[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Seth, I reported the same issue in LP#1763352 (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763352). My patch there does essentially the same as yours, so I will mention in that ticket that it's a duplicate. But your patch does not remove the wrong "env->insn_aux_data[insn_idx].seen = true" from kernel/bpf/verifier.c line 1844. I think that "seen" shouldn't be set there. The line was probably added there by mistake. It should have been added for the LD IMM64 case in the first place. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [
[Kernel-packages] [Bug 1763352] Re: kernel panic in bpf_map_update_elem (with bcc tool ext4slower)
The same issue was reported in LP#1763454 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763454 Seth Forshee provided a patch there that solves the issue here as well. His patch has been sent to the mailing list already. >From my point of view we could treat this ticket here as a duplicate of LP#1763454 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763352 Title: kernel panic in bpf_map_update_elem (with bcc tool ext4slower) Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Using Ubuntu 16.04 LTS with 4.4.0 kernel on x86_64 After kernel update from 4.4.0-116 to 4.4.0-119 running an eBPF tool to log slow ext4 I/O (bcc-tool ext4slower) causes a kernel panic in bpf_map_update_elem. Steps to reproduce: * install bcc-tools 0.5.0-1 (https://github.com/iovisor/bcc), packages: bcc-tools, libbcc, python-bcc, libbcc-examples; from repo.iovisor.org * install kernel 4.4.0-119 (linux-image-4.4.0-119-generic linux-image-extra-4.4.0-119 linux-headers-4.4.0-119 linux-headers-4.4.0-119-generic) * reboot * run ext4slower (sudo /usr/share/bcc/tools/ext4slower) * system crashes With kernel 4.4.0-116 ext4slower runs fine. uname -a: Linux 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux BCC tools version: 0.5.0-1 Log of the kernel panic including backtrace: [ 59.635900] BUG: unable to handle kernel paging request at b98aa6a8 [ 59.642345] IP: [] bpf_map_update_elem+0x6/0x20 [ 59.645782] PGD 0 [ 59.647150] Oops: [#1] SMP [ 59.649808] Modules linked in: crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd input_leds joydev serio_raw i2c_piix4 8250_fintek parport_pc parport mac_hid autofs4 hid_generic usbhid hid ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm pata_acpi floppy [ 59.672373] CPU: 0 PID: 1 Comm: systemd Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.676407] Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.10.2-2 04/01/2014 [ 59.680079] task: 88013a49 ti: 88013a48c000 task.ti: 88013a48c000 [ 59.684124] RIP: 0010:[] [] bpf_map_update_elem+0x6/0x20 [ 59.689097] RSP: 0018:88013a48f980 EFLAGS: 00010086 [ 59.691618] RAX: 8117cd90 RBX: c9818170 RCX: [ 59.695739] RDX: 88013a48fbd0 RSI: 88013a48fbe8 RDI: b98aa680 [ 59.699444] RBP: 88013a48fc08 R08: 880138d6b180 R09: 0800 [ 59.703264] R10: 88013a49 R11: 0246 R12: [ 59.707164] R13: 8800ba0f4400 R14: 88013fc10020 R15: 88013a48fd58 [ 59.72] FS: 7f4039da58c0() GS:88013fc0() knlGS: [ 59.715861] CS: 0010 DS: ES: CR0: 80050033 [ 59.719025] CR2: b98aa6a8 CR3: bb65e000 CR4: 00160670 [ 59.722937] DR0: DR1: DR2: [ 59.727210] DR3: DR6: fffe0ff0 DR7: 0400 [ 59.731074] Stack: [ 59.732149] 88013a48fc08 81177411 88013fc20500 [ 59.735760] b98aa680 88013a48fbe8 88013a48fbd0 [ 59.740058] 880138d6b180 88013a48fe58 8800bb5ab000 [ 59.744100] Call Trace: [ 59.745434] [] ? __bpf_prog_run+0x7a1/0x1360 [ 59.748289] [] ? update_curr+0x79/0x170 [ 59.751044] [] ? vp_notify+0x16/0x20 [ 59.753601] [] ? dequeue_entity+0x41b/0xa80 [ 59.756354] [] ? update_load_avg+0x219/0x7d0 [ 59.759171] [] ? set_next_entity+0x9c/0xb0 [ 59.761890] [] ? __switch_to+0x1dc/0x5c0 [ 59.764667] [] ? __schedule+0x341/0x7f0 [ 59.767155] [] ? blk_mq_flush_plug_list+0x128/0x150 [ 59.770253] [] ? bit_wait+0x60/0x60 [ 59.772782] [] trace_call_bpf+0x37/0x50 [ 59.775336] [] kprobe_perf_func+0x37/0x250 [ 59.778264] [] ? ktime_get+0x3e/0xb0 [ 59.780724] [] ? delayacct_end+0x56/0x60 [ 59.783589] [] kprobe_dispatcher+0x31/0x50 [ 59.786490] [] aggr_pre_handler+0x45/0x80 [ 59.789534] [] ? generic_file_read_iter+0x1/0x690 [ 59.792407] [] kprobe_ftrace_handler+0xb6/0x120 [ 59.795329] [] ? generic_file_read_iter+0x5/0x690 [ 59.798453] [] ftrace_ops_recurs_func+0x58/0xb0 [ 59.801948] [] 0xc00180d5 [ 59.804357] [] ? filemap_write_and_wait_range+0x70/0x70 [ 59.808022] [] ? generic_file_read_iter+0x1/0x690 [ 59.811225] [] generic_file_read_iter+0x5/0x690 [ 59.814332] [] new_sync_read+0x9e/0xe0 [ 59.817079] [] ? generic_file_read_iter+0x5/0x690 [ 59.820120] [] ? kretprobe_trampoline_holder+0x9/0x9 [