bpf: Failed to load program: Permission denied #2

calcky · 2024-08-05T14:25:05Z

build environment：

go version: 1.22.5
system: ubuntu 20.04
cpu: x86_64

go.mod diff
--- github.com/iovisor/gobpf v0.2.0
+++ github.com/iovisor/gobpf v0.2.1-0.20221005153822-16120a1bf4d4

error infomation:

netcap git:(main) ✗ sudo ./netcap skb -f icmp_rcv@1 -e "host 192.168.10.2"
bpf: Failed to load program: Permission denied
; if (!(skb = (struct sk_buff *)PT_REGS_PARM1(ctx))) {
0: (79) r6 = *(u64 *)(r1 +112)
; if (!(skb = (struct sk_buff *)PT_REGS_PARM1(ctx))) {
1: (15) if r6 == 0x0 goto pc+138
 R1=ctx(id=0,off=0,imm=0) R6_w=inv(id=0) R10=fp0
2: (7b) *(u64 *)(r10 -56) = r1
3: (b7) r2 = 0
4: (b7) r1 = 0
; u32 key = 0;
5: (7b) *(u64 *)(r10 -32) = r1
last_idx 5 first_idx 0
regs=2 stack=0 before 4: (b7) r1 = 0
6: (63) *(u32 *)(r10 -4) = r2
last_idx 6 first_idx 0
regs=4 stack=0 before 5: (7b) *(u64 *)(r10 -32) = r1
regs=4 stack=0 before 4: (b7) r1 = 0
regs=4 stack=0 before 3: (b7) r2 = 0
; if (!(pcap = bpf_map_lookup_elem((void *)bpf_pseudo_fd(1, -1), &key)))
7: (18) r1 = 0xffff96d527ad6200
9: (bf) r2 = r10
;
10: (07) r2 += -4
; if (!(pcap = bpf_map_lookup_elem((void *)bpf_pseudo_fd(1, -1), &key)))
11: (85) call bpf_map_lookup_elem#1
12: (7b) *(u64 *)(r10 -24) = r0
; if (!(pcap = bpf_map_lookup_elem((void *)bpf_pseudo_fd(1, -1), &key)))
13: (15) if r0 == 0x0 goto pc+126
 R0=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R10=fp0 fp-8=mmmm???? fp-24_w=map_value fp-32=00000000 fp-56=ctx
; skb_head = (void*)(_(skb->head));
14: (bf) r3 = r6
15: (07) r3 += 192
16: (bf) r1 = r10
;
17: (07) r1 += -16
; skb_head = (void*)(_(skb->head));
18: (b7) r2 = 8
19: (85) call bpf_probe_read#4
last_idx 19 first_idx 12
regs=4 stack=0 before 18: (b7) r2 = 8
20: (79) r8 = *(u64 *)(r10 -16)
; skb_data = (void*)(_(skb->data));
21: (bf) r3 = r6
22: (07) r3 += 200
23: (bf) r1 = r10
;
24: (07) r1 += -16
; skb_data = (void*)(_(skb->data));
25: (b7) r2 = 8
26: (85) call bpf_probe_read#4
last_idx 26 first_idx 20
regs=4 stack=0 before 25: (b7) r2 = 8
27: (79) r7 = *(u64 *)(r10 -16)
; skb_len = _(skb->len);
28: (bf) r3 = r6
29: (07) r3 += 112
30: (bf) r1 = r10
;
31: (07) r1 += -16
; skb_len = _(skb->len);
32: (b7) r2 = 4
33: (85) call bpf_probe_read#4
last_idx 33 first_idx 20
regs=4 stack=0 before 32: (b7) r2 = 4
34: (61) r1 = *(u32 *)(r10 -16)
; skb_datalen = _(skb->data_len);
35: (7b) *(u64 *)(r10 -40) = r1
36: (bf) r3 = r6
37: (07) r3 += 116
38: (bf) r1 = r10
;
39: (07) r1 += -16
; skb_datalen = _(skb->data_len);
40: (b7) r2 = 4
41: (85) call bpf_probe_read#4
last_idx 41 first_idx 34
regs=4 stack=0 before 40: (b7) r2 = 4
; if (_(skb->mac_header) != (u16)~0U) {
42: (bf) r9 = r6
43: (07) r9 += 182
; skb_datalen = _(skb->data_len);
44: (61) r1 = *(u32 *)(r10 -16)
; if (_(skb->mac_header) != (u16)~0U) {
45: (7b) *(u64 *)(r10 -48) = r1
46: (bf) r1 = r10
;
47: (07) r1 += -16
; if (_(skb->mac_header) != (u16)~0U) {
48: (b7) r2 = 2
49: (bf) r3 = r9
50: (85) call bpf_probe_read#4
last_idx 50 first_idx 34
regs=4 stack=0 before 49: (bf) r3 = r9
regs=4 stack=0 before 48: (b7) r2 = 2
51: (69) r1 = *(u16 *)(r10 -16)
; if (_(skb->mac_header) != (u16)~0U) {
52: (15) if r1 == 0xffff goto pc+9
