Public bug reported: execsnoop-bpfcc prints some compiler warnings, then immediately segfaults.
This may have been discussed upstream at: https://github.com/iovisor/bcc/issues/1276 Output: (gdb) r Starting program: /usr/bin/python /usr/sbin/execsnoop-bpfcc [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". In file included from /virtual/main.c:3: In file included from include/linux/sched.h:13: In file included from include/linux/pid.h:4: In file included from include/linux/rculist.h:10: In file included from include/linux/rcupdate.h:40: In file included from include/linux/preempt.h:80: In file included from ./arch/x86/include/asm/preempt.h:6: In file included from include/linux/thread_info.h:37: In file included from ./arch/x86/include/asm/thread_info.h:63: In file included from ./arch/x86/include/asm/cpufeature.h:4: ./arch/x86/include/asm/processor.h:534:17: warning: taking address of packed member 'sp0' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member] this_cpu_write(cpu_tss_rw.x86_tss.sp0, sp0); ^~~~~~~~~~~~~~~~~~~~~~ include/linux/percpu-defs.h:495:68: note: expanded from macro 'this_cpu_write' #define this_cpu_write(pcp, val) __pcpu_size_call(this_cpu_write_, pcp, val) ^~~ include/linux/percpu-defs.h:362:22: note: expanded from macro '__pcpu_size_call' __verify_pcpu_ptr(&(variable)); \ ^~~~~~~~ include/linux/percpu-defs.h:206:47: note: expanded from macro '__verify_pcpu_ptr' const void __percpu *__vpp_verify = (typeof((ptr) + 0))NULL; \ ^~~ In file included from /virtual/main.c:3: In file included from include/linux/sched.h:13: In file included from include/linux/pid.h:4: In file included from include/linux/rculist.h:10: In file included from include/linux/rcupdate.h:40: In file included from include/linux/preempt.h:80: In file included from ./arch/x86/include/asm/preempt.h:6: In file included from include/linux/thread_info.h:37: In file included from ./arch/x86/include/asm/thread_info.h:63: In file included from ./arch/x86/include/asm/cpufeature.h:4: ./arch/x86/include/asm/processor.h:551:30: warning: taking address of packed member 'sp1' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member] return this_cpu_read_stable(cpu_current_top_of_stack); ^~~~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/processor.h:374:34: note: expanded from macro 'cpu_current_top_of_stack' #define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1 ^~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/percpu.h:391:59: note: expanded from macro 'this_cpu_read_stable' #define this_cpu_read_stable(var) percpu_stable_op("mov", var) ^~~ ./arch/x86/include/asm/percpu.h:218:16: note: expanded from macro 'percpu_stable_op' : "p" (&(var))); \ ^~~ In file included from /virtual/main.c:3: In file included from include/linux/sched.h:13: In file included from include/linux/pid.h:4: In file included from include/linux/rculist.h:10: In file included from include/linux/rcupdate.h:40: In file included from include/linux/preempt.h:80: In file included from ./arch/x86/include/asm/preempt.h:6: In file included from include/linux/thread_info.h:37: In file included from ./arch/x86/include/asm/thread_info.h:63: In file included from ./arch/x86/include/asm/cpufeature.h:4: ./arch/x86/include/asm/processor.h:551:30: warning: taking address of packed member 'sp1' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member] return this_cpu_read_stable(cpu_current_top_of_stack); ^~~~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/processor.h:374:34: note: expanded from macro 'cpu_current_top_of_stack' #define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1 ^~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/percpu.h:391:59: note: expanded from macro 'this_cpu_read_stable' #define this_cpu_read_stable(var) percpu_stable_op("mov", var) ^~~ ./arch/x86/include/asm/percpu.h:223:16: note: expanded from macro 'percpu_stable_op' : "p" (&(var))); \ ^~~ In file included from /virtual/main.c:3: In file included from include/linux/sched.h:13: In file included from include/linux/pid.h:4: In file included from include/linux/rculist.h:10: In file included from include/linux/rcupdate.h:40: In file included from include/linux/preempt.h:80: In file included from ./arch/x86/include/asm/preempt.h:6: In file included from include/linux/thread_info.h:37: In file included from ./arch/x86/include/asm/thread_info.h:63: In file included from ./arch/x86/include/asm/cpufeature.h:4: ./arch/x86/include/asm/processor.h:551:30: warning: taking address of packed member 'sp1' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member] return this_cpu_read_stable(cpu_current_top_of_stack); ^~~~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/processor.h:374:34: note: expanded from macro 'cpu_current_top_of_stack' #define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1 ^~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/percpu.h:391:59: note: expanded from macro 'this_cpu_read_stable' #define this_cpu_read_stable(var) percpu_stable_op("mov", var) ^~~ ./arch/x86/include/asm/percpu.h:228:16: note: expanded from macro 'percpu_stable_op' : "p" (&(var))); \ ^~~ In file included from /virtual/main.c:3: In file included from include/linux/sched.h:13: In file included from include/linux/pid.h:4: In file included from include/linux/rculist.h:10: In file included from include/linux/rcupdate.h:40: In file included from include/linux/preempt.h:80: In file included from ./arch/x86/include/asm/preempt.h:6: In file included from include/linux/thread_info.h:37: In file included from ./arch/x86/include/asm/thread_info.h:63: In file included from ./arch/x86/include/asm/cpufeature.h:4: ./arch/x86/include/asm/processor.h:551:30: warning: taking address of packed member 'sp1' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member] return this_cpu_read_stable(cpu_current_top_of_stack); ^~~~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/processor.h:374:34: note: expanded from macro 'cpu_current_top_of_stack' #define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1 ^~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/percpu.h:391:59: note: expanded from macro 'this_cpu_read_stable' #define this_cpu_read_stable(var) percpu_stable_op("mov", var) ^~~ ./arch/x86/include/asm/percpu.h:233:16: note: expanded from macro 'percpu_stable_op' : "p" (&(var))); \ ^~~ 5 warnings generated. warning: JITed object file architecture unknown is not compatible with target architecture i386:x86-64. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4cbf5c4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 (gdb) bt #0 0x00007ffff4cbf5c4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #1 0x00007ffff4cbf5f4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #2 0x00007ffff4cbf5f4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #3 0x00007ffff4caa6a8 in llvm::RuntimeDyldImpl::resolveRelocationList(llvm::SmallVector<llvm::RelocationEntry, 64u> const&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #4 0x00007ffff4caaf50 in llvm::RuntimeDyldImpl::resolveRelocations() () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #5 0x00007ffff4c95b4f in llvm::MCJIT::finalizeLoadedModules() () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #6 0x00007ffff4c960fd in llvm::MCJIT::finalizeObject() () from /usr/lib/x86_64-linux-gnu/libbcc.so.0 #7 0x00007ffff3b3d5de in ebpf::BPFModule::finalize (this=this@entry=0x555555c89050) at ./src/cc/bpf_module.cc:440 #8 0x00007ffff3b3ddcd in ebpf::BPFModule::load_string (this=this@entry=0x555555c89050, text=..., cflags=cflags@entry=0x7ffff2e89880, ncflags=ncflags@entry=0) at ./src/cc/bpf_module.cc:756 #9 0x00007ffff3b361a8 in bpf_module_create_c_from_string ( text=0x555555c80424 "\n#include <uapi/linux/ptrace.h>\n#include <linux/sched.h>\n#include <linux/fs.h>\n\n#define MAXARG 20\n#define ARGSIZE 128\n\nenum event_type {\n EVENT_ARG,\n EVENT_RET,\n};\n\nstruct data_t {\n u32 pi"..., flags=<optimised out>, cflags=0x7ffff2e89880, ncflags=0) at ./src/cc/bpf_common.cc:40 #10 0x00007ffff6711e18 in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6 #11 0x00007ffff671187a in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6 #12 0x00007ffff696c04f in _call_function_pointer (argcount=4, resmem=0x7fffffffd800, restype=<optimised out>, atypes=<optimised out>, avalues=0x7fffffffd7d0, pProc=0x7ffff3b36100 <bpf_module_create_c_from_string(char const*, unsigned int, char const**, int)>, flags=<optimised out>) at ./Modules/_ctypes/callproc.c:841 #13 _ctypes_callproc () at ./Modules/_ctypes/callproc.c:1184 (gdb) frame 9; call (void)puts(text) #include <uapi/linux/ptrace.h> #include <linux/sched.h> #include <linux/fs.h> #define MAXARG 20 #define ARGSIZE 128 enum event_type { EVENT_ARG, EVENT_RET, }; struct data_t { u32 pid; // PID as in the userspace term (i.e. task->tgid in kernel) char comm[TASK_COMM_LEN]; enum event_type type; char argv[ARGSIZE]; int retval; }; BPF_PERF_OUTPUT(events); static int __submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { bpf_probe_read(data->argv, sizeof(data->argv), ptr); events.perf_submit(ctx, data, sizeof(struct data_t)); return 1; } static int submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { const char *argp = NULL; bpf_probe_read(&argp, sizeof(argp), ptr); if (argp) { return __submit_arg(ctx, (void *)(argp), data); } return 0; } int kprobe__sys_execve(struct pt_regs *ctx, struct filename *filename, const char __user *const __user *__argv, const char __user *const __user *__envp) { // create data here and pass to submit_arg to save stack space (#555) struct data_t data = {}; data.pid = bpf_get_current_pid_tgid() >> 32; bpf_get_current_comm(&data.comm, sizeof(data.comm)); data.type = EVENT_ARG; __submit_arg(ctx, (void *)filename, &data); int i = 1; // skip first arg, as we submitted filename // unrolled loop to walk argv[] (MAXARG) if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; // X if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; // XX // handle truncated argument list char ellipsis[] = "..."; __submit_arg(ctx, (void *)ellipsis, &data); out: return 0; } int kretprobe__sys_execve(struct pt_regs *ctx) { struct data_t data = {}; data.pid = bpf_get_current_pid_tgid() >> 32; bpf_get_current_comm(&data.comm, sizeof(data.comm)); data.type = EVENT_RET; data.retval = PT_REGS_RC(ctx); events.perf_submit(ctx, &data, sizeof(data)); return 0; } ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: bpfcc-tools 0.3.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 Date: Thu Feb 8 11:52:40 2018 PackageArchitecture: all SourcePackage: bpfcc UpgradeStatus: Upgraded to artful on 2017-09-12 (148 days ago) ** Affects: bpfcc (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug artful -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748176 Title: execsnoop-bpfcc: immediately segfaults To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bpfcc/+bug/1748176/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs