-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mismatch between type and bitfield width #4
Comments
This is fixed with clang frontend. |
Closed
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Feb 20, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#2 0xffffffc010084a08 el0_svc+0x8 iovisor#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#2 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#3 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#4 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#5 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#6 0xffffffc0100843b0 el0_da+0x1c iovisor#7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- failed to get syms iovisor#8 0x0000007f8dc12648 iovisor#9 0x0000007f8dc0aef8 iovisor#10 0x0000007f8dc1c990 iovisor#11 0x0000007f8dc08b0c iovisor#12 0x0000007f8dc08e48 iovisor#13 0x0000007f8dc081c8 - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Feb 20, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#2 0xffffffc010084a08 el0_svc+0x8 iovisor#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#2 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#3 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#4 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#5 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#6 0xffffffc0100843b0 el0_da+0x1c iovisor#7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- failed to get syms iovisor#8 0x0000007f8dc12648 iovisor#9 0x0000007f8dc0aef8 iovisor#10 0x0000007f8dc1c990 iovisor#11 0x0000007f8dc08b0c iovisor#12 0x0000007f8dc08e48 iovisor#13 0x0000007f8dc081c8 - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Mar 12, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#2 0xffffffc010084a08 el0_svc+0x8 iovisor#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#2 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#3 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#4 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#5 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#6 0xffffffc0100843b0 el0_da+0x1c iovisor#7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- iovisor#8 0x0000007f8dc12648 [unknown] iovisor#9 0x0000007f8dc0aef8 [unknown] iovisor#10 0x0000007f8dc1c990 [unknown] iovisor#11 0x0000007f8dc08b0c [unknown] iovisor#12 0x0000007f8dc08e48 [unknown] iovisor#13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Mar 17, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] [(MODULE+OFFSET)] Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#2 0xffffffc010084a08 el0_svc+0x8 iovisor#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#2 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#3 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#4 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#5 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#6 0xffffffc0100843b0 el0_da+0x1c iovisor#7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- iovisor#8 0x0000007f8dc12648 [unknown] iovisor#9 0x0000007f8dc0aef8 [unknown] iovisor#10 0x0000007f8dc1c990 [unknown] iovisor#11 0x0000007f8dc08b0c [unknown] iovisor#12 0x0000007f8dc08e48 [unknown] iovisor#13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Mar 17, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] [(MODULE+OFFSET)] Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#2 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#3 0xffffffc010084a08 el0_svc+0x8 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#2 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#3 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#4 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#5 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#6 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#7 0xffffffc0100843b0 el0_da+0x1c -- iovisor#8 0x0000007f8dc12648 [unknown] iovisor#9 0x0000007f8dc0aef8 [unknown] iovisor#10 0x0000007f8dc1c990 [unknown] iovisor#11 0x0000007f8dc08b0c [unknown] iovisor#12 0x0000007f8dc08e48 [unknown] iovisor#13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Apr 4, 2022
Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] [(MODULE+OFFSET)] Print backtrace of ip if it failed to get syms. Before: # profile -d psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # profile -d #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#2 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#3 0xffffffc010084a08 el0_svc+0x8 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#2 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#3 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#4 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#5 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#6 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#7 0xffffffc0100843b0 el0_da+0x1c -- iovisor#8 0x0000007f8dc12648 [unknown] iovisor#9 0x0000007f8dc0aef8 [unknown] iovisor#10 0x0000007f8dc1c990 [unknown] iovisor#11 0x0000007f8dc08b0c [unknown] iovisor#12 0x0000007f8dc08e48 [unknown] iovisor#13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Signed-off-by: Eunseon Lee <[email protected]>
chenhengqi
added a commit
to chenhengqi/bcc
that referenced
this issue
Apr 28, 2022