 R0=inv(id=0) R1_w=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6=inv(id=0) R7=inv(id=0) R8=inv(id=0) R9=inv(id=0) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=00000000 fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
53: (bf) r1 = r10
;
54: (07) r1 += -16
; data = (void *)(skb_head + _(skb->mac_header));
55: (b7) r2 = 2
56: (bf) r3 = r9
57: (85) call bpf_probe_read#4
last_idx 57 first_idx 51
regs=4 stack=0 before 56: (bf) r3 = r9
regs=4 stack=0 before 55: (b7) r2 = 2
58: (69) r1 = *(u16 *)(r10 -16)
; data = (void *)(skb_head + _(skb->mac_header));
59: (0f) r8 += r1
; pullen = skb_data - data;
60: (1f) r7 -= r8
;
61: (7b) *(u64 *)(r10 -32) = r7
; liner_len = skb_len - skb_datalen + pullen;
62: (79) r1 = *(u64 *)(r10 -40)
63: (79) r2 = *(u64 *)(r10 -48)
64: (1f) r1 -= r2
; liner_len = skb_len - skb_datalen + pullen;
65: (79) r7 = *(u64 *)(r10 -32)
66: (0f) r7 += r1
67: (bf) r1 = r7
68: (67) r1 <<= 32
69: (77) r1 >>= 32
70: (b7) r2 = 256
; copy_liner_len = liner_len > sizeof(pcap->buf) ? sizeof(pcap->buf) : liner_len;
71: (2d) if r2 > r1 goto pc+1
 R0=inv(id=0) R1_w=inv(id=0,umin_value=256,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2_w=inv256 R6=inv(id=0) R7_w=inv(id=0) R8=inv(id=0) R9=inv(id=0) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
72: (b7) r7 = 256
; if (copy_liner_len > sizeof(pcap->buf))
73: (bf) r9 = r7
74: (67) r9 <<= 32
75: (77) r9 >>= 32
; if (bpf_probe_read_kernel(pcap->buf, copy_liner_len, data))
76: (79) r1 = *(u64 *)(r10 -24)
77: (07) r1 += 40
78: (bf) r2 = r9
79: (bf) r3 = r8
80: (85) call bpf_probe_read#4
 R0=inv(id=0) R1_w=map_value(id=0,off=40,ks=4,vs=296,imm=0) R2_w=inv256 R3_w=inv(id=0) R6=inv(id=0) R7_w=inv256 R8=inv(id=0) R9_w=inv256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
last_idx 80 first_idx 62
regs=4 stack=0 before 79: (bf) r3 = r8
regs=4 stack=0 before 78: (bf) r2 = r9
regs=200 stack=0 before 77: (07) r1 += 40
regs=200 stack=0 before 76: (79) r1 = *(u64 *)(r10 -24)
regs=200 stack=0 before 75: (77) r9 >>= 32
regs=200 stack=0 before 74: (67) r9 <<= 32
regs=200 stack=0 before 73: (bf) r9 = r7
regs=80 stack=0 before 72: (b7) r7 = 256
81: (67) r0 <<= 32
82: (77) r0 >>= 32
; if (bpf_probe_read_kernel(pcap->buf, copy_liner_len, data))
83: (55) if r0 != 0x0 goto pc+56
 R0_w=inv0 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=inv256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
84: (b7) r1 = 30
85: (2d) if r1 > r9 goto pc+54
last_idx 85 first_idx 81
regs=2 stack=0 before 84: (b7) r1 = 30
last_idx 85 first_idx 81
regs=200 stack=0 before 84: (b7) r1 = 30
regs=200 stack=0 before 83: (55) if r0 != 0x0 goto pc+56
regs=200 stack=0 before 82: (77) r0 >>= 32
regs=200 stack=0 before 81: (67) r0 <<= 32
 R0_rw=inv(id=0) R6=inv(id=0) R7_w=inv256 R8=inv(id=0) R9_rw=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=200 stack=0 marks
last_idx 80 first_idx 62
regs=200 stack=0 before 80: (85) call bpf_probe_read#4
regs=200 stack=0 before 79: (bf) r3 = r8
regs=200 stack=0 before 78: (bf) r2 = r9
regs=200 stack=0 before 77: (07) r1 += 40
regs=200 stack=0 before 76: (79) r1 = *(u64 *)(r10 -24)
regs=200 stack=0 before 75: (77) r9 >>= 32
regs=200 stack=0 before 74: (67) r9 <<= 32
regs=200 stack=0 before 73: (bf) r9 = r7
regs=80 stack=0 before 72: (b7) r7 = 256
; a = ntohs(*((uint16_t *) (data + 12)));
86: (79) r1 = *(u64 *)(r10 -24)
