Package: bpfcc-tools
Version: 0.26.0+ds-1
Severity: normal
X-Debbugs-Cc: nos...@rigarco.com
Dear Maintainer,
The -F flag to opensnoop-bpfcc causes probe injection to fail with a hard
program crash.
To reproduce: `sudo /usr/sbin/opensnoop-bpfcc -F`
Produces:
```text
bpf: Failed to load program: Invalid argument
0: R1=ctx(off=0,imm=0) R10=fp0
0: (bf) r6 = r1 ; R1=ctx(off=0,imm=0)
R6_w=ctx(off=0,imm=0)
1: (85) call bpf_get_current_pid_tgid#14 ; R0_w=scalar()
2: (7b) *(u64 *)(r10 -8) = r0 ; R0_w=scalar() R10=fp0 fp-8_w=mmmmmmmm
3: (b7) r8 = 0 ; R8_w=0
4: (7b) *(u64 *)(r10 -16) = r8 ; R8_w=0 R10=fp0 fp-16_w=00000000
5: (7b) *(u64 *)(r10 -24) = r8 ; R8_w=0 R10=fp0 fp-24_w=00000000
6: (7b) *(u64 *)(r10 -32) = r8 ; R8_w=0 R10=fp0 fp-32_w=00000000
7: (7b) *(u64 *)(r10 -40) = r8 ; R8_w=0 R10=fp0 fp-40_w=00000000
8: (7b) *(u64 *)(r10 -48) = r8 ; R8_w=0 R10=fp0 fp-48_w=00000000
9: (7b) *(u64 *)(r10 -56) = r8 ; R8_w=0 R10=fp0 fp-56_w=00000000
10: (7b) *(u64 *)(r10 -64) = r8 ; R8_w=0 R10=fp0 fp-64_w=00000000
11: (7b) *(u64 *)(r10 -72) = r8 ; R8_w=0 R10=fp0 fp-72_w=00000000
12: (7b) *(u64 *)(r10 -80) = r8 ; R8_w=0 R10=fp0 fp-80_w=00000000
13: (7b) *(u64 *)(r10 -88) = r8 ; R8_w=0 R10=fp0 fp-88_w=00000000
14: (7b) *(u64 *)(r10 -96) = r8 ; R8_w=0 R10=fp0 fp-96_w=00000000
15: (7b) *(u64 *)(r10 -104) = r8 ; R8_w=0 R10=fp0 fp-104_w=00000000
16: (7b) *(u64 *)(r10 -112) = r8 ; R8_w=0 R10=fp0 fp-112_w=00000000
17: (7b) *(u64 *)(r10 -120) = r8 ; R8_w=0 R10=fp0 fp-120_w=00000000
18: (7b) *(u64 *)(r10 -128) = r8 ; R8_w=0 R10=fp0 fp-128_w=00000000
19: (7b) *(u64 *)(r10 -136) = r8 ; R8_w=0 R10=fp0 fp-136_w=00000000
20: (7b) *(u64 *)(r10 -144) = r8 ; R8_w=0 R10=fp0 fp-144_w=00000000
21: (7b) *(u64 *)(r10 -152) = r8 ; R8_w=0 R10=fp0 fp-152_w=00000000
22: (7b) *(u64 *)(r10 -160) = r8 ; R8_w=0 R10=fp0 fp-160_w=00000000
23: (7b) *(u64 *)(r10 -168) = r8 ; R8_w=0 R10=fp0 fp-168_w=00000000
24: (7b) *(u64 *)(r10 -176) = r8 ; R8_w=0 R10=fp0 fp-176_w=00000000
25: (7b) *(u64 *)(r10 -184) = r8 ; R8_w=0 R10=fp0 fp-184_w=00000000
26: (7b) *(u64 *)(r10 -192) = r8 ; R8_w=0 R10=fp0 fp-192_w=00000000
27: (7b) *(u64 *)(r10 -200) = r8 ; R8_w=0 R10=fp0 fp-200_w=00000000
28: (7b) *(u64 *)(r10 -208) = r8 ; R8_w=0 R10=fp0 fp-208_w=00000000
29: (7b) *(u64 *)(r10 -216) = r8 ; R8_w=0 R10=fp0 fp-216_w=00000000
30: (7b) *(u64 *)(r10 -224) = r8 ; R8_w=0 R10=fp0 fp-224_w=00000000
31: (7b) *(u64 *)(r10 -232) = r8 ; R8_w=0 R10=fp0 fp-232_w=00000000
32: (7b) *(u64 *)(r10 -240) = r8 ; R8_w=0 R10=fp0 fp-240_w=00000000
