Closed pk-pavlk closed 1 year ago
ouch. Thank you @pk-pavlk for reporting this problem, I'll try to reproduce it. I've tested it extensively with kernel 5.14, but on debian, ubuntu.
Could you install the package bcc-tools
and execute tcpconnect
or other tools to see if they also generate kernel oops? They're located under /usr/share/bcc/tools/
It seems I get the same oops when tcpconnect
from bcc-tools
is running (well, similar, this generates the #PF: error_code(0x0011) - permissions violation
, but I guess it depends on how it goes wrong).
Which also means that this is in no way a problem in opensnitch ebpf. Sorry for the false report and thank you for pointing me to this way to test it.
woah! thank $god the oops are not caused by us :) These issues are always hard to debug.
I guess that there'll be already an issue reported to SuSe, so if you have the link post it here please, I'd like to read the details.
Yeah, I tried to debug it before I posted this and couldn't really find much on debugging bpf.
For now, I couldn't find a relevant bug on the SUSE (or any other) tracker. I will experiment further and if I find a solution or create the bugreport myself, I will post it here in case others encounter the same problem.
In the meantime, we can close this issue since it is not caused by opensnitch. Thank you for your help.
I have raised a bugreport on SUSE kernel tracker, it was indeed a kernel bug. Should be fixed with the next kernel release:
https://bugzilla.suse.com/show_bug.cgi?id=1203103
Thanks again for pointing me to the way to test this.
Describe the bug I am getting kernel oops after upgrading openSUSE Leap 15.3 to 15.4 (which bumped kernel version from 5.3 to 5.14 and upgraded a lot of packages):
The oops seems to be caused by eBPF filter, since it comes from functions
tcp_v6_connect
,udp_sendmsg
,tcp_v4_connect
, which are all probed by it.This happens on every attempted network connection (and prevents the connection from working) and stops if I stop opensnitchd (which unloads the eBPF) or if I switch ProcMonitorMethod to something other than ebpf.
I used compiled opensnitch 1.4.0rc2 (+compiled eBPF) which broke after upgrade, so I tried it with latest code from master (and compiled latest eBPF modules as well) and it behaves the same.
I have read the #297, but my call trace does not seem to include the [nfnetlink] calls, so I think this is a different problem. My libnetfilter_queue version is 1.0.3-1.16, but I am not sure what patches openSUSE includes (the version did not change during the 15.3->15.4 upgrade).
Version information:
To Reproduce
I can reproduce it on 2 physical computers (same CPU and GPU models, different motherboards). I cannot reproduce this in a VM.
Post error logs:
(there are variations, they differ in the call trace - but the top function is always one of those probed by ebpf)
I have also tried using the non-stripped ebpf modules, but it does not seem to produce more detailed error.
I am not sure how to debug this further, is there anything I could test or more information to collect? Thanks for your help.