Bug 2219196

Summary:	bpf-biosnoop fails to run
Product:	Red Hat Enterprise Linux 9	Reporter:	Carlos Rodriguez-Fernandez <carlosrodrifernandez>
Component:	bcc	Assignee:	Jerome Marchand <jmarchan>
Status:	CLOSED MIGRATED	QA Contact:
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	CentOS Stream	CC:	bfubel, bstinson, ctrautma, jmarchan, jwboyer, ldoskova, rdossant
Target Milestone:	rc	Keywords:	MigratedToJIRA, Triaged
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-09-25 17:06:10 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Carlos Rodriguez-Fernandez 2023-07-02 23:06:07 UTC

Description of problem:


bpf-biosnoop fails to run.

```
bpf-biosnoop 1
libbpf: prog 'block_rq_complete': BPF program load failed: Permission denied
libbpf: prog 'block_rq_complete': -- BEGIN PROG LOAD LOG --
reg type unsupported for arg#0 function block_rq_complete#142
0: R1=ctx(off=0,imm=0) R10=fp0
; int BPF_PROG(block_rq_complete, struct request *rq, int error,
0: (bf) r6 = r1                       ; R1=ctx(off=0,imm=0) R6_w=ctx(off=0,imm=0)
; int BPF_PROG(block_rq_complete, struct request *rq, int error,
1: (79) r1 = *(u64 *)(r6 +0)
func 'block_rq_complete' arg0 has btf_id 6289 type STRUCT 'request'
2: R1_w=trusted_ptr_request(off=0,imm=0) R6_w=ctx(off=0,imm=0)
2: (7b) *(u64 *)(r10 -8) = r1         ; R1_w=trusted_ptr_request(off=0,imm=0) R10=fp0 fp-8_w=trusted_ptr_
; if (filter_cg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
3: (18) r1 = 0xffffb81ac011c000       ; R1_w=map_value(off=0,ks=4,vs=8,imm=0)
5: (71) r1 = *(u8 *)(r1 +0)           ; R1_w=0
; if (filter_cg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
6: (15) if r1 == 0x0 goto pc+5        ; R1_w=0
; u64 ts = bpf_ktime_get_ns();
12: (85) call bpf_ktime_get_ns#5      ; R0=scalar()
13: (bf) r9 = r0                      ; R0=scalar(id=1) R9_w=scalar(id=1)
14: (b7) r7 = 0                       ; R7_w=0
; struct event event = {};
15: (7b) *(u64 *)(r10 -16) = r7       ; R7_w=0 R10=fp0 fp-16_w=00000000
16: (7b) *(u64 *)(r10 -24) = r7       ; R7_w=0 R10=fp0 fp-24_w=00000000
17: (7b) *(u64 *)(r10 -32) = r7       ; R7_w=0 R10=fp0 fp-32_w=00000000
18: (7b) *(u64 *)(r10 -40) = r7       ; R7_w=0 R10=fp0 fp-40_w=00000000
19: (7b) *(u64 *)(r10 -48) = r7       ; R7_w=0 R10=fp0 fp-48_w=00000000
20: (7b) *(u64 *)(r10 -56) = r7       ; R7_w=0 R10=fp0 fp-56_w=00000000
21: (7b) *(u64 *)(r10 -64) = r7       ; R7_w=0 R10=fp0 fp-64_w=00000000
22: (7b) *(u64 *)(r10 -72) = r7       ; R7_w=0 R10=fp0 fp-72_w=00000000
23: (bf) r2 = r10                     ; R2_w=fp0 R10=fp0
; u64 ts = bpf_ktime_get_ns();
24: (07) r2 += -8                     ; R2_w=fp-8
; stagep = bpf_map_lookup_elem(&start, &rq);
25: (18) r1 = 0xffff93cadb714000      ; R1_w=map_ptr(off=0,ks=8,vs=24,imm=0)
27: (85) call bpf_map_lookup_elem#1   ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0)
28: (bf) r8 = r0                      ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0) R8_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0)
; if (!stagep)
29: (15) if r8 == 0x0 goto pc+82      ; R8_w=map_value(off=0,ks=8,vs=24,imm=0)
; delta = (s64)(ts - stagep->issue);
30: (79) r1 = *(u64 *)(r8 +8)         ; R1_w=scalar() R8_w=map_value(off=0,ks=8,vs=24,imm=0)
31: (7b) *(u64 *)(r10 -96) = r9       ; R9_w=scalar(id=1) R10=fp0 fp-96_w=mmmmmmmm
; delta = (s64)(ts - stagep->issue);
32: (1f) r9 -= r1                     ; R1=scalar() R9=scalar()
; if (delta < 0)
33: (6d) if r7 s> r9 goto pc+68       ; R7=0 R9=scalar(umax=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff))
34: (bf) r2 = r10                     ; R2_w=fp0 R10=fp0
; 
35: (07) r2 += -8                     ; R2_w=fp-8
; piddatap = bpf_map_lookup_elem(&infobyreq, &rq);
36: (18) r1 = 0xffff93cadb715c00      ; R1_w=map_ptr(off=0,ks=8,vs=20,imm=0)
38: (85) call bpf_map_lookup_elem#1   ; R0_w=map_value_or_null(id=3,off=0,ks=8,vs=20,imm=0)
; if (!piddatap) {
39: (55) if r0 != 0x0 goto pc+3       ; R0_w=0
40: (b7) r1 = 63                      ; R1_w=63
; event.comm[0] = '?';
41: (73) *(u8 *)(r10 -72) = r1        ; R1_w=63 R10=fp0 fp-72=63
42: (05) goto pc+12
; event.delta = delta;
55: (7b) *(u64 *)(r10 -56) = r9       ; R9=scalar(umax=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R10=fp0 fp-56_w=
; if (targ_queued && BPF_CORE_READ(rq, q, elevator)) {
56: (18) r1 = 0xffffb81ac011c001      ; R1_w=map_value(off=1,ks=4,vs=8,imm=0)
58: (71) r1 = *(u8 *)(r1 +0)          ; R1_w=0
59: (79) r7 = *(u64 *)(r10 -96)       ; R7_w=scalar() R10=fp0
; if (targ_queued && BPF_CORE_READ(rq, q, elevator)) {
60: (15) if r1 == 0x0 goto pc+22      ; R1_w=0
; event.ts = ts;
83: (7b) *(u64 *)(r10 -40) = r7       ; R7_w=scalar() R10=fp0 fp-40_w=mmmmmmmm
; event.sector = rq->__sector;
84: (79) r1 = *(u64 *)(r10 -8)        ; R1_w=scalar() R10=fp0
; event.sector = rq->__sector;
85: (79) r2 = *(u64 *)(r1 +48)
R1 invalid mem access 'scalar'
processed 43 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 2
-- END PROG LOAD LOG --
libbpf: prog 'block_rq_complete': failed to load: -13
libbpf: failed to load object 'biosnoop_bpf'
libbpf: failed to load BPF skeleton 'biosnoop_bpf': -13
failed to load BPF object: -13
```

Version-Release number of selected component (if applicable):
Name         : libbpf-tools
Version      : 0.26.0
Release      : 3.el9

How reproducible:

Steps to Reproduce:
1. Download Centos Stream 9 QCOW2 and run it
2. run dnf install libbpf-tools
3. run bpf-biosnoop 1

Actual results:

```
libbpf: prog 'block_rq_complete': BPF program load failed: Permission denied
libbpf: prog 'block_rq_complete': -- BEGIN PROG LOAD LOG --
reg type unsupported for arg#0 function block_rq_complete#142
0: R1=ctx(off=0,imm=0) R10=fp0
; int BPF_PROG(block_rq_complete, struct request *rq, int error,
0: (bf) r6 = r1                       ; R1=ctx(off=0,imm=0) R6_w=ctx(off=0,imm=0)
; int BPF_PROG(block_rq_complete, struct request *rq, int error,
1: (79) r1 = *(u64 *)(r6 +0)
func 'block_rq_complete' arg0 has btf_id 6289 type STRUCT 'request'
2: R1_w=trusted_ptr_request(off=0,imm=0) R6_w=ctx(off=0,imm=0)
2: (7b) *(u64 *)(r10 -8) = r1         ; R1_w=trusted_ptr_request(off=0,imm=0) R10=fp0 fp-8_w=trusted_ptr_
; if (filter_cg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
3: (18) r1 = 0xffffb81ac011c000       ; R1_w=map_value(off=0,ks=4,vs=8,imm=0)
5: (71) r1 = *(u8 *)(r1 +0)           ; R1_w=0
; if (filter_cg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
6: (15) if r1 == 0x0 goto pc+5        ; R1_w=0
; u64 ts = bpf_ktime_get_ns();
12: (85) call bpf_ktime_get_ns#5      ; R0=scalar()
13: (bf) r9 = r0                      ; R0=scalar(id=1) R9_w=scalar(id=1)
14: (b7) r7 = 0                       ; R7_w=0
; struct event event = {};
15: (7b) *(u64 *)(r10 -16) = r7       ; R7_w=0 R10=fp0 fp-16_w=00000000
16: (7b) *(u64 *)(r10 -24) = r7       ; R7_w=0 R10=fp0 fp-24_w=00000000
17: (7b) *(u64 *)(r10 -32) = r7       ; R7_w=0 R10=fp0 fp-32_w=00000000
18: (7b) *(u64 *)(r10 -40) = r7       ; R7_w=0 R10=fp0 fp-40_w=00000000
19: (7b) *(u64 *)(r10 -48) = r7       ; R7_w=0 R10=fp0 fp-48_w=00000000
20: (7b) *(u64 *)(r10 -56) = r7       ; R7_w=0 R10=fp0 fp-56_w=00000000
21: (7b) *(u64 *)(r10 -64) = r7       ; R7_w=0 R10=fp0 fp-64_w=00000000
22: (7b) *(u64 *)(r10 -72) = r7       ; R7_w=0 R10=fp0 fp-72_w=00000000
23: (bf) r2 = r10                     ; R2_w=fp0 R10=fp0
; u64 ts = bpf_ktime_get_ns();
24: (07) r2 += -8                     ; R2_w=fp-8
; stagep = bpf_map_lookup_elem(&start, &rq);
25: (18) r1 = 0xffff93cadb714000      ; R1_w=map_ptr(off=0,ks=8,vs=24,imm=0)
27: (85) call bpf_map_lookup_elem#1   ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0)
28: (bf) r8 = r0                      ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0) R8_w=map_value_or_null(id=2,off=0,ks=8,vs=24,imm=0)
