Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with execsnoop on Ubuntu 17.04 Zesty #1276

Open
smithnigelw opened this issue Jul 31, 2017 · 8 comments
Open

Problems with execsnoop on Ubuntu 17.04 Zesty #1276

smithnigelw opened this issue Jul 31, 2017 · 8 comments

Comments

@smithnigelw
Copy link

I'm attempting bcc install for first time on Ubuntu 17.04 Zesty.

$ sudo apt-get install bpfcc-tools
$ sudo apt-get install linux-headers-$(uname -r)

$ uname -a
Linux unbuntu-vm 4.10.0-28-generic #32-Ubuntu SMP Fri Jun 30 05:32:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

$ grep _BPF /boot/config-$(uname -r)
CONFIG_CGROUP_BPF=y
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_ACT_BPF=m
CONFIG_BPF_JIT=y
CONFIG_LWTUNNEL_BPF=y
CONFIG_BPF_EVENTS=y
CONFIG_TEST_BPF=m

I had to make some symlinks:

$ sudo ln -s /lib/modules/linux-headers-4.10.0-28-generic/kernel /lib/modules/linux-headers-4.10.0-28-generic/source 
$ sudo ln -s /usr/src/linux-headers-4.10.0-28-generic /lib/modules/linux-headers-4.10.0-28-generic/kernel/include

..and then I seemed to get the HelloWorld to work:

$ cd /usr/share/doc/bpfcc-tools/examples
$ sudo python ./hello_world.py
      bamfdaemon-1539  [000] d... 13637.914022: : Hello, World!
       gpg-agent-2064  [000] d... 13658.198167: : Hello, World!
       gpg-agent-2064  [000] d... 13658.198301: : Hello, World!
      bamfdaemon-1539  [000] d... 13721.087705: : Hello, World!

But i'm not having any joy with execsnoop:

$ sudo /usr/sbin/execsnoop-bpfcc
In file included from /virtual/main.c:3:
In file included from /lib/modules/4.10.0-28-generic/build/include/linux/sched.h:61:
In file included from /lib/modules/4.10.0-28-generic/build/include/linux/cgroup-defs.h:19:
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:22:24: error: use
      of undeclared identifier 'MAX_BPF_ATTACH_TYPE'
        struct bpf_prog *prog[MAX_BPF_ATTACH_TYPE];
                              ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:23:35: error: use
      of undeclared identifier 'MAX_BPF_ATTACH_TYPE'
        struct bpf_prog __rcu *effective[MAX_BPF_ATTACH_TYPE];
                                         ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:24:25: error: use
      of undeclared identifier 'MAX_BPF_ATTACH_TYPE'
        bool disallow_override[MAX_BPF_ATTACH_TYPE];
                               ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:31:32: warning:
      declaration of 'enum bpf_attach_type' will not be visible outside of this
      function [-Wvisibility]
                        struct bpf_prog *prog, enum bpf_attach_type type,
                                                    ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:36:14: warning:
      declaration of 'enum bpf_attach_type' will not be visible outside of this
      function [-Wvisibility]
                      enum bpf_attach_type type, bool overridable);
                           ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:40:10: warning:
      declaration of 'enum bpf_attach_type' will not be visible outside of this
      function [-Wvisibility]
                                enum bpf_attach_type type);
                                     ^
/lib/modules/4.10.0-28-generic/build/include/linux/bpf-cgroup.h:43:16: warning:
      declaration of 'enum bpf_attach_type' will not be visible outside of this
      function [-Wvisibility]
                               enum bpf_attach_type type);
                                    ^
In file included from /virtual/main.c:4:
/lib/modules/4.10.0-28-generic/build/include/linux/fs.h:2659:9: warning:
      comparison of unsigned enum expression < 0 is always false
      [-Wtautological-compare]
        if (id < 0 || id >= READING_MAX_ID)
            ~~ ^ ~
5 warnings and 3 errors generated.
Traceback (most recent call last):
  File "/usr/sbin/execsnoop-bpfcc", line 143, in <module>
    b = BPF(text=bpf_text)
  File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 197, in __init__
    raise Exception("Failed to compile BPF module %s" % src_file)
Exception: Failed to compile BPF module
@smithnigelw
Copy link
Author

