eBPF load error on Linux LTS 6.6.68 #55

kxxt · 2025-01-04T01:08:04Z

BPF program is too large. Processed 1000001 insn
processed 1000001 insns (limit 1000000) max_states_per_insn 41 total_states 63508 peak_states 811 mark_read 17
-- END PROG LOAD LOG --
libbpf: prog 'sys_execve': failed to load: -7
libbpf: failed to load object 'tracexec_system_bpf'
libbpf: failed to load BPF skeleton 'tracexec_system_bpf': -7
Error: 
   0: Argument list too long (os error 7)

This didn't happen on 6.6.58

The text was updated successfully, but these errors were encountered:

kxxt · 2025-01-04T04:59:01Z

Bisection points to a backported fix for https://nvd.nist.gov/vuln/detail/CVE-2023-52920: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ecc2aeeaa08a355d84d3ca9c3d2512399a194f29

It seems that this is a LTS kernel regression caused by the backport: https://lore.kernel.org/all/[email protected]/

Ref #55

kxxt · 2025-01-06T15:27:23Z

Affected kernel versions: v6.6.64..v6.6.69

Revert patch is in 6.6.70-rc1 https://lore.kernel.org/all/[email protected]/

kxxt added bug Something isn't working priority-high labels Jan 4, 2025

kxxt added waiting-on-upstream not-our-bug labels Jan 4, 2025

kxxt added a commit that referenced this issue Jan 4, 2025

disable 6.6LTS in CI

1b7290b

Ref #55

kxxt added a commit that referenced this issue Jan 4, 2025

disable 6.6LTS in CI

1487ece

Ref #55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

eBPF load error on Linux LTS 6.6.68 #55

eBPF load error on Linux LTS 6.6.68 #55

kxxt commented Jan 4, 2025

kxxt commented Jan 4, 2025

kxxt commented Jan 6, 2025

eBPF load error on Linux LTS 6.6.68 #55

eBPF load error on Linux LTS 6.6.68 #55

Comments

kxxt commented Jan 4, 2025

kxxt commented Jan 4, 2025

kxxt commented Jan 6, 2025