[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Ubuntu 4.4.0-123.147-generic 4.4.128 does fix it for us as well. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Tested with kernel 4.4.0-123.147. Issue is fixed there. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed- xenial'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
** Changed in: linux (Ubuntu Xenial) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696]
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
** Changed in: linux (Ubuntu Xenial) Importance: Medium => High ** Changed in: linux (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978]
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
I was wondering about the 'Importance' definition too. It's also a panic-reboot loop just after booting when using Weave Scope in the Kubernetes cluster because Scope installs the BPF probe during initialization. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
For us the importance of this issue would be High instead of Medium (not sure if there is an objective definition somewhere, could not find it). Reason is that we rely on BPF quite heavily in our infrastructure and servers just crash pretty much immediately once we install the current kernel version and reboot. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
(I used my team account cloudstackers-7 before, now with my own one) The bounds check may not be necessary, because replace_map_fd_with_map_ptr is called before do_check and the relevant check is already in replace_map_fd_with_map_ptr. But it's not obvious, so at least a comment in do_check may be a good idea. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
I've duped the other bug to this one. I do agree that the "seen = true" you identified looks like a mistake, I will fix up the patch to remove that. You also added some bounds checking. I see your point in adding that, I can't find anything which would guarantee that there is an additional instruction there. However the check_ld_imm() call before that can also assume that there's something after the current instruction, so either there is some guarantee that there's something after the current instruction or else that bounds check needs to be moved. As the upstream source still lacks a bounds check there too, it might be best to pursue this question upstream. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Seth, I reported the same issue in LP#1763352 (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763352). My patch there does essentially the same as yours, so I will mention in that ticket that it's a duplicate. But your patch does not remove the wrong "env->insn_aux_data[insn_idx].seen = true" from kernel/bpf/verifier.c line 1844. I think that "seen" shouldn't be set there. The line was probably added there by mistake. It should have been added for the LD IMM64 case in the first place. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
No it's not well documented, and it's a complicated mishmash of auto package tests (these do have documentation but not useful here) and autotests maintained by the kernel team. We do run some bpf autotests, we could see about adding them there. http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570]
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
> to allow time for testing and verifications Is the testing process documented somewhere? Ideally we should add a step in the process to test @schuio's reproducer (or an equivalent) to avoid future similar regressions for software using eBPF. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Note though that it should be in xenial-proposed within two weeks (at which point you'll be prompted to verify the fix there). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] []
Re: [Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
On Fri, Apr 13, 2018 at 12:19:26PM -, schu wrote: > Seth, can you give an ETA for when the update with the fix will be > published? > > If it's only a matter of a few days, adding a workaround might not be > necessary.. > (https://github.com/weaveworks/scope/pull/3141#discussion_r181340479) It will certainly be more than a few days. We release kernels on a 3-week cycle to allow time for testing and verifications, only in extreme cases to we rush fixes out faster than that (and just a few days is difficult in any case). It looks like we're currently on week 2 of the current cycle. The patch will get included in the next cycle, which would release about 4 weeks from now. ** Description changed: + SRU Justification + + Impact: Some unfortunate timing between the fix for CVE-2017-17862 being + backported and some updates from upstream stable resulted in us not + having some hunks from the CVE patch. This is causing oopses (see + below). + + Fix: Add in the missing hunks