bcc icon indicating copy to clipboard operation
bcc copied to clipboard

Published 20 hours ago verified publisher icon iovisor

Failed to run tools/inject.py

Open linrl3 opened this issue 2 years ago • 1 comments 

~/bcc/tools#  ./inject.py kmalloc  'SyS_mount()'
bpf: Failed to load program: Invalid argument
0: (bf) r6 = r1
1: (b7) r7 = 0
2: (63) *(u32 *)(r10 -4) = r7
last_idx 2 first_idx 0
regs=80 stack=0 before 1: (b7) r7 = 0
3: (18) r1 = 0xffff8ea627d41c00
5: (bf) r2 = r10
6: (07) r2 += -4
7: (85) call bpf_map_lookup_elem#1
8: (15) if r0 == 0x0 goto pc+1
 R0_w=map_value(id=0,off=0,ks=4,vs=4,imm=0) R6_w=ctx(id=0,off=0,imm=0) R7_w=invP0 R10=fp0 fp-8=mmmm????
9: (61) r7 = *(u32 *)(r0 +0)
 R0_w=map_value(id=0,off=0,ks=4,vs=4,imm=0) R6_w=ctx(id=0,off=0,imm=0) R7_w=invP0 R10=fp0 fp-8=mmmm????
10: (85) call bpf_get_current_pid_tgid#14
11: (63) *(u32 *)(r10 -8) = r0
12: (18) r1 = 0xffff8ecdb7d66000
14: (bf) r2 = r10
15: (07) r2 += -8
16: (85) call bpf_map_lookup_elem#1
17: (15) if r0 == 0x0 goto pc+20
 R0_w=map_value(id=0,off=0,ks=4,vs=32,imm=0) R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm
18: (67) r7 <<= 32
19: (77) r7 >>= 32
20: (18) r1 = 0xffffffff
22: (1d) if r7 == r1 goto pc+15
 R0=map_value(id=0,off=0,ks=4,vs=32,imm=0) R1=inv4294967295 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm
23: (79) r1 = *(u64 *)(r0 +8)
 R0=map_value(id=0,off=0,ks=4,vs=32,imm=0) R1_w=inv4294967295 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm
24: (55) if r1 != 0x1 goto pc+13
 R0=map_value(id=0,off=0,ks=4,vs=32,imm=0) R1_w=inv1 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm
25: (61) r1 = *(u32 *)(r10 -4)
26: (63) *(u32 *)(r10 -12) = r1
27: (18) r1 = 0xffff8ea627d41c00
29: (bf) r2 = r10
30: (07) r2 += -12
31: (85) call bpf_map_lookup_elem#1
32: (15) if r0 == 0x0 goto pc+2
 R0=map_value(id=0,off=0,ks=4,vs=4,imm=0) R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm fp-16=mmmm????
33: (b7) r1 = 1
34: (c3) lock *(u32 *)(r0 +0) += r1
 R0=map_value(id=0,off=0,ks=4,vs=4,imm=0) R1_w=inv1 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm fp-16=mmmm????
 R0=map_value(id=0,off=0,ks=4,vs=4,imm=0) R1_w=inv1 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmmmmmm fp-16=mmmm????
35: (bf) r1 = r6
36: (b7) r2 = -12
37: (85) call bpf_override_return#58
unknown func bpf_override_return#58
processed 34 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 3

Traceback (most recent call last):
  File "./inject.py", line 525, in <module>
    Tool().run()
  File "./inject.py", line 520, in run
    self._attach_probes()
  File "./inject.py", line 492, in _attach_probes
    p.attach(self.bpf)
  File "./inject.py", line 305, in attach
    fn_name=self.func_name)
  File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 828, in attach_kprobe
    fn = self.load_func(fn_name, BPF.KPROBE)
  File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 527, in load_func
    (func_name, errstr))
Exception: Failed to load BPF program should_failslab_entry: Invalid argument

My kernel version is : 5.4.56.bsk.5-amd64

And I see that "unknown func bpf_override_return#58" in error message. Is it the problem?

linrl3 avatar Aug 12 '22 07:08 linrl3

You need to turn on CONFIG_BPF_KPROBE_OVERRIDE.

chenhengqi avatar Aug 12 '22 09:08 chenhengqi