Issue with bpf.get_syscall_fnname("getuid") on ARM64 in BCC C++ API

[hsadinen]

Hi all,

While running BCC test cases on an ARM64 Yocto build, I encountered several failures related to attaching kprobes in tests such as hash of maps, array of maps, and others. These test cases are getting failed due to test cases are getting failed due to "cannot attach kprobe, Invalid argument".

Upon investigation, I found that the issue stems from the use of: bpf.get_syscall_fnname("getuid")
On ARM64, this call returns just "getuid" instead of the expected "__arm64_sys_getuid". As a result, the kprobe attachment fails since the symbol "getuid" doesn't exist in the kernel's symbol table.

Notably:
The Python version of bpf.get_syscall_fnname("getuid") works correctly on ARM64 and returns "__arm64_sys_getuid".

root@qemuarm64:~# cat /proc/kallsyms | grep getuid
ffff800080060c78 T __arm64_sys_getuid
ffff800080120c68 T __arm64_sys_getuid16

Minimal C++ Reproducer:

#include <bcc/BPF.h>
#include

int main() {
ebpf::BPF bpf;
std::string fnname = bpf.get_syscall_fnname("getuid");
std::cout << "Resolved syscall symbol: " << fnname << std::endl;
return 0;
}

Output:
On ARM64: Resolved syscall symbol: getuid ❌ (incorrect)

On x86_64: Resolved syscall symbol: __x64_sys_getuid ✅ (correct)

This inconsistency is likely the root cause of the kprobe failures in C++-based BCC tests on ARM64.