Track more modules for symbolization; to show e.g. [heap] as a module name. #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Total same as [slabratetop(8)](https://github.com/iovisor/bcc/blob/master/tools/slabratetop.py), but add some options params: ```bash $ sudo ./slabratetop -h Usage: slabratetop [OPTION...] Trace slab kmem cache alloc by process. USAGE: slabratetop [-h] [-p PID] [interval] [count] EXAMPLES: slabratetop # slab rate top, refresh every 1s slabratetop -p 181 # only trace PID 181 slabratetop -s count # sort columns by count slabratetop -r 100 # print 100 rows slabratetop 5 10 # 5s summaries, 10 times -C, --noclear Don't clear the screen -p, --pid=PID Process ID to trace -r, --rows=ROWS Maximum rows to print, default 20 -s, --sort=SORT Sort columns, default size [name, count, size] -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. ``` print like: ```bash 13:29:26 loadavg: 0.06 0.01 0.02 1/556 9961 CACHE ALLOCS BYTES names_cache 86 374272 filp 43 27520 vm_area_struct 87 22968 anon_vma 32 8704 mm_struct 3 5760 anon_vma_chain 55 5280 cred_jar 19 4864 dentry 12 4704 page->ptl 44 4576 UNIX 2 4224 proc_inode_cache 3 3744 xfs_trans 11 3256 skbuff_head_cache 8 2560 seq_file 8 2496 xfs_log_ticket 10 2480 sighand_cache 1 2368 signal_cache 1 1792 xfs_btree_cur 5 1440 sock_inode_cache 1 1408 lsm_file_cache 43 1376 ```
the bpf verifier would complain on program exit without initing R0 but the buggy implementation makes up one BPF_EXIT instruction only, which would be rejected by the verifier, and what's worse is that it does not log any err about the try-to-load failure, which makes all tools use this api would silently fall back to kprobe unexpectedly. this patch fixs it and also prints verbose message about the result of the try. Signed-off-by: Ze Gao <[email protected]>
Running syscount causes the following error:
...
; if (measure_latency)
103: (18) r1 = 0xffffc90000b6a002
105: (71) r1 = *(u8 *)(r1 +0)
R0_w=inv(id=0,umax_value=16,var_off=(0x0; 0x1f)) R1_w=map_value(id=0,off=2,ks=4,vs=48,imm=0) R7=map_value(id=0,off=0,ks=4,vs=32,imm=0) R8=inv(id=0,smin_value=-2147483648,smax_value=2147483647) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm
; if (measure_latency)
106: (15) if r1 == 0x0 goto pc+4
R0_w=inv(id=0,umax_value=16,var_off=(0x0; 0x1f)) R1_w=inv(id=0,umax_value=255,var_off=(0x0; 0xff)) R7=map_value(id=0,off=0,ks=4,vs=32,imm=0) R8=inv(id=0,smin_value=-2147483648,smax_value=2147483647) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm
; __sync_fetch_and_add(&val->total_ns, bpf_ktime_get_ns() - *start_ts);
107: (85) call bpf_ktime_get_ns#5
; __sync_fetch_and_add(&val->total_ns, bpf_ktime_get_ns() - *start_ts);
108: (79) r1 = *(u64 *)(r6 +0)
R6 !read_ok
processed 181 insns (limit 1000000) max_states_per_insn 1 total_states 19 peak_states 19 mark_read 8
-- END PROG LOAD LOG --
libbpf: failed to load program 'sys_exit'
libbpf: failed to load object 'syscount_bpf'
libbpf: failed to load BPF skeleton 'syscount_bpf': -13
failed to load BPF object: Permission denied
Fix this by calculating the latency and store on a local variable.
Signed-off-by: Hengqi Chen <[email protected]>
Running tcpconnect causes the following error:
...
; for (i = 0; i < filter_ports_len; i++) {
43: (7d) if r1 s>= r4 goto pc+96
R0=inv(id=0) R1_w=inv66 R2_w=map_value(id=0,off=280,ks=4,vs=280,imm=0) R3=map_value(id=0,off=0,ks=4,vs=280,imm=0) R4_w=inv(id=0,umin_value=67,umax_value=2147483647,var_off=(0x0; 0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=inv(id=0) R9=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R10=fp0 fp-80=mmmmmm??
