Bug: System monitor failing to load on kernel 5.4.0.42-generic

[Aryan-sharma11]

Bug Report

System monitor is failing to load on Ubuntu 18.04 with kernel 5.4.0.42-generic.

Note:- The issue persists for this particular kernel version only

	 R0_rw=map_value_or_null(id=25,off=0,ks=4,vs=4,imm=0) R6_w=invP0 R7_r=invP0 R8_r=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R9_r=map_value(id=0,off=0,ks=4,vs=32768,imm=0) R10=fp0 fp-8=mmmm0??? fp-16=mmmmmmmm fp-24_r=mmmmmmmm fp-32=mmmmmmmm fp-40_r=mmmmmmm0 fp-48=mmmmmmmm fp-56=???m???? fp-64=????mmmm fp-80=mmmmmmmm fp-88_r=mmmmmmmm fp-96=???????m fp-104=00000000 fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmmmmmm fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304_r=mmmmmmmm fp-312=00000000 fp-320=mmmmmmmm fp-328=mmmmmmmm fp-336=mmmmmmmm fp-344=mmmmmmmm fp-352=mmmmmmmm fp-360=mmmmmmmm fp-368=mmmmmmmm fp-376=mmmmmmmm fp-384_r=ctx fp-392=map_value fp-400=fp fp-408=fp fp-416=mmmmmmmm fp-424=map_value
	parent didn't have regs=100 stack=0 marks
	last_idx 6385 first_idx 6372
	regs=100 stack=0 before 6385: (85) call bpf_map_lookup_elem#1
	regs=100 stack=0 before 6383: (18) r1 = 0xffffa0f2d554b600
	regs=100 stack=0 before 6382: (07) r2 += -88
	regs=100 stack=0 before 6381: (bf) r2 = r10
	regs=100 stack=0 before 6380: (63) *(u32 *)(r10 -88) = r6
	regs=100 stack=0 before 6379: (63) *(u32 *)(r10 -16) = r1
	regs=100 stack=0 before 6378: (b4) w1 = 30
	regs=100 stack=0 before 6377: (63) *(u32 *)(r0 +0) = r1
	regs=100 stack=0 before 6376: (04) w1 += 1
	regs=100 stack=0 before 6375: (bc) w1 = w8
	regs=100 stack=0 before 6374: (73) *(u8 *)(r10 -40) = r6
	regs=100 stack=0 before 6373: (b4) w6 = 0
	regs=100 stack=0 before 6372: (26) if w1 > 0x7ffe goto pc+69
	 R0_rw=map_value(id=0,off=0,ks=4,vs=4,imm=0) R1_rw=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=inv1 R7_rw=invP0 R8_rw=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R9_r=map_value(id=0,off=0,ks=4,vs=32768,imm=0) R10=fp0 fp-8=mmmm0??? fp-16=mmmmmmmm fp-24_r=mmmmmmmm fp-32=mmmmmmmm fp-40_r=mmmmmmmm fp-48=mmmmmmmm fp-56=???m???? fp-64=????mmmm fp-80=mmmmmmmm fp-88_r=mmmmmmmm fp-96=???????m fp-104=00000000 fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmmmmmm fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304_r=mmmmmmmm fp-312=00000000 fp-320=mmmmmmmm fp-328=mmmmmmmm fp-336=mmmmmmmm fp-344=mmmmmmmm fp-352=mmmmmmmm fp-360=mmmmmmmm fp-368=mmmmmmmm fp-376=mmmmmmmm fp-384_r=ctx fp-392=map_value fp-400=fp fp-408=fp fp-416=mmmmmmmm fp-424=map_value
	parent didn't have regs=100 stack=0 marks
	last_idx 6371 first_idx 6361
	regs=100 stack=0 before 6371: (04) w1 += -1
	regs=100 stack=0 before 6370: (bc) w1 = w8
	regs=100 stack=0 before 6369: (61) r8 = *(u32 *)(r0 +0)
	6437: (bf) r3 = r10
	6438: (07) r3 += -40
	; if (bpf_probe_read(&(bufs_p->buf[num_of_hashes_idx]), sizeof(num_of_hashes), &num_of_hashes) != 0)
	6439: (bf) r1 = r9
	6440: (b4) w2 = 1
	6441: (85) call bpf_probe_read#4
	 R0=inv(id=0,umax_value=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R1_w=map_value(id=0,off=0,ks=4,vs=32768,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2_w=inv1 R3_w=fp-40 R6=invP0 R7=invP0 R8=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R9_w=map_value(id=0,off=0,ks=4,vs=32768,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmm0??? fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=???m???? fp-64=????mmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=???????m fp-104=00000000 fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmmmmmm fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304=mmmmmmmm fp-312=00000000 fp-320=mmmmmmmm fp-328=mmmmmmmm fp-336=mmmmmmmm fp-344=mmmmmmmm fp-352=mmmmmmmm fp-360=mmmmmmmm fp-368=mmmmmmmm fp-376=mmmmmmmm fp-384=ctx fp-392=map_value fp-400=fp fp-408=fp fp-416=mmmmmmmm fp-424=map_value
	R1 unbounded memory access, make sure to bounds check any array access into a map
	processed 2894 insns (limit 1000000) max_states_per_insn 0 total_states 273 peak_states 273 mark_read 251
2025-11-18 04:55:49.981668	ERROR	Failed to initialize BPF (bpf module is nil program kretprobe__fchownat: load program: permission denied: R0=inv(id=0,umax_value=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R1_w=map_value(id=0,off=0,ks=4,vs=32768,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R2_w=inv1 R3_w=fp-40 R6=invP0 R7=invP0 R8=invP(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R9_w=map_value(id=0,off=0,ks=4,vs=32768,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0 fp-8=mmmm0??? fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=???m???? fp-64=????mmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=???????m fp-104=00000000 fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmmmmmm fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304=mmmmmmmm fp-312=00000000 fp-320=mmmmmmmm fp-328=mmmmmmmm fp-336=mmmmmmmm fp-344=mmmmmmmm fp-352=mmmmmmmm fp-360=mmmmmmmm fp-368=mmmmmmmm fp-376=mmmmmmmm fp-384=ctx fp-392=map_value fp-400=fp fp-408=fp fp-416=mmmmmmmm fp-424=map_value: R1 unbounded memory access, make sure to bounds check any array access into a map (9391 line(s) omitted))
github.com/kubearmor/KubeArmor/KubeArmor/log.Errf

General Information

• Environment description (GKE, VM-Kubeadm, vagrant-dev-env, minikube, microk8s, ...)
• Kernel version (run uname -a)
• Orchestration system version in use (e.g. kubectl version, ...)
• Link to relevant artifacts (policies, deployments scripts, ...)
• Target containers/pods

To Reproduce

1. Instruction 1
2. Instruction 2

Expected behavior

A description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

[Aryan-sharma11]

Reopening this issue because we are again encountering the problem when loading the Docker-built object files on kernel 5.4.0.42. The failure appears to be caused by differences in the build toolchain, as the object file built directly on the VM loads without any issues

	2605: (05) goto pc+44
	; if (bpf_probe_read(&(bufs_p->buf[*off]), sizeof(hash->digest), hash->digest) < 0)
	2650: (79) r2 = *(u64 *)(r10 -328)
	; if (num_of_hashes_idx >= MAX_BUFFER_SIZE ||  num_of_hashes_idx + num_of_hashes >= MAX_BUFFER_SIZE)
	2651: (26) if w2 > 0x7fff goto pc+9
	 R0=inv0 R2_w=inv(id=0,smax_value=9223372032559841279,umax_value=18446744069414617087,var_off=(0x0; 0xffffffff00007fff)) R6=invP0 R7=map_value(id=0,off=0,ks=4,vs=32768,imm=0) R8_w=inv0 R9=invP0 R10=fp0 fp-8=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-48=m0?????? fp-56=mmmmmmmm fp-64=mmmmmmm0 fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmm???m fp-96=00000000 fp-104=0000mmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmm0000 fp-176=00000000 fp-184=00000000 fp-192=00000000 fp-200=00000000 fp-208=00000000 fp-216=00000000 fp-224=00000000 fp-232=00000000 fp-240=00000000 fp-248=0000mmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmm0000 fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304=00000000 fp-312=mmmmmmmm fp-320=ctx fp-328=mmmmmmmm
	; if (num_of_hashes_idx >= MAX_BUFFER_SIZE ||  num_of_hashes_idx + num_of_hashes >= MAX_BUFFER_SIZE)
	2652: (bc) w1 = w2
	2653: (0c) w1 += w9
	; if (num_of_hashes_idx >= MAX_BUFFER_SIZE ||  num_of_hashes_idx + num_of_hashes >= MAX_BUFFER_SIZE)
	2654: (26) if w1 > 0x7fff goto pc+6
	 R0=inv0 R1_w=inv(id=0,umax_value=32767,var_off=(0x0; 0x7fff)) R2_w=inv(id=0,smax_value=9223372032559841279,umax_value=18446744069414617087,var_off=(0x0; 0xffffffff00007fff)) R6=invP0 R7=map_value(id=0,off=0,ks=4,vs=32768,imm=0) R8_w=inv0 R9=invP0 R10=fp0 fp-8=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-48=m0?????? fp-56=mmmmmmmm fp-64=mmmmmmm0 fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmm???m fp-96=00000000 fp-104=0000mmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmm0000 fp-176=00000000 fp-184=00000000 fp-192=00000000 fp-200=00000000 fp-208=00000000 fp-216=00000000 fp-224=00000000 fp-232=00000000 fp-240=00000000 fp-248=0000mmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmm0000 fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304=00000000 fp-312=mmmmmmmm fp-320=ctx fp-328=mmmmmmmm
	; if (bpf_probe_read(&(bufs_p->buf[num_of_hashes_idx]), sizeof(num_of_hashes), &num_of_hashes) != 0)
	2655: (0f) r7 += r2
	last_idx 2655 first_idx 2603
	regs=4 stack=0 before 2654: (26) if w1 > 0x7fff goto pc+6
	regs=4 stack=0 before 2653: (0c) w1 += w9
	regs=4 stack=0 before 2652: (bc) w1 = w2
	regs=4 stack=0 before 2651: (26) if w2 > 0x7fff goto pc+9
	regs=4 stack=0 before 2650: (79) r2 = *(u64 *)(r10 -328)
	regs=0 stack=10000000000 before 2605: (05) goto pc+44
	regs=0 stack=10000000000 before 2604: (55) if r8 != 0x0 goto pc+1
	regs=0 stack=10000000000 before 2603: (bf) r8 = r0
	 R0_rw=map_value_or_null(id=14,off=0,ks=4,vs=4,imm=0) R6_w=invP0 R7_r=map_value(id=0,off=0,ks=4,vs=32768,imm=0) R8_w=inv0 R9_r=invP0 R10=fp0 fp-8=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-48=m0?????? fp-56=mmmmmmmm fp-64=mmmmmmm0 fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmm???m fp-96=00000000 fp-104=0000mmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmm0000 fp-176=00000000 fp-184=00000000 fp-192=00000000 fp-200=00000000 fp-208=00000000 fp-216=00000000 fp-224=00000000 fp-232=00000000 fp-240=00000000 fp-248=0000mmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmm0000 fp-280=mmmmmmmm fp-288=mmmmmmmm fp-296=mmmmmmmm fp-304=00000000 fp-312=mmmmmmmm fp-320=ctx fp-328_rw=mmmmmmmm
	parent already had regs=0 stack=0 marks
	math between map_value pointer and register with unbounded min value is not allowed
	processed 1367 insns (limit 1000000) max_states_per_insn 0 total_states 129 peak_states 129 mark_read 117
2025-12-03 16:18:58.541774	ERROR	Failed to initialize KubeArmor Monitor: failed to initialize BPF: bpf module is nil program kretprobe__execve: load program: invalid argument: math between map_value pointer and register with unbounded min value is not allowed (4295 line(s) omitted)
github.com/kubearmor/KubeArmor/KubeArmor/log.Err
	/home/runner/work/KubeArmor/KubeArmor/KubeArmor/log/logger.go:103
github.com/kubearmor/KubeArmor/KubeArmor/feeder.(*Feeder).Errf
	/home/runner/work/KubeArmor/KubeArmor/KubeArmor/feeder/feeder.go:480
github.com/kubearmor/KubeArmor/KubeArmor/core.KubeArmor
	/home/runner/work/KubeArmor/KubeArmor/KubeArmor/core/kubeArmor.go:629
main.main
	/home/runner/work/KubeArmor/KubeArmor/KubeArmor/main.go:63
runtime.main
	/opt/hostedtoolcache/go/1.24.9/x64/src/runtime/proc.go:283