search

cilium / tetragon

eBPF-based Security Observability and Runtime Enforcement
https://tetragon.io
Apache License 2.0
3.66k stars 370 forks source link

Tetragon Failed to Start #2650

Closed ArmanPasha closed 4 months ago

ArmanPasha commented 4 months ago

What happened?

I'm following this guide to install Tetragon on a Ubuntu 22.04.4 with kernel version of 6.5.0-1020. Tetragon installed successfully but it panics without any context: image

Tetragon Version

1.1.2

Kernel Version

6.5.0-1020

Kubernetes Version

not running on Kubernetes

Bugtool

No response

Relevant log output


Jul 09 04:05:53 tetragon-vm systemd[1]: Started Tetragon eBPF-based Security Observability and Runtime Enforcement.
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Starting tetragon" version=v1.1.2
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="config settings" config="map[bpf-lib:/usr/local/lib/tetragon/bpf/ btf: config-dir: cpuprofile: data-cache-size:1024 debu>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Tetragon current security context" AppArmor=unconfined Lockdown=none SELinux=unconfined Smack=
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Tetragon pid file creation succeeded" pid=10368 pidfile=/var/run/tetragon/tetragon.pid
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="probing detectModifyReturnSyscall using __x64_sys_getcpu"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BPF detected features: override_return: true, buildid: true, kprobe_multi: true, uprobe_multi false, fmodret: true, fmod>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Detected mounted BPF filesystem at /sys/fs/bpf"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BPF: successfully released pinned BPF programs and maps" bpf-dir=/sys/fs/bpf/tetragon
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BTF discovery: default kernel btf file found" btf-file=/sys/kernel/btf/vmlinux
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Cgroup mode detection succeeded" cgroup.fs=/sys/fs/cgroup cgroup.mode="Unified mode (Cgroupv2)"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Cgroup BPF helpers will run in Cgroupv2 mode or fallback to raw Cgroup on errors" cgroup.fs=/sys/fs/cgroup
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="sensor controller waiting on channel"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Cgroup available controllers" cgroup.controllers="[cpuset cpu cpuacct blkio memory devices freezer net_cls perf_event n>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Supported cgroup controller 'memory' is active on the system" cgroup.controller.hierarchyID=0 cgroup.controller.index=4 >
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Supported cgroup controller 'pids' is active on the system" cgroup.controller.hierarchyID=0 cgroup.controller.index=11 c>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Supported cgroup controller 'cpuset' is active on the system" cgroup.controller.hierarchyID=0 cgroup.controller.index=0 >
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Cgroupv2 supported controllers detected successfully" cgroup.controllers="[cpuset cpu io memory pids]" cgroup.fs=/sys/fs>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Cgroupv2 controller 'memory' will be used as a fallback for the default hierarchy" cgroup.controller.hierarchyID=0 cgrou>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Cgroupv2 hierarchy validated successfully" cgroup.fs=/sys/fs/cgroup cgroup.path=/sys/fs/cgroup/system.slice/tetragon.ser>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Deployment mode detection succeeded" cgroup.fs=/sys/fs/cgroup deployment.mode="systemd service"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Updated TetragonConf map successfully" NSPID=10368 cgroup.controller.hierarchyID=0 cgroup.controller.index=4 cgroup.cont>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Disabling Kubernetes API"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Disabling Cilium API"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Configured redaction filters" redactionFilters=
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Starting process manager" enableCilium=false enableK8s=false enableProcessCred=false enableProcessNs=false
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Configured field filters" fieldFilters="[]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Starting JSON exporter" logger="&{/var/log/tetragon/tetragon.log 10 0 5 false true -rw------- 0 <nil> {0 0} <nil> {{{} 0>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Starting gRPC server" address=/var/run/tetragon/tetragon.sock protocol=unix
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Received a GetEvents request" events.aggregation_options="<nil>" events.allow_list="[]" events.deny_list="[]" events.fi>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Adding a getEventsListener" getEventsListener="&{0xc00299c840}"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Exporter configuration" enabled=true fileName=/var/log/tetragon/tetragon.log
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Add listener" listener="&{tetragon-vm 0xc002b28230 {0 0} map[0xc000680188:{}]}"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Successfully detected bpftool path" bpftool=/usr/local/lib/tetragon/bpftool
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Successfully detected gops path" gops=/usr/local/lib/tetragon/gops
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Starting gRPC health server" address=":6789" interval=10
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BPF: found active BPF resources" bpf-dir=/sys/fs/bpf/tetragon pinned-bpf="[tg_conf_map]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Exit probe on acct_process"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BTF file: using metadata file" metadata=/sys/kernel/btf/vmlinux
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Loading sensor" name=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Loading kernel version 6.5.13"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=bpf_exit.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Candidate bpf file does not exist" file=bpf_exit.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_exit.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=bpf_fork.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Candidate bpf file does not exist" file=bpf_fork.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_fork.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Candidate bpf file does not exist" file=bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Candidate bpf file does not exist" file=bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_bprm_commit_creds.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Checking for bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Found bpf file" file=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=execve_map path=/sys/fs/bpf/tetragon/execve_map sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=tg_execve_joined_info_map path=/sys/fs/bpf/tetragon/tg_execve_joined_info_map sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=execve_map_stats path=/sys/fs/bpf/tetragon/execve_map_stats sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=tg_execve_joined_info_map_stats path=/sys/fs/bpf/tetragon/tg_execve_joined_info_map_stats sen>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=execve_calls path=/sys/fs/bpf/tetragon/execve_calls sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=tcpmon_map path=/sys/fs/bpf/tetragon/tcpmon_map sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=tg_conf_map path=/sys/fs/bpf/tetragon/tg_conf_map sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="tetragon, map loaded." map=tg_stats_map path=/sys/fs/bpf/tetragon/tg_stats_map sensor=__base__
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=observerLoadInstance/usr/local/lib/tetragon/bpf/bpf_exit.o394509 kern_version=394509 prog=/usr/local/lib/tetragon/bpf/bp>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Loading BPF program" Attach=acct_process Program=/usr/local/lib/tetragon/bpf/bpf_exit.o Type=kprobe
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'exit_heap_map' not found, map is not shared!\n" prog=kprobe/acct_process
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Programs (/usr/local/lib/tetragon/bpf/bpf_exit.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 572: event_exit_acct_process - [1060 1070 1065 1066 1062]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Maps (/usr/local/lib/tetragon/bpf/bpf_exit.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1065: tcpmon_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1066: tg_stats_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1070: exit_heap_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1060: execve_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1062: execve_map_stats"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="BPF prog was loaded" label=kprobe/acct_process prog=/usr/local/lib/tetragon/bpf/bpf_exit.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=observerLoadInstance/usr/local/lib/tetragon/bpf/bpf_fork.o394509 kern_version=394509 prog=/usr/local/lib/tetragon/bpf/bp>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Loading BPF program" Attach=wake_up_new_task Program=/usr/local/lib/tetragon/bpf/bpf_fork.o Type=kprobe
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'execve_val' not found, map is not shared!\n" prog=kprobe/wake_up_new_task
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Programs (/usr/local/lib/tetragon/bpf/bpf_fork.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 575: event_wake_up_new_task - [1060 1080 1062 1065 1066]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Maps (/usr/local/lib/tetragon/bpf/bpf_fork.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1062: execve_map_stats"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1065: tcpmon_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1066: tg_stats_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1080: execve_val"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1060: execve_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="BPF prog was loaded" label=kprobe/wake_up_new_task prog=/usr/local/lib/tetragon/bpf/bpf_fork.o
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=observerLoadInstance/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o394509 kern_version=394509 prog=/usr/local/lib/tet>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Loading registered BPF probe" Attach=sched/sched_process_exec Program=/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o>
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'execve_heap' not found, map is not shared!\n" prog=tracepoint/sys_execve
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'cwd_read_v61' not found, map is not shared!\n" prog=tracepoint/sys_execve
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'execve_msg_heap_map' not found, map is not shared!\n" prog=tracepoint/sys_execve
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'data_heap' not found, map is not shared!\n" prog=tracepoint/sys_execve
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="pin file for map 'buffer_heap_map' not found, map is not shared!\n" prog=tracepoint/sys_execve
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Programs (/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 576: event_execve - [1089 1060 1061 1063 1088 1065 1066 1091 1083 1059 1064]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 577: execve_send - [1089 1060 1065 1066]"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Maps (/usr/local/lib/tetragon/bpf/bpf_execve_event_v61.o):"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1061: tg_execve_joined_info_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1064: execve_calls"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1066: tg_stats_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1088: data_heap"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1089: execve_msg_heap_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1059: tg_conf_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1060: execve_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1063: tg_execve_joined_info_map_stats"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1065: tcpmon_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1083: buffer_heap_map"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg=" - 1091: execve_heap"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=debug msg="Removing a getEventsListener" getEventsListener="&{0xc00299c840}"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="BPF events statistics: 0 received, 0% events loss"
Jul 09 04:05:54 tetragon-vm tetragon[10368]: time="2024-07-09T04:05:54Z" level=info msg="Observer events statistics" errors=0 filterDrop=0 filterPass=0 lost=0 received=0
Jul 09 04:05:54 tetragon-vm tetragon[10368]: panic: runtime error: index out of range [2] with length 2
Jul 09 04:05:54 tetragon-vm tetragon[10368]: goroutine 1 [running]:
Jul 09 04:05:54 tetragon-vm tetragon[10368]: unicode/utf8.EncodeRune({0xc0073ace04?, 0x14?, 0xc0073a0600?}, 0x80?)
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /usr/local/go/src/unicode/utf8/utf8.go:357 +0x11b
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors/exec/procevents.stringToUTF8({0xc0073ac000, 0xe06, 0x1000})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/exec/procevents/proc_reader.go:47 +0x5c
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors/exec/procevents.listRunningProcs({0x2b9693d, 0x6})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/exec/procevents/proc_reader.go:603 +0x17f0
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors/exec/procevents.GetRunningProcs()
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/exec/procevents/proc_reader.go:634 +0x25
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors/exec.(*execProbe).LoadProbe(0xc0003208c0?, {{0xc0029906d8, 0x14}, 0xc0005a90a0, 0x6050d, 0x0})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/exec/exec.go:252 +0x45
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors.loadInstance({0xc0029906d8, 0x14}, 0xc0005a90a0, 0x6050d, 0x0)
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/load.go:339 +0x66b
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors.observerLoadInstance({0xc0029906d8, 0x14}, 0xc0005a90a0)
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/load.go:311 +0x63d
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/cilium/tetragon/pkg/sensors.(*Sensor).Load(0x4923000, {0xc0029906d8, 0x14})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/pkg/sensors/load.go:111 +0x69a
Jul 09 04:05:54 tetragon-vm tetragon[10368]: main.tetragonExecute()
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/cmd/tetragon/main.go:458 +0x19ee
Jul 09 04:05:54 tetragon-vm tetragon[10368]: main.execute.func1(0xc0000f4908, {0x2b936ff?, 0x4?, 0x2b93703?})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/cmd/tetragon/main.go:814 +0x16a
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/spf13/cobra.(*Command).execute(0xc0000f4908, {0xc000130050, 0x0, 0x0})
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/vendor/github.com/spf13/cobra/command.go:987 +0xab1
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/spf13/cobra.(*Command).ExecuteC(0xc0000f4908)
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/vendor/github.com/spf13/cobra/command.go:1115 +0x3ff
Jul 09 04:05:54 tetragon-vm tetragon[10368]: github.com/spf13/cobra.(*Command).Execute(...)
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/vendor/github.com/spf13/cobra/command.go:1039
Jul 09 04:05:54 tetragon-vm tetragon[10368]: main.execute()
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/cmd/tetragon/main.go:827 +0x171
Jul 09 04:05:54 tetragon-vm tetragon[10368]: main.main()
Jul 09 04:05:54 tetragon-vm tetragon[10368]:         /go/src/github.com/cilium/tetragon/cmd/tetragon/tetragon.go:12 +0x13
Jul 09 04:05:54 tetragon-vm systemd[1]: tetragon.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jul 09 04:05:54 tetragon-vm systemd[1]: tetragon.service: Failed with result 'exit-code'.
Jul 09 04:05:59 tetragon-vm systemd[1]: tetragon.service: Scheduled restart job, restart counter is at 10.
Jul 09 04:05:59 tetragon-vm systemd[1]: Stopped Tetragon eBPF-based Security Observability and Runtime Enforcement.```

### Anything else?

_No response_
ArmanPasha commented 4 months ago

I just found the solution. Tetragon needs some dependency packages that can be installed via the command below: sudo apt-get install -y dkms make linux-headers-$(uname -r) dialog I had to reboot the machine after the installation.