Package: bpfcc-tools Version: 0.26.0+ds-1 Severity: normal X-Debbugs-Cc: nos...@rigarco.com
Dear Maintainer, The -F flag to opensnoop-bpfcc causes probe injection to fail with a hard program crash. To reproduce: `sudo /usr/sbin/opensnoop-bpfcc -F` Produces: ```text bpf: Failed to load program: Invalid argument 0: R1=ctx(off=0,imm=0) R10=fp0 0: (bf) r6 = r1 ; R1=ctx(off=0,imm=0) R6_w=ctx(off=0,imm=0) 1: (85) call bpf_get_current_pid_tgid#14 ; R0_w=scalar() 2: (7b) *(u64 *)(r10 -8) = r0 ; R0_w=scalar() R10=fp0 fp-8_w=mmmmmmmm 3: (b7) r8 = 0 ; R8_w=0 4: (7b) *(u64 *)(r10 -16) = r8 ; R8_w=0 R10=fp0 fp-16_w=00000000 5: (7b) *(u64 *)(r10 -24) = r8 ; R8_w=0 R10=fp0 fp-24_w=00000000 6: (7b) *(u64 *)(r10 -32) = r8 ; R8_w=0 R10=fp0 fp-32_w=00000000 7: (7b) *(u64 *)(r10 -40) = r8 ; R8_w=0 R10=fp0 fp-40_w=00000000 8: (7b) *(u64 *)(r10 -48) = r8 ; R8_w=0 R10=fp0 fp-48_w=00000000 9: (7b) *(u64 *)(r10 -56) = r8 ; R8_w=0 R10=fp0 fp-56_w=00000000 10: (7b) *(u64 *)(r10 -64) = r8 ; R8_w=0 R10=fp0 fp-64_w=00000000 11: (7b) *(u64 *)(r10 -72) = r8 ; R8_w=0 R10=fp0 fp-72_w=00000000 12: (7b) *(u64 *)(r10 -80) = r8 ; R8_w=0 R10=fp0 fp-80_w=00000000 13: (7b) *(u64 *)(r10 -88) = r8 ; R8_w=0 R10=fp0 fp-88_w=00000000 14: (7b) *(u64 *)(r10 -96) = r8 ; R8_w=0 R10=fp0 fp-96_w=00000000 15: (7b) *(u64 *)(r10 -104) = r8 ; R8_w=0 R10=fp0 fp-104_w=00000000 16: (7b) *(u64 *)(r10 -112) = r8 ; R8_w=0 R10=fp0 fp-112_w=00000000 17: (7b) *(u64 *)(r10 -120) = r8 ; R8_w=0 R10=fp0 fp-120_w=00000000 18: (7b) *(u64 *)(r10 -128) = r8 ; R8_w=0 R10=fp0 fp-128_w=00000000 19: (7b) *(u64 *)(r10 -136) = r8 ; R8_w=0 R10=fp0 fp-136_w=00000000 20: (7b) *(u64 *)(r10 -144) = r8 ; R8_w=0 R10=fp0 fp-144_w=00000000 21: (7b) *(u64 *)(r10 -152) = r8 ; R8_w=0 R10=fp0 fp-152_w=00000000 22: (7b) *(u64 *)(r10 -160) = r8 ; R8_w=0 R10=fp0 fp-160_w=00000000 23: (7b) *(u64 *)(r10 -168) = r8 ; R8_w=0 R10=fp0 fp-168_w=00000000 24: (7b) *(u64 *)(r10 -176) = r8 ; R8_w=0 R10=fp0 fp-176_w=00000000 25: (7b) *(u64 *)(r10 -184) = r8 ; R8_w=0 R10=fp0 fp-184_w=00000000 26: (7b) *(u64 *)(r10 -192) = r8 ; R8_w=0 R10=fp0 fp-192_w=00000000 27: (7b) *(u64 *)(r10 -200) = r8 ; R8_w=0 R10=fp0 fp-200_w=00000000 28: (7b) *(u64 *)(r10 -208) = r8 ; R8_w=0 R10=fp0 fp-208_w=00000000 29: (7b) *(u64 *)(r10 -216) = r8 ; R8_w=0 R10=fp0 fp-216_w=00000000 30: (7b) *(u64 *)(r10 -224) = r8 ; R8_w=0 R10=fp0 fp-224_w=00000000 31: (7b) *(u64 *)(r10 -232) = r8 ; R8_w=0 R10=fp0 fp-232_w=00000000 32: (7b) *(u64 *)(r10 -240) = r8 ; R8_w=0 R10=fp0 fp-240_w=00000000 33: (7b) *(u64 *)(r10 -248) = r8 ; R8_w=0 R10=fp0 fp-248_w=00000000 34: (7b) *(u64 *)(r10 -256) = r8 ; R8_w=0 R10=fp0 fp-256_w=00000000 35: (7b) *(u64 *)(r10 -264) = r8 ; R8_w=0 R10=fp0 fp-264_w=00000000 36: (7b) *(u64 *)(r10 -272) = r8 ; R8_w=0 R10=fp0 fp-272_w=00000000 37: (7b) *(u64 *)(r10 -280) = r8 ; R8_w=0 R10=fp0 fp-280_w=00000000 38: (7b) *(u64 *)(r10 -288) = r8 ; R8_w=0 R10=fp0 fp-288_w=00000000 39: (7b) *(u64 *)(r10 -296) = r8 ; R8_w=0 R10=fp0 fp-296_w=00000000 40: (7b) *(u64 *)(r10 -304) = r8 ; R8_w=0 R10=fp0 fp-304_w=00000000 41: (7b) *(u64 *)(r10 -312) = r8 ; R8_w=0 R10=fp0 fp-312_w=00000000 42: (85) call bpf_ktime_get_ns#5 ; R0=scalar() 43: (bf) r7 = r0 ; R0=scalar(id=1) R7_w=scalar(id=1) 44: (18) r1 = 0xffffff81135c7c00 ; R1_w=map_ptr(off=0,ks=8,vs=32,imm=0) 46: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 47: (07) r2 += -8 ; R2_w=fp-8 48: (85) call bpf_map_lookup_elem#1 ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0) 49: (bf) r9 = r0 ; R0_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0) R9_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0) 50: (15) if r9 == 0x0 goto pc+80 ; R9_w=map_value(off=0,ks=8,vs=32,imm=0) 51: (bf) r3 = r9 ; R3_w=map_value(off=0,ks=8,vs=32,imm=0) R9_w=map_value(off=0,ks=8,vs=32,imm=0) 52: (07) r3 += 8 ; R3_w=map_value(off=8,ks=8,vs=32,imm=0) 53: (bf) r1 = r10 ; R1_w=fp0 R10=fp0 54: (07) r1 += -288 ; R1_w=fp-288 55: (b7) r2 = 16 ; R2_w=16 56: (85) call bpf_probe_read_kernel#113 ; R0=scalar() fp-280=mmmmmmmm fp-288=mmmmmmmm 57: (79) r3 = *(u64 *)(r9 +24) ; R3_w=scalar() R9=map_value(off=0,ks=8,vs=32,imm=0) 58: (7b) *(u64 *)(r10 -320) = r6 ; R6=ctx(off=0,imm=0) R10=fp0 fp-320_w=ctx 59: (bf) r6 = r7 ; R6_w=scalar(id=1) R7=scalar(id=1) 60: (bf) r7 = r10 ; R7_w=fp0 R10=fp0 61: (07) r7 += -268 ; R7_w=fp-268 62: (bf) r1 = r7 ; R1_w=fp-268 R7_w=fp-268 63: (b7) r2 = 255 ; R2_w=255 64: (85) call bpf_probe_read_user_str#114 ; R0_w=scalar(smin=-4095,smax=255) fp-16=00000mmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmm0000 65: (79) r1 = *(u64 *)(r9 +0) ; R1_w=scalar() R9=map_value(off=0,ks=8,vs=32,imm=0) 66: (7b) *(u64 *)(r10 -312) = r1 ; R1_w=scalar() R10=fp0 fp-312_w=mmmmmmmm 67: (37) r6 /= 1000 ; R6_w=scalar() 68: (7b) *(u64 *)(r10 -304) = r6 ; R6_w=scalar() R10=fp0 fp-304_w=mmmmmmmm 69: (85) call bpf_get_current_uid_gid#15 ; R0=scalar() 70: (63) *(u32 *)(r10 -296) = r0 ; R0=scalar() R10=fp0 fp-296=0000mmmm 71: (79) r1 = *(u64 *)(r10 -320) ; R1_w=ctx(off=0,imm=0) R10=fp0 72: (79) r2 = *(u64 *)(r1 +0) ; R1_w=ctx(off=0,imm=0) R2_w=scalar() 73: (63) *(u32 *)(r10 -292) = r2 ; R2_w=scalar() R10=fp0 fp-296=mmmmmmmm 74: (63) *(u32 *)(r10 -272) = r8 ; R8=0 R10=fp0 fp-272=mmmm0000 75: (18) r2 = 0xffffff81036b3e00 ; R2_w=map_ptr(off=0,ks=4,vs=4,imm=0) 77: (bf) r4 = r10 ; R4_w=fp0 R10=fp0 78: (07) r4 += -312 ; R4_w=fp-312 79: (bf) r9 = r1 ; R1_w=ctx(off=0,imm=0) R9_w=ctx(off=0,imm=0) 80: (18) r3 = 0xffffffff ; R3_w=4294967295 82: (b7) r5 = 304 ; R5_w=304 83: (85) call bpf_perf_event_output#25 ; R0_w=scalar() 84: (71) r1 = *(u8 *)(r10 -268) ; R1_w=scalar(umax=255,var_off=(0x0; 0xff)) R10=fp0 85: (15) if r1 == 0x2f goto pc+29 ; R1_w=scalar(umax=255,var_off=(0x0; 0xff)) 86: (85) call bpf_get_current_task_btf#158 invalid return type 8 of func bpf_get_current_task_btf#158 processed 84 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 3 Traceback (most recent call last): File "/usr/sbin/opensnoop-bpfcc", line 390, in <module> b.attach_kretprobe(event=fnname_open, fn_name="trace_return") File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 875, in attach_kretprobe fn = self.load_func(fn_name, BPF.KPROBE) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 526, in load_func raise Exception("Failed to load BPF program %s: %s" % Exception: Failed to load BPF program b'trace_return': Invalid argument ``` Not using the -F flag works fine and as intended, such as `sudo /usr/sbin/opensnoop-bpfcc -f O_WRONLY -f O_RDWR` Program installed and executed on a pristine install of Bookworm 64-bit edition on a `Raspberry Pi 4`. Other noteworthy details: * Also tested with 0.26.0 (experimental 1), with the same outcome (error) * Tried to get 0.26.0 experimental2 installed, but failed to get it installed due to version dependency inconsistencies. -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Foreign Architectures: armhf Kernel: Linux 6.1.0-rpi4-rpi-v8 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_CRAP Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages bpfcc-tools depends on: ii python3 3.11.2-1+b1 ii python3-bpfcc 0.26.0+ds-1 ii python3-netaddr 0.8.0-2 bpfcc-tools recommends no packages. bpfcc-tools suggests no packages. -- no debconf information