There are two pass managers in LLVM. Currently BCC uses the legacy one. Switch to the new pass manager because the legacy one will be removed in upcoming releases of LLVM. Running the following script: ``` from bcc import BPF bpf_text = ''' static int foobar() { bpf_trace_printk("enter vfs_read"); return 0; } KFUNC_PROBE(vfs_read) { return foobar(); } ''' BPF(text=bpf_text, debug=1) ``` The IR output is the same with or without this change using LLVM 15: ; ModuleID = 'sscanf' source_filename = "sscanf" ; ModuleID = '/virtual/main.c' source_filename = "/virtual/main.c" target datalayout = "e-m:e-p:64:64-i64:64-i128:128-n32:64-S128" target triple = "bpf-pc-linux" @_version = dso_local global i32 332032, section "version", align 4, !dbg !0 @_license = dso_local global [4 x i8] c"GPL\00", section "license", align 1, !dbg !5 @__const.foobar._fmt = private unnamed_addr constant [15 x i8] c"enter vfs_read\00", align 1 @llvm.compiler.used = appending global [2 x ptr] [ptr @_license, ptr @_version], section "llvm.metadata" ; Function Attrs: alwaysinline nounwind define dso_local i32 @kfunc__vfs_read(ptr nocapture noundef readnone %0) local_unnamed_addr #0 section ".bpf.fn.kfunc__vfs_read" !dbg !33 { %2 = alloca [15 x i8], align 1 call void @llvm.dbg.value(metadata ptr %0, metadata !39, metadata !DIExpression()), !dbg !41 call void @llvm.dbg.value(metadata ptr undef, metadata !42, metadata !DIExpression()) iovisor#4, !dbg !45 call void @llvm.lifetime.start.p0(i64 15, ptr nonnull %2) iovisor#4, !dbg !47 call void @llvm.dbg.declare(metadata ptr %2, metadata !53, metadata !DIExpression()) iovisor#4, !dbg !58 call void @llvm.memcpy.p0.p0.i64(ptr noundef nonnull align 1 dereferenceable(15) %2, ptr noundef nonnull align 1 dereferenceable(15) @__const.foobar._fmt, i64 15, i1 false) iovisor#4, !dbg !58 %3 = call i32 (ptr, i64, ...) inttoptr (i64 6 to ptr)(ptr noundef nonnull %2, i64 noundef 15) iovisor#4, !dbg !59 call void @llvm.lifetime.end.p0(i64 15, ptr nonnull %2) iovisor#4, !dbg !60 call void @llvm.dbg.value(metadata i32 0, metadata !40, metadata !DIExpression()), !dbg !41 ret i32 0, !dbg !61 } ; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn declare void @llvm.dbg.declare(metadata, metadata, metadata) #1 ; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn declare void @llvm.lifetime.start.p0(i64 immarg, ptr nocapture) iovisor#2 ; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn declare void @llvm.lifetime.end.p0(i64 immarg, ptr nocapture) iovisor#2 ; Function Attrs: alwaysinline argmemonly mustprogress nofree nounwind willreturn declare void @llvm.memcpy.p0.p0.i64(ptr noalias nocapture writeonly, ptr noalias nocapture readonly, i64, i1 immarg) iovisor#3 ; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn declare void @llvm.dbg.value(metadata, metadata, metadata) #1 attributes #0 = { alwaysinline nounwind "frame-pointer"="none" "min-legal-vector-width"="0" "no-jump-tables"="true" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" } attributes #1 = { alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn } attributes iovisor#2 = { alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn } attributes iovisor#3 = { alwaysinline argmemonly mustprogress nofree nounwind willreturn } attributes iovisor#4 = { nounwind } !llvm.dbg.cu = !{!2} !llvm.module.flags = !{!27, !28, !29, !30, !31} !llvm.ident = !{!32} !0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression()) !1 = distinct !DIGlobalVariable(name: "_version", scope: !2, file: !14, line: 526, type: !26, isLocal: false, isDefinition: true) !2 = distinct !DICompileUnit(language: DW_LANG_C99, file: !3, producer: "Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435", isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, globals: !4, splitDebugInlining: false, nameTableKind: None) !3 = !DIFile(filename: "/virtual/main.c", directory: "/home/ubuntu/sources/bpf-next") !4 = !{!0, !5, !12} !5 = !DIGlobalVariableExpression(var: !6, expr: !DIExpression()) !6 = distinct !DIGlobalVariable(name: "_license", scope: !2, file: !7, line: 26, type: !8, isLocal: false, isDefinition: true) !7 = !DIFile(filename: "/virtual/include/bcc/footer.h", directory: "") !8 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 32, elements: !10) !9 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char) !10 = !{!11} !11 = !DISubrange(count: 4) !12 = !DIGlobalVariableExpression(var: !13, expr: !DIExpression()) !13 = distinct !DIGlobalVariable(name: "bpf_trace_printk_", scope: !2, file: !14, line: 542, type: !15, isLocal: true, isDefinition: true) !14 = !DIFile(filename: "/virtual/include/bcc/helpers.h", directory: "") !15 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !16, size: 64) !16 = !DISubroutineType(types: !17) !17 = !{!18, !19, !21, null} !18 = !DIBasicType(name: "int", size: 32, encoding: DW_ATE_signed) !19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64) !20 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !9) !21 = !DIDerivedType(tag: DW_TAG_typedef, name: "u64", file: !22, line: 23, baseType: !23) !22 = !DIFile(filename: "include/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next") !23 = !DIDerivedType(tag: DW_TAG_typedef, name: "__u64", file: !24, line: 31, baseType: !25) !24 = !DIFile(filename: "include/uapi/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next") !25 = !DIBasicType(name: "unsigned long long", size: 64, encoding: DW_ATE_unsigned) !26 = !DIBasicType(name: "unsigned int", size: 32, encoding: DW_ATE_unsigned) !27 = !