* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
@ 2013-09-20 10:27 ` mjw at redhat dot com
2013-09-20 10:39 ` mjw at redhat dot com
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mjw at redhat dot com @ 2013-09-20 10:27 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #1 from Mark Wielaard <mjw at redhat dot com> ---
Tried the same with --dyninst, but that never triggered the probe.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
2013-09-20 10:27 ` [Bug uprobes/15972] " mjw at redhat dot com
@ 2013-09-20 10:39 ` mjw at redhat dot com
2013-09-20 14:45 ` mjw at redhat dot com
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mjw at redhat dot com @ 2013-09-20 10:39 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #2 from Mark Wielaard <mjw at redhat dot com> ---
Attaching gdb at the same time shows:
Program received signal SIGSEGV, Segmentation fault.
g_main_context_iterate (context=0x7f7f123a7d80, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3649
3649 UNLOCK_CONTEXT (context);
(gdb) disassemble
Dump of assembler code for function g_main_context_iterate:
0x00007f7f1129ef90 <+0>: push %r15
0x00007f7f1129ef92 <+2>: push %r14
0x00007f7f1129ef94 <+4>: mov %esi,%r14d
0x00007f7f1129ef97 <+7>: push %r13
0x00007f7f1129ef99 <+9>: push %r12
0x00007f7f1129ef9b <+11>: push %rbp
0x00007f7f1129ef9c <+12>: push %rbx
0x00007f7f1129ef9d <+13>: mov %rdi,%rbx
0x00007f7f1129efa0 <+16>: sub $0x28,%rsp
0x00007f7f1129efa4 <+20>: mov %edx,0xc(%rsp)
=> 0x00007f7f1129efa8 <+24>: int3
0x00007f7f1129efa9 <+25>: retq
0x00007f7f1129efaa <+26>: repnz add (%rax),%eax
0x00007f7f1129efad <+29>: mov %rbx,%rdi
0x00007f7f1129efb0 <+32>: callq 0x7f7f1129e220 <g_main_context_acquire>
I am surprised gdb sees the int3. And that it gets a SIGSEGV here (not a
SIGTRAP).
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
2013-09-20 10:27 ` [Bug uprobes/15972] " mjw at redhat dot com
2013-09-20 10:39 ` mjw at redhat dot com
@ 2013-09-20 14:45 ` mjw at redhat dot com
2013-09-20 15:07 ` mjw at redhat dot com
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mjw at redhat dot com @ 2013-09-20 14:45 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #3 from Mark Wielaard <mjw at redhat dot com> ---
The same disassamble before for stap starts tracing:
Dump of assembler code for function g_main_context_iterate:
0x00007f9476e8df90 <+0>: push %r15
0x00007f9476e8df92 <+2>: push %r14
0x00007f9476e8df94 <+4>: mov %esi,%r14d
0x00007f9476e8df97 <+7>: push %r13
0x00007f9476e8df99 <+9>: push %r12
0x00007f9476e8df9b <+11>: push %rbp
0x00007f9476e8df9c <+12>: push %rbx
0x00007f9476e8df9d <+13>: mov %rdi,%rbx
0x00007f9476e8dfa0 <+16>: sub $0x28,%rsp
0x00007f9476e8dfa4 <+20>: mov %edx,0xc(%rsp)
0x00007f9476e8dfa8 <+24>: callq 0x7f9476ecd270 <g_mutex_unlock>
0x00007f9476e8dfad <+29>: mov %rbx,%rdi
0x00007f9476e8dfb0 <+32>: callq 0x7f9476e8d220 <g_main_context_acquire>
So the int3 is placed on:
0x00007f9476e8dfa8 <+24>: callq 0x7f9476ecd270 <g_mutex_unlock>
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (2 preceding siblings ...)
2013-09-20 14:45 ` mjw at redhat dot com
@ 2013-09-20 15:07 ` mjw at redhat dot com
2013-09-20 18:27 ` fche at redhat dot com
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mjw at redhat dot com @ 2013-09-20 15:07 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #4 from Mark Wielaard <mjw at redhat dot com> ---
Just looking whether this is stap or uprobes or ...?
