Execution of the "sosreport" or "bpftool" command triggers the kernel panic

Solution Verified - Updated -

Issue

  • Server got panicked when bpftool command was executed.
  • In other scenario, server got panicked when sosreport command was executed, as it also collects bpftool output through 'kernel' plugin.
[   85.863702] TECH PREVIEW: eBPF syscall may not be fully supported.
               Please review provided documentation for limitations.
[   85.863742] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
[   85.863820] IP: [<0000000000000001>] 0x1
[   85.863862] PGD 80000000ad957067 PUD aa358067 PMD 0 
[   85.863913] Oops: 0010 [#1] SMP 
[   85.864617] CPU: 0 PID: 2603 Comm: bpftool Kdump: loaded Tainted: POE  ------------ T 3.10.0-1062.4.1.el7.x86_64 #1
[   85.864700] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
[   85.864777] task: ffff90386ca4a0e0 ti: ffff90386dd10000 task.ti: ffff90386dd10000
[   85.864833] RIP: 0010:[<0000000000000001>]  [<0000000000000001>] 0x1
[   85.864891] RSP: 0018:ffff90386dd13ea0  EFLAGS: 00010246
[   85.864933] RAX: 0000000000000001 RBX: ffff90386dd13ed0 RCX: 0000000000000000
[   85.864986] RDX: 0000000000000048 RSI: ffff90386dd13ed0 RDI: 000000000000000b
[   85.865040] RBP: ffff90386dd13ea8 R08: 0000000000000000 R09: 0000000000000000
[   85.865093] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000048
[   85.865146] R13: 00007ffeca9902f0 R14: 000000000000000b R15: 0000000000000048
[   85.865201] FS:  00007f0d67dca740(0000) GS:ffff9038f9600000(0000) knlGS:0000000000000000
[   85.865261] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.865305] CR2: 0000000000000001 CR3: 00000000b0e4a000 CR4: 00000000001607f0
[   85.865440] Call Trace:
[   85.865474]  [<ffffffff81903a4c>] ? security_bpf+0x1c/0x20
[   85.865523]  [<ffffffff8179139e>] SyS_bpf+0xee/0xa40
[   85.867631]  [<ffffffff81d8bede>] system_call_fastpath+0x25/0x2a
[   85.869672] Code:  Bad RIP value.
[   85.871706] RIP  [<0000000000000001>] 0x1
[   85.873735]  RSP <ffff90386dd13ea0>
[   85.875736] CR2: 0000000000000001

Environment

  • Red Hat Enterprise Linux 7.6+ (3.10.0-957.el7 or higher)
  • Third-party kernel module [cbsensor]
  • bpftool (or any other program calling bpf() system call)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content