Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

falco not running all of a sudden, in CrashLoopBackOff state #3054

Open
taragurung opened this issue Feb 6, 2024 · 2 comments
Open

falco not running all of a sudden, in CrashLoopBackOff state #3054

taragurung opened this issue Feb 6, 2024 · 2 comments
Labels
kind/bug lifecycle/stale
Milestone
0.38.0

Comments

@taragurung
Copy link

Describe the bug
Falco pods started to fail all of a sudden was running ok since past 8-9months.

Expected behaviour

Falco pods running successfully
Screenshots
I can see the following in falco pod logs

In file included from ./include/linux/bug.h:5:0,
                 from ./include/linux/thread_info.h:12,
                 from ./arch/x86/include/asm/preempt.h:7,
                 from ./include/linux/preempt.h:78,
                 from ./include/linux/rcupdate.h:27,
                 from ./include/linux/rculist.h:11,
                 from ./include/linux/pid.h:5,
                 from ./include/linux/sched.h:14,
                 from ./arch/x86/include/asm/syscall.h:14,
                 from /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/main.c:19:
./arch/x86/include/asm/bug.h:36:22: error: expected identifier or '(' before string constant
  asm_inline volatile("1:\t" ins "\n"    \
                      ^
./arch/x86/include/asm/bug.h:88:2: note: in expansion of macro '_BUG_FLAGS'
  _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));  \
  ^
./include/asm-generic/bug.h:94:19: note: in expansion of macro '__WARN_FLAGS'
 #define __WARN()  __WARN_FLAGS(BUGFLAG_TAINT(TAINT_WARN))
                   ^
./include/asm-generic/bug.h:121:3: note: in expansion of macro '__WARN'
   __WARN();      \
   ^
./include/net/sock.h:1912:2: note: in expansion of macro 'WARN_ON'
  WARN_ON(parent->sk);
  ^
In file included from <command-line>:0:0:
././include/linux/compiler_types.h:245:24: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
 #define asm_inline asm __inline
                        ^
./arch/x86/include/asm/bug.h:36:2: note: in expansion of macro 'asm_inline'
  asm_inline volatile("1:\t" ins "\n"    \
  ^
./arch/x86/include/asm/bug.h:88:2: note: in expansion of macro '_BUG_FLAGS'
  _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));  \
  ^
./include/asm-generic/bug.h:94:19: note: in expansion of macro '__WARN_FLAGS'
 #define __WARN()  __WARN_FLAGS(BUGFLAG_TAINT(TAINT_WARN))
                   ^
./include/asm-generic/bug.h:121:3: note: in expansion of macro '__WARN'
   __WARN();      \
   ^
./include/net/sock.h:1912:2: note: in expansion of macro 'WARN_ON'
  WARN_ON(parent->sk);
  ^
./include/net/request_sock.h: In function 'reqsk_free':
././include/linux/compiler_types.h:245:24: error: expected '(' before '__inline'
 #define asm_inline asm __inline
                        ^
./arch/x86/include/asm/bug.h:36:2: note: in expansion of macro 'asm_inline'
  asm_inline volatile("1:\t" ins "\n"    \
  ^
./arch/x86/include/asm/bug.h:88:2: note: in expansion of macro '_BUG_FLAGS'
  _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));  \
  ^
./include/asm-generic/bug.h:104:3: note: in expansion of macro '__WARN_FLAGS'
   __WARN_FLAGS(BUGFLAG_ONCE |   \
   ^
./include/net/request_sock.h:126:2: note: in expansion of macro 'WARN_ON_ONCE'
  WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
  ^
In file included from ./include/linux/bug.h:5:0,
                 from ./include/linux/thread_info.h:12,
                 from ./arch/x86/include/asm/preempt.h:7,
                 from ./include/linux/preempt.h:78,
                 from ./include/linux/rcupdate.h:27,
                 from ./include/linux/rculist.h:11,
                 from ./include/linux/pid.h:5,
                 from ./include/linux/sched.h:14,
                 from ./arch/x86/include/asm/syscall.h:14,
                 from /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/main.c:19:
./arch/x86/include/asm/bug.h:36:22: error: expected identifier or '(' before string constant
  asm_inline volatile("1:\t" ins "\n"    \
                      ^
./arch/x86/include/asm/bug.h:88:2: note: in expansion of macro '_BUG_FLAGS'
  _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));  \
  ^
./include/asm-generic/bug.h:104:3: note: in expansion of macro '__WARN_FLAGS'
   __WARN_FLAGS(BUGFLAG_ONCE |   \
   ^
./include/net/request_sock.h:126:2: note: in expansion of macro 'WARN_ON_ONCE'
  WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
  ^
In file included from <command-line>:0:0:
././include/linux/compiler_types.h:245:24: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
 #define asm_inline asm __inline
                        ^
./arch/x86/include/asm/bug.h:36:2: note: in expansion of macro 'asm_inline'
  asm_inline volatile("1:\t" ins "\n"    \
  ^
./arch/x86/include/asm/bug.h:88:2: note: in expansion of macro '_BUG_FLAGS'
  _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));  \
  ^
./include/asm-generic/bug.h:104:3: note: in expansion of macro '__WARN_FLAGS'
   __WARN_FLAGS(BUGFLAG_ONCE |   \
   ^
./include/net/request_sock.h:126:2: note: in expansion of macro 'WARN_ON_ONCE'
  WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
  ^
make[3]: *** [scripts/Makefile.build:286: /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/main.o] Error 1
make[2]: *** [Makefile.kernel:1825: /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build] Error 2
make[2]: Leaving directory '/host/usr/src/kernels/5.10.179-168.710.amzn2.x86_64'
make[1]: *** [Makefile:9: modules] Error 2
make[1]: Leaving directory '/host/usr/src/kernels/5.10.179-168.710.amzn2.x86_64'
make: *** [Makefile:16: all] Error 2
* Trying to load a system falco module, if present
Tue Feb  6 09:27:24 2024: Falco version 0.31.1 (driver version b7eb0dd65226a8dc254d228c8d950d07bf3521d2)
Tue Feb  6 09:27:24 2024: Falco initialized with configuration file /etc/falco/falco.yaml
Tue Feb  6 09:27:24 2024: Loading rules from file /etc/falco/falco_rules.yaml:
Tue Feb  6 09:27:25 2024: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue Feb  6 09:27:25 2024: Unable to load the driver.
Tue Feb  6 09:27:25 2024: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

Environment

  • Falco version: 0.31.1
  • System info:
  • Running as daemon-set in AWS EKS node
  • Installed using helm chart
  • Kernel:
  • Installation method:
    Installed using helm chart in AWS EKS cluster

Additional context
@FedeDP
Copy link
Contributor

FedeDP commented Feb 6, 2024

Hi! Thanks for opening this bug report!
It seems like your kernel got updated and now the driver is not building against the new kernel.
Do you mind updating to latest Falco 0.37.0 (chart v4.1.0)? There have been multiple fixes and most probably the problem will be gone once you upgrade.

@Andreagit97 Andreagit97 added this to the 0.38.0 milestone Feb 6, 2024
@poiana
Copy link

poiana commented May 6, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug lifecycle/stale
Projects
None yet
Milestone
0.38.0
Development

No branches or pull requests
4 participants
@taragurung @FedeDP @poiana @Andreagit97