fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
khaled has quit [Quit: Konversation terminated!]
khaled has joined #systemtap
khaled has quit [Quit: Konversation terminated!]
derek0883 has joined #systemtap
hpt has joined #systemtap
zodbot has quit [Remote host closed the connection]
zodbot has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
orivej has quit [Ping timeout: 240 seconds]
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
_whitelogger has joined #systemtap
derek0883 has quit [Remote host closed the connection]
khaled has joined #systemtap
hpt has quit [Ping timeout: 260 seconds]
hpt has joined #systemtap
hpt has quit [Ping timeout: 256 seconds]
orivej has joined #systemtap
khaled has quit [Remote host closed the connection]
khaled has joined #systemtap
khaled has quit [Remote host closed the connection]
khaled has joined #systemtap
lzap has joined #systemtap
<lzap> hello, I am trying a trivial example on F33 (syscall.open) and I am getting weird error
<lzap> unresolved target-symbol expression: identifier '$filename' at int-access.stp:7:28
<lzap> source: filename = user_string($filename);
tromey has joined #systemtap
<lzap> It's just literally "print a filiename that is being opened"
<fche> can you fpaste your whole script ?
<fche> it could be simply that $filename is not defined at that point
<fche> try stap -L 'syscall.open'
<lzap> syscall.open name:string filename:string filename_unquoted:string flags:long flags_str:string mode:long argstr:string
<fche> right, so use the filename variable, already packaged for you
<fche> not user_string($filename)
<lzap> oooh
<lzap> that's new!
<fche> not really
<fche> what's new is that newer kernels make it mandatory
<lzap> ok last time I used this on EL7 :-)
<lzap> like 7.2ish, thanks
<fche> because they switch syscalls through a pt_regs based switcheroo gadget, without exposing individual parms in dwarf
<fche> so even back in rhel7, you could use the filename variable
<fche> I bet you'll see it listed for a stap -L run there
<fche> syscall.open filename:string mode:long __nr:long name:string flags:long flags_str:string argstr:string $filename:long int $flags:long int $mode:long int
<lzap> yeah thanks
<lzap> I am trying to construct a script that would show me what is spinning on my drives
<fche> electrons :)
<lzap> I need to know which ones, it's driving me crazy
<lzap> please remind me how do I run tap script for all processes?
<fche> stap is by default systemwide
khaled has quit [Quit: Konversation terminated!]
<lzap> omg I just found I actually blogged this already, and here am I - constructing this again
<fche> hahaha
<fche> plus ça change, plus c'est la même chose
khaled has joined #systemtap
<lzap> weird I see no activity on syscall.open even when I cat a file
sscox has joined #systemtap
<lzap> is there a list of all probes available on my system?
<fche> try syscall.open*
<fche> stap -L is your general list friend
<khaled> Hi Frank, I am facing a situation where my built kernel has a dwarfless modules, Please check this paste https://paste.centos.org/view/87f3ff42
<fche> khaled, do you know whether the gentoo build system strips modules?
<fche> whether it saves stripped debuginfo somewhere?
<khaled> No, they don't
<fche> the kernel is one matter (vmlinux file), but sometimes some distros treat modules specially
<fche> ok see if you can find the btrfs.ko file and run readelf -S /path/to/btrfs.ko
<khaled> my modules are not stripped
<fche> no .debug_*
<fche> looks stripped to me
<khaled> file btrfs.ko
<khaled> btrfs.ko: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), BuildID[sha1]=3058aaf2c6a913be637fcf54dc4ccc0192de5f00, not stripped
<fche> file(1) must not be looking for the same thing
<fche> the .debug_* sections are the ones that contain DWARF
<fche> maybe file(1) is looking for ELF symbol tables only
<khaled> Yeah, you're right, that makes sense
<khaled> Before checking with the Gentoo folks, my question is, are there any kernel configs that control this behavior ?
<fche> not sure; https://wiki.gentoo.org/wiki/Handbook_Talk:AMD64/Installation/Kernel indicates INSTALL_MOD_STRIP=1 might account for this
<khaled> Many thanks Frank :-)
<fche> np, hope you figure it out
<khaled> At least I have a direction now
<fche> in case gentoo does stripped kernel modules (or debugging generally) in the fedora flavour, we could try hosting those bits on our debuginfod server
<khaled> Gentoo is a source based distro, I build my kernel myself, but there is a distro provided tool to make it easier named genkernel, I'll check what it does exactly
<fche> aha, yeah in that case it won't help much
<fche> (unless ... well you could save your kernel build tree
<fche> run debuginfod -F against it
<fche> and then systemtap can find the original .ko / vmlinux whatever files in there,
<khaled> debuginfod is a fedora utility ?