The version of bpfcc that Ubuntu 17.04 Zesty installs, is v0.2.0 which is not the latest release.

https://github.com/iovisor/bcc/releases

Unfortunatly v0.3.0 does not seem to be available for Zesty.
But there is a v0.3.0 package for the current development version of Ubuntu 17.10 Artful.

https://packages.ubuntu.com/search?keywords=bpfcc-tools&searchon=names

So I tried downloading the source for the v0.3.0 package and building it on Zesty:

$ mkdir nws-build
$ cd nws-build/
$ pull-lp-source bpfcc
pull-lp-source: Downloading bpfcc version 0.3.0-1ubuntu1
pull-lp-source: Downloading bpfcc_0.3.0.orig.tar.gz from archive.ubuntu.com (1.569 MiB)
pull-lp-source: Downloading bpfcc_0.3.0-1ubuntu1.debian.tar.xz from archive.ubuntu.com (0.005 MiB)
dpkg-source: info: extracting bpfcc in bpfcc-0.3.0
dpkg-source: info: unpacking bpfcc_0.3.0.orig.tar.gz
dpkg-source: info: unpacking bpfcc_0.3.0-1ubuntu1.debian.tar.xz
dpkg-source: info: applying fix-install-path.patch
dpkg-source: info: applying fix-uint128-build-failure.patch
dpkg-source: info: applying disable-massive-cpp-binaries.patch

$ cd bpfcc-0.3.0/
$ debuild -us -uc -b
<!-Snip->
$ cd ..
$ sudo dpkg --remove libbpfcc python-bpfcc bpfcc-tools
Removing bpfcc-tools (0.2.0-2) ...
Removing python-bpfcc (0.2.0-2) ...
Removing libbpfcc (0.2.0-2) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for libc-bin (2.24-9ubuntu2.2) ...
$ sudo dpkg -i libbpfcc_0.3.0-1ubuntu2_amd64.deb
$ sudo dpkg -i python-bpfcc_0.3.0-1ubuntu2_all.deb
$ sudo dpkg -i bpfcc-tools_0.3.0-1ubuntu2_all.deb
$ cd /usr/share/doc/bpfcc-tools/examples/
$ sudo python ./hello_world.py
Segmentation fault (core dumped)

mmm, so still no joy :(
I tried running with gdb, and got the following stack trace:

$ sudo gdb python
(gdb) run -x ./hello_world.py
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4d715c4 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
(gdb) bt
#0  0x00007ffff4d715c4 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#1  0x00007ffff4d715f4 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#2  0x00007ffff4d715f4 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#3  0x00007ffff4d5c6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#4  0x00007ffff4d5cf50 in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#5  0x00007ffff4d47b4f in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#6  0x00007ffff4d480fd in ?? () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#7  0x00007ffff3bef5de in ebpf::BPFModule::finalize() () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#8  0x00007ffff3be81a8 in bpf_module_create_c_from_string () from /usr/lib/x86_64-linux-gnu/libbcc.so.0
#9  0x00007ffff67c4e18 in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#10 0x00007ffff67c487a in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#11 0x00007ffff69d8a0b in _ctypes_callproc () from /usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
#12 0x00007ffff69d7bd5 in ?? () from /usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
#13 0x000055555563b493 in PyObject_Call ()
#14 0x0000555555654daf in PyEval_EvalFrameEx ()
#15 0x000055555564d4e5 in PyEval_EvalCodeEx ()
#16 0x0000555555669fc8 in ?? ()
#17 0x000055555563b493 in PyObject_Call ()
#18 0x00005555556802ee in ?? ()
#19 0x000055555563b493 in PyObject_Call ()
#20 0x0000555555680027 in ?? ()
#21 0x00005555556410b4 in ?? ()
#22 0x000055555563b493 in PyObject_Call ()
#23 0x0000555555654daf in PyEval_EvalFrameEx ()
#24 0x000055555564d4e5 in PyEval_EvalCodeEx ()
#25 0x000055555564d289 in PyEval_EvalCode ()
#26 0x000055555567d13f in ?? ()
#27 0x0000555555678032 in PyRun_FileExFlags ()
#28 0x0000555555677b7e in PyRun_SimpleFileExFlags ()
#29 0x0000555555628a02 in Py_Main ()
#30 0x00007ffff78123f1 in __libc_start_main (main=0x555555628330 <main>, argc=3,
    argv=0x7fffffffe678, init=<optimised out>, fini=<optimised out>, rtld_fini=<optimised out>,
    stack_end=0x7fffffffe668) at ../csu/libc-start.c:291
#31 0x000055555562822a in _start ()
(gdb)

