From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 71944 invoked by alias); 2 Aug 2019 23:35:32 -0000 Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org Received: (qmail 71877 invoked by uid 48); 2 Aug 2019 23:35:28 -0000 From: "agentzh at gmail dot com" To: systemtap@sourceware.org Subject: [Bug runtime/24875] New: VMA tracker is broken on Fedora 29 Date: Fri, 02 Aug 2019 23:35:00 -0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: systemtap X-Bugzilla-Component: runtime X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: agentzh at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: systemtap at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-q3/txt/msg00028.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D24875 Bug ID: 24875 Summary: VMA tracker is broken on Fedora 29 Product: systemtap Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: runtime Assignee: systemtap at sourceware dot org Reporter: agentzh at gmail dot com Target Milestone: --- On my fully updated Fedora 29 system, the latest master (commit ebfc300ec) = of systemtap fails to do VMA tracking correctly. Below is a minimal test case: File a.stp: probe process.function("foo") { printf("%#x\n", @var("blah")); exit(); } File a.c: long blah =3D 0xdeadbeefL; int main(void) { return 0; } And compile the C program a.c like this: gcc -fpic -pie -Wall -g % And then run the a.stp like this: stap -c './a.out' a.stp I got the error ERROR: read fault [man error::fault] at 0x0 near operator '@var' at a.stp:2= :25 WARNING: Number of errors: 1, skipped probes: 0 WARNING: /opt/stap/bin/staprun exited with status: 1 Pass 5: run failed. [man error::pass5] With the -DDEBUG_SYMBOLS option enabled: _stp_do_relocation:74: found kernel _stext load address: 0xffffffffad000000 _stp_usermodule_check:847: build-id validation [26087 /home/agentzh/git/systemtap-plus/a.out] address=3D0x559926150000 build_id_offset=3D0x2f4 _stp_umodule_relocate:78: [26087] /home/agentzh/git/systemtap-plus/a.out, 4= 028 _stp_umodule_relocate:78: [26087] /home/agentzh/git/systemtap-plus/a.out, 4= 028 ERROR: read fault [man error::fault] at 0x0 near operator '@var' at a.stp:2= :25 WARNING: Number of errors: 1, skipped probes: 0 WARNING: /opt/stap/bin/staprun exited with status: 1 Pass 5: run failed. [man error::pass5] Apparently the VMA tracker resolver returns the address zero. For comparison, the same example works flawlessly on CentOS 7: $ stap -c './a.out' a.stp 4 0xdeadbeef blah: 0xdeadbeef And the same example and same version of stap also worked fine on Fedora 28. I tried digging this up a bit on Fedora 29. And it seems that the stap_find_vma_map_info_user function fails to find the matched entry in __stp_tf_vma_map. There *is* a map entry with the matching PID, but the task->user pointer definitely differs. Even after forcibly bypassing the task->user check, the returned nonzero address is still very wrong: _stp_do_relocation:74: found kernel _stext load address: 0xffffffffad000000 _stp_usermodule_check:856: build-id validation [29814 /home/agentzh/git/systemtap-plus/a.out] address=3D0x55b4b87d8000 build_id_offset=3D0x2f4 _stp_umodule_relocate:79: [29814] /home/agentzh/git/systemtap-plus/a.out, 4= 028 _stp_umodule_relocate:84: checking module (path /home/agentzh/git/systemtap-plus/a.out) and num secs 1 _stp_umodule_relocate:92: checking section .dynamic stap_find_vma_map_info_user:334: stp tf vma map: 0000000008530af7 stap_find_vma_map_info_user:343: found pid 29814 (user: 00000000894ada10 vs 00000000b7a8c989) _stp_umodule_relocate:101: find vma map info user returned 0 _stp_umodule_relocate:104: address=3D7ffca2a02028 _stp_umodule_relocate:79: [29814] /home/agentzh/git/systemtap-plus/a.out, 4= 028 _stp_umodule_relocate:84: checking module (path /home/agentzh/git/systemtap-plus/a.out) and num secs 1 _stp_umodule_relocate:92: checking section .dynamic stap_find_vma_map_info_user:334: stp tf vma map: 0000000008530af7 stap_find_vma_map_info_user:343: found pid 29814 (user: 00000000894ada10 vs 00000000b7a8c989) _stp_umodule_relocate:101: find vma map info user returned 0 _stp_umodule_relocate:104: address=3D7ffca2a02028 ERROR: read fault [man error::fault] at 0x7ffca2a02028 near operator '@var'= at a.stp:2:25 a.stp:2:25 in probe process("/home/agentzh/git/systemtap-plus/a.out").function("main@/home/agen= tzh/git/systemtap-plus/b.c:3") WARNING: Number of errors: 1, skipped probes: 0 WARNING: /opt/stap-plus/bin/staprun exited with status: 1 Pass 5: run failed. [man error::pass5] Some more info for the Fedora 29 system: $ uname -a Linux glass 5.1.20-200.fc29.x86_64 #1 SMP Fri Jul 26 15:15:46 UTC 2019 x86_= 64 x86_64 x86_64 GNU/Linux $ gcc --version gcc (GCC) 8.3.1 20190223 (Red Hat 8.3.1-2) Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ stap --version Systemtap translator/driver (version 4.2/0.176, commit release-4.1-58-gebfc300ec2ad) Copyright (C) 2005-2019 Red Hat, Inc. and others This is free software; see the source for copying conditions. tested kernel versions: 2.6.18 ... 5.1-rc2 enabled features: AVAHI BPF PYTHON2 LIBSQLITE3 LIBXML2 NLS NSS READLINE --=20 You are receiving this mail because: You are the assignee for the bug.