Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to start kyanos in ubuntu20.04 #137

Closed
hengyoush opened this issue Dec 2, 2024 · 1 comment · Fixed by #167
Closed

Failed to start kyanos in ubuntu20.04 #137

hengyoush opened this issue Dec 2, 2024 · 1 comment · Fixed by #167
Assignees
@hengyoush
Labels
bug Something isn't working

Comments

@hengyoush
Copy link
Owner

Describe the bug
Compile kyanos at ubuntu 20.04, try to start but gotls probe failed:

Load GoTls Probe failed: load program: invalid argument:
        ; int probe_entry_tls_conn_read(struct pt_regs* ctx) {
        0: (bf) r7 = r1
        ; uint64_t id = bpf_get_current_pid_tgid();
        1: (85) call bpf_get_current_pid_tgid#14
        ; uint32_t tgid = id >> 32;
        2: (77) r0 >>= 32
        ; uint32_t tgid = id >> 32;
        3: (63) *(u32 *)(r10 -8) = r0
        4: (b7) r1 = 0
        ; struct tgid_goid_t tgid_goid = {};
        5: (7b) *(u64 *)(r10 -24) = r1
        6: (7b) *(u64 *)(r10 -16) = r1
        ; tgid_goid.tgid = tgid;
        7: (63) *(u32 *)(r10 -24) = r0
        ; uint64_t id = bpf_get_current_pid_tgid();
        8: (85) call bpf_get_current_pid_tgid#14
        ; uint32_t tgid = id >> 32;
        9: (77) r0 >>= 32
        ; uint32_t tgid = id >> 32;
        10: (63) *(u32 *)(r10 -4) = r0
        11: (bf) r2 = r10
        ;
        12: (07) r2 += -4
        ; struct go_common_symaddrs_t* common_symaddrs = bpf_map_lookup_elem(&go_common_symaddrs_map, &tgid);
        13: (18) r1 = 0xffff938ab1ff4c00
        15: (85) call bpf_map_lookup_elem#1
        16: (bf) r6 = r0
        ; if (common_symaddrs == NULL) {
        17: (15) if r6 == 0x0 goto pc+2
         R0_w=map_value(id=0,off=0,ks=4,vs=48,imm=0) R6_w=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm
        ; const struct task_struct* task_ptr = (struct task_struct*)bpf_get_current_task();
        18: (85) call bpf_get_current_task#35
        ; if (!task_ptr) {
        19: (55) if r0 != 0x0 goto pc+2
         R0=invP0 R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm
        ; }
        20: (b7) r0 = 0
        21: (95) exit

        from 19 to 22: R0=invP(id=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm
        22: (b7) r1 = 4928
        23: (67) r1 <<= 32
        24: (c7) r1 s>>= 32
        ; struct thread_struct *thr = (void*)task_ptr + offsetof_thread;
        25: (0f) r0 += r1
        26: (b7) r1 = 40
        27: (0f) r0 += r1
        28: (bf) r1 = r10
        ;
        29: (07) r1 += -40
        ; const void* fs_base = (void*)_C(thr,fsbase);
        30: (b7) r2 = 8
        31: (bf) r3 = r0
        32: (85) call bpf_probe_read#4
        ; const void* fs_base = (void*)_C(thr,fsbase);
        33: (79) r3 = *(u64 *)(r10 -40)
        ; bpf_probe_read_user(&g_addr, sizeof(void*), (void*)(fs_base + common_symaddrs->g_addr_offset));
        34: (61) r1 = *(u32 *)(r6 +40)
         R0=invP(id=0) R3_w=invP(id=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm fp-40=mmmmmmmm
        35: (67) r1 <<= 32
        36: (c7) r1 s>>= 32
        ; bpf_probe_read_user(&g_addr, sizeof(void*), (void*)(fs_base + common_symaddrs->g_addr_offset));
        37: (0f) r3 += r1
        38: (bf) r1 = r10
        ;
        39: (07) r1 += -56
        ; bpf_probe_read_user(&g_addr, sizeof(void*), (void*)(fs_base + common_symaddrs->g_addr_offset));
        40: (b7) r2 = 8
        41: (85) call bpf_probe_read#4
        ; bpf_probe_read_user(&goid, sizeof(void*), (void*)(g_addr + common_symaddrs->g_goid_offset));
        42: (61) r1 = *(u32 *)(r6 +36)
         R0_w=invP(id=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        43: (67) r1 <<= 32
        44: (c7) r1 s>>= 32
        ; bpf_probe_read_user(&goid, sizeof(void*), (void*)(g_addr + common_symaddrs->g_goid_offset));
        45: (79) r3 = *(u64 *)(r10 -56)
        ; bpf_probe_read_user(&goid, sizeof(void*), (void*)(g_addr + common_symaddrs->g_goid_offset));
        46: (0f) r3 += r1
        47: (bf) r1 = r10
        ;
        48: (07) r1 += -40
        ; bpf_probe_read_user(&goid, sizeof(void*), (void*)(g_addr + common_symaddrs->g_goid_offset));
        49: (b7) r2 = 8
        50: (85) call bpf_probe_read#4
        ; return goid;
        51: (79) r1 = *(u64 *)(r10 -40)
        ; if (goid == 0) {
        52: (15) if r1 == 0x0 goto pc-33
         R0=invP(id=0) R1_w=invP(id=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=00000000 fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        ; tgid_goid.goid = goid;
        53: (7b) *(u64 *)(r10 -16) = r1
        54: (bf) r2 = r10
        55: (07) r2 += -8
        ; struct go_tls_symaddrs_t* symaddrs = bpf_map_lookup_elem(&go_tls_symaddrs_map, &tgid);
        56: (18) r1 = 0xffff938aee486400
        58: (85) call bpf_map_lookup_elem#1
        59: (bf) r8 = r0
        ; if (symaddrs == NULL) {
        60: (15) if r8 == 0x0 goto pc-41
         R0=map_value(id=0,off=0,ks=4,vs=64,imm=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        ; REQUIRE_LOCATION(symaddrs->Read_c_loc, 0);
        61: (61) r1 = *(u32 *)(r8 +32)
         R0=map_value(id=0,off=0,ks=4,vs=64,imm=0) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        ; REQUIRE_LOCATION(symaddrs->Read_c_loc, 0);
        62: (15) if r1 == 0x0 goto pc-43
         R0=map_value(id=0,off=0,ks=4,vs=64,imm=0) R1_w=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        ; REQUIRE_LOCATION(symaddrs->Read_b_loc, 0);
        63: (61) r1 = *(u32 *)(r8 +40)
         R0=map_value(id=0,off=0,ks=4,vs=64,imm=0) R1_w=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        ; REQUIRE_LOCATION(symaddrs->Read_b_loc, 0);
        64: (15) if r1 == 0x0 goto pc-45
         R0=map_value(id=0,off=0,ks=4,vs=64,imm=0) R1_w=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=map_value(id=0,off=0,ks=4,vs=48,imm=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        65: (b7) r1 = 152
        66: (bf) r3 = r7
        67: (0f) r3 += r1
        68: (bf) r1 = r10
        ;
        69: (07) r1 += -40
        ; const void* sp = (const void*)_C(ctx,sp);
        70: (b7) r2 = 8
        71: (85) call bpf_probe_read#4
        ; const void* sp = (const void*)_C(ctx,sp);
        72: (79) r6 = *(u64 *)(r10 -40)
        ; uint64_t* regs = go_regabi_regs(ctx);
        73: (bf) r1 = r7
        74: (85) call pc+102
        caller:
         R6_w=invP(id=0) R7=ctx(id=0,off=0,imm=0) R8=map_value(id=0,off=0,ks=4,vs=64,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=0000mmmm fp-40=mmmmmmmm fp-56=mmmmmmmm
        callee:
         frame1: R1_w=ctx(id=0,off=0,imm=0) R10=fp0
        ; static __inline uint64_t* go_regabi_regs(const struct pt_regs* ctx) {
        177: (bf) r6 = r1
        178: (b7) r8 = 0
        ; uint32_t kZero = 0;
        179: (63) *(u32 *)(r10 -4) = r8
        180: (bf) r2 = r10
        ;
        181: (07) r2 += -4
        ; struct go_regabi_regs* regs_heap_var = bpf_map_lookup_elem(&regs_heap, &kZero);
        182: (18) r1 = 0xffff938af58de800
        184: (85) call bpf_map_lookup_elem#1
        185: (bf) r7 = r0
        ; if (regs_heap_var == NULL) {
        186: (15) if r7 == 0x0 goto pc+82
         frame1: R0=map_value(id=0,off=0,ks=4,vs=72,imm=0) R6=ctx(id=0,off=0,imm=0) R7_w=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm????
        187: (b7) r1 = 80
        188: (bf) r3 = r6
        189: (0f) r3 += r1
        190: (bf) r1 = r10
        ;
        191: (07) r1 += -16
        ; regs_heap_var->regs[0] = _C(ctx,ax);
        192: (b7) r2 = 8
        193: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[0] = _C(ctx,ax);
        194: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[0] = _C(ctx,ax);
        195: (7b) *(u64 *)(r7 +0) = r1
         frame1: R0=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        196: (b7) r1 = 40
        197: (bf) r3 = r6
        198: (0f) r3 += r1
        199: (bf) r1 = r10
        ;
        200: (07) r1 += -16
        ; regs_heap_var->regs[1] = _C(ctx,bx);
        201: (b7) r2 = 8
        202: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[1] = _C(ctx,bx);
        203: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[1] = _C(ctx,bx);
        204: (7b) *(u64 *)(r7 +8) = r1
         frame1: R0_w=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        205: (b7) r1 = 88
        206: (bf) r3 = r6
        207: (0f) r3 += r1
        208: (bf) r1 = r10
        ;
        209: (07) r1 += -16
        ; regs_heap_var->regs[2] = _C(ctx,cx);
        210: (b7) r2 = 8
        211: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[2] = _C(ctx,cx);
        212: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[2] = _C(ctx,cx);
        213: (7b) *(u64 *)(r7 +16) = r1
         frame1: R0=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        214: (b7) r1 = 112
        215: (bf) r3 = r6
        216: (0f) r3 += r1
        217: (bf) r1 = r10
        ;
        218: (07) r1 += -16
        ; regs_heap_var->regs[3] = _C(ctx,di);
        219: (b7) r2 = 8
        220: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[3] = _C(ctx,di);
        221: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[3] = _C(ctx,di);
        222: (7b) *(u64 *)(r7 +24) = r1
         frame1: R0_w=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        223: (b7) r1 = 104
        224: (bf) r3 = r6
        225: (0f) r3 += r1
        226: (bf) r1 = r10
        ;
        227: (07) r1 += -16
        ; regs_heap_var->regs[4] = _C(ctx,si);
        228: (b7) r2 = 8
        229: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[4] = _C(ctx,si);
        230: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[4] = _C(ctx,si);
        231: (7b) *(u64 *)(r7 +32) = r1
         frame1: R0=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        232: (b7) r1 = 72
        233: (bf) r3 = r6
        234: (0f) r3 += r1
        235: (bf) r1 = r10
        ;
        236: (07) r1 += -16
        ; regs_heap_var->regs[5] = _C(ctx,r8);
        237: (b7) r2 = 8
        238: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[5] = _C(ctx,r8);
        239: (79) r1 = *(u64 *)(r10 -16)
        ; regs_heap_var->regs[5] = _C(ctx,r8);
        240: (7b) *(u64 *)(r7 +40) = r1
         frame1: R0_w=invP(id=0) R1_w=invP(id=0) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=4,vs=72,imm=0) R8=invP0 R10=fp0 fp-8=mmmm???? fp-16=mmmmmmmm
        241: (b7) r1 = 64
        242: (bf) r3 = r6
        243: (0f) r3 += r1
        244: (bf) r1 = r10
        ;
        245: (07) r1 += -16
        ; regs_heap_var->regs[6] = _C(ctx,r9);
        246: (b7) r2 = 8
        247: (85) call bpf_probe_read#4
        ; regs_heap_var->regs[6] = _C(ctx,r9);

To Reproduce

Expected behavior
compile and start successfully

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: ubuntu 20.04
@hengyoush hengyoush added the bug Something isn't working label Dec 2, 2024
@hengyoush
Copy link
Owner Author

hengyoush commented Dec 2, 2024
edited
Loading

file: gotls.bpf.c

if (loc.offset >= 0) {
      bpf_probe_read(arg, arg_size, (char*)regs + loc.offset);
}

this check need to be modified to:

if (loc.offset >= 0 && loc.offset < xxx) {
      bpf_probe_read(arg, arg_size, (char*)regs + loc.offset);
}

@hengyoush hengyoush self-assigned this Dec 2, 2024
@hengyoush hengyoush added this to v1.5.0 Dec 5, 2024
@hengyoush hengyoush moved this to Todo in v1.5.0 Dec 5, 2024
@hengyoush hengyoush moved this from Todo to In Progress in v1.5.0 Dec 10, 2024
@hengyoush hengyoush linked a pull request Dec 12, 2024 that will close this issue
fix(bpf/gotls): fix #137 #167
Merged
hengyoush added a commit that referenced this issue Dec 12, 2024
@hengyoush
fix: fix #137
db484ff
hengyoush added a commit that referenced this issue Dec 12, 2024
@hengyoush
Merge pull request #167 from hengyoush/137-failed-to-start-kyanos-in-…
25702ba 
…ubuntu2004

fix(bpf/gotls): fix #137
@github-project-automation github-project-automation bot moved this from In Progress to Done in v1.5.0 Dec 12, 2024
@hengyoush hengyoush reopened this Dec 13, 2024
@hengyoush hengyoush moved this from Done to In Progress in v1.5.0 Dec 13, 2024
@hengyoush hengyoush moved this from In Progress to Done in v1.5.0 Dec 13, 2024
@hengyoush hengyoush closed this as completed by moving to Done in v1.5.0 Dec 13, 2024
@hengyoush hengyoush reopened this Jan 1, 2025
hengyoush added a commit that referenced this issue Jan 6, 2025
@hengyoush
fix: fix #137
13ed321
hengyoush added a commit that referenced this issue Jan 6, 2025
@hengyoush
fix: fix #137
7cce403
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hengyoush hengyoush

Labels
bug Something isn't working
Projects
v1.5.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(bpf/gotls): fix #137 hengyoush/kyanos
1 participant
@hengyoush