@smithnigelw
Copy link
Author

As I'm not having much joy with Ubuntu 17.04 Zesty,
I decided to try with Fedora 26.
This looked more promising as the version of bcc was already at v0.3.0

# uname -a
Linux localhost.localdomain 4.11.11-300.fc26.x86_64 #1 SMP Mon Jul 17 16:32:11 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
#
# yum install bcc-tools
Dependencies resolved.
================================================================================
 Package                Arch          Version               Repository     Size
================================================================================
Installing:
 bcc-tools              noarch        0.3.0-2.fc26          fedora        310 k
Installing dependencies:
 bcc                    x86_64        0.3.0-2.fc26          fedora        8.3 M
 clang-libs             x86_64        4.0.0-3.fc26          fedora         12 M
 compiler-rt            x86_64        4.0.0-1.fc26          fedora        1.6 M
 python3-bcc            x86_64        0.3.0-2.fc26          fedora         50 k
 python3-netaddr        noarch        0.7.19-2.fc26         fedora        1.5 M

Transaction Summary
================================================================================
Install  6 Packages

Total download size: 24 M
Installed size: 97 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): python3-bcc-0.3.0-2.fc26.x86_64.rpm      234 kB/s |  50 kB     00:00
(2/6): bcc-tools-0.3.0-2.fc26.noarch.rpm        1.2 MB/s | 310 kB     00:00
(3/6): python3-netaddr-0.7.19-2.fc26.noarch.rpm 1.5 MB/s | 1.5 MB     00:01
(4/6): compiler-rt-4.0.0-1.fc26.x86_64.rpm      2.0 MB/s | 1.6 MB     00:00
(5/6): bcc-0.3.0-2.fc26.x86_64.rpm              2.0 MB/s | 8.3 MB     00:04
(6/6): clang-libs-4.0.0-3.fc26.x86_64.rpm       2.4 MB/s |  12 MB     00:05
--------------------------------------------------------------------------------
Total                                           2.2 MB/s |  24 MB     00:11
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : compiler-rt-4.0.0-1.fc26.x86_64                        1/6
  Installing       : clang-libs-4.0.0-3.fc26.x86_64                         2/6
  Installing       : python3-netaddr-0.7.19-2.fc26.noarch                   3/6
  Installing       : python3-bcc-0.3.0-2.fc26.x86_64                        4/6
  Installing       : bcc-tools-0.3.0-2.fc26.noarch                          5/6
  Installing       : bcc-0.3.0-2.fc26.x86_64                                6/6
  Running scriptlet: bcc-0.3.0-2.fc26.x86_64                                6/6
  Verifying        : bcc-tools-0.3.0-2.fc26.noarch                          1/6
  Verifying        : python3-bcc-0.3.0-2.fc26.x86_64                        2/6
  Verifying        : python3-netaddr-0.7.19-2.fc26.noarch                   3/6
  Verifying        : bcc-0.3.0-2.fc26.x86_64                                4/6
  Verifying        : clang-libs-4.0.0-3.fc26.x86_64                         5/6
  Verifying        : compiler-rt-4.0.0-1.fc26.x86_64                        6/6

Installed:
  bcc-tools.noarch 0.3.0-2.fc26        bcc.x86_64 0.3.0-2.fc26
  clang-libs.x86_64 4.0.0-3.fc26       compiler-rt.x86_64 4.0.0-1.fc26
  python3-bcc.x86_64 0.3.0-2.fc26      python3-netaddr.noarch 0.7.19-2.fc26

