80 > [ 24.190422] bpf_trampoline_update+0x1fb/0x810 > [ 24.190542] bpf_trampoline_unlink_prog+0x103/0x1a0 > [ 24.190651] ? process_scheduled_works+0x271/0x640 > [ 24.190764] bpf_shim_tramp_link_release+0x20/0x40 > [ 24.190871] bpf_link_free+0x54/0xd0 > [ 24.190964] process_scheduled_works+0x2c2/0x640 > [ 24.191093] worker_thread+0x22a/0x340 > [ 24.191177] ? srso_return_thunk+0x5/0x5f > [ 24.191274] ? __pfx_worker_thread+0x10/0x10 > [ 24.191388] kthread+0x10c/0x140 > [ 24.191478] ? __pfx_kthread+0x10/0x10 > [ 24.191565] ret_from_fork+0x148/0x290 > [ 24.191641] ? __pfx_kthread+0x10/0x10 > [ 24.191729] ret_from_fork_asm+0x1a/0x30 > [ 24.191833] </TASK> > [ 24.191896] irq event stamp: 8043 > [ 24.191979] hardirqs last enabled at (8051): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.192167] hardirqs last disabled at (8058): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.192368] softirqs last enabled at (7828): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.192528] softirqs last disabled at (7817): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.192689] ---[ end trace 0000000000000000 ]--- > [ 24.193549] ------------[ cut here ]------------ > [ 24.193773] WARNING: kernel/trace/ftrace.c:2709 at > ftrace_get_addr_curr+0x6c/0x190, CPU#10: test_progs/311 > [ 24.193973] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.194206] CPU: 10 UID: 0 PID: 311 Comm: test_progs Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.194461] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.194594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.194778] RIP: 0010:ftrace_get_addr_curr+0x6c/0x190 > [ 24.194891] Code: 48 0f 44 ce 4c 8b 3c c8 e8 e1 b4 c1 00 4d 85 ff 74 18 4d > 39 77 10 74 05 4d 8b 3f eb eb 49 8b 47 18 48 85 c0 0f 85 19 01 00 00 <0f> 0b > 48 8b > 43 08 a9 00 00 00 08 75 1c a9 00 00 00 20 48 c7 c1 80 > [ 24.195270] RSP: 0018:ffa0000000d4bb38 EFLAGS: 00010246 > [ 24.195381] RAX: 0000000000000001 RBX: ff11000100125710 RCX: > ff1100010b28a2c0 > [ 24.195540] RDX: 0000000000000003 RSI: 0000000000000003 RDI: > ff11000100125710 > [ 24.195698] RBP: 0000000000000001 R08: 0000000080000000 R09: > ffffffffffffffff > [ 24.195863] R10: ffffffff82046a38 R11: 0000000000000000 R12: > ff11000100125710 > [ 24.196033] R13: ffffffff81529fc4 R14: ffffffff81529fc4 R15: > 0000000000000000 > [ 24.196199] FS: 00007f46532a54c0(0000) GS:ff1100203be0c000(0000) > knlGS:0000000000000000 > [ 24.196374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.196509] CR2: 000055e885be1470 CR3: 000000010eef9003 CR4: > 0000000000771ef0 > [ 24.196663] PKRU: 55555554 > [ 24.196720] Call Trace: > [ 24.196778] <TASK> > [ 24.196844] ftrace_replace_code+0x7e/0x210 > [ 24.196948] ftrace_modify_all_code+0x59/0x110 > [ 24.197059] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.197174] ? srso_return_thunk+0x5/0x5f > [ 24.197271] ? __mutex_lock+0x22a/0xc60 > [ 24.197360] ? kfree+0x1ac/0x4c0 > [ 24.197455] ? srso_return_thunk+0x5/0x5f > [ 24.197538] ? kfree+0x250/0x4c0 > [ 24.197626] ? bpf_fentry_test3+0x4/0x20 > [ 24.197712] ftrace_set_hash+0x13c/0x3d0 > [ 24.197811] ftrace_set_filter_ip+0x88/0xb0 > [ 24.197909] ? bpf_fentry_test3+0x4/0x20 > 21:11:28 > [257/10854] > [ 24.198000] disarm_kprobe_ftrace+0x83/0xd0 > [ 24.198089] __disable_kprobe+0x129/0x160 > [ 24.198178] disable_kprobe+0x27/0x60 > [ 24.198272] kprobe_register+0xa2/0xe0 > [ 24.198362] perf_trace_event_unreg+0x33/0xd0 > [ 24.198473] perf_kprobe_destroy+0x3b/0x80 > [ 24.198557] __free_event+0x119/0x290 > [ 24.198640] perf_event_release_kernel+0x1ef/0x220 > [ 24.198758] perf_release+0x12/0x20 > [ 24.198843] __fput+0x11b/0x2a0 > [ 24.198946] task_work_run+0x8b/0xc0 > [ 24.199035] exit_to_user_mode_loop+0x107/0x4d0 > [ 24.199155] do_syscall_64+0x25b/0x390 > [ 24.199249] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.199360] ? trace_irq_disable+0x1d/0xc0 > [ 24.199451] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.199559] RIP: 0033:0x7f46530ff85b > [ 24.199675] Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 > 89 7c 24 0c e8 e3 83 f8 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d > 00 f0 > ff ff 77 35 44 89 c7 89 44 24 0c e8 41 84 f8 ff 8b 44 > [ 24.200034] RSP: 002b:00007ffc40859770 EFLAGS: 00000293 ORIG_RAX: > 0000000000000003 > [ 24.200192] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 00007f46530ff85b > [ 24.200382] RDX: 0000000000000002 RSI: 0000000000000002 RDI: > 0000000000000019 > [ 24.200552] RBP: 00007ffc408597c0 R08: 0000000000000000 R09: > 00007ffc40859757 > [ 24.200702] R10: 0000000000000000 R11: 0000000000000293 R12: > 00007ffc4085ddc8 > [ 24.200855] R13: 000055e8800de120 R14: 000055e88118d390 R15: > 00007f46533de000 > [ 24.201035] </TASK> > [ 24.201091] irq event stamp: 200379 > [ 24.201208] hardirqs last enabled at (200387): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.201453] hardirqs last disabled at (200396): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.201667] softirqs last enabled at (200336): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.201890] softirqs last disabled at (200329): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.202121] ---[ end trace 0000000000000000 ]--- > [ 24.202398] ------------[ cut here ]------------ > [ 24.202534] WARNING: kernel/trace/ftrace.c:2715 at > ftrace_get_addr_curr+0x149/0x190, CPU#10: test_progs/311 > [ 24.202753] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.202962] CPU: 10 UID: 0 PID: 311 Comm: test_progs Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.203203] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.203344] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.203526] RIP: 0010:ftrace_get_addr_curr+0x149/0x190 > [ 24.203629] Code: 00 4c 89 f7 e8 88 f8 ff ff 84 c0 75 92 4d 8b 7f 08 e8 fb > b3 c1 00 4d 85 ff 0f 94 c0 49 81 ff b0 1c 6e 83 0f 94 c1 08 c1 74 96 <0f> 0b > c6 05 > 62 e8 2b 02 01 c7 05 54 e8 2b 02 00 00 00 00 48 c7 05 > [ 24.203996] RSP: 0018:ffa0000000d4bb38 EFLAGS: 00010202 > [ 24.204110] RAX: 0000000000000000 RBX: ff11000100125710 RCX: > ff1100010b28a201 > [ 24.204280] RDX: 0000000000000000 RSI: 0000000000000001 RDI: > ffffffff81529fc4 > [ 24.204437] RBP: 0000000000000001 R08: 0000000080000000 R09: > ffffffffffffffff > [ 24.204595] R10: ffffffff82046a38 R11: 0000000000000000 R12: > ff11000100125710 > [ 24.204755] R13: ffffffff81529fc4 R14: ffffffff81529fc4 R15: > ffffffff836e1cb0 > [ 24.204914] FS: 00007f46532a54c0(0000) GS:ff1100203be0c000(0000) > knlGS:0000000000000000 > [ 24.205072] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.205204] CR2: 