; if (!stagep)
29: (15) if r8 == 0x0 goto pc+82      ; R8_w=map_value(off=0,ks=8,vs=24,imm=0)
; delta = (s64)(ts - stagep->issue);
30: (79) r1 = *(u64 *)(r8 +8)         ; R1_w=scalar() R8_w=map_value(off=0,ks=8,vs=24,imm=0)
31: (7b) *(u64 *)(r10 -96) = r9       ; R9_w=scalar(id=1) R10=fp0 fp-96_w=mmmmmmmm
; delta = (s64)(ts - stagep->issue);
32: (1f) r9 -= r1                     ; R1=scalar() R9=scalar()
; if (delta < 0)
33: (6d) if r7 s> r9 goto pc+68       ; R7=0 R9=scalar(umax=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff))
34: (bf) r2 = r10                     ; R2_w=fp0 R10=fp0
; 
35: (07) r2 += -8                     ; R2_w=fp-8
; piddatap = bpf_map_lookup_elem(&infobyreq, &rq);
36: (18) r1 = 0xffff93cadb715c00      ; R1_w=map_ptr(off=0,ks=8,vs=20,imm=0)
38: (85) call bpf_map_lookup_elem#1   ; R0_w=map_value_or_null(id=3,off=0,ks=8,vs=20,imm=0)
; if (!piddatap) {
39: (55) if r0 != 0x0 goto pc+3       ; R0_w=0
40: (b7) r1 = 63                      ; R1_w=63
; event.comm[0] = '?';
41: (73) *(u8 *)(r10 -72) = r1        ; R1_w=63 R10=fp0 fp-72=63
42: (05) goto pc+12
; event.delta = delta;
55: (7b) *(u64 *)(r10 -56) = r9       ; R9=scalar(umax=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R10=fp0 fp-56_w=
; if (targ_queued && BPF_CORE_READ(rq, q, elevator)) {
56: (18) r1 = 0xffffb81ac011c001      ; R1_w=map_value(off=1,ks=4,vs=8,imm=0)
58: (71) r1 = *(u8 *)(r1 +0)          ; R1_w=0
59: (79) r7 = *(u64 *)(r10 -96)       ; R7_w=scalar() R10=fp0
; if (targ_queued && BPF_CORE_READ(rq, q, elevator)) {
60: (15) if r1 == 0x0 goto pc+22      ; R1_w=0
; event.ts = ts;
83: (7b) *(u64 *)(r10 -40) = r7       ; R7_w=scalar() R10=fp0 fp-40_w=mmmmmmmm
; event.sector = rq->__sector;
84: (79) r1 = *(u64 *)(r10 -8)        ; R1_w=scalar() R10=fp0
; event.sector = rq->__sector;
85: (79) r2 = *(u64 *)(r1 +48)
R1 invalid mem access 'scalar'
processed 43 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 2
-- END PROG LOAD LOG --
libbpf: prog 'block_rq_complete': failed to load: -13
libbpf: failed to load object 'biosnoop_bpf'
libbpf: failed to load BPF skeleton 'biosnoop_bpf': -13
failed to load BPF object: -13
```

Expected results:
It doesn't error but works as intended

Additional info:

Comment 1 Jerome Marchand 2023-07-21 13:16:15 UTC

Looks like the following commit might fix it:
02daf8d8 libbpf-tools/biosnoop: Fix out-of-bounds accessing of rq

Comment 2 RHEL Program Management 2023-09-25 16:51:09 UTC

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 3 RHEL Program Management 2023-09-25 17:06:10 UTC

This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.