33: (7b) *(u64 *)(r10 -248) = r8 ; R8_w=0 R10=fp0 fp-248_w=00000000
34: (7b) *(u64 *)(r10 -256) = r8 ; R8_w=0 R10=fp0 fp-256_w=00000000
35: (7b) *(u64 *)(r10 -264) = r8 ; R8_w=0 R10=fp0 fp-264_w=00000000
36: (7b) *(u64 *)(r10 -272) = r8 ; R8_w=0 R10=fp0 fp-272_w=00000000
37: (7b) *(u64 *)(r10 -280) = r8 ; R8_w=0 R10=fp0 fp-280_w=00000000
38: (7b) *(u64 *)(r10 -288) = r8 ; R8_w=0 R10=fp0 fp-288_w=00000000
39: (7b) *(u64 *)(r10 -296) = r8 ; R8_w=0 R10=fp0 fp-296_w=00000000
40: (7b) *(u64 *)(r10 -304) = r8 ; R8_w=0 R10=fp0 fp-304_w=00000000
41: (7b) *(u64 *)(r10 -312) = r8 ; R8_w=0 R10=fp0 fp-312_w=00000000
42: (85) call bpf_ktime_get_ns#5 ; R0=scalar()
43: (bf) r7 = r0 ; R0=scalar(id=1) R7_w=scalar(id=1)
44: (18) r1 = 0xffffff81135c7c00 ; R1_w=map_ptr(off=0,ks=8,vs=32,imm=0)
46: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
47: (07) r2 += -8 ; R2_w=fp-8
48: (85) call bpf_map_lookup_elem#1 ;
R0_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0)
49: (bf) r9 = r0 ;
R0_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0)
R9_w=map_value_or_null(id=2,off=0,ks=8,vs=32,imm=0)
50: (15) if r9 == 0x0 goto pc+80 ; R9_w=map_value(off=0,ks=8,vs=32,imm=0)
51: (bf) r3 = r9 ; R3_w=map_value(off=0,ks=8,vs=32,imm=0)
R9_w=map_value(off=0,ks=8,vs=32,imm=0)
52: (07) r3 += 8 ; R3_w=map_value(off=8,ks=8,vs=32,imm=0)
53: (bf) r1 = r10 ; R1_w=fp0 R10=fp0
54: (07) r1 += -288 ; R1_w=fp-288
55: (b7) r2 = 16 ; R2_w=16
56: (85) call bpf_probe_read_kernel#113 ; R0=scalar() fp-280=mmmmmmmm
fp-288=mmmmmmmm
57: (79) r3 = *(u64 *)(r9 +24) ; R3_w=scalar()
R9=map_value(off=0,ks=8,vs=32,imm=0)
58: (7b) *(u64 *)(r10 -320) = r6 ; R6=ctx(off=0,imm=0) R10=fp0 fp-320_w=ctx
59: (bf) r6 = r7 ; R6_w=scalar(id=1) R7=scalar(id=1)
60: (bf) r7 = r10 ; R7_w=fp0 R10=fp0
61: (07) r7 += -268 ; R7_w=fp-268
62: (bf) r1 = r7 ; R1_w=fp-268 R7_w=fp-268
63: (b7) r2 = 255 ; R2_w=255
64: (85) call bpf_probe_read_user_str#114 ;
R0_w=scalar(smin=-4095,smax=255) fp-16=00000mmm fp-24=mmmmmmmm fp-32=mmmmmmmm
fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm
fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm
fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm
fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm
fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm
fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmm0000
65: (79) r1 = *(u64 *)(r9 +0) ; R1_w=scalar()
R9=map_value(off=0,ks=8,vs=32,imm=0)
66: (7b) *(u64 *)(r10 -312) = r1 ; R1_w=scalar() R10=fp0 fp-312_w=mmmmmmmm
