panic due to unhandled page fault via BPF_PROG_RUN syscall
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-azure (Ubuntu) |
Triaged
|
High
|
Marcelo Cerri |
Bug Description
Here is a kernel oops triggered from user space by invoking a BPF program:
[ 1191.051531] BUG: unable to handle page fault for address: ffffffffea053c70
[ 1191.053848] #PF: supervisor read access in kernel mode
[ 1191.055183] #PF: error_code(0x0000) - not-present page
[ 1191.056513] PGD 334e15067 P4D 334e15067 PUD 334e17067 PMD 0
[ 1191.058016] Oops: 0000 [#1] SMP NOPTI
[ 1191.058984] CPU: 1 PID: 2557 Comm: ebpf.test Not tainted 6.2.0-1016-azure #16~22.04.1-Ubuntu
[ 1191.061167] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 12/07/2018
[ 1191.063804] RIP: 0010:bpf_
[ 1191.065064] Code: 00 00 48 89 90 50 14 00 00 48 89 b5 60 ff ff ff eb 3e 0f 1f 44 00 00 48 8b 53 30 4c 89 ee 4c 89 e7 e8 50 8c f8 ff 89 c2 66 90 <48> 8b 45 80 4d 89 f0 48 8d 4d 8c be 01 00 00 00 48 8d 7d a0 89 10
[ 1191.069766] RSP: 0018:ffffa64e03
[ 1191.071117] RAX: 0000000000000001 RBX: ffffa64e0005a000 RCX: ffffa64e03053c3f
[ 1191.073415] RDX: 0000000000000001 RSI: ffffa64e03053c3f RDI: ffffffff8a468580
[ 1191.075351] RBP: ffffffffea053cf0 R08: 0000000000000000 R09: 0000000000000000
[ 1191.077722] R10: 0000000000000000 R11: 0000000000000000 R12: ffff97dc75673c00
[ 1191.079681] R13: ffffa64e0005a048 R14: ffffa64e03053d34 R15: 0000000000000001
[ 1191.081636] FS: 00007fd4a2ffd64
[ 1191.083866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1191.085455] CR2: ffffffffea053c70 CR3: 000000019ff80001 CR4: 0000000000370ee0
[ 1191.087405] Call Trace:
[ 1191.088121] <TASK>
[ 1191.088745] ? show_regs+0x6a/0x80
[ 1191.089710] ? __die+0x25/0x70
[ 1191.090591] ? page_fault_
[ 1191.091708] ? srso_alias_
[ 1191.093027] ? search_
[ 1191.094421] ? srso_alias_
[ 1191.095686] ? kernelmode_
[ 1191.097014] ? __bad_area_
[ 1191.098323] ? srso_alias_
[ 1191.099584] ? apparmor_
[ 1191.100989] ? bad_area_
[ 1191.102235] ? do_kern_
[ 1191.103393] ? exc_page_
[ 1191.104505] ? asm_exc_
[ 1191.105669] ? bpf_test_
[ 1191.106745] ? srso_alias_
[ 1191.108010] ? bpf_prog_
[ 1191.109350] ? __fdget+0x13/0x20
[ 1191.110304] ? __sys_bpf+
[ 1191.111299] ? __x64_sys_
[ 1191.112307] ? do_syscall_
[ 1191.113366] ? srso_alias_
[ 1191.114634] ? exit_to_
[ 1191.115929] ? srso_alias_
[ 1191.117466] ? __set_task_
[ 1191.118904] ? exit_to_
[ 1191.120482] ? srso_alias_
[ 1191.122073] ? sigprocmask+
[ 1191.123360] ? srso_alias_
[ 1191.124868] ? exit_to_
[ 1191.126523] ? srso_alias_
[ 1191.128028] ? syscall_
[ 1191.129599] ? srso_alias_
[ 1191.131033] ? do_syscall_
[ 1191.132242] ? srso_alias_
[ 1191.134199] ? do_syscall_
[ 1191.135504] ? entry_SYSCALL_
[ 1191.137137] </TASK>
[ 1191.137942] Modules linked in: nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_
[ 1191.156484] CR2: ffffffffea053c70
[ 1191.158026] ---[ end trace 0000000000000000 ]---
[ 1191.159518] RIP: 0010:bpf_
[ 1191.160912] Code: 00 00 48 89 90 50 14 00 00 48 89 b5 60 ff ff ff eb 3e 0f 1f 44 00 00 48 8b 53 30 4c 89 ee 4c 89 e7 e8 50 8c f8 ff 89 c2 66 90 <48> 8b 45 80 4d 89 f0 48 8d 4d 8c be 01 00 00 00 48 8d 7d a0 89 10
[ 1191.166336] RSP: 0018:ffffa64e03
[ 1191.168046] RAX: 0000000000000001 RBX: ffffa64e0005a000 RCX: ffffa64e03053c3f
[ 1191.170129] RDX: 0000000000000001 RSI: ffffa64e03053c3f RDI: ffffffff8a468580
[ 1191.172210] RBP: ffffffffea053cf0 R08: 0000000000000000 R09: 0000000000000000
[ 1191.174546] R10: 0000000000000000 R11: 0000000000000000 R12: ffff97dc75673c00
[ 1191.176719] R13: ffffa64e0005a048 R14: ffffa64e03053d34 R15: 0000000000000001
[ 1191.178807] FS: 00007fd4a2ffd64
[ 1191.181128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1191.182936] CR2: ffffffffea053c70 CR3: 000000019ff80001 CR4: 0000000000370ee0
[ 1191.185355] note: ebpf.test[2557] exited with irqs disabled
Release info:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
You can reproduce this by checking out https:/
go test -exec sudo -run 'TestKfunc$' -timeout 30s -v .
The same test executes fine on upstream 6.1 and 6.6. I also tested against 6.2.9 from kernel.org and didn't get the same splat.
Changed in linux-azure (Ubuntu): | |
importance: | Undecided → High |
status: | New → Triaged |
We would like to collect some additional information about your system. From a terminal, please run the following:
apport-collect BUG_ID
or to a file:
apport-bug --save /tmp/report.BUG_ID linux
If apport can't be run: signature > version.log
1) uname -a > uname-a.log
2) dmesg > dmesg.log
3) sudo lspci -vvnn > lspci-vvnn.log
4) cat /proc/version_