{i32 7, !"Dwarf Version", i32 4} !28 = !{i32 2, !"Debug Info Version", i32 3} !29 = !{i32 1, !"wchar_size", i32 4} !30 = !{i32 7, !"PIC Level", i32 2} !31 = !{i32 7, !"PIE Level", i32 2} !32 = !{!"Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435"} !33 = distinct !DISubprogram(name: "kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 23, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !38) !34 = !DIFile(filename: "/virtual/main.c", directory: "") !35 = !DISubroutineType(types: !36) !36 = !{!18, !37} !37 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !25, size: 64) !38 = !{!39, !40} !39 = !DILocalVariable(name: "ctx", arg: 1, scope: !33, file: !34, line: 23, type: !37) !40 = !DILocalVariable(name: "__ret", scope: !33, file: !34, line: 23, type: !18) !41 = !DILocation(line: 0, scope: !33) !42 = !DILocalVariable(name: "ctx", arg: 1, scope: !43, file: !34, line: 23, type: !37) !43 = distinct !DISubprogram(name: "____kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 24, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !44) !44 = !{!42} !45 = !DILocation(line: 0, scope: !43, inlinedAt: !46) !46 = distinct !DILocation(line: 23, column: 1, scope: !33) !47 = !DILocation(line: 15, column: 5, scope: !48, inlinedAt: !57) !48 = distinct !DILexicalBlock(scope: !49, file: !34, line: 15, column: 3) !49 = distinct !DISubprogram(name: "foobar", scope: !34, file: !34, line: 13, type: !50, scopeLine: 14, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !52) !50 = !DISubroutineType(types: !51) !51 = !{!18} !52 = !{!53} !53 = !DILocalVariable(name: "_fmt", scope: !48, file: !34, line: 15, type: !54) !54 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 120, elements: !55) !55 = !{!56} !56 = !DISubrange(count: 15) !57 = distinct !DILocation(line: 25, column: 9, scope: !43, inlinedAt: !46) !58 = !DILocation(line: 15, column: 10, scope: !48, inlinedAt: !57) !59 = !DILocation(line: 15, column: 37, scope: !48, inlinedAt: !57) !60 = !DILocation(line: 15, column: 76, scope: !49, inlinedAt: !57) !61 = !DILocation(line: 23, column: 1, scope: !33) Closes iovisor#3947. References: [0]: https://llvm.org/docs/NewPassManager.html [1]: https://blog.llvm.org/posts/2021-03-26-the-new-pass-manager/ Signed-off-by: Hengqi Chen <[email protected]>
yonghong-song
pushed a commit
that referenced
this issue
May 2, 2022
There are two pass managers in LLVM. Currently BCC uses the legacy one. Switch to the new pass manager because the legacy one will be removed in upcoming releases of LLVM. Running the following script: ``` from bcc import BPF bpf_text = ''' static int foobar() { bpf_trace_printk("enter vfs_read"); return 0; } KFUNC_PROBE(vfs_read) { return foobar(); } ''' BPF(text=bpf_text, debug=1) ``` The IR output is the same with or without this change using LLVM 15: ; ModuleID = 'sscanf' source_filename = "sscanf" ; ModuleID = '/virtual/main.c' source_filename = "/virtual/main.c" target datalayout = "e-m:e-p:64:64-i64:64-i128:128-n32:64-S128" target triple = "bpf-pc-linux" @_version = dso_local global i32 332032, section "version", align 4, !dbg !0 @_license = dso_local global [4 x i8] c"GPL\00", section "license", align 1, !dbg !5 @__const.foobar._fmt = private unnamed_addr constant [15 x i8] c"enter vfs_read\00", align 1 @llvm.compiler.used = appending global [2 x ptr] [ptr @_license, ptr @_version], section "llvm.metadata" ; Function Attrs: alwaysinline nounwind define dso_local i32 @kfunc__vfs_read(ptr nocapture noundef readnone %0) local_unnamed_addr #0 section ".bpf.fn.kfunc__vfs_read" !dbg !33 { %2 = alloca [15 x i8], align 1 call void @llvm.dbg.value(metadata ptr %0, metadata !39, metadata !DIExpression()), !dbg !41 call void @llvm.dbg.value(metadata ptr undef, metadata !42, metadata !DIExpression()) #4, !dbg !45 call void @llvm.lifetime.start.p0(i64 15, ptr nonnull %2) #4, !dbg !47 call void @llvm.dbg.declare(metadata ptr %2, metadata !53, metadata !DIExpression()) #4, !dbg !58 call void @llvm.memcpy.p0.p0.i64(ptr noundef nonnull align 1 dereferenceable(15) %2, ptr noundef nonnull align 1 dereferenceable(15) @__const.foobar._fmt, i64 15, i1 false) #4, !dbg !58 %3 = call i32 (ptr, i64, ...) inttoptr (i64 6 to ptr)(ptr noundef nonnull %2, i64 noundef 15) #4, !dbg !59 call void @llvm.lifetime.end.p0(i64 15, ptr nonnull %2) #4, !dbg !60 call void @llvm.dbg.value(metadata i32 0, metadata !40, metadata !DIExpression()), !dbg !41 ret i32 0, !dbg !61 } ; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn declare void @llvm.dbg.declare(metadata, metadata, metadata) #1 ; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn declare void @llvm.lifetime.start.p0(i64 immarg, ptr nocapture) #2 ; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn declare void @llvm.lifetime.end.p0(i64 immarg, ptr nocapture) #2 ; Function Attrs: alwaysinline argmemonly mustprogress nofree nounwind willreturn declare void @llvm.memcpy.p0.p0.i64(ptr noalias nocapture writeonly, ptr noalias nocapture readonly, i64, i1 immarg) #3 ; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn declare void @llvm.dbg.value(metadata, metadata, metadata) #1 attributes #0 = { alwaysinline nounwind "frame-pointer"="none" "min-legal-vector-width"="0" "no-jump-tables"="true" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" } attributes #1 = { alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn } attributes #2 = { alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn } attributes #3 = { alwaysinline argmemonly mustprogress nofree nounwind willreturn } attributes #4 = { nounwind } !llvm.dbg.cu = !{!2} !llvm.module.flags = !{!27, !28, !29, !30, !31} !llvm.ident = !{!32} !0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression()) !1 = distinct !DIGlobalVariable(name: "_version", scope: !2, file: !14, line: 526, type: !26, isLocal: false, isDefinition: true) !2 = distinct !DICompileUnit(language: DW_LANG_C99, file: !3, producer: "Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435", isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, globals: !4, splitDebugInlining: false, nameTableKind: None) !3 = !DIFile(filename: "/virtual/main.c", directory: "/home/ubuntu/sources/bpf-next") !4 = !{!0, !5, !12} !5 = !DIGlobalVariableExpression(var: !6, expr: !DIExpression()) !6 = distinct !DIGlobalVariable(name: "_license", scope: !2, file: !7, line: 26, type: !8, isLocal: false, isDefinition: true) !7 = !DIFile(filename: "/virtual/include/bcc/footer.h", directory: "") !8 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 32, elements: !10) !9 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char) !10 = !{!11} !11 = !DISubrange(count: 4) !12 = !DIGlobalVariableExpression(var: !13, expr: !DIExpression()) !13 = distinct !DIGlobalVariable(name: "bpf_trace_printk_", scope: !2, file: !14, line: 542, type: !15, isLocal: true, isDefinition: true) !14 = !DIFile(filename: "/virtual/include/bcc/helpers.h", directory: "") !15 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !16, size: 64) !16 = !DISubroutineType(types: !17) !17 = !{!18, !19, !21, null} !18 = !DIBasicType(name: "int", size: 32, encoding: DW_ATE_signed) !19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64) !20 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !9) !21 = !DIDerivedType(tag: DW_TAG_typedef, name: "u64", file: !22, line: 23, baseType: !23) !22 = !DIFile(filename: "include/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next") !23 = !DIDerivedType(tag: DW_TAG_typedef, name: "__u64", file: !24, line: 31, baseType: !25) !24 = !DIFile(filename: "include/uapi/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next") !25 = !DIBasicType(name: "unsigned long long", size: 64, encoding: DW_ATE_unsigned) !26 = !DIBasicType(name: "unsigned int", size: 32, encoding: DW_ATE_unsigned) !27 = !{i32 7, !"Dwarf Version", i32 4} !28 = !{i32 2, !"Debug Info Version", i32 3} !29 = !{i32 1, !"wchar_size", i32 4} !30 = !{i32 7, !"PIC Level", i32 2} !31 = !{i32 7, !"PIE Level", i32 2} !32 = !{!"Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435"} !33 = distinct !DISubprogram(name: "kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 23, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !38) !34 = !DIFile(filename: "/virtual/main.c", directory: "") !35 = !DISubroutineType(types: !36) !36 = !{!18, !37} !37 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !25, size: 64) !38 = !{!39, !40} !39 = !DILocalVariable(name: "ctx", arg: 1, scope: !33, file: !34, line: 23, type: !37) !40 = !DILocalVariable(name: "__ret", scope: !33, file: !34, line: 23, type: !18) !41 = !DILocation(line: 0, scope: !33) !42 = !DILocalVariable(name: "ctx", arg: 1, scope: !43, file: !34, line: 23, type: !37) !43 = distinct !DISubprogram(name: "____kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 24, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !44) !44 = !{!42} !45 = !DILocation(line: 0, scope: !43, inlinedAt: !46) !46 = distinct !DILocation(line: 23, column: 1, scope: !33) !47 = !DILocation(line: 15, column: 5, scope: !48, inlinedAt: !57) !48 = distinct !DILexicalBlock(scope: !49, file: !34, line: 15, column: 3) !49 = distinct !DISubprogram(name: "foobar", scope: !34, file: !34, line: 13, type: !50, scopeLine: 14, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !52) !50 = !DISubroutineType(types: !51) !51 = !{!18} !52 = !{!53} !53 = !DILocalVariable(name: "_fmt", scope: !48, file: !34, line: 15, type: !54) !54 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 120, elements: !55) !55 = !{!56} !56 = !DISubrange(count: 15) !57 = distinct !DILocation(line: 25, column: 9, scope: !43, inlinedAt: !46) !58 = !DILocation(line: 15, column: 10, scope: !48, inlinedAt: !57) !59 = !DILocation(line: 15, column: 37, scope: !48, inlinedAt: !57) !60 = !DILocation(line: 15, column: 76, scope: !49, inlinedAt: !57) !61 = !DILocation(line: 23, column: 1, scope: !33) Closes #3947. References: [0]: https://llvm.org/docs/NewPassManager.html [1]: https://blog.llvm.org/posts/2021-03-26-the-new-pass-manager/ Signed-off-by: Hengqi Chen <[email protected]>
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Oct 19, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Oct 22, 2022
…for -v option Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) Print backtrace of ip if it failed to get syms. Before: # offcputime -v psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # offcputime -v #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 iovisor#1 0xffffffc01009a93c el0_svc_handler+0x34 iovisor#2 0xffffffc010084a08 el0_svc+0x8 iovisor#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- iovisor#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) iovisor#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) iovisor#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) iovisor#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) iovisor#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) iovisor#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) iovisor#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 iovisor#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc iovisor#2 0xffffffc0102baa20 handle_mm_fault+0x168 iovisor#3 0xffffffc010ad23c0 do_page_fault+0x148 iovisor#4 0xffffffc010ad27c0 do_translation_fault+0xb0 iovisor#5 0xffffffc0100816b0 do_mem_abort+0x50 iovisor#6 0xffffffc0100843b0 el0_da+0x1c iovisor#7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- iovisor#8 0x0000007f8dc12648 [unknown] iovisor#9 0x0000007f8dc0aef8 [unknown] iovisor#10 0x0000007f8dc1c990 [unknown] iovisor#11 0x0000007f8dc08b0c [unknown] iovisor#12 0x0000007f8dc08e48 [unknown] iovisor#13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Fixed: iovisor#3884 Signed-off-by: Eunseon Lee <[email protected]>
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Oct 24, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Oct 24, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Oct 24, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
yonghong-song
pushed a commit
that referenced
this issue
Oct 27, 2022
…for -v option Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) Print backtrace of ip if it failed to get syms. Before: # offcputime -v psiginfo vscanf __snprintf_chk [unknown] [unknown] [unknown] [unknown] [unknown] sd_event_exit sd_event_dispatch sd_event_run [unknown] __libc_start_main [unknown] - systemd-journal (204) 1 xas_load xas_find filemap_map_pages __handle_mm_fault handle_mm_fault do_page_fault do_translation_fault do_mem_abort do_el0_ia_bp_hardening el0_ia xas_load -- failed to get syms - PmLogCtl (138757) 1 After: # offcputime -v #0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 #1 0xffffffc01009a93c el0_svc_handler+0x34 #2 0xffffffc010084a08 el0_svc+0x8 #3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0 -- #4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14) #5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c) #6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4) #7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608) #8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4) #9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124) #10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828) - fluent-bit (1238) 1 #0 0xffffffc01027daa4 generic_copy_file_checks+0x334 #1 0xffffffc0102ba634 __handle_mm_fault+0x8dc #2 0xffffffc0102baa20 handle_mm_fault+0x168 #3 0xffffffc010ad23c0 do_page_fault+0x148 #4 0xffffffc010ad27c0 do_translation_fault+0xb0 #5 0xffffffc0100816b0 do_mem_abort+0x50 #6 0xffffffc0100843b0 el0_da+0x1c #7 0xffffffc01027daa4 generic_copy_file_checks+0x334 -- #8 0x0000007f8dc12648 [unknown] #9 0x0000007f8dc0aef8 [unknown] #10 0x0000007f8dc1c990 [unknown] #11 0x0000007f8dc08b0c [unknown] #12 0x0000007f8dc08e48 [unknown] #13 0x0000007f8dc081c8 [unknown] - PmLogCtl (2412) 1 Fixed: #3884 Signed-off-by: Eunseon Lee <[email protected]>
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Nov 7, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument doublefree -k # Detect doublefree on kernel -k, --kernel Kernel threads only (no user threads) -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Nov 7, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument doublefree -k # Detect doublefree on kernel -k, --kernel Kernel threads only (no user threads) -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Nov 9, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument doublefree -k # Detect doublefree on kernel -k, --kernel Kernel threads only (no user threads) -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Nov 21, 2022
doublefree tool can detect double free on user space Usage: doublefree [OPTION...] Detect and report double free error. Either -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument doublefree -k # Detect doublefree on kernel -k, --kernel Kernel threads only (no user threads) -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report example: $ ~/test/doublefree_generator & [1] 48310 $ sudo ./doublefree -p 48310 Warn: Is this process alive? pid: 48310 Found double free... Allocation happended on: stack_id: 50292 iovisor#1 0x0055b302c34219 foo iovisor#2 0x0055b302c341d0 main iovisor#3 0x007f5d6379dd90 __libc_init_first First deallocation happended on: stack_id: 57265 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c341ea main iovisor#3 0x007f5d6379dd90 __libc_init_first Second deallocation happended on: stack_id: 2974 iovisor#1 0x007f5d63819460 free iovisor#2 0x0055b302c342eb baz iovisor#3 0x0055b302c34200 main iovisor#4 0x007f5d6379dd90 __libc_init_first Source code of test program: $ cat Makefile OBJ = doublefree_generator.o foobar.o baz.o TARGET = doublefree_generator all: clean $(TARGET) $(TARGET): $(OBJ) gcc -o $@ $^ %.o: %.c gcc -c $< -o $@ clean: rm -f $(OBJ) $(TARGET) $ cat doublefree_generator.c \#include <unistd.h> \#include "foobar.h" \#include "baz.h" int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; baz(val); return 0; } $ cat foobar.h \#include <stdio.h> int* foo(); void bar(int* p); $ cat foobar.c \#include <stdlib.h> \#include "foobar.h" int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { printf("bar: %p\n", p); free(p); } $ cat baz.h \#include <stdio.h> void baz(int* p); $ cat baz.c \#include <stdlib.h> \#include <stdbool.h> \#include "baz.h" void func(int* p) { while (true) { if (p != NULL) { printf("free %d\n", *p); free(p); break; } } } void baz(int* p) { printf("baz: %p\n", p); printf("bazz: %d\n", *p); func(p); }
This was referenced Jan 10, 2023
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Dec 21, 2023
Add doublefree tool to detect double free. It could detect user level double free error currently and can be expanded to detect kernel level double free error. Followings are the usage and example. Usage: $ ./doublefree --help Usage: doublefree [OPTION...] Detect and report double free error. -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Example: $ cat doublefree_generator.c \#include <unistd.h> \#include <stdlib.h> int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { free(p); } int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; bar(val); return 0; } $ gcc doublefree_generator.c $ ./a.out & [1] 5718 $ sudo ./doublefree -p 5718 2023-Dec-21 10:29:01 WARN Is this process alive? pid: 5718 iovisor#1 Found double free... Allocation happended on stack_id: 19655 iovisor#1 0x0000557abf0824 foo+0x10 (/home/bojun/test/doublefree_generator/a.out+0x824) iovisor#2 0x0000557abf0868 main+0x1c (/home/bojun/test/doublefree_generator/a.out+0x868) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) First deallocation happended on stack_id: 52798 iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) iovisor#2 0x0000557abf0880 main+0x34 (/home/bojun/test/doublefree_generator/a.out+0x880) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) Second deallocation happended on stack_id: 14228 iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) iovisor#2 0x0000557abf0894 main+0x48 (/home/bojun/test/doublefree_generator/a.out+0x894) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730)
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Dec 21, 2023
Add doublefree tool to detect double free. It could detect user level double free error currently and can be expanded to detect kernel level double free error. Followings are the usage and example. Usage: $ ./doublefree --help Usage: doublefree [OPTION...] Detect and report double free error. -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Example: $ cat doublefree_generator.c \#include <unistd.h> \#include <stdlib.h> int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { free(p); } int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; bar(val); return 0; } $ gcc doublefree_generator.c $ ./a.out & [1] 5718 $ sudo ./doublefree -p 5718 2023-Dec-21 10:29:01 WARN Is this process alive? pid: 5718 \iovisor#1 Found double free... Allocation happended on stack_id: 19655 \iovisor#1 0x0000557abf0824 foo+0x10 (/home/bojun/test/doublefree_generator/a.out+0x824) \iovisor#2 0x0000557abf0868 main+0x1c (/home/bojun/test/doublefree_generator/a.out+0x868) \iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) \iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) \iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) First deallocation happended on stack_id: 52798 \iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) \iovisor#2 0x0000557abf0880 main+0x34 (/home/bojun/test/doublefree_generator/a.out+0x880) \iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) \iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) \iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) Second deallocation happended on stack_id: 14228 \iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) \iovisor#2 0x0000557abf0894 main+0x48 (/home/bojun/test/doublefree_generator/a.out+0x894) \iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) \iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) \iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730)
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Dec 21, 2023
Add doublefree tool to detect double free. It could detect user level double free error currently and can be expanded to detect kernel level double free error. Followings are the usage and example. Usage: $ ./doublefree --help Usage: doublefree [OPTION...] Detect and report double free error. -c or -p is a mandatory option EXAMPLES: doublefree -p 1234 # Detect doublefree on process id 1234 doublefree -c a.out # Detect doublefree on a.out doublefree -c 'a.out arg' # Detect doublefree on a.out with argument doublefree -c "a.out arg" # Detect doublefree on a.out with argument -c, --command=COMMAND Execute and trace the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Set pid -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Example: $ cat doublefree_generator.c #include <unistd.h> #include <stdlib.h> int* foo() { return (int*)malloc(sizeof(int)); } void bar(int* p) { free(p); } int main(int argc, char* argv[]) { sleep(50); int *val = foo(); *val = 33; bar(val); *val = 84; bar(val); return 0; } $ gcc doublefree_generator.c $ ./a.out & [1] 5718 $ sudo ./doublefree -p 5718 2023-Dec-21 10:29:01 WARN Is this process alive? pid: 5718 iovisor#1 Found double free... Allocation happended on stack_id: 19655 iovisor#1 0x0000557abf0824 foo+0x10 (/home/bojun/test/doublefree_generator/a.out+0x824) iovisor#2 0x0000557abf0868 main+0x1c (/home/bojun/test/doublefree_generator/a.out+0x868) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) First deallocation happended on stack_id: 52798 iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) iovisor#2 0x0000557abf0880 main+0x34 (/home/bojun/test/doublefree_generator/a.out+0x880) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730) Second deallocation happended on stack_id: 14228 iovisor#1 0x00007f9911f614 free+0 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x8f614) iovisor#2 0x0000557abf0894 main+0x48 (/home/bojun/test/doublefree_generator/a.out+0x894) iovisor#3 0x00007f990b7780 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27780) iovisor#4 0x00007f990b7858 __libc_start_main+0x98 (/usr/lib/aarch64-linux-gnu/libc.so.6+0x27858) iovisor#5 0x0000557abf0730 _start+0x30 (/home/bojun/test/doublefree_generator/a.out+0x730)
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
May 22, 2024
Add leaksanitizer(lsan) feature on libbpf-tools lsan feature originally comes from llvm-project https://github.com/llvm/llvm-project cvector.h comes from c-vector project commit d3f3156373b0587336ac7ee1568755d6cf93dd39 https://github.com/eteran/c-vector uthash.h comes from uthash project commit bf15263081be6229be31addd48566df93921cb46 https://github.com/troydhanson/uthash This tool detect and report unreachable memory periodically USAGE: $ ./lsan -h Usage: lsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: lsan -p 1234 # Detect leaks on process id 1234 lsan -c a.out # Detect leaks on a.out lsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./lsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
ekyooo
added a commit
to ekyooo/bcc
that referenced
this issue
Jun 5, 2024
…option Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) before: # ./capable -UK TIME UID PID COMM CAP NAME AUDIT VER DICT 01:59:17 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny cap_vm_enough_memory security_vm_enough_memory_mm mmap_region do_mmap vm_mmap_pgoff do_syscall_64 entry_SYSCALL_64_after_hwframe mmap64 - irqbalance (730) After: # ./capable -UKv TIME UID PID COMM CAP NAME AUDIT VERDICT 01:56:37 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny #0 0xffffffff81447dc6 cap_vm_enough_memory+0x26 iovisor#1 0xffffffff8144a94f security_vm_enough_memory_mm+0x2f iovisor#2 0xffffffff812576e3 mmap_region+0x103 iovisor#3 0xffffffff8125837e do_mmap+0x3de iovisor#4 0xffffffff8122c41c vm_mmap_pgoff+0xdc iovisor#5 0xffffffff81dc3be0 do_syscall_64+0x50 iovisor#6 0xffffffff81e0011b entry_SYSCALL_64_after_hwframe+0x63 iovisor#7 0x00007f3036e9e9ca mmap64+0xa (/lib/x86_64-linux-gnu/libc-2.19.so+0xf49ca) - irqbalance (730)
yonghong-song
pushed a commit
that referenced
this issue
Jun 16, 2024
…option Add additional information and change format of backtrace - add symbol base offset, dso name, dso base offset - symbol and dso info is included if it's available in target binary - changed format: INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET) before: # ./capable -UK TIME UID PID COMM CAP NAME AUDIT VER DICT 01:59:17 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny cap_vm_enough_memory security_vm_enough_memory_mm mmap_region do_mmap vm_mmap_pgoff do_syscall_64 entry_SYSCALL_64_after_hwframe mmap64 - irqbalance (730) After: # ./capable -UKv TIME UID PID COMM CAP NAME AUDIT VERDICT 01:56:37 0 730 irqbalance 21 CAP_SYS_ADMIN 0 deny #0 0xffffffff81447dc6 cap_vm_enough_memory+0x26 #1 0xffffffff8144a94f security_vm_enough_memory_mm+0x2f #2 0xffffffff812576e3 mmap_region+0x103 #3 0xffffffff8125837e do_mmap+0x3de #4 0xffffffff8122c41c vm_mmap_pgoff+0xdc #5 0xffffffff81dc3be0 do_syscall_64+0x50 #6 0xffffffff81e0011b entry_SYSCALL_64_after_hwframe+0x63 #7 0x00007f3036e9e9ca mmap64+0xa (/lib/x86_64-linux-gnu/libc-2.19.so+0xf49ca) - irqbalance (730)
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Jul 31, 2024
Add leaksanitizer(lsan) feature on libbpf-tools lsan feature originally comes from llvm-project https://github.com/llvm/llvm-project cvector.h comes from c-vector project commit d3f3156373b0587336ac7ee1568755d6cf93dd39 https://github.com/eteran/c-vector uthash.h comes from uthash project commit bf15263081be6229be31addd48566df93921cb46 https://github.com/troydhanson/uthash This tool detect and report unreachable memory periodically USAGE: $ ./lsan -h Usage: lsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: lsan -p 1234 # Detect leaks on process id 1234 lsan -c a.out # Detect leaks on a.out lsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./lsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Jul 31, 2024
Add leaksanitizer(lsan) feature on libbpf-tools lsan feature originally comes from llvm-project https://github.com/llvm/llvm-project This tool detect and report unreachable memory periodically USAGE: $ ./lsan -h Usage: lsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: lsan -p 1234 # Detect leaks on process id 1234 lsan -c a.out # Detect leaks on a.out lsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./lsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Aug 1, 2024