; if (port == filter_ports[i])
44: (61) r4 = *(u32 *)(r2 +0)
R0=inv(id=0) R1_w=inv66 R2_w=map_value(id=0,off=280,ks=4,vs=280,imm=0) R3=map_value(id=0,off=0,ks=4,vs=280,imm=0) R4_w=inv(id=0,umin_value=67,umax_value=2147483647,var_off=(0x0; 0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=inv(id=0) R9=inv(id=0,umax_value=65535,var_off=(0x0; 0xffff)) R10=fp0 fp-80=mmmmmm??
invalid access to map value, value_size=280 off=280 size=4
R2 min value is outside of the array range
processed 783 insns (limit 1000000) max_states_per_insn 4 total_states 23 peak_states 23 mark_read 6
-- END PROG LOAD LOG --
libbpf: failed to load program 'tcp_v4_connect_ret'
libbpf: failed to load object 'tcpconnect_bpf'
libbpf: failed to load BPF skeleton 'tcpconnect_bpf': -13
failed to load BPF object: -13
Fix this by checking i against MAX_PORTS.
Signed-off-by: Hengqi Chen <[email protected]>
tcpconnlat uses fentry in BPF programs which may failed on old kernels which don't have BPF trampline. Let's check fentry support first and fallback to kprobe if it is not available. Signed-off-by: Hengqi Chen <[email protected]>
security_inode_create does NOT exist if CONIFG_SECURITY is not set. The tool filelife attaches to security_inode_create unconditionally and result in attach error. Fix it by checking symbol existence. Signed-off-by: Hengqi Chen <[email protected]>
After kernel commit d5869fdc189f ("block: introduce block_rq_error tracepoint"),
tracepoint block_rq_complete now shares the same argument struct as
`struct trace_event_raw_block_rq_completion` with tracepoint block_rq_error.
Because of that, now biopattern is broken because `struct trace_event_raw_block_rq_complete`
is disappeared from kernel BTF. Fix it by checking type existence.
Signed-off-by: Hengqi Chen <[email protected]>
Add pin support for xsk map. Signed-off-by: Y7n05h <[email protected]>
`bcc` does various conversions of "global address" to "module offset" and vice versa. Previous work (iovisor#1670) modified the "global address" -> "module offset" calculation in `ProcSyms::Module::contains` to account for differences between the file offset a section is loading bytes from and the requested start address (relative to the base address of the `.so`). Unfortunately that change didn't also modify "module offset" -> "global address" calculations, such as the one in bcc_resolve_global_addr. Update that calculation to account for the same. This calculation discrepancy was most apparent for us in production when trying to attach USDTs to a shared lib with differing requested start address and file offset. This patch also adds a test w/ comments describing our specific situation and demonstrating how the patch fixes the issue. Signed-off-by: Dave Marchevsky <[email protected]>
…x_so bcc/syms: Fix shared lib module offset <-> global addr conversion
This can be useful to detect diverse memory mishandling. Case at hand here is
the detection of a memory leak introduced in the past that went undetected for a while.
Currently, it may not be possible to enable it as part of the bcc CI as there is
a few existing leaks, but long term it may be beneficial to enable this as part
of the CI si bus get caught early on.
In the meantime, it is still valuable to be able to enable this in an ad-hoc manner.
Testing:
Ran the building step with:
```
docker run --privileged \
--pid=host \
-v $(pwd):/bcc \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
-v /usr/include/linux:/usr/include/linux:ro \
bcc-docker \
/bin/bash -c \
'mkdir -p /bcc/build && cd /bcc/build && \
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_LLVM_NATIVECODEGEN=OFF -DCMAKE_SANITIZE_TYPE=leak .. && make -j9'
```
Followed by a test run:
```
docker run -ti \
--privileged \
--network=host \
--pid=host \
-v $(pwd):/bcc \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
-e CTEST_OUTPUT_ON_FAILURE=1 \
bcc-docker \
/bin/bash -c \
'/bcc/build/tests/wrapper.sh \
c_test_all sudo /bcc/build/tests/cc/test_libbcc'
```
Test run shows leaks in https://gist.github.com/chantra/ef964a4805d94ea47199e9d62e2231ca
As part of iovisor@8323d74 a leak was introduced as we stopped freeing the BPFModule's `_sections` content. More specifically here. iovisor@8323d74#diff-0ff46fe17b96b8152f97d0dd402bbee0502ba2fc814cf3a35c23801f83209f84L142-L143 This shows as a leak when enabling LSAN: https://gist.github.com/chantra/ef964a4805d94ea47199e9d62e2231ca#file-test-out-L63 This diff re-introduce freeing that memory. Build the binary with LSAN support: ``` docker run --privileged \ --pid=host \ -v $(pwd):/bcc \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /lib/modules:/lib/modules:ro \ -v /usr/src:/usr/src:ro \ -v /usr/include/linux:/usr/include/linux:ro \ bcc-docker \ /bin/bash -c \ 'mkdir -p /bcc/build && cd /bcc/build && \ cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_LLVM_NATIVECODEGEN=OFF -DCMAKE_SANITIZE_TYPE=leak .. && make -j9' ``` and run the test suite ``` docker run -ti \ --privileged \ --network=host \ --pid=host \ -v $(pwd):/bcc \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /lib/modules:/lib/modules:ro \ -v /usr/src:/usr/src:ro \ -e CTEST_OUTPUT_ON_FAILURE=1 \ bcc-docker \ /bin/bash -c \ '/bcc/build/tests/wrapper.sh \ c_test_all sudo /bcc/build/tests/cc/test_libbcc' ``` LSAN output before: https://gist.github.com/chantra/ef964a4805d94ea47199e9d62e2231ca ``` grep 'Direct leak' | wc -l 43 ``` and after: https://gist.github.com/chantra/b365c8a2a36744b22dbe054ed42341a8 ``` grep 'Direct leak' | wc -l 4 ```
libbpf/libbpf@9476dce remove it from libbpf
[bcc] stop using deprecated `bpf_load_program_attr`
add slabratetop libbpf-tools
It's failing on ubuntu 18.04 only. I spent some time trying to figure out why but was unable to repro in same ubuntu test container on my host. Let's mayFail it for now so test signal is better. Signed-off-by: Dave Marchevsky <[email protected]>
…x_test tests/python: @Mayfail offcputime in py_smoke_tests
* decodes bytes to str * tools/funclatency: fix error at wrong pattern
tools: fix typos
Testing: Added a new test to test_clang that loads a program of type `CGROUP_SOCKOPT` ``` 16: . 16: ---------------------------------------------------------------------- 16: Ran 84 tests in 83.695s 16: 16: OK (skipped=4) 16: 0 16/41 Test iovisor#16: py_test_clang .................... Passed 84.14 sec ```
[py] Add support for CGROUP_SOCKOPT program type
Commit 3087c61ed2c4 ([0]) changes `TASK_COMM_LEN` from macro to enum.
With this change, we have:
field:char comm[TASK_COMM_LEN]; offset:8; size:16; signed:1;
in tracepoint format.
If users do NOT include proper headers, will result in:
/virtual/main.c:4:12: error: use of undeclared identifier 'TASK_COMM_LEN'
char comm[TASK_COMM_LEN];
^
1 error generated.
Let's handle this with BTF info.
Closes iovisor#4092.
[0]: torvalds/linux@3087c61
Signed-off-by: Hengqi Chen <[email protected]>
Added the support in libbpf.c and helpers.h for new helpers for libbpf repo. Also added these helpers in kernel-versions.md. Signed-off-by: Yonghong Song <[email protected]>
Kernel structs vary in different versions. Let's define all relying structs in core_fixes.bpf.h so that we can update vmlinux.h independently. This is a preparaton for the RISC-V support. Signed-off-by: Hengqi Chen <[email protected]>
Sometimes, I want to known total on-CPU or off-CPU time and count (same as context switch times) at a fixed interval (for example: 1s). Like iovisor#3384, This patch try to add an option -e to show extension summary (average/total/count). $ ./cpudist.py -p $(pgrep -nx mysqld) -e 1 usecs : count distribution 0 -> 1 : 4123 |************** | 2 -> 3 : 11690 |****************************************| 4 -> 7 : 1668 |***** | 8 -> 15 : 859 |** | 16 -> 31 : 618 |** | 32 -> 63 : 290 | | 64 -> 127 : 247 | | 128 -> 255 : 198 | | 256 -> 511 : 161 | | 512 -> 1023 : 370 |* | 1024 -> 2047 : 98 | | 2048 -> 4095 : 6 | | 4096 -> 8191 : 16 | | avg = 33 usecs, total: 682091 usecs, count: 20383
Sometimes, I'd only care about a single syscall rather than all syscalls. Use the --syscall option for this. # syscount -i 1 -p $(pgrep -nx mysqld) --syscall fsync -L Tracing syscall 'fsync'... Ctrl+C to quit. [13:02:24] SYSCALL COUNT TIME (us) fsync 956 2448760.979 [13:02:25] SYSCALL COUNT TIME (us) fsync 979 2387591.025 [13:02:26] SYSCALL COUNT TIME (us) fsync 845 2488404.454
There were some leaks detected when running the test suite. But for `bcc_elf_get_buildid` which did not free the elf object, the rest of the leaks were isolated in the tests themselves which did not free some resources here and there.
