Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel mode stress test - __fastfail invoked in ebpf_object_acquire_reference #2474

Closed
dv-msft opened this issue May 16, 2023 · 0 comments · Fixed by #2479
Closed

kernel mode stress test - __fastfail invoked in ebpf_object_acquire_reference #2474

dv-msft opened this issue May 16, 2023 · 0 comments · Fixed by #2479
Assignees
@dv-msft
Labels
bug Something isn't working

Comments

@dv-msft
Copy link
Collaborator

dv-msft commented May 16, 2023
edited

Describe the bug

running the km mode stress test triggers a __fastfail in ebpfcore!ebpf_object_acquire_reference.

OS information

zn_release_liof (build 25360.230503.1222)

Steps taken to reproduce bug

run the km stress test (with kd attached) :
.\ebpf_stress_tests_km -tt=32 -td=30 jit_load_attach_detach_unload_random_v4_test

Expected behavior

Test should pass.

Actual outcome

test triggers a fastfail and breaks into kd:

2: kd> k
 # Child-SP          RetAddr               Call Site
00 ffffe201`8400de98 fffff804`811c3342     nt!DbgBreakPointWithStatus [minkernel\ntos\rtl\amd64\debugstb.asm @ 134] 
01 ffffe201`8400dea0 fffff804`811c2ae4     nt!KiBugCheckDebugBreak+0x12 [minkernel\ntos\ke\bugcheck.c @ 753] 
02 ffffe201`8400df00 fffff804`81053637     nt!KeBugCheck2+0xc04 [minkernel\ntos\ke\bugcheck.c @ 2396] 
03 ffffe201`8400e680 fffff804`810b6d29     nt!KeBugCheckEx+0x107 [minkernel\ntos\ke\amd64\procstat.asm @ 237] 
04 ffffe201`8400e6c0 fffff804`810b72f2     nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 3962] 
05 ffffe201`8400e800 fffff804`810b5017     nt!KiFastFailDispatch+0xb2 [minkernel\ntos\ke\amd64\trap.asm @ 4182] 
06 ffffe201`8400e9e0 fffff804`8a3fda1f     nt!KiRaiseSecurityCheckFailure+0x357 [minkernel\ntos\ke\amd64\trap.asm @ 2601] 
07 ffffe201`8400eb70 fffff804`8a3e8d0d     ebpfcore!ebpf_object_acquire_reference+0x3f [D:\wrk\ebpf-for-windows\libs\platform\ebpf_object.c @ 264] 
08 ffffe201`8400ebb0 fffff804`8a3f2bf6     ebpfcore!ebpf_link_detach_program+0xcd [D:\wrk\ebpf-for-windows\libs\execution_context\ebpf_link.c @ 401] 
09 ffffe201`8400ecc0 fffff804`8a3f320a     ebpfcore!_ebpf_program_detach_links+0xf6 [D:\wrk\ebpf-for-windows\libs\execution_context\ebpf_program.c @ 165] 
0a ffffe201`8400ed90 fffff804`8a3fe488     ebpfcore!_ebpf_program_free+0x17a [D:\wrk\ebpf-for-windows\libs\execution_context\ebpf_program.c @ 535] 
0b ffffe201`8400eec0 fffff804`8a3dc023     ebpfcore!ebpf_object_release_reference+0x2a8 [D:\wrk\ebpf-for-windows\libs\platform\ebpf_object.c @ 341] 
0c ffffe201`8400efa0 fffff804`8a3d2256     ebpfcore!ebpf_core_close_context+0x53 [D:\wrk\ebpf-for-windows\libs\execution_context\ebpf_core.c @ 2520] 
0d ffffe201`8400eff0 fffff804`85e42924     ebpfcore!_ebpf_driver_file_close+0x26 [D:\wrk\ebpf-for-windows\ebpfcore\ebpf_drv.c @ 214] 
0e ffffe201`8400f030 fffff804`85e44cd3     Wdf01000+0x12924
0f ffffe201`8400f0c0 fffff804`85e414ae     Wdf01000+0x14cd3
10 ffffe201`8400f190 fffff804`80e29d15     Wdf01000+0x114ae
11 (Inline Function) --------`--------     nt!IopfCallDriver+0x54 [minkernel\ntos\io\iomgr\iomgr.h @ 3759] 
12 ffffe201`8400f1f0 fffff804`8135b72c     nt!IofCallDriver+0x65 [minkernel\ntos\io\iomgr\iosubs.c @ 3299] 
13 ffffe201`8400f230 fffff804`8130497e     nt!IopDeleteFile+0x13c [minkernel\ntos\io\iomgr\objsup.c @ 868] 
14 ffffe201`8400f2b0 fffff804`80e2cd83     nt!ObpRemoveObjectRoutine+0x7e [minkernel\ntos\ob\obref.c @ 3314] 
15 ffffe201`8400f310 fffff804`813093ae     nt!ObfDereferenceObjectWithTag+0xc3 [minkernel\ntos\ob\obref.c @ 659] 
16 (Inline Function) --------`--------     nt!ObCloseHandleTableEntry+0x24d [minkernel\ntos\ob\obclose.c @ 219] 
17 ffffe201`8400f350 fffff804`81309ac9     nt!ObpCloseHandle+0x31e [minkernel\ntos\ob\obclose.c @ 450] 
18 ffffe201`8400f470 fffff804`810b6405     nt!NtClose+0x39 [minkernel\ntos\ob\obclose.c @ 517] 
19 ffffe201`8400f4a0 00007ffe`59e90364     nt!KiSystemServiceCopyEnd+0x25 [minkernel\ntos\ke\amd64\trap.asm @ 3644] 
1a 000000d3`875ff368 00007ffe`576a1a35     ntdll!ZwClose+0x14
1b 000000d3`875ff370 00007ffe`2838d39d     KERNELBASE!CloseHandle+0x45
1c 000000d3`875ff3a0 00000000`00000016     ucrtbased!chsize_s+0x30d
1d 000000d3`875ff3a8 00000000`00000000     0x16

object details:

2: kd> dv
         object = 0xffff8201`4f9e1840
        file_id = 3
           line = 0x18f
2: kd> dx -r2 object
object                 : 0xffff82014f9e1840 [Type: _ebpf_core_object *]
    [+0x000] base             [Type: _ebpf_base_object]
        [+0x000] marker           : 0x9a909d95 [Type: unsigned int]
        [+0x004] zero_fill        : 0x0 [Type: unsigned int]
        [+0x008] reference_count  : 0 [Type: __int64]
        [+0x010] acquire_reference : 0xfffff8048a3fd9e0 : ebpfcore!ebpf_object_acquire_reference+0x0 [Type: void (__cdecl*)(void *,_ebpf_file_id,unsigned int)]
        [+0x018] release_reference : 0xfffff8048a3fe1e0 : ebpfcore!ebpf_object_release_reference+0x0 [Type: void (__cdecl*)(void *,_ebpf_file_id,unsigned int)]
    [+0x020] type             : EBPF_OBJECT_LINK (2) [Type: _ebpf_object_type]
    [+0x028] free_function    : 0xfffff8048a3e7970 : ebpfcore!_ebpf_link_free+0x0 [Type: void (__cdecl*)(_ebpf_core_object *)]
        ebpfcore!_ebpf_link_free+0x0 [Type: void __cdecl(_ebpf_core_object *)]
    [+0x030] get_program_type : 0x0 : 0x0 [Type: _GUID (__cdecl*)(_ebpf_core_object *)]
    [+0x038] id               : 0x21002b [Type: unsigned int]
    [+0x040] object_list_entry [Type: _LIST_ENTRY]
        [+0x000] Flink            : 0xffff820147cb9f98 [Type: _LIST_ENTRY *]
        [+0x008] Blink            : 0xffff820147cb9f98 [Type: _LIST_ENTRY *]
    [+0x050] pinned_path_count : 0 [Type: int]
@dv-msft dv-msft added the bug Something isn't working label May 16, 2023
@dv-msft dv-msft self-assigned this May 16, 2023
@dv-msft dv-msft mentioned this issue May 17, 2023
Merged
@dv-msft dv-msft linked a pull request May 17, 2023 that will close this issue
Access "program->links" under lock #2479
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dv-msft dv-msft

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Access "program->links" under lock saxena-anurag/ebpf-for-windows-1
1 participant
@dv-msft