from the CVE patch. + + Test case: See test results in comment #4. + + Regression potential: This just updates the code to match the upstream + patch, which has been upstream for months, so regression potential + should be low. + + --- + Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 - [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 - [ 58.914876] Oops: [#1] SMP + [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 + [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Seth, can you give an ETA for when the update with the fix will be published? If it's only a matter of a few days, adding a workaround might not be necessary.. (https://github.com/weaveworks/scope/pull/3141#discussion_r181340479) Thanks again. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ? tcp_close+0x1/0x440 [ 63.260350] [] kprobe_ftrace_handler+0xb6/0x120 [ 63.275694] [] ? tcp_close+0x5/0x440 [ 63.278202] [] ftrace_ops_recurs_func+0x58/0xb0 [ 63.289826] [] 0xc00050d5 [ 63.291573] [] ? tcp_check_oom+0x150/0x150 [ 63.299743] [] ? tcp_close+0x1/0x440 [ 63.301658] []
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
`Ubuntu 4.4.0-119.143+lp1763454v201804121433-generic 4.4.114` does fix the problem for us. Tested with Scope e2b4b3edf63a62836ca27024003cc38aa6b9c0b5 Thanks Seth! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ? tcp_close+0x1/0x440 [ 63.260350] [] kprobe_ftrace_handler+0xb6/0x120 [ 63.275694] [] ? tcp_close+0x5/0x440 [ 63.278202] [] ftrace_ops_recurs_func+0x58/0xb0 [ 63.289826] [] 0xc00050d5 [ 63.291573] [] ? tcp_check_oom+0x150/0x150 [ 63.299743] [] ? tcp_close+0x1/0x440 [ 63.301658] [] tcp_close+0x5/0x440 [ 63.340651] [] inet_release+0x42/0x70 [ 63.440655] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Test build is at the link below, please let me know if it fixes the issue. Thanks! http://people.canonical.com/~sforshee/lp1763454/ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ? tcp_close+0x1/0x440 [ 63.260350] [] kprobe_ftrace_handler+0xb6/0x120 [ 63.275694] [] ? tcp_close+0x5/0x440 [ 63.278202] [] ftrace_ops_recurs_func+0x58/0xb0 [ 63.289826] [] 0xc00050d5 [ 63.291573] [] ? tcp_check_oom+0x150/0x150 [ 63.299743] [] ? tcp_close+0x1/0x440 [ 63.301658] [] tcp_close+0x5/0x440 [ 63.340651] [] inet_release+0x42/0x70 [ 63.440655] [] ? tcp_close+0x5/0x440 [ 63.549368] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Seth Forshee (sforshee) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ? tcp_close+0x1/0x440 [ 63.260350] [] kprobe_ftrace_handler+0xb6/0x120 [ 63.275694] [] ? tcp_close+0x5/0x440 [ 63.278202] [] ftrace_ops_recurs_func+0x58/0xb0 [ 63.289826] [] 0xc00050d5 [ 63.291573] [] ? tcp_check_oom+0x150/0x150 [ 63.299743] [] ? tcp_close+0x1/0x440 [ 63.301658] [] tcp_close+0x5/0x440 [ 63.340651] [] inet_release+0x42/0x70 [ 63.440655] [] ? tcp_close+0x5/0x440 [ 63.549368] [] ? inet_release+0x42/0x70 [ 63.655199]
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
I'm taking a guess at the cause of this kernel panic: commit c131187db2d3fa2f8bf32fdf4e9a4ef805168467 was backported from upstream kernel into the Ubuntu kernel. But this part was not backported: --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4213,6 +4216,8 @@ static int adjust_insn_aux_data(struct bpf_verifier_env *env, u32 prog_len, memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off); memcpy(new_data + off + cnt - 1, old_data + off, sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1)); + for (i = off; i < off + cnt - 1; i++) + new_data[i].seen = true; env->insn_aux_data = new_data; vfree(old_data); return 0; The likely reason for omission is that the Ubuntu kernel does not have this function in kernel/bpf/verifier.c, so there was no place to apply the patch snippet above. In upstream kernel, adjust_insn_aux_data() is called from fixup_bpf_calls() and that function was not in kernel/bpf/verifier.c yet in Ubuntu kernel. However, semantically, the patch should have been applied in kernel/bpf/syscall.c, which is the file where fixup_bpf_calls() was located before it got refactored by commit e245c5c6a5656. As a result, the BPF_CALL instruction is mistakenly considered not seen by the verifier so the BPF instructions for array_map_lookup_elem() are not emitted. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ?
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
** Changed in: linux (Ubuntu) Importance: Undecided => Medium ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Status: New => Incomplete ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Xenial) Status: Incomplete => Triaged ** Changed in: linux (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [ 63.092978] [] kprobe_dispatcher+0x31/0x50 [ 63.184696] [] ? tcp_close+0x1/0x440 [ 63.260350] [] kprobe_ftrace_handler+0xb6/0x120 [ 63.275694] [] ? tcp_close+0x5/0x440 [ 63.278202] []