<fche> not fedora, it comes with elfutils 0.179+
<khaled> Great, Thanks
<fche> can you find the btrfs.ko file in your kernel build tree, or is that long gone?
amerey has joined #systemtap
<khaled> Yeah, it is there
<khaled> Gentoo still compile btrfs as a module, not like fedora 33 :-)
<fche> ok, so does that copy of btrfs.ko have .debug_* bits ?
<khaled> I think I found it, in man 8 genkernel
<khaled> --no-strip Don't strip installed kernel or modules, alias for --strip=none
<khaled> I will give it a shot
<fche> khaled, you may not need to create a -new- build if you still have the old build tree around
<fche> yes the 'install' phase may have stripped the files
<fche> but that doesn't mean the build tree copy was necessarily stripped too
<fche> if it was not - if the .debug_* data is intact there, then debuginfod can expose that data to systemtap (and perf and etc.)
<khaled> Aha, now I got what you mean, Thanks for sharing this tip
<fche> if by any chance you get it working, I'd love to hear about it and let the gentoo people know
<khaled> OK, it worked, the --no-strip option of the genkernel tool has done the trick
<khaled> stap -L 'module("btrfs").function("zstd_reclaim_timer_fn")'
<khaled> module("btrfs").function("zstd_reclaim_timer_fn@fs/btrfs/zstd.c:104") $timer:struct timer_list*
<fche> ok, doing it that way is clearly going to be possible too --- I would be excited to hear if we can make it work with an unmodified build too.
<khaled> Was too late, I already launched a new build
<fche> oh well
<khaled> If I knew earlier I would love to see it working that way
<khaled> Really thanks, your help is much appreciated :-)
<fche> np
khaled has quit [Quit: Konversation terminated!]
khaled has joined #systemtap
wcohen has quit [Ping timeout: 240 seconds]
wcohen has joined #systemtap
mjw has joined #systemtap
<lzap> what can be wrong with this trivial script: https://gist.github.com/lzap/8ba5017261d1e1989d7c48c1285a6f03
<lzap> I'd expect it starts printing many files on my system being opened, I see nothing
<fche> you can make a pterodactyl, or a broach
<fche> probe syscall.open*
<fche> glibc often prefers openat(2)
<lzap> ah
<lzap> also I would like to see when something lists directories, what systemcall is that?
<fche> open* O_DIRECTORY then getdents*
<lzap> ah directory needs to be opened too! I am good than, thanks Frank!
<fche> righto. see also strace (or indeed stap --example strace.stp)
<lzap> I do see a warning: never-assigned local variable 'filename'
<lzap> but it works
<lzap> its probably for open* probe that does not have this variable?
<fche> some variant of open* may not define filename=$something so you'll just see an empty value there
<fche> yeah
<lzap> makes sense
<lzap> syscall.open_by_handle_at name:string mount_dfd:long mount_dfd_str:string handle_uaddr:long flags:long flags_str:string argstr:string
lzap has quit [Quit: Leaving]
derek0883 has joined #systemtap
<fche> yup no filename there
<fche> your script could probe syscall.{open,openat} { ...} also
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
irker313 has joined #systemtap
<irker313> systemtap: smakarov systemtap.git:master * release-4.4-104-gf537db25b / testsuite/systemtap.bpf/bpf-uconversions.c testsuite/systemtap.bpf/bpf_target_tests/user_long.stp: stapbpf PR27030 WIP: user_long() test with compiled program
mjw has quit [Ping timeout: 258 seconds]
mjw has joined #systemtap
irker313 has quit [Quit: transmission timeout]
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
derek0883 has quit [Ping timeout: 258 seconds]
derek0883 has joined #systemtap
derek0883 has quit [Remote host closed the connection]
derek0883 has joined #systemtap
tromey has quit [Quit: ERC (IRC client for Emacs 27.1)]
mjw has quit [Quit: Leaving]
amerey has quit [Quit: Leaving]