I'm taking a guess at the cause of this kernel panic:
commit c131187db2d3fa2f8bf32fdf4e9a4ef805168467 was backported from upstream kernel into the Ubuntu kernel.
But this part was not backported:
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4213,6 +4216,8 @@ static int adjust_insn_aux_data(struct bpf_verifier_env *env, u32 prog_len, memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off); memcpy(new_data + off + cnt - 1, old_data + off, sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+ for (i = off; i < off + cnt - 1; i++)
+ new_data[i].seen = true; env->insn_aux_data = new_data; vfree(old_data);
return 0;
The likely reason for omission is that the Ubuntu kernel does not have this function in kernel/bpf/verifier.c, so there was no place to apply the patch snippet above. In upstream kernel, adjust_insn_aux_data() is called from fixup_bpf_calls() and that function was not in kernel/bpf/verifier.c yet in Ubuntu kernel.
However, semantically, the patch should have been applied in kernel/bpf/syscall.c, which is the file where fixup_bpf_calls() was located before it got refactored by commit e245c5c6a5656.
As a result, the BPF_CALL instruction is mistakenly considered not seen by the verifier so the BPF instructions for array_map_lookup_elem() are not emitted.
I'm taking a guess at the cause of this kernel panic:
commit c131187db2d3fa2 f8bf32fdf4e9a4e f805168467 was backported from upstream kernel into the Ubuntu kernel.
But this part was not backported:
--- a/kernel/ bpf/verifier. c bpf/verifier. c insn_aux_ data(struct bpf_verifier_env *env, u32 prog_len,
memcpy( new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
memcpy( new_data + off + cnt - 1, old_data + off,
sizeof( struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
env->insn_ aux_data = new_data;
vfree( old_data) ;
+++ b/kernel/
@@ -4213,6 +4216,8 @@ static int adjust_
+ for (i = off; i < off + cnt - 1; i++)
+ new_data[i].seen = true;
return 0;
The likely reason for omission is that the Ubuntu kernel does not have this function in kernel/ bpf/verifier. c, so there was no place to apply the patch snippet above. In upstream kernel, adjust_ insn_aux_ data() is called from fixup_bpf_calls() and that function was not in kernel/ bpf/verifier. c yet in Ubuntu kernel.
However, semantically, the patch should have been applied in kernel/ bpf/syscall. c, which is the file where fixup_bpf_calls() was located before it got refactored by commit e245c5c6a5656.
As a result, the BPF_CALL instruction is mistakenly considered not seen by the verifier so the BPF instructions for array_map_ lookup_ elem() are not emitted.