bpftrace / bpf program 'Killed' on kernel v5.2.7 during load

Raymond Burkholder <ray@xxxxxxxxxxxxxx> · Wed, 14 Aug 2019 13:46:19 -0600

The simplest test I have is the following for a difference between kernels:

# uname -a
Linux nuc8i7hvk01 4.19.0-5-amd64 #1 SMP Debian 4.19.37-6 (2019-07-18) 
x86_64 GNU/Linux
# cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_execve/id
677

# uname -a
Linux nuc8i7hvk01 5.2.0-2-amd64 #1 SMP Debian 5.2.7-1 (2019-08-07) 
x86_64 GNU/Linux
# cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_execve/id
Killed

This prevents bpftrace and other bpf helper based applications from loading.

apparmour, selinux, and audit are all turned off.

Is there a new 'enable' flag some where?  Or are things done differently 
now? Or is this a Debian 'thing'?

Raymond.
https://blog.raymond.burkholder.net/