This diff clears those leaks. This will allow running the tests suite in the future with LSAN enabled, helping in catching possible future leaks earlier.
Ran the sanitizer using:
```
docker run --privileged \
--pid=host \
-v $(pwd):/bcc \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
-v /usr/include/linux:/usr/include/linux:ro \
bcc-docker \
/bin/bash -c \
'mkdir -p /bcc/build && cd /bcc/build && \
cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_LLVM_NATIVECODEGEN=OFF -DCMAKE_SANITIZE_TYPE=leak .. && make -j9'
```
followed by tests.
Before:
```
docker run -ti \
--privileged \
--network=host \
--pid=host \
-v $(pwd):/bcc \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
-e CTEST_OUTPUT_ON_FAILURE=1 \
bcc-docker \
/bin/bash -c \
'/bcc/build/tests/wrapper.sh \
c_test_all sudo /bcc/build/tests/cc/test_libbcc' > /tmp/out
grep 'Indirect leak' /tmp/out | wc -l
99
grep 'Direct leak' /tmp/out | wc -l
4
```
Full out file available in https://gist.github.com/chantra/caa3c6f6a274895d8743fe9e48a7c528
After:
```
docker run -ti \
--privileged \
--network=host \
--pid=host \
-v $(pwd):/bcc \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
-e CTEST_OUTPUT_ON_FAILURE=1 \
bcc-docker \
/bin/bash -c \
'/bcc/build/tests/wrapper.sh \
c_test_all sudo /bcc/build/tests/cc/test_libbcc'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test_libbcc is a Catch v1.4.0 host application.
Run with -? for options
-------------------------------------------------------------------------------
searching for modules in /proc/[pid]/maps
-------------------------------------------------------------------------------
/bcc/tests/cc/test_c_api.cc:497
...............................................................................
/bcc/tests/cc/test_c_api.cc:499: FAILED:
REQUIRE( dummy_maps != __null )
with expansion:
NULL != 0
-------------------------------------------------------------------------------
test bpf table
-------------------------------------------------------------------------------
/bcc/tests/cc/test_bpf_table.cc:24
...............................................................................
/bcc/tests/cc/test_bpf_table.cc:24: FAILED:
{Unknown expression after the reported line}
due to unexpected exception with message:
bad_function_call
-------------------------------------------------------------------------------
test bpf percpu tables
-------------------------------------------------------------------------------
/bcc/tests/cc/test_bpf_table.cc:94
...............................................................................
/bcc/tests/cc/test_bpf_table.cc:94: FAILED:
{Unknown expression after the reported line}
due to unexpected exception with message:
bad_function_call
-------------------------------------------------------------------------------
test bpf stack_id table
-------------------------------------------------------------------------------
/bcc/tests/cc/test_bpf_table.cc:227
...............................................................................
/bcc/tests/cc/test_bpf_table.cc:268: FAILED:
REQUIRE( addrs.size() > 0 )
with expansion:
0 > 0
Parse error:
4@i%ra+1r
-------^
===============================================================================
test cases: 51 | 47 passed | 1 failed | 3 failed as expected
assertions: 984 | 980 passed | 1 failed | 3 failed as expected
Failed
```
SIGIOT is an alias of SIGABRT so it's assigned to the same number.
However it caused an error in my build setup like below:
libbpf-tools/sigsnoop.c:40:8: error: initializer overrides prior
initialization of this subobject
[-Werror,-Winitializer-overrides]
[6] = "SIGIOT",
^~~~~~~~
libbpf-tools/sigsnoop.c:39:8: note: previous initialization is here
[6] = "SIGABRT",
^~~~~~~~~
1 error generated.
Anyway, it's gonna show only single entry. So let's remove the other.
In recent kernels, i.e. since commit 322cbb50de71 ("block: remove
genhd.h"), genhd.h header has been removed and its content moved to
blkdev.h. Since genhd.h has been included in blkdev.h since forever,
including blkdev instead of genhd in the mdflush tool works for both
older and newer kernel.
We need bpftool for skeleton generation only, let's build and use bootstrap
bpftool like libbpf-bootstrap does ([0]). This avoids the following errors
on old kernels:
skeleton/pid_iter.bpf.c:35:10: error: incomplete definition of type 'struct bpf_link'
return BPF_CORE_READ((struct bpf_link *)ent, id);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[0]: libbpf/libbpf-bootstrap#92
Signed-off-by: Hengqi Chen <[email protected]>
libbpf-tools: Build and use lightweight bootstrap version of bpftool
tools/mdflush: include blkdev.h instead of genhd.h
…tion libbpf-tools: tcpconnect: take source port into consideration
…#4145) Extension summary logic seems a bit redundant, try to simplify it (total already be calculated by FACTOR replacement).
Signed-off-by: Hengqi Chen <[email protected]>
With iovisor#4131 included, running the tool with -L reports the following warning: /virtual/main.c:57:28: warning: multi-character character constant [-Wmultichar] pid_key_t key = {.id = ' + pid + ', .slot = bpf_log2l(delta)}; ^ /virtual/main.c:57:28: warning: character constant too long for its type 2 warnings generated. The `pid` part should not be treated as string literal. Fix it. Signed-off-by: Hengqi Chen <[email protected]>
tools/cpudist: Fix warning introduced by recent change
oomkill: Remove trailing newline from output
With llvm15, bcc failed the compilation with the following errors:
[100%] Building CXX object tests/cc/CMakeFiles/test_libbcc.dir/test_shared_table.cc.o
/home/yhs/work/llvm-project/llvm/build/install/lib/libclangSema.a(SemaRISCVVectorLookup.cpp.o):
In function `(anonymous namespace)::RISCVIntrinsicManagerImpl::InitIntrinsicList()':
SemaRISCVVectorLookup.cpp:
(.text._ZN12_GLOBAL__N_125RISCVIntrinsicManagerImpl17InitIntrinsicListEv+0x14b):
undefined reference to `clang::RISCV::RVVIntrinsic::computeBuiltinTypes(
llvm::ArrayRef<clang::RISCV::PrototypeDescriptor>, bool, bool, bool, unsigned int)'
SemaRISCVVectorLookup.cpp:(.text._ZN12_GLOBAL__N_125RISCVIntrinsicManagerImpl17InitIntrinsicListEv+0x182):
undefined reference to `clang::RISCV::RVVIntrinsic::computeBuiltinTypes(
llvm::ArrayRef<clang::RISCV::PrototypeDescriptor>, bool, bool, bool, unsigned int)'
...
make[1]: *** [CMakeFiles/Makefile2:1110: examples/cpp/CMakeFiles/CGroupTest.dir/all] Error 2
...
The failure is due to llvm upstream patch https://reviews.llvm.org/D111617
which introduced another dependency on libclangSupport.a for bcc.
To fix the issue, I added libclangSupport in cmake file.
Signed-off-by: Yonghong Song <[email protected]>
LLVM16 patch llvm/llvm-project@b4e9977 caused bcc build failure like below: from /.../bcc/src/cc/frontends/clang/b_frontend_action.cc:23: /.../llvm-project/llvm/build/install/include/llvm/ADT/StringRef.h:96:54: error: expected ‘)’ before ‘Str’ /*implicit*/ constexpr StringRef(std::string_view Str) ~ ^~~~ ) /.../llvm-project/llvm/build/install/include/llvm/ADT/StringRef.h:239:14: error: expected type-specifier operator std::string_view() const { ^~~ LLVM build itself now is done with c++17. Let us also compile with c++17 if bcc is built with llvm16. Signed-off-by: Yonghong Song <[email protected]>
Sync with latest libbpf repo with top commit: 0667206913b3 Use checkout action in version v3 Signed-off-by: Yonghong Song <[email protected]>
* Support for kernel up to 5.19 * bcc tool updates for oomkill.py, biolatpcts.py, sslsniff.py, tcpaccept.py, etc. * libbpf tool updates for klockstat, opensnoop, tcpconnect, etc. * new bcc tools: tcpcong * new libbpf tools: tcpsynbl, mdflush, oomkill, sigsnoop * usdt: support xmm registers as args for x64 * bpftool as a submodule now * remove uses of libbpf deprecated APIs * use new llvm pass manager * support cgroup filtering libbpf tools * fix shared lib module offset <-> global addr conversion * riscv support * LoongArch support * doc update, bug fixes and other tools improvement Signed-off-by: Yonghong Song <[email protected]>
Done by remove certain suffix, and attach a 16 chars random string.
…ble and add clear individual entry to stack traces table; both for optimizing performance when continuously running the perf profiler.
…k_addr(); when set, the table entry is cleared after it is read.
one ring buffer worth of data. Signed-off-by: James Bartlett <[email protected]>
Signed-off-by: Zain Asgar <[email protected]>
JamesMBartlett
pushed a commit
that referenced
this pull request
Dec 8, 2022
…for -v option
Add additional information and change format of backtrace
- add symbol base offset, dso name, dso base offset
- symbol and dso info is included if it's available in target binary
- changed format:
INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET)
Print backtrace of ip if it failed to get syms.
Before:
# offcputime -v
psiginfo
vscanf
__snprintf_chk
[unknown]
[unknown]
[unknown]
[unknown]
[unknown]
sd_event_exit
sd_event_dispatch
sd_event_run
[unknown]
__libc_start_main
[unknown]
- systemd-journal (204)
1
xas_load
xas_find
filemap_map_pages
__handle_mm_fault
handle_mm_fault
do_page_fault
do_translation_fault
do_mem_abort
do_el0_ia_bp_hardening
el0_ia
xas_load
--
failed to get syms
- PmLogCtl (138757)
1
After:
# offcputime -v
#0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
#1 0xffffffc01009a93c el0_svc_handler+0x34
#2 0xffffffc010084a08 el0_svc+0x8
#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
--
#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14)
#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c)
#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4)
#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608)
#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4)
#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124)
iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828)
- fluent-bit (1238)
1
#0 0xffffffc01027daa4 generic_copy_file_checks+0x334
#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc
#2 0xffffffc0102baa20 handle_mm_fault+0x168
#3 0xffffffc010ad23c0 do_page_fault+0x148
#4 0xffffffc010ad27c0 do_translation_fault+0xb0
#5 0xffffffc0100816b0 do_mem_abort+0x50
#6 0xffffffc0100843b0 el0_da+0x1c
#7 0xffffffc01027daa4 generic_copy_file_checks+0x334
--
#8 0x0000007f8dc12648 [unknown]
#9 0x0000007f8dc0aef8 [unknown]
iovisor#10 0x0000007f8dc1c990 [unknown]
iovisor#11 0x0000007f8dc08b0c [unknown]
iovisor#12 0x0000007f8dc08e48 [unknown]
iovisor#13 0x0000007f8dc081c8 [unknown]
- PmLogCtl (2412)
1
Fixed: iovisor#3884
Signed-off-by: Eunseon Lee <[email protected]>
ddelnano
pushed a commit
that referenced
this pull request
Oct 9, 2024
…option
Add additional information and change format of backtrace
- add symbol base offset, dso name, dso base offset
- symbol and dso info is included if it's available in target binary
- changed format:
INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET)
before:
# ./capable -UK
TIME UID PID COMM CAP NAME AUDIT VER DICT
01:59:17 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny
cap_vm_enough_memory
security_vm_enough_memory_mm
mmap_region
do_mmap
vm_mmap_pgoff
do_syscall_64
entry_SYSCALL_64_after_hwframe
mmap64
- irqbalance (730)
After:
# ./capable -UKv
TIME UID PID COMM CAP NAME AUDIT VERDICT
01:56:37 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny
#0 0xffffffff81447dc6 cap_vm_enough_memory+0x26
#1 0xffffffff8144a94f security_vm_enough_memory_mm+0x2f
#2 0xffffffff812576e3 mmap_region+0x103
#3 0xffffffff8125837e do_mmap+0x3de
#4 0xffffffff8122c41c vm_mmap_pgoff+0xdc
#5 0xffffffff81dc3be0 do_syscall_64+0x50
#6 0xffffffff81e0011b entry_SYSCALL_64_after_hwframe+0x63
#7 0x00007f3036e9e9ca mmap64+0xa (/lib/x86_64-linux-gnu/libc-2.19.so+0xf49ca)
- irqbalance (730)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some virtual addresses in stack traces map into various modules in
/proc/<pid>/mapsthat are not expected, e.g. [heap]. In this diff, we track more sections of/proc/<pid>/mapsso that this information is not dropped and the symbolization process can find such modules.Signed-off-by: Pete Stevenson [email protected]