Execution of the "sosreport" or "bpftool" command triggers the kernel panic
Issue
- Server got panicked when
bpftool
command was executed. - In other scenario, server got panicked when
sosreport
command was executed, as it also collectsbpftool
output through 'kernel' plugin.
[ 85.863702] TECH PREVIEW: eBPF syscall may not be fully supported.
Please review provided documentation for limitations.
[ 85.863742] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
[ 85.863820] IP: [<0000000000000001>] 0x1
[ 85.863862] PGD 80000000ad957067 PUD aa358067 PMD 0
[ 85.863913] Oops: 0010 [#1] SMP
[ 85.864617] CPU: 0 PID: 2603 Comm: bpftool Kdump: loaded Tainted: POE ------------ T 3.10.0-1062.4.1.el7.x86_64 #1
[ 85.864700] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
[ 85.864777] task: ffff90386ca4a0e0 ti: ffff90386dd10000 task.ti: ffff90386dd10000
[ 85.864833] RIP: 0010:[<0000000000000001>] [<0000000000000001>] 0x1
[ 85.864891] RSP: 0018:ffff90386dd13ea0 EFLAGS: 00010246
[ 85.864933] RAX: 0000000000000001 RBX: ffff90386dd13ed0 RCX: 0000000000000000
[ 85.864986] RDX: 0000000000000048 RSI: ffff90386dd13ed0 RDI: 000000000000000b
[ 85.865040] RBP: ffff90386dd13ea8 R08: 0000000000000000 R09: 0000000000000000
[ 85.865093] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000048
[ 85.865146] R13: 00007ffeca9902f0 R14: 000000000000000b R15: 0000000000000048
[ 85.865201] FS: 00007f0d67dca740(0000) GS:ffff9038f9600000(0000) knlGS:0000000000000000
[ 85.865261] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.865305] CR2: 0000000000000001 CR3: 00000000b0e4a000 CR4: 00000000001607f0
[ 85.865440] Call Trace:
[ 85.865474] [<ffffffff81903a4c>] ? security_bpf+0x1c/0x20
[ 85.865523] [<ffffffff8179139e>] SyS_bpf+0xee/0xa40
[ 85.867631] [<ffffffff81d8bede>] system_call_fastpath+0x25/0x2a
[ 85.869672] Code: Bad RIP value.
[ 85.871706] RIP [<0000000000000001>] 0x1
[ 85.873735] RSP <ffff90386dd13ea0>
[ 85.875736] CR2: 0000000000000001
Environment
- Red Hat Enterprise Linux 7.6+ (3.10.0-957.el7 or higher)
- Third-party kernel module [cbsensor]
- bpftool (or any other program calling bpf() system call)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.