Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] eBPF errors on AArch64 #39

Open
kxxt opened this issue Sep 17, 2024 · 0 comments
Open

[Bug] eBPF errors on AArch64 #39

kxxt opened this issue Sep 17, 2024 · 0 comments
Assignees
@kxxt
Labels
bug Something isn't working

Comments

@kxxt
Copy link
Owner

kxxt commented Sep 17, 2024

argv, filename and envp is wrong(but not always) on aarch64.

           <...>-14078   [003] ...21  7659.455275: bpf_trace_printk: tracexec_system: envp: aaab16f9f630, argp: aaab16f95850, filename: aaab16fa6e30
           <...>-14078   [003] ...21  7659.455339: bpf_trace_printk: tracexec_system: 21 bash execve  UID: 1000 GID: 1000 PID: 14078

           <...>-14078   [003] .N.21  7659.456444: bpf_trace_printk: tracexec_system: failed to read arg 1(addr:aaab16f981d0) from userspace
           <...>-14078   [003] .N.21  7659.457489: bpf_trace_printk: tracexec_system: failed to read arg 0(addr:aaab16fa8840) from userspace
           <...>-14078   [003] .N.21  7659.458519: bpf_trace_printk: tracexec_system: failed to read arg 1(addr:aaab16f8d590) from userspace
           <...>-14078   [003] .N.21  7659.459526: bpf_trace_printk: tracexec_system: failed to read arg 2(addr:aaab16fa88c0) from userspace
           <...>-14078   [003] .N.21  7659.460507: bpf_trace_printk: tracexec_system: failed to read arg 3(addr:aaab16fa8570) from userspace
           <...>-14078   [003] .N.21  7659.461480: bpf_trace_printk: tracexec_system: failed to read arg 4(addr:aaab16fa85d0) from userspace
           <...>-14078   [003] .N.21  7659.462451: bpf_trace_printk: tracexec_system: failed to read arg 5(addr:aaab16fa8540) from userspace
           <...>-14078   [003] .N.21  7659.463450: bpf_trace_printk: tracexec_system: failed to read arg 6(addr:aaab16fa6700) from userspace
           <...>-14078   [003] .N.21  7659.464424: bpf_trace_printk: tracexec_system: failed to read arg 7(addr:aaab16fa66a0) from userspace
           <...>-14078   [003] .N.21  7659.465401: bpf_trace_printk: tracexec_system: failed to read arg 8(addr:aaab16fa8790) from userspace
           <...>-14078   [003] .N.21  7659.466388: bpf_trace_printk: tracexec_system: failed to read arg 9(addr:aaab16fa8900) from userspace
           <...>-14078   [003] .N.21  7659.467360: bpf_trace_printk: tracexec_system: failed to read arg 10(addr:aaab16fa88a0) from userspace
           <...>-14078   [003] .N.21  7659.468336: bpf_trace_printk: tracexec_system: failed to read arg 12(addr:aaab16fab100) from userspace
           <...>-14078   [003] .N.21  7659.469350: bpf_trace_printk: tracexec_system: failed to read arg 13(addr:aaab16fa66d0) from userspace
           <...>-14078   

          tracer-14082   [003] ...21  7659.528460: bpf_trace_printk: tracexec_system: envp: ffffea6da2f8, argp: ffffa8001440, filename: ffffa8000d30
          tracer-14082   [003] ...21  7659.528498: bpf_trace_printk: tracexec_system: 22 tracer execve /usr/bin/bash UID: 1000 GID: 1000 PID: 14082

          tracer-14082   [003] ...21  7659.528523: bpf_trace_printk: tracexec_system: Failed to read pointer to arg, ptr = ffffea6da2f8, ret = -14
          tracer-14082   [003] ...21  7659.528547: bpf_trace_printk: tracexec_system: Reading pwd...
            bash-14082   [003] ...21  7659.531232: bpf_trace_printk: tracexec_system: execve result: 0 PID 14082
@kxxt kxxt added the bug Something isn't working label Sep 17, 2024
@kxxt kxxt self-assigned this Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kxxt kxxt

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kxxt