Lets extract the address we use from the library:
$ objdump -t /usr/lib/debug/usr/lib64/libglib-2.0.so.0.3600.3.debug | grep
g_main_context_iterate
0000000000047f90 l F .text 00000000000001ef
g_main_context_iterate.isra.22
stap seems to use an address slightly after the start (skips the prologue of
the function): 47f90+18 = 47FA8
So put that into the raw uprobes/perf tracer thingy:
# echo "p:func_entry /usr/lib64/libglib-2.0.so.0.3600.3:0x0000000000047fa8" >>
/sys/kernel/debug/tracing/uprobe_events
And enable the tracer:
# echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable
Oops, crashing processes... in dmesg:
[ 8241.097226] traps: gnome-shell[1114] general protection ip:7fffffffe080
sp:7fff9630b460 error:0
[ 8241.098619] traps: accounts-daemon[328] general protection ip:7fffffffe080
sp:7fffc4235b50 error:0
[ 8241.325253] traps: gdbus[962] general protection ip:7fffffffe080
sp:7f928e88cd80 error:0
[ 8241.325310] traps: gdbus[939] general protection ip:7fffffffe080
sp:7f4c90f6fdc0 error:0
[ 8241.325384] traps: upowerd[1056] general protection ip:7fffffffe080
sp:7fffd4bb5100 error:0
[ 8241.325525] traps: gdbus[364] general protection ip:7fffffffe080
sp:7f3e10d2fd80 error:0
[ 8241.325811] traps: modem-manager[396] general protection ip:7fffffffe080
sp:7fff383892b0 error:0
[ 8241.325900] traps: firewalld[312] general protection ip:7fffffffe080
sp:7fffeed136c0 error:0
[ 8241.326391] traps: gdbus[381] general protection ip:7fffffffe080
sp:7fcc07881d80 error:0
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (3 preceding siblings ...)
2013-09-20 15:07 ` mjw at redhat dot com
@ 2013-09-20 18:27 ` fche at redhat dot com
2013-09-20 18:33 ` jistone at redhat dot com
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: fche at redhat dot com @ 2013-09-20 18:27 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |SUSPENDED
CC| |fche at redhat dot com
--- Comment #5 from Frank Ch. Eigler <fche at redhat dot com> ---
kernel bug, reported to some RH kernel uprobes folks
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (4 preceding siblings ...)
2013-09-20 18:27 ` fche at redhat dot com
@ 2013-09-20 18:33 ` jistone at redhat dot com
2014-03-18 10:27 ` fche at redhat dot com
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jistone at redhat dot com @ 2013-09-20 18:33 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #6 from Josh Stone <jistone at redhat dot com> ---
(In reply to Mark Wielaard from comment #2)
> I am surprised gdb sees the int3.
I'm not surprised. The int3 can't be hidden from the process itself, of
course, since it needs to be executed. Hiding from gdb would require uprobes
to intercept and fake the ptrace peek, which I suppose is possible, but
questionable.
> And that it gets a SIGSEGV here (not a SIGTRAP).
If uprobes is trying to send IP to 7fffffffe080, as dmesg suggests, and if that
doesn't exist, then a SIGSEGV is perfectly reasonable. I expect that address
is supposed to be where the out-of-line instruction copy lives.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (5 preceding siblings ...)
2013-09-20 18:33 ` jistone at redhat dot com
@ 2014-03-18 10:27 ` fche at redhat dot com
2014-05-16 0:03 ` fche at redhat dot com
2015-06-19 16:25 ` fche at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: fche at redhat dot com @ 2014-03-18 10:27 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
--- Comment #7 from Frank Ch. Eigler <fche at redhat dot com> ---
https://bugzilla.redhat.com/show_bug.cgi?id=1073627
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (6 preceding siblings ...)
2014-03-18 10:27 ` fche at redhat dot com
@ 2014-05-16 0:03 ` fche at redhat dot com
2015-06-19 16:25 ` fche at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: fche at redhat dot com @ 2014-05-16 0:03 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |c.bezemer at tudelft dot nl
--- Comment #8 from Frank Ch. Eigler <fche at redhat dot com> ---
*** Bug 16662 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug uprobes/15972] core dump with process probes
2013-09-20 10:23 [Bug uprobes/15972] New: core dump with process probes mjw at redhat dot com
` (7 preceding siblings ...)
2014-05-16 0:03 ` fche at redhat dot com
@ 2015-06-19 16:25 ` fche at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: fche at redhat dot com @ 2015-06-19 16:25 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=15972
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|SUSPENDED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Frank Ch. Eigler <fche at redhat dot com> ---
upstream kernel fixes in u[ret]probes should have corrected this particular
report. uretprobes still fights and loses against longjmp though.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread