execsnoop-bpfcc: immediately segfaults
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bpfcc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
execsnoop-bpfcc prints some compiler warnings, then immediately segfaults.
This may have been discussed upstream at: https:/
Output:
(gdb) r
Starting program: /usr/bin/python /usr/sbin/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_
In file included from /virtual/main.c:3:
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from ./arch/
In file included from include/
In file included from ./arch/
In file included from ./arch/
./arch/
include/
#define this_cpu_write(pcp, val) __pcpu_
include/
include/
const void __percpu *__vpp_verify = (typeof((ptr) + 0))NULL; \
In file included from /virtual/main.c:3:
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from ./arch/
In file included from include/
In file included from ./arch/
In file included from ./arch/
./arch/
return this_cpu_
./arch/
#define cpu_current_
./arch/
#define this_cpu_
./arch/
In file included from /virtual/main.c:3:
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from ./arch/
In file included from include/
In file included from ./arch/
In file included from ./arch/
./arch/
return this_cpu_
./arch/
#define cpu_current_
./arch/
#define this_cpu_
./arch/
In file included from /virtual/main.c:3:
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from ./arch/
In file included from include/
In file included from ./arch/
In file included from ./arch/
./arch/
return this_cpu_
./arch/
#define cpu_current_
./arch/
#define this_cpu_
./arch/
In file included from /virtual/main.c:3:
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from include/
In file included from ./arch/
In file included from include/
In file included from ./arch/
In file included from ./arch/
./arch/
return this_cpu_
./arch/
#define cpu_current_
./arch/
#define this_cpu_
./arch/
5 warnings generated.
warning: JITed object file architecture unknown is not compatible with target architecture i386:x86-64.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4cbf5c4 in llvm::RuntimeDy
(gdb) bt
#0 0x00007ffff4cbf5c4 in llvm::RuntimeDy
#1 0x00007ffff4cbf5f4 in llvm::RuntimeDy
#2 0x00007ffff4cbf5f4 in llvm::RuntimeDy
#3 0x00007ffff4caa6a8 in llvm::RuntimeDy
#4 0x00007ffff4caaf50 in llvm::RuntimeDy
#5 0x00007ffff4c95b4f in llvm::MCJIT:
#6 0x00007ffff4c960fd in llvm::MCJIT:
#7 0x00007ffff3b3d5de in ebpf::BPFModule
#8 0x00007ffff3b3ddcd in ebpf::BPFModule
#9 0x00007ffff3b361a8 in bpf_module_
text=
#10 0x00007ffff6711e18 in ffi_call_unix64 () from /usr/lib/
#11 0x00007ffff671187a in ffi_call () from /usr/lib/
#12 0x00007ffff696c04f in _call_function_
pProc=
#13 _ctypes_callproc () at ./Modules/
(gdb) frame 9; call (void)puts(text)
#include <uapi/linux/
#include <linux/sched.h>
#include <linux/fs.h>
#define MAXARG 20
#define ARGSIZE 128
enum event_type {
EVENT_ARG,
EVENT_RET,
};
struct data_t {
u32 pid; // PID as in the userspace term (i.e. task->tgid in kernel)
char comm[TASK_
enum event_type type;
char argv[ARGSIZE];
int retval;
};
BPF_PERF_
static int __submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data)
{
bpf_
events.
return 1;
}
static int submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data)
{
const char *argp = NULL;
bpf_
if (argp) {
return __submit_arg(ctx, (void *)(argp), data);
}
return 0;
}
int kprobe_
const char __user *const __user *__argv,
const char __user *const __user *__envp)
{
// create data here and pass to submit_arg to save stack space (#555)
struct data_t data = {};
data.pid = bpf_get_
bpf_
data.type = EVENT_ARG;
__submit_
int i = 1; // skip first arg, as we submitted filename
// unrolled loop to walk argv[] (MAXARG)
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; // X
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++;
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; i++; // XX
// handle truncated argument list
char ellipsis[] = "...";
__submit_
out:
return 0;
}
int kretprobe_
{
struct data_t data = {};
data.pid = bpf_get_
bpf_
data.type = EVENT_RET;
data.retval = PT_REGS_RC(ctx);
events.
return 0;
}
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: bpfcc-tools 0.3.0-1ubuntu1
ProcVersionSign
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
Date: Thu Feb 8 11:52:40 2018
PackageArchitec
SourcePackage: bpfcc
UpgradeStatus: Upgraded to artful on 2017-09-12 (148 days ago)