[BUG]: "I/O ctl failed" in sgx-detect

[ndokmai]

Describe the bug:
sgx-detect reports the following error:

$ sgx-detect --verbose
Detecting SGX, this may take a minute...
✔ SGX instruction set
✔ CPU support
✔ CPU configuration
✔ Enclave attributes
✔ Enclave Page Cache
SGX features
✔ SGX2 ✔ EXINFO ✘ ENCLV ✘ OVERSUB ✔ KSS
Total EPC size: 127.2GiB (no integrity protection)
✔ Flexible launch control
✔ CPU support
？ CPU configuration
✔ Able to launch production mode enclave
✘ SGX system software
✔ SGX kernel device (/dev/sgx_enclave)
✔ libsgx_enclave_common
✔ AESM service
✘ Able to launch enclaves
✘ Debug mode
✔ Production mode

🕮 SGX system software > Able to launch enclaves > Debug mode
The enclave could not be launched.

debug: failed to load report enclave
debug: cause: Failed to call ECREATE.
debug: cause: I/O ctl failed.
debug: cause: Input/output error (os error 5)

Running the test on the most recent commit of sgxs-loaders also produces similar results:

$ git clone https://github.com/fortanix/rust-sgx.git
$ cd rust-sgx/intel-sgx/sgxs-loaders/
$ RUST_BACKTRACE=1 cargo test sgxdevice

Running tests/loaders.rs (/home/nd549/rust-sgx/target/debug/deps/loaders-2b03394f05fc64eb)

running 1 test
test sgxdevice ... FAILED

failures:

---- sgxdevice stdout ----
thread 'sgxdevice' panicked at intel-sgx/sgxs-loaders/tests/loaders.rs:30:5:
error getting report: Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" }))

0: failure::backtrace::internal::InternalBacktrace::new
at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/backtrace/internal.rs:46:44
1: failure::backtrace::Backtrace::new
at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/backtrace/mod.rs:121:35
2: <failure::error::error_impl::ErrorImpl as core::convert::From>::from
at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/error/error_impl.rs:19:17
3: <failure::error::Error as core::convert::From>::from
at /home/nd549/.cargo/registry/src/index.crates.io-6f17d22bba15001f/failure-0.1.8/src/error/mod.rs:36:18
4: <core::result::Result<T,F> as core::ops::try_trait::FromResidual<core::result::Resultcore::convert::Infallible,E>>::from_residual
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1964:27
5: sgxs_loaders::generic::Device::load
at src/generic.rs:109:27
6: <sgxs_loaders::isgx::Device as sgxs::loader::Load>::load
at src/isgx/mod.rs:497:9
7: enclave_runner::loader::EnclaveBuilder::load
at /home/nd549/rust-sgx/intel-sgx/enclave-runner/src/loader.rs:321:23
8: enclave_runner::loader::EnclaveBuilder::build_library
at /home/nd549/rust-sgx/intel-sgx/enclave-runner/src/loader.rs:351:9
9: report_test::ReportBuilder::build
at /home/nd549/rust-sgx/intel-sgx/report-test/src/lib.rs:76:13
10: report_test::report
at /home/nd549/rust-sgx/intel-sgx/report-test/src/lib.rs:87:5
11: loaders::sgxdevice
at tests/loaders.rs:30:5
12: loaders::sgxdevice::{{closure}}
at tests/loaders.rs:28:15
13: core::ops::function::FnOnce::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5
14: core::ops::function::FnOnce::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5
test::__rust_begin_short_backtrace
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:621:18
15: test::run_test_in_process::{{closure}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:644:60
<core::panic::unwind_safe::AssertUnwindSafe as core::ops::function::FnOnce<()>>::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panic/unwind_safe.rs:272:9
std::panicking::try::do_call
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:552:40
std::panicking::try
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:516:19
std::panic::catch_unwind
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panic.rs:146:14
test::run_test_in_process
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:644:27
test::run_test::{{closure}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:567:43
16: test::run_test::{{closure}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/test/src/lib.rs:595:41
std::sys_common::backtrace::rust_begin_short_backtrace
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/sys_common/backtrace.rs:155:18
17: std::thread::Builder::spawn_unchecked::{{closure}}::{{closure}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/thread/mod.rs:528:17
<core::panic::unwind_safe::AssertUnwindSafe as core::ops::function::FnOnce<()>>::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panic/unwind_safe.rs:272:9
std::panicking::try::do_call
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:552:40
std::panicking::try
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:516:19
std::panic::catch_unwind
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panic.rs:146:14
std::thread::Builder::spawn_unchecked::{{closure}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/thread/mod.rs:527:30
core::ops::function::FnOnce::call_once{{vtable.shim}}
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5
18: <alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/alloc/src/boxed.rs:2016:9
<alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/alloc/src/boxed.rs:2016:9
std::sys::pal::unix::thread::Thread::new::thread_start
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/sys/pal/unix/thread.rs:108:17
19:
20:

failed to load report enclave
stack backtrace:
0: rust_begin_unwind
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/std/src/panicking.rs:645:5
1: core::panicking::panic_fmt
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/panicking.rs:72:14
2: core::result::unwrap_failed
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1654:5
3: core::result::Result<T,E>::expect
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/result.rs:1034:23
4: loaders::sgxdevice
at ./tests/loaders.rs:30:5
5: loaders::sgxdevice::{{closure}}
at ./tests/loaders.rs:28:15
6: core::ops::function::FnOnce::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5
7: core::ops::function::FnOnce::call_once
at /rustc/7d3702e472b99be0f5de6608dd87af1df8f99428/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with RUST_BACKTRACE=full for a verbose backtrace.

failures:
sgxdevice

test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 2 filtered out; finished in 0.16s

error: test failed, to rerun pass --test loaders

Upon trying to debug the loader, I found that the error Create(Io(Os { code: 5, kind: Uncategorized, message: "Input/output error" })) originated from this specific line

https://github.com/fortanix/rust-sgx/blob/e2f677b28e2a934bc3b3d20cc201962f0bf556b3/intel-sgx/sgxs-loaders/src/isgx/mod.rs#L202C1-L202C70

To Reproduce:
See above.

Expected behavior:
ECREATE is expected to be successful in running an application.

Reproducibility:

• Always
• Sometimes
• Rarely

Environment:

• OS: Ubuntu 22.04.4
• Kernel version: 6.5.0-1016-oem & 5.15.0-100-generic (both experience the issue)
• CPU: Intel(R) Xeon(R) Gold 6426Y (SGX v2)

Severity:

• Critical
• Major
• Normal
• Minor

Related Issue
This feels similar to this issue #526 but updating the kernel didn't fix it.

Additional context:
I don't have any issues running sample applications in SGX with Gramine or the Intel SGX SDK, which suggests that the SGX kernel device is working properly.