67: (37) r6 /= 1000 ; R6_w=scalar()
68: (7b) *(u64 *)(r10 -304) = r6 ; R6_w=scalar() R10=fp0 fp-304_w=mmmmmmmm
69: (85) call bpf_get_current_uid_gid#15 ; R0=scalar()
70: (63) *(u32 *)(r10 -296) = r0 ; R0=scalar() R10=fp0 fp-296=0000mmmm
71: (79) r1 = *(u64 *)(r10 -320) ; R1_w=ctx(off=0,imm=0) R10=fp0
72: (79) r2 = *(u64 *)(r1 +0) ; R1_w=ctx(off=0,imm=0) R2_w=scalar()
73: (63) *(u32 *)(r10 -292) = r2 ; R2_w=scalar() R10=fp0 fp-296=mmmmmmmm
74: (63) *(u32 *)(r10 -272) = r8 ; R8=0 R10=fp0 fp-272=mmmm0000
75: (18) r2 = 0xffffff81036b3e00 ; R2_w=map_ptr(off=0,ks=4,vs=4,imm=0)
77: (bf) r4 = r10 ; R4_w=fp0 R10=fp0
78: (07) r4 += -312 ; R4_w=fp-312
79: (bf) r9 = r1 ; R1_w=ctx(off=0,imm=0)
R9_w=ctx(off=0,imm=0)
80: (18) r3 = 0xffffffff ; R3_w=4294967295
82: (b7) r5 = 304 ; R5_w=304
83: (85) call bpf_perf_event_output#25 ; R0_w=scalar()
84: (71) r1 = *(u8 *)(r10 -268) ; R1_w=scalar(umax=255,var_off=(0x0;
0xff)) R10=fp0
85: (15) if r1 == 0x2f goto pc+29 ; R1_w=scalar(umax=255,var_off=(0x0;
0xff))
86: (85) call bpf_get_current_task_btf#158
invalid return type 8 of func bpf_get_current_task_btf#158
processed 84 insns (limit 1000000) max_states_per_insn 0 total_states 3
peak_states 3 mark_read 3
Traceback (most recent call last):
File "/usr/sbin/opensnoop-bpfcc", line 390, in <module>
b.attach_kretprobe(event=fnname_open, fn_name="trace_return")
File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 875, in
attach_kretprobe
fn = self.load_func(fn_name, BPF.KPROBE)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 526, in load_func
raise Exception("Failed to load BPF program %s: %s" %
Exception: Failed to load BPF program b'trace_return': Invalid argument
```
Not using the -F flag works fine and as intended, such as `sudo
/usr/sbin/opensnoop-bpfcc -f O_WRONLY -f O_RDWR`
Program installed and executed on a pristine install of Bookworm 64-bit edition
on a `Raspberry Pi 4`.
Other noteworthy details:
* Also tested with 0.26.0 (experimental 1), with the same outcome (error)
* Tried to get 0.26.0 experimental2 installed, but failed to get it installed
due to version dependency inconsistencies.
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf
Kernel: Linux 6.1.0-rpi4-rpi-v8 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages bpfcc-tools depends on:
ii python3 3.11.2-1+b1
ii python3-bpfcc 0.26.0+ds-1
ii python3-netaddr 0.8.0-2
bpfcc-tools recommends no packages.
bpfcc-tools suggests no packages.
-- no debconf information
