eBPF program fails with "libbpf: failed to find valid kernel BTF" after upgrading to kernel 6.8.0-48-generic
I'm learning how to use eBPF in Linux environments via the libbpf library. I have a simple eBPF program that compiles and runs successfully on kernel version 5.15.0-125-generic, but after upgrading my kernel to 6.8.0-48-generic, the program fails to run with the following error messages:
libbpf: failed to find valid kernel BTF
libbpf: Error loading vmlinux BTF: -3
libbpf: failed to load object 'execve.bpf.o'
Failed to load eBPF object
Environment:
- OS: Ubuntu 22.04.5 LTS x86_64
- Kernel: 6.8.0-48-generic (upgraded from 5.15.0-125-generic)
- CPU: Intel i9-14900K
neofetchcommand result is like below:
Project Details:
I'm working on a small eBPF project that tracks execve() system calls. The code is available on my GitHub repository:
https://github.com/KnightChaser/hello-eBPF/tree/main/application/00_execve_tracking
The project consists of:
- Makefile: Builds and runs the code.
- execve.bpf.c: Kernel-side code that captures
execve()executions. - execve_user.c: User-space code that interacts with the eBPF program via a ring buffer and displays the data.
Steps Taken:
Generated
vmlinux.h:sudo apt update sudo apt install linux-headers-$(uname -r) clang llvm libbpf-dev gcc-multilib make bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.hBuilt the program:
makeRan the program:
sudo ./execve_userThis results in the error messages mentioned above.
Troubleshooting Attempts:
Verified Kernel BTF Support: Ensured that the kernel is compiled with BTF support.
Checked
paholeVersion: Confirmed thatpaholeis version 1.25.Set
LIBBPF_LOG_LEVEL=debug: Attempted to get more detailed logs, but no additional output was produced.LIBBPF_LOG_LEVEL=debug sudo ./execve_userUsed
strace: Traced system calls and noticed that the program tries to access non-existent files like/boot/vmlinux-6.8.0-48-generic:access("/boot/vmlinux-6.8.0-48-generic", R_OK) = -1 ENOENT (No such file or directory) access("/lib/modules/6.8.0-48-generic/vmlinux-6.8.0-48-generic", R_OK) = -1 ENOENT (No such file or directory) ...In contrast, on kernel 5.15.0-125-generic, the program does not attempt to access these files and runs successfully.
Additional Information:
- My system is dual-booting Windows 11 and Ubuntu via grub2win.
- The
vmlinux.hfile exists and was generated without errors. - The issue seems specific to the upgraded kernel version.
Question:
Why is my eBPF program failing with libbpf: failed to find valid kernel BTF after upgrading to kernel 6.8.0-48-generic, and how can I resolve this issue?
Any insights into why libbpf is unable to find valid kernel BTF on the new kernel and what steps I can take to fix this problem would be greatly appreciated.
What I've Tried So Far:
- Reinstalling Kernel Headers: Reinstalled the kernel headers for the new kernel version.
- Re-generating
vmlinux.h: Ensured thatvmlinux.his up-to-date with the new kernel. - Checking BTF Files: Verified that
/sys/kernel/btf/vmlinuxexists and is accessible. - Exploring Alternative BTF Locations: Noticed that
libbpfsearches for BTF files in several locations, but they don't exist for the new kernel.
Any help or guidance on how to resolve this issue would be greatly appreciated!
(Note: Currently, this issue is ongoing on the GitHub issue in https://github.com/libbpf/libbpf/issues/863, which I wrote yesterday. Since the libbpf repository GitHub is not so active, I upload my question after refining sentences again to StackOverflow, where related developers might be reachable.)
The problem was occurred due to an old version of libbpf, which some features go incomaptible with upgraded kernel(kernel 6.x.x.). Since upgrading the libbpf package to 1.5.0 and reconfigure library configurations for my Linux machine, I could see that such problems don't arise again.
You can find more details in https://github.com/libbpf/libbpf/issues/863.
- How portable is code with #pragma optimize?
- Make warn_unused_result applied to all function with GCC
- Multiple threads and CPU cache
- Linking error vs. compilation error
- how to compile multiple instances of a source file linking to it different files.o
- Background compile in VS2010 and C/C++
- What Turing complete macro languages are available for C/C++
- How to use Cython to compile Python 3 into C
- Are forward declarations needed when the typedef declaration is done?
- How to assign real and imaginary parts of complex variables in C
- Strict aliasing between Complex numbers and real numbers in C
- How to CORRECTLY install gsl library in Linux?
- Using = operator on atomic variable?
- Unknown conversion types in this program I'm meant to compile
- Iterator in C language
- Treating __func__ as a string literal instead of a predefined identifier
- c - strcpy with struct string returning error
- Segmentation fault when executing a Python script in a C program?
- Questions about C Function Prototypes and Compilation
- What is the purpose of "-Wa,option" in GCC?
- Do we have c99 subflags
- netcat gcc compile option so that IDA pro can show function name
- What is the correct way to free output buffer after call to openssl::i2d_X509?
- How can I link C++ files to a C program?
- Why doesn't this program in C compile? Error: undefined reference to `i2c_smbus_read_byte_data'
- integer promotion isn't taken into account
- Why do I get a SEGFAULT when I try to sort an array of integers using K & R code examples?
- Are C preprocessor statements a part of the C language?
- FFMPEG Api conversion from YUV420P to RGB produces strange output
- Why is the tree constructed this way incorrect?