Complete!
# rpm -qa | grep bcc
bcc-tools-0.3.0-2.fc26.noarch
python3-bcc-0.3.0-2.fc26.x86_64
bcc-0.3.0-2.fc26.x86_64

Unfortunately, Fedora do not include the 'hello_world.py', so i had to create that myself.

https://github.com/iovisor/bcc/blob/v0.3.0/examples/hello_world.py

# ./hello_world.py
Traceback (most recent call last):
  File "./hello_world.py", line 3, in <module>
    from bcc import BPF
ImportError: No module named bcc
# export PYTHONPATH=/usr/lib/python3.6/site-packages
# ./hello_world.py
Segmentation fault (core dumped)

So again no joy :(
I tried running with gdb, and got the following stack trace, which looks similar to what I'm seeing with Ubuntu, but this Fedora trace shows more detail:

# gdb python
GNU gdb (GDB) Fedora 8.0-13.fc26
Missing separate debuginfos, use: dnf debuginfo-install python2-2.7.13-10.fc26.x86_64
(gdb)
(gdb) run -x ./hello_world.py
Starting program: /usr/bin/python -x ./hello_world.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007fffee054ee4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
(gdb)
(gdb) bt
#0  0x00007fffee054ee4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#1  0x00007fffee054f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#2  0x00007fffee054f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#3  0x00007fffee03eba9 in llvm::RuntimeDyldImpl::resolveRelocationList(llvm::SmallVector<llvm::RelocationEntry, 64u> const&, unsigned long) () from /lib64/libbcc.so.0
#4  0x00007fffee041520 in llvm::RuntimeDyldImpl::resolveRelocations() () from /lib64/libbcc.so.0
#5  0x00007fffee02871f in llvm::MCJIT::finalizeLoadedModules() () from /lib64/libbcc.so.0
#6  0x00007fffee028ce1 in llvm::MCJIT::finalizeObject() () from /lib64/libbcc.so.0
#7  0x00007fffedbe325a in ebpf::BPFModule::finalize() () from /lib64/libbcc.so.0
#8  0x00007fffedbdc4cb in bpf_module_create_c_from_string () from /lib64/libbcc.so.0
#9  0x00007fffefabfbde in ffi_call_unix64 () from /lib64/libffi.so.6
#10 0x00007fffefabf54f in ffi_call () from /lib64/libffi.so.6
#11 0x00007fffefcd21e9 in _ctypes_callproc () from /usr/lib64/python2.7/lib-dynload/_ctypes.so
#12 0x00007fffefccc05e in PyCFuncPtr_call () from /usr/lib64/python2.7/lib-dynload/_ctypes.so
#13 0x00007ffff7a2b593 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#14 0x00007ffff7b0cb18 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#15 0x00007ffff7b132c8 in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#16 0x00007ffff7a51607 in function_call.lto_priv () from /lib64/libpython2.7.so.1.0
#17 0x00007ffff7a2b593 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#18 0x00007ffff7a8f93e in instancemethod_call.lto_priv () from /lib64/libpython2.7.so.1.0
#19 0x00007ffff7a2b593 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#20 0x00007ffff7a76867 in slot_tp_init () from /lib64/libpython2.7.so.1.0
#21 0x00007ffff7a775d4 in type_call.lto_priv () from /lib64/libpython2.7.so.1.0
#22 0x00007ffff7a2b593 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#23 0x00007ffff7b0cb18 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#24 0x00007ffff7b132c8 in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#25 0x00007ffff7b134d9 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
#26 0x00007ffff7adc3af in run_mod () from /lib64/libpython2.7.so.1.0
#27 0x00007ffff7addaea in PyRun_FileExFlags () from /lib64/libpython2.7.so.1.0
#28 0x00007ffff7addcae in PyRun_SimpleFileExFlags () from /lib64/libpython2.7.so.1.0
#29 0x00007ffff7ad665e in Py_Main () from /lib64/libpython2.7.so.1.0
#30 0x00007ffff6ca54da in __libc_start_main () from /lib64/libc.so.6
#31 0x000055555555477a in _start ()
(gdb)

@smithnigelw
Copy link
Author

Just realised I was using python2:

# ll /usr/bin/python
lrwxrwxrwx. 1 root root 7 May 31 18:59 /usr/bin/python -> python2
# python -V
Python 2.7.13
# /usr/bin/python3 -V
Python 3.6.1

So, i wondered if that was the caused of the problem.
So i tried with Python3, but still no joy.