Add leaksanitizer(lsan) feature on libbpf-tools lsan feature originally comes from llvm-project https://github.com/llvm/llvm-project This tool detect and report unreachable memory periodically USAGE: $ ./lsan -h Usage: lsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: lsan -p 1234 # Detect leaks on process id 1234 lsan -c a.out # Detect leaks on a.out lsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./lsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Aug 8, 2024
Add leaksanitizer(lsan) feature on libbpf-tools lsan feature originally comes from llvm-project https://github.com/llvm/llvm-project This tool detect and report unreachable memory periodically USAGE: $ ./lsan -h Usage: lsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: lsan -p 1234 # Detect leaks on process id 1234 lsan -c a.out # Detect leaks on a.out lsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./lsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/lsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/lsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/lsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Aug 27, 2024
Add ALSan(Attachable Leak Sanitizer) feature on libbpf-tools ALSan feature originally comes from the llvm-project lsan https://github.com/llvm/llvm-project This tool detect and report unreachable memory periodically USAGE: $ ./alsan -h Usage: alsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: alsan -p 1234 # Detect leaks on process id 1234 alsan -c a.out # Detect leaks on a.out alsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./alsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/alsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/alsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/alsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/alsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/alsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/alsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Bojun-Seo
added a commit
to Bojun-Seo/bcc
that referenced
this issue
Aug 27, 2024
Add ALSan(Attachable Leak Sanitizer) feature on libbpf-tools ALSan feature originally comes from the llvm-project lsan https://github.com/llvm/llvm-project This tool detect and report unreachable memory periodically USAGE: $ ./alsan -h Usage: alsan [OPTION...] Detect memory leak resulting from unreachable pointers. Either -c or -p is a mandatory option EXAMPLES: alsan -p 1234 # Detect leaks on process id 1234 alsan -c a.out # Detect leaks on a.out alsan -c 'a.out arg' # Detect leaks on a.out with argument -c, --command=COMMAND Execute and detect memory leak on the specified command -i, --interval=INTERVAL Set interval in second to detect leak -p, --pid=PID Detect memory leak on the specified process -s, --suppressions=SUPPRESSIONS Suppressions file name -T, --top=TOP Report only specified amount of backtraces -v, --verbose Verbose debug output -w, --stop-the-world Stop the target process during tracing -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. Report bugs to https://github.com/iovisor/bcc/tree/master/libbpf-tools. Report example: $ sudo ./alsan -p 28346 [2024-05-22 14:44:58] Print leaks: 44 bytes direct leak found in 1 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/alsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/alsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/alsan/libbpf-tools/a.out+0x1105) [2024-05-22 14:45:08] Print leaks: 132 bytes direct leak found in 3 allocations from stack id(57214) iovisor#1 0x00583bca1b2250 baz+0x1c (/home/bojun/alsan/libbpf-tools/a.out+0x1250) iovisor#2 0x00583bca1b22d7 main+0x73 (/home/bojun/alsan/libbpf-tools/a.out+0x12d7) iovisor#3 0x007470c7c2a1ca [unknown] (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a1ca) iovisor#4 0x007470c7c2a28b __libc_start_main+0x8b (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a28b) iovisor#5 0x00583bca1b2105 _start+0x25 (/home/bojun/alsan/libbpf-tools/a.out+0x1105) Source code of test program: $ cat leak_test.c #include <stdlib.h> #include <unistd.h> int *arr[10000]; int *foo(size_t size) { int *tmp = malloc(size); *tmp = 99; return tmp; } int *bar(size_t nmemb, size_t size) { int *tmp = calloc(nmemb, size); *tmp = 22; return tmp; } int *baz(size_t size) { int *tmp = valloc(size); *tmp = 11; return tmp; } int main(int argc, char* argv[]) { int *a; int i = 0; while (1) { a = foo(4); arr[i++] = a; a = bar(4, 4); free(a); a = baz(44); sleep(5); } return 0; }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I added the arp support in proto.h as below:
state ethernet {
switch $ethernet.type {
case 0x0800 {
next proto::ip;
};
case 0x0806 {
next proto::arp;
};
case 0x8100 {
next proto::dot1q;
};
case * {
goto EOP;
};
}
}
struct arp {
u8 htype:16;
u8 ptype:16;
u32 hlen:8;
u32 plen:8;
u32 oper:16;
u32 sha:48;
u32 spa:32;
u64 tha:48;
u32 tpa:32;
};
state arp {
goto EOP;
}
No compiler warning/error is given at this point.
Notice that there are some mismatch between type and bitfield width.
The text was updated successfully, but these errors were encountered: