Please document which kernel options are needed for procmon to work

Question

Please document which kernel options are needed for procmon to work

krzyk opened this issue 3 years ago · 6 comments

I just installed procmon (from the source) and when I do sudo procmon I get:

  what():  filesystem error: directory iterator cannot open directory: No such file or directory [/sys/kernel/debug/tracing/events/syscalls]

So it looks like this needs some kernel options to use, it would be good to document that in README.md

EDIT: After enabling the needed kernel option and running procmon as root I get empty list (just the header and footer) and in the shell I see following errors:

bpf: Failed to load program: Invalid argument
fd 9 is not pointing to valid bpf_map
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

bpf: Failed to load program: Invalid argument
fd 9 is not pointing to valid bpf_map
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

So something is still missing, but what? (I have BPF enabled in kernel, but not sure if all the required options, or maybe I need some CLI tools?)

Answer 1 · 2021-07-14T19:01:24.000Z

@krzyk could you share the details of your environment? OS? Kernel? Are you attempting to run Procmon inside WSL?

Answer 2 · 2021-08-04T15:12:33.000Z

If you enable all options for bcc, then you should be able to use this without issue. BCC project makes it quick and easy to determine the kernel options needed. https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration

Answer 3 · 2022-05-04T18:29:14.000Z

@krzyk could you share the details of your environment? OS? Kernel? Are you attempting to run Procmon inside WSL?

Answer 4 · 2022-06-09T21:44:08.000Z

I'm getting the same error
bpf: Failed to load program: Invalid argument
fd 9 is not pointing to valid bpf_map
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

bpf: Failed to load program: Invalid argument
fd 9 is not pointing to valid bpf_map
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

debian 11 bullseye with these libraries
arp 2.21-2
netperf 3.9-1
iperf3 2.7.0-0.1
luajit 5.1 2.0.1
bison 2:3.7.5
build-essential 12.9
libelf-dev .183-1
flex 2.4.6-8
libedit-dev 3.1
llvm-11-dev 1:11.0.1-2
llvm-9-dev 1:9.0.1-16.1
libclang-9-dev 1:9.0.1-16.1
python 2.7.18-9
zlib1g-dev 1:1.2.11

Answer 5 · 2022-06-09T22:02:31.000Z

Hey - looks like it failed verification. We're aware of verifier errors on some distros/versions and will look into it as soon as we can.

Answer 6 · 2022-06-10T02:34:25.000Z

I was looking for that exact error or something close and ran across this https://opendev.org/starlingx/kernel/commit/15a50452ba9b483b4949437e960dea4932a7b26c

Several of the kernel config flags for bpf are disabled in my kernel config. Would enabling them fix the issue we are seeing.