87: (69) r1 = *(u16 *)(r1 +52)
 R0_w=inv0 R1_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a != 2048) goto block_6;
88: (15) if r1 == 0x3580 goto pc+14
 R0_w=inv0 R1_w=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
89: (15) if r1 == 0x608 goto pc+13
 R0=inv0 R1=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
90: (55) if r1 != 0x8 goto pc+49
 R0=inv0 R1=inv8 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; a = ntohl(*((uint32_t *) (data + 26)));
91: (79) r1 = *(u64 *)(r10 -24)
92: (61) r1 = *(u32 *)(r1 +66)
 R0=inv0 R1_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a == 3232238082) goto block_12;
93: (15) if r1 == 0x20aa8c0 goto pc+25
 R0=inv0 R1_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (data + 34 > data_end) return 0;
94: (bf) r1 = r7
95: (67) r1 <<= 32
96: (77) r1 >>= 32
97: (b7) r2 = 34
; if (data + 34 > data_end) return 0;
98: (2d) if r2 > r1 goto pc+41
last_idx 98 first_idx 98
 R0=inv0 R1_rw=inv256 R2_rw=invP34 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=4 stack=0 marks
last_idx 97 first_idx 89
regs=4 stack=0 before 97: (b7) r2 = 34
last_idx 98 first_idx 98
 R0=inv0 R1_rw=invP256 R2_rw=invP34 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=2 stack=0 marks
last_idx 97 first_idx 89
regs=2 stack=0 before 97: (b7) r2 = 34
regs=2 stack=0 before 96: (77) r1 >>= 32
regs=2 stack=0 before 95: (67) r1 <<= 32
regs=2 stack=0 before 94: (bf) r1 = r7
regs=80 stack=0 before 93: (15) if r1 == 0x20aa8c0 goto pc+25
regs=80 stack=0 before 92: (61) r1 = *(u32 *)(r1 +66)
regs=80 stack=0 before 91: (79) r1 = *(u64 *)(r10 -24)
regs=80 stack=0 before 90: (55) if r1 != 0x8 goto pc+49
regs=80 stack=0 before 89: (15) if r1 == 0x608 goto pc+13
 R0_w=inv0 R1_rw=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=80 stack=0 marks
last_idx 88 first_idx 81
regs=80 stack=0 before 88: (15) if r1 == 0x3580 goto pc+14
regs=80 stack=0 before 87: (69) r1 = *(u16 *)(r1 +52)
regs=80 stack=0 before 86: (79) r1 = *(u64 *)(r10 -24)
regs=80 stack=0 before 85: (2d) if r1 > r9 goto pc+54
regs=80 stack=0 before 84: (b7) r1 = 30
regs=80 stack=0 before 83: (55) if r0 != 0x0 goto pc+56
regs=80 stack=0 before 82: (77) r0 >>= 32
regs=80 stack=0 before 81: (67) r0 <<= 32
 R0_rw=inv(id=0) R6=inv(id=0) R7_rw=invP256 R8=inv(id=0) R9_rw=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=80 stack=0 marks
last_idx 80 first_idx 62
regs=80 stack=0 before 80: (85) call bpf_probe_read#4
regs=80 stack=0 before 79: (bf) r3 = r8
regs=80 stack=0 before 78: (bf) r2 = r9
regs=80 stack=0 before 77: (07) r1 += 40
regs=80 stack=0 before 76: (79) r1 = *(u64 *)(r10 -24)
regs=80 stack=0 before 75: (77) r9 >>= 32
regs=80 stack=0 before 74: (67) r9 <<= 32
regs=80 stack=0 before 73: (bf) r9 = r7
regs=80 stack=0 before 72: (b7) r7 = 256
; a = ntohl(*((uint32_t *) (data + 30)));
99: (79) r1 = *(u64 *)(r10 -24)
100: (61) r1 = *(u32 *)(r1 +70)
 R0=inv0 R1_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R2=invP34 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a == 3232238082) goto block_12; else goto block_13;
101: (15) if r1 == 0x20aa8c0 goto pc+17
 R0=inv0 R1_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2=invP34 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
102: (05) goto pc+37
; }
140: (b7) r0 = 0
141: (95) exit

