Re: [RFC PATCH bpf-next 05/12] bpf: Collect SDT probe BTF IDs from BTF decl tags

From: bot+bpf-ci

Date: Sat Jun 27 2026 - 11:35:19 EST


> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 3f8b12a1eb8b..badac128e8ad 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c

[ ... ]

> @@ -6692,6 +6693,57 @@ static int create_jt_map(struct bpf_object *obj, struct bpf_program *prog, struc
> return err;
> }
>
> +static void sdt_collect_btf_ids(struct bpf_object *obj)
> +{
> + int n = btf__type_cnt(obj->btf);
^^^^^^^^

Can sdt_collect_btf_ids() handle an object with no BTF?

btf__type_cnt(obj->btf) dereferences obj->btf. obj->btf is NULL when
the object carries no .BTF section - stripped or built without BTF.

SDT entries come from the .bpf_sdt_notes section, which is independent of
BTF presence. An object with probe sites but stripped BTF would have
sdt_entry_cnt > 0 and obj->btf == NULL, triggering a NULL dereference
here.

Existing libbpf functions guard this explicitly:

tools/lib/bpf/libbpf.c:bpf_object_fixup_btf() {
if (!obj->btf)
return 0;
n = btf__type_cnt(obj->btf);
...
}

Should sdt_collect_btf_ids() return early if obj->btf is NULL, leaving
btf_id as 0 (the intended value per the bpf_insn_array_value comment)?

> + const struct btf_type *t;
> + int i;
> +
> + for (i = 1; i < n; i++) {

[ ... ]

> @@ -6749,6 +6801,8 @@ static int bpf_object__create_sdt_maps(struct bpf_object *obj)
> if (err)
> return err;
>
> + sdt_collect_btf_ids(obj);
> +


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/28292842584