I have written the following eBPF code (Using the latest libbpf version):

SEC("uprobe//usr/lib/x86_64-linux-gnu/libc.so.6:puts")
int BPF_KPROBE(puts_uprobe, const char* name)
{        
    bpf_printk("Puts parameter: %s!", name);
    return 0;
}

Now, I have written two trivial programs:

First program:

#include <stdio.h>

int main()
{
        puts("Hello world!");
}

Second program:

#include <stdio.h>
#include <unistd.h>

int main()
{
        while (1)
        {
                puts("Hello world!");
                sleep(1);
        }
}

I compiled both programs like so, using gcc version 11.4.0:

gcc hello.c -o hello

For some reason, when I load my eBPF program, I only see the expected output for the second program.
When it comes to the first program however, attempting to access the address of name fails. Using bpf_probe_read_user_str in an attempt to copy the string to an arbitrary buffer fails with -14:

char buff[16] = {0};
long read = bpf_probe_read_user_str(buff, sizeof(buff), name); // read = -14 

I’m trying to understand what exactly causes this behavior, considering the fact that when I use gdb I can access the address just fine and it contains the expected string (the address I’m trying to access is a valid address – and it’s the address that contains the expected string).

My question – what is actually happening here and how can I prevent it?