libbcc-undefined-symbol
背景
执行 bpftrace 时报如下异常
bpftrace
bpftrace: symbol lookup error: /lib64/libbcc.so.0: undefined symbol: btf__load_vmlinux_btf, version LIBBPF_0.5.0
解决办法
这个就比较奇怪了,我是用 yum 安装的 bpftrace 没有想到它还会少 libbpf 这个依赖,真是见鬼了。
yum install -y libbpf
Last metadata expiration check: 3:10:37 ago on Fri 03 Feb 2023 10:40:13 AM CST.
Package libbpf-2:0.5.0-3.el9.x86_64 is already installed.
Dependencies resolved.
==================================================================================================================================================================
Package Architecture Version Repository Size
==================================================================================================================================================================
Upgrading:
libbpf x86_64 2:0.6.0-1.el9 baseos 155 k
Transaction Summary
==================================================================================================================================================================
Upgrade 1 Package
Total download size: 155 k
Downloading Packages:
libbpf-0.6.0-1.el9.x86_64.rpm 602 kB/s | 155 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 600 kB/s | 155 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : libbpf-2:0.6.0-1.el9.x86_64 1/2
Cleanup : libbpf-2:0.5.0-3.el9.x86_64 2/2
Running scriptlet: libbpf-2:0.5.0-3.el9.x86_64 2/2
Verifying : libbpf-2:0.6.0-1.el9.x86_64 1/2
Verifying : libbpf-2:0.5.0-3.el9.x86_64 2/2
Upgraded:
libbpf-2:0.6.0-1.el9.x86_64
Complete!
检查
bpftrace
USAGE:
bpftrace [options] filename
bpftrace [options] - <stdin input>
bpftrace [options] -e 'program'
OPTIONS:
-B MODE output buffering mode ('full', 'none')
-f FORMAT output format ('text', 'json')
-o file redirect bpftrace output to file
-d debug info dry run
-dd verbose debug info dry run
-e 'program' execute this program
-h, --help show this help message
-I DIR add the directory to the include search path
--include FILE add an #include file before preprocessing
-l [search] list probes
-p PID enable USDT probes on PID
-c 'CMD' run CMD and enable USDT probes on resulting process
--usdt-file-activation
activate usdt semaphores based on file path
--unsafe allow unsafe builtin functions
-q keep messages quiet
-v verbose messages
--info Print information about kernel BPF support
-k emit a warning when a bpf helper returns an error (except read functions)
-kk check all bpf helper functions
-V, --version bpftrace version
--no-warnings disable all warning messages
ENVIRONMENT:
BPFTRACE_STRLEN [default: 64] bytes on BPF stack per str()
BPFTRACE_NO_CPP_DEMANGLE [default: 0] disable C++ symbol demangling
BPFTRACE_MAP_KEYS_MAX [default: 4096] max keys in a map
BPFTRACE_CAT_BYTES_MAX [default: 10k] maximum bytes read by cat builtin
BPFTRACE_MAX_PROBES [default: 512] max number of probes
BPFTRACE_LOG_SIZE [default: 1000000] log size in bytes
BPFTRACE_PERF_RB_PAGES [default: 64] pages per CPU to allocate for ring buffer
BPFTRACE_NO_USER_SYMBOLS [default: 0] disable user symbol resolution
BPFTRACE_CACHE_USER_SYMBOLS [default: auto] enable user symbol cache
BPFTRACE_VMLINUX [default: none] vmlinux path used for kernel symbol resolution
BPFTRACE_BTF [default: none] BTF file
EXAMPLES:
bpftrace -l '*sleep*'
list probes containing "sleep"
bpftrace -e 'kprobe:do_nanosleep { printf("PID %d sleeping...\n", pid); }'
trace processes calling sleep
bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'
count syscalls by process name