# export PYTHONPATH=/usr/lib/python3.6/site-packages
# /usr/bin/python3 ./hello_world.py
Segmentation fault (core dumped)
#
# gdb /usr/bin/python3
GNU gdb (GDB) Fedora 8.0-13.fc26
Missing separate debuginfos, use: dnf debuginfo-install python3-3.6.1-8.fc26.x86_64
(gdb) run -x ./hello_world.py
Starting program: /usr/bin/python3 -x ./hello_world.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007fffede29ee4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
(gdb)
(gdb) bt
#0  0x00007fffede29ee4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#1  0x00007fffede29f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#2  0x00007fffede29f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#3  0x00007fffede13ba9 in llvm::RuntimeDyldImpl::resolveRelocationList(llvm::SmallVector<llvm::RelocationEntry, 64u> const&, unsigned long) () from /lib64/libbcc.so.0
#4  0x00007fffede16520 in llvm::RuntimeDyldImpl::resolveRelocations() () from /lib64/libbcc.so.0
#5  0x00007fffeddfd71f in llvm::MCJIT::finalizeLoadedModules() () from /lib64/libbcc.so.0
#6  0x00007fffeddfdce1 in llvm::MCJIT::finalizeObject() () from /lib64/libbcc.so.0
#7  0x00007fffed9b825a in ebpf::BPFModule::finalize() () from /lib64/libbcc.so.0
#8  0x00007fffed9b14cb in bpf_module_create_c_from_string () from /lib64/libbcc.so.0
#9  0x00007fffefb64bde in ffi_call_unix64 () from /lib64/libffi.so.6
#10 0x00007fffefb6454f in ffi_call () from /lib64/libffi.so.6
#11 0x00007fffefd78cf9 in _ctypes_callproc () from /usr/lib64/python3.6/lib-dynload/_ctypes.cpython-36m-x86_64-linux-gnu.so
#12 0x00007fffefd78ee4 in PyCFuncPtr_call () from /usr/lib64/python3.6/lib-dynload/_ctypes.cpython-36m-x86_64-linux-gnu.so
#13 0x00007ffff798f2d4 in _PyObject_FastCallDict () from /lib64/libpython3.6m.so.1.0
#14 0x00007ffff79ffd3d in call_function () from /lib64/libpython3.6m.so.1.0
#15 0x00007ffff7a3cf6a in _PyEval_EvalFrameDefault () from /lib64/libpython3.6m.so.1.0
#16 0x00007ffff798e103 in _PyEval_EvalCodeWithName () from /lib64/libpython3.6m.so.1.0
#17 0x00007ffff798f147 in _PyFunction_FastCallDict () from /lib64/libpython3.6m.so.1.0
#18 0x00007ffff798f4ae in _PyObject_FastCallDict () from /lib64/libpython3.6m.so.1.0
#19 0x00007ffff79992a1 in _PyObject_Call_Prepend () from /lib64/libpython3.6m.so.1.0
#20 0x00007ffff798f88b in PyObject_Call () from /lib64/libpython3.6m.so.1.0
#21 0x00007ffff79f75c9 in slot_tp_init () from /lib64/libpython3.6m.so.1.0
#22 0x00007ffff79f89ee in type_call () from /lib64/libpython3.6m.so.1.0
#23 0x00007ffff798f2d4 in _PyObject_FastCallDict () from /lib64/libpython3.6m.so.1.0
#24 0x00007ffff79f8958 in _PyObject_FastCallKeywords () from /lib64/libpython3.6m.so.1.0
#25 0x00007ffff79ffd3d in call_function () from /lib64/libpython3.6m.so.1.0
#26 0x00007ffff7a3def5 in _PyEval_EvalFrameDefault () from /lib64/libpython3.6m.so.1.0
#27 0x00007ffff7a0cc87 in PyEval_EvalCodeEx () from /lib64/libpython3.6m.so.1.0
#28 0x00007ffff7a0da3b in PyEval_EvalCode () from /lib64/libpython3.6m.so.1.0
#29 0x00007ffff7a955f2 in run_mod () from /lib64/libpython3.6m.so.1.0
#30 0x00007ffff7a962bd in PyRun_FileExFlags () from /lib64/libpython3.6m.so.1.0
#31 0x00007ffff7a98547 in PyRun_SimpleFileExFlags () from /lib64/libpython3.6m.so.1.0
#32 0x00007ffff7a99543 in Py_Main () from /lib64/libpython3.6m.so.1.0
#33 0x0000555555554cf5 in main ()
(gdb)

@mcaleavya
Copy link
Contributor

mcaleavya commented Aug 2, 2017 via email

@smithnigelw
Copy link
Author

Maybe I'm seeing the same problem as whats reported here:

"Segmentation fault (core dumped) when running btrfsslower.py #1221"

@pavel-paulau pavel-paulau mentioned this issue Aug 3, 2017
Closed
@yonghong-song
Copy link
Collaborator

As @mcaleavya suggested, the workaround is to build latest llvm trunk and bcc manually.

@mcaleavya
Copy link
Contributor

Tested fresh build on 17.04
Linux henky 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
henky:/var/tmp/bcc/tools$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=17.04
DISTRIB_CODENAME=zesty
DISTRIB_DESCRIPTION="Ubuntu 17.04"

henky:/var/tmp/bcc/tools$ sudo ./execsnoop.py
In file included from /virtual/main.c:5:
include/linux/fs.h:2659:9: warning: comparison of unsigned enum expression < 0 is always false [-Wtautological-compare]
if (id < 0 || id >= READING_MAX_ID)
~~ ^ ~
1 warning generated.
PCOMM PID PPID RET ARGS
ps 31815 1382 0 /bin/ps -ef
df 31816 1382 0 /bin/df
ls 31817 1382 0 /bin/ls --color=auto
find 31818 1382 0 /usr/bin/find .

All looks ok to me.

Mic92 added a commit to NixOS/nixpkgs that referenced this issue Sep 29, 2017
@Mic92
bcc: fix relocation bug downgrading to llvm 3.9
4da6934 
iovisor/bcc#1276

fixes #29913
Mic92 added a commit to NixOS/nixpkgs that referenced this issue Sep 29, 2017
@Mic92
bcc: fix relocation bug downgrading to llvm 3.9
3db9841 
iovisor/bcc#1276

fixes #29913
@pruthvistony
Copy link

pruthvistony commented Oct 4, 2017
edited
Loading

HI,
Running Ubuntu 16.04
I still get these errors when I run # biolatency
root@ubuntu:/usr/share/bcc/tools# ./biolatency
In file included from /virtual/main.c:3:
In file included from include/linux/blkdev.h:4:
In file included from include/linux/sched.h:61:
In file included from include/linux/cgroup-defs.h:19:
include/linux/bpf-cgroup.h:22:24: error: use of undeclared identifier
'MAX_BPF_ATTACH_TYPE'
struct bpf_prog *prog[MAX_BPF_ATTACH_TYPE];
^
include/linux/bpf-cgroup.h:23:35: error: use of undeclared identifier
'MAX_BPF_ATTACH_TYPE'
struct bpf_prog __rcu *effective[MAX_BPF_ATTACH_TYPE];
^
include/linux/bpf-cgroup.h:24:25: error: use of undeclared identifier
'MAX_BPF_ATTACH_TYPE'
bool disallow_override[MAX_BPF_ATTACH_TYPE];
^
include/linux/bpf-cgroup.h:31:32: warning: declaration of 'enum bpf_attach_type'
will not be visible outside of this function [-Wvisibility]
struct bpf_prog *prog, enum bpf_attach_type type,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@smithnigelw @mcaleavya @yonghong-song @pruthvistony