from 101 to 119: R0=inv0 R1_w=inv34252992 R2=invP34 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a != 3232238082) goto block_13;
119: (79) r8 = *(u64 *)(r10 -32)
120: (79) r1 = *(u64 *)(r10 -40)
121: (0f) r8 += r1
; pcap->hdr.time_stamp = bpf_ktime_get_ns();
122: (85) call bpf_ktime_get_ns#5
123: (79) r4 = *(u64 *)(r10 -24)
; pcap->hdr.time_stamp = bpf_ktime_get_ns();
124: (7b) *(u64 *)(r4 +8) = r0
 R0=inv(id=0) R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
125: (b7) r1 = 0
; pcap->hdr.extend_action_ret = 0;
126: (63) *(u32 *)(r4 +28) = r1
 R0=inv(id=0) R1_w=inv0 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; pcap->hdr.trace_position_index = trace_index;
127: (6b) *(u16 *)(r4 +26) = r1
 R0=inv(id=0) R1_w=inv0 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; pcap->hdr.caplen = (u16)caplen;
128: (6b) *(u16 *)(r4 +24) = r7
 R0=inv(id=0) R1_w=inv0 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
129: (b7) r1 = 2621480
; pcap->hdr.extend_offset = (void*)(&pcap->user) - (void*)pcap;
130: (63) *(u32 *)(r4 +20) = r1
 R0=inv(id=0) R1_w=inv2621480 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; pcap->hdr.len = len;
131: (63) *(u32 *)(r4 +16) = r8
 R0=inv(id=0) R1_w=inv2621480 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; pcap->hdr.ptr = ptr;
132: (7b) *(u64 *)(r4 +0) = r6
 R0=inv(id=0) R1_w=inv2621480 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; bpf_perf_event_output(ctx, (void *)bpf_pseudo_fd(1, -2), CUR_CPU_IDENTIFIER, pcap, sizeof(*pcap));
133: (18) r2 = 0xffff96d527ad6000
; bpf_perf_event_output(ctx, (void *)bpf_pseudo_fd(1, -2), CUR_CPU_IDENTIFIER, pcap, sizeof(*pcap));
135: (79) r1 = *(u64 *)(r10 -56)
136: (18) r3 = 0xffffffff
138: (b7) r5 = 296
139: (85) call bpf_perf_event_output#25
 R0=inv(id=0) R1_w=ctx(id=0,off=0,imm=0) R2_w=map_ptr(id=0,off=0,ks=4,vs=4,imm=0) R3_w=inv4294967295 R4_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R5_w=inv296 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
last_idx 139 first_idx 123
regs=20 stack=0 before 138: (b7) r5 = 296
; }
140: (b7) r0 = 0
141: (95) exit

from 93 to 119: R0=inv0 R1=inv34252992 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a != 3232238082) goto block_13;
119: (79) r8 = *(u64 *)(r10 -32)
120: (79) r1 = *(u64 *)(r10 -40)
121: (0f) r8 += r1
; pcap->hdr.time_stamp = bpf_ktime_get_ns();
122: (85) call bpf_ktime_get_ns#5
123: safe

from 90 to 140: R0=inv0 R1=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; }
140: (b7) r0 = 0
141: (95) exit

from 89 to 103: R0=inv0 R1=inv1544 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (data + 32 > data_end) return 0;
103: (bf) r1 = r7
104: (67) r1 <<= 32
105: (77) r1 >>= 32
106: (b7) r2 = 32
; if (data + 32 > data_end) return 0;
107: (2d) if r2 > r1 goto pc+32
last_idx 107 first_idx 107
 R0=inv0 R1_rw=inv256 R2_rw=invP32 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=4 stack=0 marks
last_idx 106 first_idx 89
regs=4 stack=0 before 106: (b7) r2 = 32
last_idx 107 first_idx 107
 R0=inv0 R1_rw=invP256 R2_rw=invP32 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=2 stack=0 marks
last_idx 106 first_idx 89
regs=2 stack=0 before 106: (b7) r2 = 32
regs=2 stack=0 before 105: (77) r1 >>= 32
regs=2 stack=0 before 104: (67) r1 <<= 32
regs=2 stack=0 before 103: (bf) r1 = r7
regs=80 stack=0 before 89: (15) if r1 == 0x608 goto pc+13
 R0_w=inv0 R1_rw=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6_r=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56_r=ctx
parent already had regs=80 stack=0 marks
; a = ntohl(*((uint32_t *) (data + 28)));
108: (79) r1 = *(u64 *)(r10 -24)
109: (61) r1 = *(u32 *)(r1 +68)
 R0=inv0 R1_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R2=invP32 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a == 3232238082) goto block_12;
110: (15) if r1 == 0x20aa8c0 goto pc+8
 R0=inv0 R1_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2=invP32 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (data + 42 > data_end) return 0;
111: (bf) r1 = r7
112: (67) r1 <<= 32
113: (77) r1 >>= 32
114: (b7) r2 = 42
; if (data + 42 > data_end) return 0;
115: (2d) if r2 > r1 goto pc+24
last_idx 115 first_idx 115
 R0=inv0 R1_rw=inv256 R2_rw=invP42 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=4 stack=0 marks
last_idx 114 first_idx 107
regs=4 stack=0 before 114: (b7) r2 = 42
last_idx 115 first_idx 115
 R0=inv0 R1_rw=invP256 R2_rw=invP42 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=2 stack=0 marks
last_idx 114 first_idx 107
regs=2 stack=0 before 114: (b7) r2 = 42
regs=2 stack=0 before 113: (77) r1 >>= 32
regs=2 stack=0 before 112: (67) r1 <<= 32
regs=2 stack=0 before 111: (bf) r1 = r7
regs=80 stack=0 before 110: (15) if r1 == 0x20aa8c0 goto pc+8
regs=80 stack=0 before 109: (61) r1 = *(u32 *)(r1 +68)
regs=80 stack=0 before 108: (79) r1 = *(u64 *)(r10 -24)
regs=80 stack=0 before 107: (2d) if r2 > r1 goto pc+32
 R0=inv0 R1_rw=invP256 R2_rw=invP32 R6=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
parent didn't have regs=80 stack=0 marks
last_idx 106 first_idx 89
regs=80 stack=0 before 106: (b7) r2 = 32
regs=80 stack=0 before 105: (77) r1 >>= 32
regs=80 stack=0 before 104: (67) r1 <<= 32
regs=80 stack=0 before 103: (bf) r1 = r7
regs=80 stack=0 before 89: (15) if r1 == 0x608 goto pc+13
 R0_w=inv0 R1_rw=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R6_r=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56_r=ctx
parent already had regs=80 stack=0 marks
; a = ntohl(*((uint32_t *) (data + 38)));
116: (79) r1 = *(u64 *)(r10 -24)
117: (61) r1 = *(u32 *)(r1 +78)
 R0=inv0 R1_w=map_value(id=0,off=0,ks=4,vs=296,imm=0) R2=invP42 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (a != 3232238082) goto block_13;
118: (55) if r1 != 0x20aa8c0 goto pc+21
 R0=inv0 R1_w=inv34252992 R2=invP42 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
119: safe

from 118 to 140: R0=inv0 R1_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2=invP42 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; }
140: (b7) r0 = 0
141: (95) exit

from 110 to 119: safe

from 88 to 103: R0=inv0 R1=inv13696 R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (data + 32 > data_end) return 0;
103: (bf) r1 = r7
104: (67) r1 <<= 32
105: (77) r1 >>= 32
106: (b7) r2 = 32
last_idx 107 first_idx 103
regs=2 stack=0 before 106: (b7) r2 = 32
regs=2 stack=0 before 105: (77) r1 >>= 32
regs=2 stack=0 before 104: (67) r1 <<= 32
regs=2 stack=0 before 103: (bf) r1 = r7
 R0_w=inv0 R1_w=inv13696 R6_r=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56_r=ctx
parent didn't have regs=80 stack=0 marks
last_idx 88 first_idx 81
regs=80 stack=0 before 88: (15) if r1 == 0x3580 goto pc+14
regs=80 stack=0 before 87: (69) r1 = *(u16 *)(r1 +52)
regs=80 stack=0 before 86: (79) r1 = *(u64 *)(r10 -24)
regs=80 stack=0 before 85: (2d) if r1 > r9 goto pc+54
regs=80 stack=0 before 84: (b7) r1 = 30
regs=80 stack=0 before 83: (55) if r0 != 0x0 goto pc+56
regs=80 stack=0 before 82: (77) r0 >>= 32
regs=80 stack=0 before 81: (67) r0 <<= 32
 R0_rw=inv(id=0) R6_r=inv(id=0) R7_rw=invP256 R8=inv(id=0) R9_rw=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56_r=ctx
parent already had regs=80 stack=0 marks
last_idx 107 first_idx 103
regs=4 stack=0 before 106: (b7) r2 = 32
last_idx 107 first_idx 103
regs=80 stack=0 before 106: (b7) r2 = 32
regs=80 stack=0 before 105: (77) r1 >>= 32
regs=80 stack=0 before 104: (67) r1 <<= 32
regs=80 stack=0 before 103: (bf) r1 = r7
 R0_w=inv0 R1_w=inv13696 R6_r=inv(id=0) R7_r=invP256 R8=inv(id=0) R9=invP256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24_r=map_value fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56_r=ctx
parent already had regs=80 stack=0 marks
107: safe

from 83 to 140: R0_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=inv(id=0) R7=inv256 R8=inv(id=0) R9=inv256 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; }
140: (b7) r0 = 0
141: (95) exit

from 71 to 73: R0=inv(id=0) R1_w=inv(id=0,umax_value=255,var_off=(0x0; 0xff)) R2_w=inv256 R6=inv(id=0) R7_w=inv(id=0) R8=inv(id=0) R9=inv(id=0) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
; if (copy_liner_len > sizeof(pcap->buf))
73: (bf) r9 = r7
74: (67) r9 <<= 32
75: (77) r9 >>= 32
; if (bpf_probe_read_kernel(pcap->buf, copy_liner_len, data))
76: (79) r1 = *(u64 *)(r10 -24)
77: (07) r1 += 40
78: (bf) r2 = r9
79: (bf) r3 = r8
80: (85) call bpf_probe_read#4
 R0=inv(id=0) R1_w=map_value(id=0,off=40,ks=4,vs=296,imm=0) R2_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R3_w=inv(id=0) R6=inv(id=0) R7_w=inv(id=0) R8=inv(id=0) R9_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm fp-24=map_value fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=ctx
R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
processed 167 insns (limit 1000000) max_states_per_insn 0 total_states 13 peak_states 13 mark_read 9

2024/08/05 14:10:43 Dump err: error loading BPF program: permission denied

The text was updated successfully, but these errors were encountered:

trynocoding · 2024-08-06T05:36:58Z

I encountered the same issue, and here is the environment information:
[root@master netcap]# uname -r
6.0.12-100.fc35.x86_64
[root@master netcap]# cat /etc/redhat-release
Fedora release 35 (Thirty Five)
[root@master netcap]# go version
go version go1.22.5 linux/amd64
[root@master netcap]#

FireExtin · 2024-08-06T13:16:02Z

I encountered the same issue, and error message be like :
; copy_liner_len = liner_len > sizeof(pcap->buf) ? sizeof(pcap->buf) : liner_len;
88: (2d) if r2 > r1 goto pc+1

from 88 to 90: R0=inv(id=0) R1_w=inv(id=0,umax_value=255,var_off=(0x0; 0xff)) R2_w=inv256 R3_w=inv(id=4) R4_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=ctx(id=0,off=0,imm=0) R7=inv(id=2) R8_w=inv(id=6) R9_w=inv(id=4) R10=fp0 fp-8=mmmmmmmm fp-16=mmmm???? fp-24=inv fp-32=map_value fp-40_w=mmmmmmmm fp-48=mmmmmmmm
; copy_liner_len = liner_len > sizeof(pcap->buf) ? sizeof(pcap->buf) : liner_len;
90: (79) r9 = *(u64 *)(r10 -32)
; if (bpf_probe_read_kernel(pcap->buf, copy_liner_len, data))
91: (bf) r1 = r9
92: (07) r1 += 40
93: (bf) r2 = r8
94: (85) call bpf_probe_read_kernel#113
R2 min value is negative, either use unsigned or 'var &= const'
processed 175 insns (limit 1000000) max_states_per_insn 0 total_states 14 peak_states 14 mark_read 10

env info :

GarenXie1 · 2024-08-09T06:44:24Z

I encountered the same issue, and error message be like :

HaibaraAi119 · 2024-08-15T06:15:24Z

I'm having the same problem .
Have you solved it ?
my OS's kernel verison is :Linux localhost.localdomain 4.18.0-383.el8.x86_64 #1 SMP Wed Apr 20 15:38:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
CentOS Stream release 8

meilihao · 2024-08-17T10:18:41Z

I'm having the same problem .

os: oracle linux 7.9
kernel: Linux OS-dd1c463f-node 5.4.17-2136.302.6.1.el7uek.x86_64 #2 SMP Tue Dec 14 13:21:01 PST 2021 x86_64 x86_64 x86_64 GNU/Linux

应该是当前kernel没有bpf_probe_read_kernel, 而用了#define bpf_probe_read_kernel bpf_probe_read(from Program used external function 'bpf_probe_read_kernel' which could not be resolved! )导致的

HaibaraAi119 · 2024-08-19T02:54:45Z

I'm having the same problem .

我也遇到了同样的问题。

#2

os： oracle linux 7.9 内核：LinuxOS-dd1c463f-node5.4.17-2136.302.6.1. el7uek.x86_64#2SMP Tue Dec 14 13:21:01 PST 2021x86_64x86_64x86_64GNU/Linux

#define bpf_probe_read_kernel bpf_probe_readProgram used external function 'bpf_probe_read_kernel' which could not be resolved!

应该是当前内核没有bpf_probe_read_kernel，而用了#define bpf_probe_read_kernel bpf_probe_read（fromProgram使用的外部函数'bpf_probe_read_kernel'无法解析！）导致的

是需要升级内核版本··？？？
可有解决办法~？

meilihao · 2024-08-21T09:15:01Z

@HaibaraAi119 换成bpf_probe_read后, 我尝试修改了skb.h的#define _(P) 定义, 折腾半天, 始终无法通过bpf验证器, 待官方解决吧

HaibaraAi119 · 2024-08-22T02:16:56Z

@HaibaraAi119 换成bpf_probe_read后, 我尝试修改了skb.h的#define _(P) 定义, 折腾半天, 始终无法通过bpf验证器, 待官方解决吧

oh no ,this is a real tragedy.

chenyuan0001 · 2024-08-27T08:03:04Z

可以尝试下这样的修改：
copy_liner_len = liner_len > sizeof(pcap->buf) ?
sizeof(pcap->buf) & 0x7fffffff : liner_len & 0x7fffffff;

zf1575192187 · 2024-09-26T07:36:24Z

Fix it.
#10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bpf: Failed to load program: Permission denied #2

bpf: Failed to load program: Permission denied #2

calcky commented Aug 5, 2024

trynocoding commented Aug 6, 2024

FireExtin commented Aug 6, 2024

GarenXie1 commented Aug 9, 2024

HaibaraAi119 commented Aug 15, 2024

meilihao commented Aug 17, 2024 •

edited

Loading

HaibaraAi119 commented Aug 19, 2024

meilihao commented Aug 21, 2024

HaibaraAi119 commented Aug 22, 2024

chenyuan0001 commented Aug 27, 2024

zf1575192187 commented Sep 26, 2024

bpf: Failed to load program: Permission denied #2

bpf: Failed to load program: Permission denied #2

Comments

calcky commented Aug 5, 2024

trynocoding commented Aug 6, 2024

FireExtin commented Aug 6, 2024

GarenXie1 commented Aug 9, 2024

HaibaraAi119 commented Aug 15, 2024

meilihao commented Aug 17, 2024 • edited Loading

HaibaraAi119 commented Aug 19, 2024

meilihao commented Aug 21, 2024

HaibaraAi119 commented Aug 22, 2024

chenyuan0001 commented Aug 27, 2024

zf1575192187 commented Sep 26, 2024

meilihao commented Aug 17, 2024 •

edited

Loading