000055e885be1470 CR3: 000000010eef9003 CR4: > 0000000000771ef0 > [ 24.205386] PKRU: 55555554 > [ 24.205443] Call Trace: > [ 24.205503] <TASK> > [ 24.205565] ftrace_replace_code+0x7e/0x210 > [ 24.205669] ftrace_modify_all_code+0x59/0x110 > 21:11:28 > [202/10854] > [ 24.205784] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.205902] ? srso_return_thunk+0x5/0x5f > [ 24.205987] ? __mutex_lock+0x22a/0xc60 > [ 24.206072] ? kfree+0x1ac/0x4c0 > [ 24.206163] ? srso_return_thunk+0x5/0x5f > [ 24.206254] ? kfree+0x250/0x4c0 > [ 24.206344] ? bpf_fentry_test3+0x4/0x20 > [ 24.206428] ftrace_set_hash+0x13c/0x3d0 > [ 24.206523] ftrace_set_filter_ip+0x88/0xb0 > [ 24.206614] ? bpf_fentry_test3+0x4/0x20 > [ 24.206703] disarm_kprobe_ftrace+0x83/0xd0 > [ 24.206789] __disable_kprobe+0x129/0x160 > [ 24.206880] disable_kprobe+0x27/0x60 > [ 24.206972] kprobe_register+0xa2/0xe0 > [ 24.207057] perf_trace_event_unreg+0x33/0xd0 > [ 24.207169] perf_kprobe_destroy+0x3b/0x80 > [ 24.207262] __free_event+0x119/0x290 > [ 24.207348] perf_event_release_kernel+0x1ef/0x220 > [ 24.207461] perf_release+0x12/0x20 > [ 24.207543] __fput+0x11b/0x2a0 > [ 24.207626] task_work_run+0x8b/0xc0 > [ 24.207711] exit_to_user_mode_loop+0x107/0x4d0 > [ 24.207827] do_syscall_64+0x25b/0x390 > [ 24.207915] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.208021] ? trace_irq_disable+0x1d/0xc0 > [ 24.208110] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.208215] RIP: 0033:0x7f46530ff85b > [ 24.208307] Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 > 89 7c 24 0c e8 e3 83 f8 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d > 00 f0 > ff ff 77 35 44 89 c7 89 44 24 0c e8 41 84 f8 ff 8b 44 > [ 24.208657] RSP: 002b:00007ffc40859770 EFLAGS: 00000293 ORIG_RAX: > 0000000000000003 > [ 24.208816] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 00007f46530ff85b > [ 24.208978] RDX: 0000000000000002 RSI: 0000000000000002 RDI: > 0000000000000019 > [ 24.209133] RBP: 00007ffc408597c0 R08: 0000000000000000 R09: > 00007ffc40859757 > [ 24.209300] R10: 0000000000000000 R11: 0000000000000293 R12: > 00007ffc4085ddc8 > [ 24.209457] R13: 000055e8800de120 R14: 000055e88118d390 R15: > 00007f46533de000 > [ 24.209633] </TASK> > [ 24.209689] irq event stamp: 200963 > [ 24.209770] hardirqs last enabled at (200971): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.209971] hardirqs last disabled at (200978): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.210156] softirqs last enabled at (200568): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.210370] softirqs last disabled at (200557): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.210554] ---[ end trace 0000000000000000 ]--- > [ 24.210665] Bad trampoline accounting at: 00000000ab641fec > (bpf_lsm_sk_alloc_security+0x4/0x20) > [ 24.210866] ------------[ cut here ]------------ > [ 24.210993] WARNING: arch/x86/kernel/ftrace.c:105 at > ftrace_replace_code+0xf7/0x210, CPU#10: test_progs/311 > [ 24.211182] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.211412] CPU: 10 UID: 0 PID: 311 Comm: test_progs Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.211656] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.211788] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.211980] RIP: 