coredump on ubuntu 21.04 with libbpf 0.6.1 and libbpf 0.7.0

Question

coredump on ubuntu 21.04 with libbpf 0.6.1 and libbpf 0.7.0

cfc4n opened this issue 3 years ago · 4 comments

hi whitehat, coredump on ubuntu 21.04, and what env you used ?

env

os:ubuntu 21.04
kernel: Linux vm-server 5.11.0-49-generic #55-Ubuntu SMP Wed Jan 12 17:36:34 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
golang:go version go1.17.2 linux/amd64
clang:Ubuntu clang version 12.0.0-3ubuntu1~21.04.2
libbpf:0.6.1/0.7.0

how to reproduce

make
sudo make install
boopkit -x 127.0.0.1
  -> Logs: cat /sys/kernel/tracing/trace_pipe
  -> Loading eBPF Probe: /root/.boopkit/pr0be.safe.o
  -> Obfuscating PID: 12973
  -> eBPF Probe loaded: /root/.boopkit/pr0be.safe.o
  -> Loading eBPF Probe: /root/.boopkit/pr0be.boop.o
libbpf: failed to find BTF for extern 'inet_ntop' [28] section: -2
Segmentation fault

debug with gdb

why

why linker create two *UND* section into pr0be.boop.o for inet_ntop and inet_pton.
how can it works?

thanks.

Answer 1 · 2022-04-12T16:59:31.000Z

CC @fkautz

Answer 2 · 2022-04-12T17:00:19.000Z

Its an implicit reference to the glibc <arpa/inet.h> I believe. I can try to recreate and follow up with an answer.

Answer 3 · 2022-04-13T11:23:07.000Z

I pushed a commit that uses the autogenerated vmlinux.h instead of including libbpf and glibc directly.

328d4bf

You should be able to compile if you run from HEAD.

Please share if this does not work.

Answer 4 · 2022-04-13T12:38:49.000Z

the bug is not fixed... still error with "libbpf: failed to find BTF for extern 'inet_ntop' [28] section: -2"

can you give your environment？