ebpf loading failure on clang 15

[geyslan]

Description

❯ sudo ./dist/tracee -f comm=uname
Place your finger on the fingerprint reader
{"level":"warn","ts":1685366140.1138046,"msg":"libbpf: prog 'trace_ret_vfs_write_tail': BPF program load failed: Permission denied"}
libbpf: prog 'trace_ret_vfs_write_tail': -- BEGIN PROG LOAD LOG --
0: R1=ctx(off=0,imm=0) R10=fp0
; int BPF_KPROBE(trace_ret_vfs_write_tail)
0: (7b) *(u64 *)(r10 -184) = r1       ; R1=ctx(off=0,imm=0) R10=fp0 fp-184_w=ctx
1: (b7) r1 = 0                        ; R1_w=0
; int zero = 0;
2: (63) *(u32 *)(r10 -80) = r1        ; R1_w=0 R10=fp0 fp-80=????0000
...
; if (path == NULL) {
3311: (15) if r9 == 0x0 goto pc+2     ; R9_w=map_value(off=0,ks=24,vs=4096,imm=0)
3312: (79) r6 = *(u64 *)(r10 -160)    ; R6_w=map_value(off=0,ks=4,vs=32152,imm=0) R10=fp0
3313: (05) goto pc+1945
; if (path_buf != NULL && !has_prefix("/dev/null", (char *) &path_buf, 10)) {
5259: (bf) r1 = r9                    ; R1_w=map_value(off=0,ks=24,vs=4096,imm=0) R9_w=map_value(off=0,ks=24,vs=4096,imm=0)
5260: (57) r1 &= 255
R1 bitwise operator &= on pointer prohibited
processed 1019 insns (limit 1000000) max_states_per_insn 0 total_states 61 peak_states 61 mark_read 35
-- END PROG LOAD LOG --
{"level":"warn","ts":1685366140.1271274,"msg":"libbpf: prog 'trace_ret_vfs_write_tail': failed to load: -13"}
{"level":"warn","ts":1685366140.1276152,"msg":"libbpf: failed to load object ''"}
{"level":"fatal","ts":1685366140.1280177,"msg":"Tracee runner failed","error":"cmd.Runner.Run: error initializing Tracee: ebpf.(*Tracee).Init: ebpf.(*Tracee).initBPF: failed to load BPF object: permission denied"}

Output of uname -a:

Linux hb 6.2.16-1-MANJARO #1 SMP PREEMPT_DYNAMIC Wed May 17 17:02:01 UTC 2023 x86_64 GNU/Linux

Linux ubuntu-jammy 5.15.0-72-generic #79-Ubuntu SMP Wed Apr 19 08:22:18 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Additional details

❯ clang --version
clang version 15.0.7
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

vagrant@ubuntu-jammy:/vagrant$ clang --version
Ubuntu clang version 15.0.7
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

[geyslan]

I'll check this using clang 12, it seems a compiler issue.

[rafaeldtinoco]

Related: #2624

[geyslan]

I'll check this using clang 12, it seems a compiler issue.

Using clang 12, 13 and 14 is ok. It only happens on clang 15 as suspected.

[rafaeldtinoco]

Okay, can we close this and keep the other issue opened before ? I believe the error you faced is already highlighted there now.

[yanivagman]

I updated #2624 with the above error message. Closing this one.