0010:ftrace_replace_code+0xf7/0x210 > [ 24.212091] Code: c0 0f 85 ec 00 00 00 8b 44 24 03 41 33 45 00 0f b6 4c 24 > 07 41 32 4d 04 0f b6 c9 09 c1 0f 84 49 ff ff ff 4c 89 2d b9 df 8b 03 <0f> 0b > bf ea > ff ff ff e9 c4 00 00 00 e8 f8 e5 19 00 48 85 c0 0f 84 > [ 24.212503] RSP: 0018:ffa0000000d4bb58 EFLAGS: 00010202 > [ 24.212628] RAX: 00000000780a0001 RBX: 0000000000000001 RCX: > 00000000780a00c1 > [ 24.212798] RDX: ffffffff81529000 RSI: 0000000000000005 RDI: > ffffffff81529fc4 > [ 24.212970] RBP: 0000000000000001 R08: 000000000000ffff R09: > ffffffff82e98430 > [ 24.213130] R10: 000000000002fffd R11: 00000000fffeffff R12: > ff11000100125710 > [ 24.213317] R13: ffffffff83ec0f2d R14: ffffffff84b43820 R15: > ffa0000000d4bb5b > [ 24.213488] FS: 00007f46532a54c0(0000) GS:ff1100203be0c000(0000) > knlGS:0000000000000000 > [ 24.213674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.213813] CR2: 000055e885be1470 CR3: 000000010eef9003 CR4: > 0000000000771ef0 > [ 24.213986] PKRU: 55555554 > [ 24.214044] Call Trace: > [ 24.214100] <TASK> > [ 24.214167] ftrace_modify_all_code+0x59/0x110 > [ 24.214301] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.214415] ? srso_return_thunk+0x5/0x5f > [ 24.214502] ? __mutex_lock+0x22a/0xc60 > [ 24.214588] ? kfree+0x1ac/0x4c0 > [ 24.214682] ? srso_return_thunk+0x5/0x5f > [ 24.214765] ? kfree+0x250/0x4c0 > [ 24.214855] ? bpf_fentry_test3+0x4/0x20 > [ 24.214943] ftrace_set_hash+0x13c/0x3d0 > [ 24.215041] ftrace_set_filter_ip+0x88/0xb0 > [ 24.215132] ? bpf_fentry_test3+0x4/0x20 > [ 24.215221] disarm_kprobe_ftrace+0x83/0xd0 > [ 24.215328] __disable_kprobe+0x129/0x160 > [ 24.215418] disable_kprobe+0x27/0x60 > [ 24.215507] kprobe_register+0xa2/0xe0 > [ 24.215594] perf_trace_event_unreg+0x33/0xd0 > [ 24.215701] perf_kprobe_destroy+0x3b/0x80 > [ 24.215790] __free_event+0x119/0x290 > [ 24.215888] perf_event_release_kernel+0x1ef/0x220 > [ 24.216007] perf_release+0x12/0x20 > [ 24.216091] __fput+0x11b/0x2a0 > [ 24.216183] task_work_run+0x8b/0xc0 > [ 24.216293] exit_to_user_mode_loop+0x107/0x4d0 > [ 24.216411] do_syscall_64+0x25b/0x390 > [ 24.216497] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.216606] ? trace_irq_disable+0x1d/0xc0 > [ 24.216699] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.216807] RIP: 0033:0x7f46530ff85b > [ 24.216895] Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 > 89 7c 24 0c e8 e3 83 f8 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d > 00 f0 > ff ff 77 35 44 89 c7 89 44 24 0c e8 41 84 f8 ff 8b 44 > [ 24.217293] RSP: 002b:00007ffc40859770 EFLAGS: 00000293 ORIG_RAX: > 0000000000000003 > [ 24.217461] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 00007f46530ff85b > [ 24.217627] RDX: 0000000000000002 RSI: 0000000000000002 RDI: > 0000000000000019 > [ 24.217785] RBP: 00007ffc408597c0 R08: 0000000000000000 R09: > 00007ffc40859757 > [ 24.217950] R10: 0000000000000000 R11: 0000000000000293 R12: > 00007ffc4085ddc8 > [ 24.218107] R13: 000055e8800de120 R14: 000055e88118d390 R15: > 00007f46533de000 > [ 24.218306] </TASK> > [ 24.218363] irq event stamp: 201623 > [ 24.218445] hardirqs last enabled at (201631): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.218625] hardirqs last disabled at (201638): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.218810] softirqs last enabled at (201612): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.219012] softirqs last disabled at (201601): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.219208] ---[ end trace 0000000000000000 ]--- > [ 24.219693] ------------[ ftrace bug ]------------ > [ 24.219801] ftrace failed to modify > [ 24.219804] [<ffffffff81529fc4>] bpf_lsm_sk_alloc_security+0x4/0x20 > [ 24.220022] actual: e9:b7:ca:ad:3e > [ 24.220113] expected: e8:b7:c0:d5:ff > [ 24.220203] ftrace record flags: e8980000 > [ 24.220307] (0) R tramp: ERROR! > [ 24.220321] ------------[ cut here ]------------ > [ 24.220507] WARNING: kernel/trace/ftrace.c:2715 at > ftrace_get_addr_curr+0x149/0x190, CPU#10: test_progs/311 > [ 24.220693] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.220895] CPU: 10 UID: 0 PID: 311 Comm: test_progs Tainted: G W > OE 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.221135] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.221284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.221467] RIP: 0010:ftrace_get_addr_curr+0x149/0x190 > [ 24.221577] Code: 00 4c 89 f7 e8 88 f8 ff ff 84 c0 75 92 4d 8b 7f 08 e8 fb > b3 c1 00 4d 85 ff 0f 94 c0 49 81 ff b0 1c 6e 83 0f 94 c1 08 c1 74 96 <0f> 0b > c6 05 > 62 e8 2b 02 01 c7 05 54 e8 2b 02 00 00 00 00 48 c7 05 > [ 24.221938] RSP: 0018:ffa0000000d4bb10 EFLAGS: 00010202 > [ 24.222052] RAX: 0000000000000000 RBX: ff11000100125710 RCX: > ff1100010b28a201 > [ 24.222205] RDX: 0000000000000000 RSI: 0000000000000001 RDI: > ffffffff81529fc4 > [ 24.222384] RBP: 00000000ffffffea R08: 000000000000ffff R09: > ffffffff82e98430 > [ 24.222542] R10: 000000000002fffd R11: 00000000fffeffff R12: > ff11000100125710 > [ 24.222708] R13: ffffffff83ec0f2d R14: ffffffff81529fc4 R15: > ffffffff836e1cb0 > [ 24.222866] FS: 00007f46532a54c0(0000) GS:ff1100203be0c000(0000) > knlGS:0000000000000000 > [ 24.223034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.223171] CR2: 000055e885be1470 CR3: 000000010eef9003 CR4: > 0000000000771ef0 > [ 24.223341] PKRU: 55555554 > [ 24.223397] Call Trace: > [ 24.223454] <TASK> > [ 24.223511] ? bpf_lsm_sk_alloc_security+0x4/0x20 > [ 24.223623] ftrace_bug+0x1ff/0x290 > [ 24.223710] ftrace_replace_code+0x1d6/0x210 > [ 24.223829] ftrace_modify_all_code+0x59/0x110 > [ 24.223946] __ftrace_hash_move_and_update_ops+0x227/0x2c0 > [ 24.224060] ? srso_return_thunk+0x5/0x5f > [ 24.224148] ? __mutex_lock+0x22a/0xc60 > [ 24.224245] ? kfree+0x1ac/0x4c0 > [ 24.224337] ? srso_return_thunk+0x5/0x5f > [ 24.224420] ? kfree+0x250/0x4c0 > [ 24.224512] ? bpf_fentry_test3+0x4/0x20 > [ 24.224597] ftrace_set_hash+0x13c/0x3d0 > [ 24.224690] ftrace_set_filter_ip+0x88/0xb0 > [ 24.224776] ? bpf_fentry_test3+0x4/0x20 > [ 24.224869] disarm_kprobe_ftrace+0x83/0xd0 > [ 24.224965] __disable_kprobe+0x129/0x160 > [ 24.225051] disable_kprobe+0x27/0x60 > [ 24.225136] kprobe_register+0xa2/0xe0 > [ 24.225223] perf_trace_event_unreg+0x33/0xd0 > [ 24.225346] perf_kprobe_destroy+0x3b/0x80 > [ 24.225431] __free_event+0x119/0x290 > [ 24.225518] perf_event_release_kernel+0x1ef/0x220 > [ 24.225631] perf_release+0x12/0x20 > [ 24.225715] __fput+0x11b/0x2a0 > [ 24.225804] task_work_run+0x8b/0xc0 > [ 24.225895] exit_to_user_mode_loop+0x107/0x4d0 > [ 24.226016] do_syscall_64+0x25b/0x390 > [ 24.226099] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.226207] ? trace_irq_disable+0x1d/0xc0 > [ 24.226308] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.226415] RIP: 0033:0x7f46530ff85b > [ 24.226498] Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 > 89 7c 24 0c e8 e3 83 f8 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d > 00 f0 > ff ff 77 35 44 89 c7 89 44 24 0c e8 41 84 f8 ff 8b 44 > [ 24.226851] RSP: 002b:00007ffc40859770 EFLAGS: 00000293 ORIG_RAX: > 0000000000000003 > [ 24.227016] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 00007f46530ff85b > [ 24.227173] RDX: 0000000000000002 RSI: 0000000000000002 RDI: > 0000000000000019 > [ 24.227341] RBP: 00007ffc408597c0 R08: 0000000000000000 R09: > 00007ffc40859757 > [ 24.227500] R10: 0000000000000000 R11: 0000000000000293 R12: > 00007ffc4085ddc8 > [ 24.227652] R13: 000055e8800de120 R14: 000055e88118d390 R15: > 00007f46533de000 > [ 24.227830] </TASK> > [ 24.227891] irq event stamp: 202299 > [ 24.227974] hardirqs last enabled at (202307): [<ffffffff8136008c>] > __console_unlock+0x5c/0x70 > [ 24.228162] hardirqs last disabled at (202314): [<ffffffff81360071>] > __console_unlock+0x41/0x70 > [ 24.228357] softirqs last enabled at (201682): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.228540] softirqs last disabled at (201671): [<ffffffff812b8b97>] > __irq_exit_rcu+0x47/0xc0 > [ 24.228716] ---[ end trace 0000000000000000 ]--- > [ 24.228834] Bad trampoline accounting at: 00000000ab641fec > (bpf_lsm_sk_alloc_security+0x4/0x20) > [ 24.229029] > [ 24.229029] expected tramp: ffffffff81286080 > [ 24.261301] BUG: unable to handle page fault for address: ffa00000004b9050 > [ 24.261436] #PF: supervisor read access in kernel mode > [ 24.261528] #PF: error_code(0x0000) - not-present page > [ 24.261621] PGD 100000067 P4D 100832067 PUD 100833067 PMD 100efb067 PTE 0 > [ 24.261745] Oops: Oops: 0000 [#1] SMP NOPTI > [ 24.261821] CPU: 9 UID: 0 PID: 1338 Comm: ip Tainted: G W OE > 7.0.0-rc1-gda78c0a81eea #83 PREEMPT(full) > [ 24.262006] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE > [ 24.262119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.16.3-5.el9 11/05/2023 > [ 24.262281] RIP: 0010:__cgroup_bpf_run_lsm_current+0xc5/0x2f0 > [ 24.262393] Code: a6 6f 1a 02 01 48 c7 c7 31 5b 71 82 be bf 01 00 00 48 c7 > c2 d3 70 65 82 e8 d8 53 ce ff 4d 8b 7f 60 4d 85 ff 0f 84 14 02 00 00 <49> 8b > 46 f0 > 4c 63 b0 34 05 00 00 c7 44 24 10 00 00 00 00 41 0f b7 > [ 24.262693] RSP: 0018:ffa0000004dfbc98 EFLAGS: 00010282 > [ 24.262784] RAX: 0000000000000001 RBX: ffa0000004dfbd10 RCX: > 0000000000000001 > [ 24.262923] RDX: 00000000d7c4159d RSI: ffffffff8359b368 RDI: > ff1100011b5c50c8 > [ 24.263055] RBP: ffa0000004dfbd30 R08: 0000000000020000 R09: > ffffffffffffffff > [ 24.263187] R10: ffffffff814f76b3 R11: 0000000000000000 R12: > ff1100011b5c4580 > [ 24.263325] R13: 0000000000000000 R14: ffa00000004b9060 R15: > ffffffff835b3040 > [ 24.263465] FS: 00007f0007064800(0000) GS:ff1100203bdcc000(0000) > knlGS:0000000000000000 > [ 24.263599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.263709] CR2: ffa00000004b9050 CR3: 0000000120f4d002 CR4: > 0000000000771ef0 > [ 24.263841] PKRU: 55555554 > [ 24.263890] Call Trace: > [ 24.263938] <TASK> > [ 24.263992] bpf_trampoline_6442513766+0x6a/0x10d > [ 24.264088] security_sk_alloc+0x83/0xd0 > [ 24.264162] sk_prot_alloc+0xf4/0x150 > [ 24.264236] sk_alloc+0x34/0x2a0 > [ 24.264305] ? srso_return_thunk+0x5/0x5f > [ 24.264375] ? _raw_spin_unlock_irqrestore+0x35/0x50 > [ 24.264465] ? srso_return_thunk+0x5/0x5f > [ 24.264533] ? __wake_up_common_lock+0xa8/0xd0 > [ 24.264625] __netlink_create+0x2f/0xf0 > [ 24.264695] netlink_create+0x1c4/0x230 > [ 24.264765] ? __pfx_rtnetlink_bind+0x10/0x10 > [ 24.264858] __sock_create+0x21d/0x400 > [ 24.264937] __sys_socket+0x65/0x100 > [ 24.265007] ? srso_return_thunk+0x5/0x5f > [ 24.265077] __x64_sys_socket+0x19/0x30 > [ 24.265146] do_syscall_64+0xde/0x390 > [ 24.265216] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.265307] ? trace_irq_disable+0x1d/0xc0 > [ 24.265379] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 24.265469] RIP: 0033:0x7f0006f112ab > [ 24.265538] Code: 73 01 c3 48 8b 0d 6d 8b 0e 00 f7 d8 64 89 01 48 83 c8 ff > c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 29 00 00 00 0f 05 <48> 3d > 01 f0 > ff ff 73 01 c3 48 8b 0d 3d 8b 0e 00 f7 d8 64 89 01 48 > [ 24.265822] RSP: 002b:00007ffd8ecb3be8 EFLAGS: 00000246 ORIG_RAX: > 0000000000000029 > [ 24.265960] RAX: ffffffffffffffda RBX: 000056212b30d040 RCX: > 00007f0006f112ab > [ 24.266088] RDX: 0000000000000000 RSI: 0000000000080003 RDI: > 0000000000000010 > [ 24.266217] RBP: 0000000000000000 R08: 00007ffd8ecb3bc0 R09: > 0000000000000000 > [ 24.266346] R10: 0000000000000000 R11: 0000000000000246 R12: > 0000000000000000 > [ 24.266474] R13: 000056212b30d040 R14: 00007ffd8ecb3d88 R15: > 0000000000000004 > [ 24.266617] </TASK> > [ 24.266663] Modules linked in: bpf_test_modorder_y(OE+) > bpf_test_modorder_x(OE) bpf_testmod(OE) > [ 24.266824] CR2: ffa00000004b9050 > [ 24.266897] ---[ end trace 0000000000000000 ]--- > [ 24.266989] RIP: 0010:__cgroup_bpf_run_lsm_current+0xc5/0x2f0 > [ 24.267101] Code: a6 6f 1a 02 01 48 c7 c7 31 5b 71 82 be bf 01 00 00 48 c7 > c2 d3 70 65 82 e8 d8 53 ce ff 4d 8b 7f 60 4d 85 ff 0f 84 14 02 00 00 <49> 8b > 46 f0 > 4c 63 b0 34 05 00 00 c7 44 24 10 00 00 00 00 41 0f b7 > [ 24.267406] RSP: 0018:ffa0000004dfbc98 EFLAGS: 00010282 > [ 24.267499] RAX: 0000000000000001 RBX: ffa0000004dfbd10 RCX: > 0000000000000001 > [ 24.267629] RDX: 00000000d7c4159d RSI: ffffffff8359b368 RDI: > ff1100011b5c50c8 > [ 24.267758] RBP: ffa0000004dfbd30 R08: 0000000000020000 R09: > ffffffffffffffff > [ 24.267897] R10: ffffffff814f76b3 R11: 0000000000000000 R12: > ff1100011b5c4580 > [ 24.268030] R13: 0000000000000000 R14: ffa00000004b9060 R15: > ffffffff835b3040 > [ 24.268167] FS: 00007f0007064800(0000) GS:ff1100203bdcc000(0000) > knlGS:0000000000000000 > [ 24.268311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 24.268428] CR2: ffa00000004b9050 CR3: 0000000120f4d002 CR4: > 0000000000771ef0 > [ 24.268565] PKRU: 55555554 > [ 24.268613] Kernel panic - not syncing: Fatal exception > [ 24.268977] Kernel Offset: disabled > [ 24.269046] ---[ end Kernel panic - not syncing: Fatal exception ]--- > > > > > --- > > arch/x86/Kconfig | 1 + > > kernel/bpf/trampoline.c | 220 ++++++++++++++++++++++++++++++++++------ > > kernel/trace/Kconfig | 3 + > > kernel/trace/ftrace.c | 7 +- > > 4 files changed, 200 insertions(+), 31 deletions(-) > > > > [...]
