07:22 <ton31337> hi folks, is it possible to catch all putenv/getenv() calls with stap?

09:12 <invano> my 2 cents. you can instrument putenv/setenv in libc and then use uprobes.

09:35 <ton31337> +1

11:26 <invano> Have there been any modifications to the @cast operator recently? I remember in the past I was able to do "euid = @cast(new_cred, "cred", "kernel<linux/cred.h>")->euid->val" for example. It doesn't work anymore. Getting "semantic error: unresolved struct {...}: operator '->' at ".

13:37 <fche> could more likely relate to changes in the kernel header; maybe the struct got moved

13:45 <invano> mmhhh I can see struct cred in linux/cred.h

14:03 <fche> if in doubt, run with more -v verbosity

14:04 <fche> at some point it should be clear what's up ... my guess is maybe that header has some new prereqs (other headers you may need to manually enumerate) before stap/gcc can process it in isolation

14:30 <invano> yeah I tried both with -v and -vv wihtout anything that could help. I try again with triple v

14:37 <fche> more and more

14:37 <fche> at some point you should see the gcc invocation stap makes for that @cast() operator

15:50 <invano> -vvv nothing helpful. more than three v stap segfaults with a null pointer deref :)

15:52 <fche> ooh hey that's no good!

15:52 <fche> is that current stap? bad bad boy

15:52 <invano> I found the code segfaulting it

15:52 <invano> stap release 3.3

15:52 <fche> gdb -args stap -vvvv .... and see what's up with that?

15:52 <invano> let's switch to pvt

15:53 <mjw> pvt?

15:53 <fche> secret double-encrypted pigeon mail :)

15:54 <invano> no no fine

15:54 <invano> problem is in staptree.h in "template <typename T> void replace (T*& src, bool clearok=false)"

15:55 <invano> stap segfaults on new_src->print(std::clog) and that's triggered when verbosity > 3

15:56 <fche> new_src being null I assume

15:56 <invano> require(src, clearok) return NULL without any checks

15:56 <invano> yes

15:56 <fche> what fun. ok, can you fpaste your script just in case the problem reproduces here?

15:57 <invano> I think there is a typo in require(). there should be "if (src == NULL)" instead of "if (src != NULL)"

15:57 <invano> no bullshit

15:58 <fche> where, staptree.h line 1254 ?

15:59 <fche> I don't think so kemosabe

16:00 <fche> line 1256 would segv right away

16:00 <fche> maybe you're talking about another spot, please give its coordinates

16:00 <invano> yes yes I was on the wrong place that was bullshit

16:01 <fche> hm you probably mean line 1293/1295 in staptree.h

16:01 <fche> t

16:01 <invano> line 1254 if it's NULL it jumps directly to return

16:01 <fche> those guys should null-check the old_src / new_src

16:01 <fche> before printing them

16:01 <fche> (but I'd be curious under what conditions those input pointers are null)

16:02 <invano> wait I'm preparing a minimal test case

16:02 <fche> WAITING

16:03 <invano> ole'

16:03 <invano> stap -vvvv -p4 -e 'probe nd_syscall.* {print("Hello")}'

16:04 <invano> last (pretty cool) output I get is:

16:04 <invano> replaced {__global__struct_sockaddr_u_ipv6_flowinfo__overload_0(my_addr_uaddr, addrlen);__global__struct_sockaddr_u_ipv6_scope_id__overload_0(my_addr_uaddr, addrlen);} with Segmentation fault

16:04 <fche> (btw that works for me here)

16:05 <invano> stap --version: Systemtap translator/driver (version 3.3/0.159, non-git sources)

16:05 <fche> https://paste.fedoraproject.org/paste/TKU9Jx2BPv5SOsgWOKNNZQ <-- should fix that segv

16:06 <fche> btw s/that works for me here/that crashes for me too ... success/

16:24 <invano> there is a new segv

16:24 <invano> at if_statement::print (this=0x33ecae0, o=...) at staptree.cxx:1337

16:38 <fche> yeah nulls shouldn't really pop up too far in this process

17:55 <irker559> systemtap: fche systemtap.git:refs/heads/master * release-3.3-91-gad7ba27 / staptree.cxx staptree.h testsuite/buildok/syscalls-detailed.stp: diagnostics: handle -vvvv better for staptrees mid-elision http://tinyurl.com/y7e6d4v8

18:07 <fche> invano, you will have better luck getting a -vvvv trace with that. But the @cast stuff should appear earlier in the logs than this part, most likely

21:34 <irker559> systemtap: juddin systemtap.git:refs/heads/master * release-3.3-92-g7906889 / : PR23160,PR14690: adapt 22 more syscalls for 4.17 __ARCH_sys_FOO and sys_enter/exit http://tinyurl.com/yabyjh5c

22:38 <Miron7> This channel has been hacked by Australia's #1 hacker Simon 'eVestigator' Smith https://evestigatorsucks.com/

22:38 <Miron7> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/

22:38 <Miron7> I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/

22:38 <Miron7> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate

22:38 <Miron7> A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/

22:53 <fche> bummer