Why is systemtap not generating the output necessary for flamegraph creation? - rhel5

When executing stap for the purposes of generating flamegraph data, why is my out.stap-stacks missing process data?
OS: RHEL 5.10.0.2
Kernel: 2.6.18-371.11.1.el5
SystemTap: 1.8-6.el5
Packages installed:
systemtap-sdt-devel-1.8-6.el5
systemtap-devel-1.8-6.el5
systemtap-devel-1.8-6.el5
systemtap-runtime-1.8-6.el5
systemtap-sdt-devel-1.8-6.el5
systemtap-1.8-6.el5
systemtap-initscript-1.8-6.el5
systemtap-client-1.8-6.el5
systemtap-server-1.8-6.el5
systemtap-testsuite-1.8-6.el5
kernel-devel-2.6.18-371.11.1.el5
kernel-debug-devel-2.6.18-371.11.1.el5
Command used:
stap -s 32 -D MAXBACKTRACE=100 -D MAXSTRINGLEN=4096 -D MAXMAPENTRIES=10240 \
-D MAXACTION=10000 -D STP_OVERLOAD_THRESHOLD=5000000000 --all-modules \
-ve 'global s; probe timer.profile { s[backtrace()] <<< 1; }
probe end { foreach (i in s+) { print_stack(i);
printf("\t%d\n", #count(s[i])); } } probe timer.s(60) { exit(); }' \
> out.stap-stacks
Sample out.stap-stacks file:
0xffffffff8000e81a
0x0
1
0xffffffff8004ab87
0x0
1
0xffffffff8025d15d
0x0
1
0xffffffff80239356
0x0
1
0xffffffff8004219a
0x0
1
0xffffffff8000ca32
0x0
1
0xffffffff8003214e
0x0
1
0xffffffff80013bc8
0x0
1
0xffffffff80232d41
0x0
1
0xffffffff8001a4ca
0x0
1
0xffffffff80011db5
0x0
1
0xffffffff8004aad2
0x0
1
0xffffffff800ec8bb
0x0
1
0xffffffff8003ead5
0x0
1
0xffffffff80234c43
0x0

The backtrace() function is limited to kernel-space backtraces, and print_stack() maps only kernel-space addresses to symbols. (I cannot explain why the 0xffffffff8* addresses weren't converted to the symbols; maybe some combination of ancient systemtap and ancient kernel?)
If you want to print userspace backtrace data too, you will need to use the u* family of backtrace-related functions.
See also https://sourceware.org/systemtap/examples/#profiling/pf4.stp for a similar script that includes userspace work.

Related

Terminating a SSIS Foreach loop after x amount of execution time?

I have a collection, which gets executed in the For each loop of the SSIS package. However, i want to ensure that after lets say one hour of executing a particular item, i want the For each loop to terminate or exit. But it should not Stop the execution of that item or Time it out.
Is it possible to achieve ?
It has been quite some time since I've had a good SSIS problem that I've never solved, so thank you for your question.
The approach I came up with requires a Sequence Container that holds a ForEach Loop Container. My Foreach Loop has 6 items in the stack. My requirement is that my loop cannot start any new work after 5 seconds of execution. Inside my loop, I run a 3 second delay in the Execute SQL Task to simulate work. Therefore, a "full" run will take at least 18 seconds (6*3) but if we get the abort working, we'll see 2 total runs.
I have defined 5 variables. You'll notice that in the second column, 2 of those variables are scoped to specific containers. The Second icon in the Variables screen has an arrow -> which is how you change the Scope of a Variable.
The idea is that in the Sequence Container, we're going to use an Expression task to compute the end time. The expression is going to use the System scoped variable ContainerStartTime
#[User::SEQCEndTime] = DATEADD("second", #[User::TaskDuration_s], #[System::ContainerStartTime])
The reason we encapsulate this into a sequence container is there might have been work beforehand that takes 4 seconds to generate a data set for the Loop container and we do not want to be penalized for that work. The formula is driven by the Variable TaskDuration_s which is initialized to 5.
The two SCR Echo Back are just logging messages to the Information stream to "prove" things are working.
The FELC Enum Values has a variable IsLoopValid defined in it. This expression is
#[User::IsLoopValid] = #[System::ContainerStartTime] < #[User::SEQCEndTime]
Every loop of the ForEach container resets that ContainerStartTime, which is what we want. But if we had evaluated the IsLoopValid in the context of the Sequence container, it'd never change. So, important to have it computed here.
The f/x you see on the precedent constraint between "Set IsLoopValid" and "SQL Do thing" is a non-default constraint because we're going to make it "Expression and Constraint" instead of just "Constraint". The expression is
#[User::IsLoopValid]
Every Loop will compare current time to the max end time (SEQCEndTime) and as long as we have not slipped the boundary, it will go on to the next task. Once we've exceeded the boundary, the Loop container will continue iterating through the result set but since there's no work to be done, it'll finish right quick.
Results
A sample run with the precedent constraint set to just Constraint. We can see the IsLoopValid is flipped to False but since we do not have the Expression in there, it does all 6 loops
SSIS package "C:\Users\bfellows\source\repos\SO_Trash\SO_Trash\SO_73829526.dtsx" starting.
Information: 0x0 at SCR Echo back, SCR Echo Back 0: System::ContainerStartTime->9/23/2022 3:03:49 PM
Information: 0x0 at SCR Echo back, SCR Echo Back 0: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:03:52 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->True
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:03:55 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->True
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:03:59 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->False
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:04:02 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->False
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:04:05 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->False
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:04:08 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->False
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:03:54 PM
SSIS package "C:\Users\bfellows\source\repos\SO_Trash\SO_Trash\SO_73829526.dtsx" finished: Success.
Expression and Constraint
We see the package stop doing the expensive task after 2 loops but does complete successfully.
SSIS package "C:\Users\bfellows\source\repos\SO_Trash\SO_Trash\SO_73829526.dtsx" starting.
Information: 0x0 at SCR Echo back, SCR Echo Back 0: System::ContainerStartTime->9/23/2022 3:05:36 PM
Information: 0x0 at SCR Echo back, SCR Echo Back 0: User::SEQCEndTime->9/23/2022 3:05:41 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:05:39 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->True
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:05:41 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: System::ContainerStartTime->9/23/2022 3:05:42 PM
Information: 0x0 at SCR Echo back, SCR Echo Back: User::IsLoopValid->True
Information: 0x0 at SCR Echo back, SCR Echo Back: User::SEQCEndTime->9/23/2022 3:05:41 PM
SSIS package "C:\Users\bfellows\source\repos\SO_Trash\SO_Trash\SO_73829526.dtsx" finished: Success.

Auto crash of the application with error code 0xc0000005

There were undefined crashes from the game. There is no specific logic for the application crash. After H, the amount of time always flies to the desktop.
There is no definite logic that may accompany the crash of the game itself.
Game - Grand theft Auto 5
I am attaching the file dump code from the procdump
Help, Guys :)
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\*\*\*\*\Procdump\GTA5.exe_210102_114206.dmp]
Comment: '
*** procdump.exe -accepteula -e -w GTA5.exe C:\*\*\*\*\Procdump
*** Unhandled exception: C0000005.ACCESS_VIOLATION'
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 18363 MP (12 procs) Free x64
Product: WinNt, suite: SingleUserTS
Edition build lab: 16299.15.amd64fre.rs3_release.170928-1534
Machine Name:
Debug session time: Sat Jan 2 11:42:06.000 2021 (UTC + 3:00)
System Uptime: not available
Process Uptime: 0 days 0:00:24.000
................................................................
................................................................
...........................................
Loading unloaded module list
.........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2ca8.4828): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
00000001`9647d9da ?? ???
0:099> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for v8_libplatform.dll
*** WARNING: Unable to verify checksum for v8_libbase.dll
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Execute
Key : Analysis.CPU.mSec
Value: 3843
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on verboten
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 53003
Key : Analysis.Memory.CommitPeak.Mb
Value: 422
Key : Analysis.System
Value: CreateObject
Key : Timeline.Process.Start.DeltaSec
Value: 24
Key : WER.OS.Branch
Value: rs3_release
Key : WER.OS.Timestamp
Value: 2017-09-28T15:34:00Z
Key : WER.OS.Version
Value: 10.0.16299.15
Key : WER.Process.Version
Value: 1.0.2189.0
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
COMMENT:
*** procdump.exe -accepteula -e -w GTA5.exe C:\Users\Influence\Downloads\ìàøèíêè\Procdump
*** Unhandled exception: C0000005.ACCESS_VIOLATION
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
rax=000000019647d9da rbx=0000021315c1a780 rcx=000000d2c828f428
rdx=0000000000000000 rsi=000000d2c828f650 rdi=000000000ac3595f
rip=000000019647d9da rsp=000000d2c828f430 rbp=0000000000000008
r8=000000d2c828f228 r9=000000d2c828f290 r10=0000000000000000
r11=0000000000000246 r12=00007ff798a0d110 r13=0000000000000000
r14=0000000000001dac r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010214
00000001`9647d9da ?? ???
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 000000019647d9da
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 000000019647d9da
Attempt to execute non-executable address 000000019647d9da
PROCESS_NAME: GTA5.exe
EXECUTE_ADDRESS: 19647d9da
FAILED_INSTRUCTION_ADDRESS:
+0
00000001`9647d9da ?? ???
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p. %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 000000019647d9da
IP_ON_HEAP: 000000019647d9da
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.
IP_IN_FREE_BLOCK: 19647d9da
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [ThreadStartAddress] from Frame:[0] on thread:[4828] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
IP_ON_STACK:
+0
000000d2`c828f650 480000 add byte ptr [rax],al
FRAME_ONE_INVALID: 1
STACK_TEXT:
00000000`00000000 00000000`00000000 GTA5!Unknown+0x0
SYMBOL_NAME: GTA5!Unknown+0
MODULE_NAME: GTA5
IMAGE_NAME: GTA5.exe
STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; .ecxr ; ~~[0x4828]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 245d18ea380 ** ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_GTA5.exe!Unknown
OS_VERSION: 10.0.16299.15
BUILDLAB_STR: rs3_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 1.0.2189.0
FAILURE_ID_HASH: {ca327b34-8007-c923-925a-40afa98955f0}
Followup: MachineOwner
---------

Getting difference between virtual address and Offset in an ELF file

readelf -S of a particular binary gives the following output
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400238 00000238
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 0000000000400254 00000254
0000000000000020 0000000000000000 A 0 0 4
[ 3] .hash HASH 0000000000400278 00000278
0000000000000a7c 0000000000000004 A 4 0 8
[ 4] .dynsym DYNSYM 0000000000400cf8 00000cf8
.
.
.
Difference between virtual address and offset of first section .interp is 0x400000. I am curious as to:
how is this calculated?
Is there a programmatic way of determining this?
how is this calculated?
You just calculated it yourself: 0x400238 - 0x238 == 0x400000. Your question is probably "why is this particular address selected?".
This is the default link-at address for Linux x86_64 position dependent binaries. You can change that address with -Ttext=... linker flag. The default is different for ix86 (32-bit) binaries: it's 0x8048000.
I am not sure why these particular defaults were chosen.
Is there a programmatic way of determining this?
Sure: read the Elf64_Ehdr from the start of the file. It will tell you offset to the start of program headers (.e_phoff). Seek to that offset, and read Elf64_Phdrs. Now iterate over them, and their .p_vaddr and .p_offset will have the same values.
P.S. You are looking at program sections which are not used and are not guaranteed to be present in a fully-linked binary. You should be looking at program segments instead. Use readelf -Wl a.out to examine them.

Code Sample for Reading Values from Hyper-V KVP component on Linux (aka KVP Data Exchange)

Hyper-V includes a KVP component that transmits key / value pairs between the host and a guest VM.
Code samples for sending and receiving values are available for Windows Guests in PowerShell in WMI.
However, my guest is using a Linux version of this service.
Where can I find a sample Linux script that queries this service for key / value pairs?
Key details from a blog entry I wrote covering the problem. (I could not find the answer elsewhere):
First, make sure you have the KVP service installed.
KVP data is transferred to the Linux file system through the collaboration of a kernel driver and a user mode daemon.
The [KVP driver code], hv_kvp.c, is compiled into the hv_util kernel module Source). Since the driver is part of the Linux kernel code, it is provided by default with recent versions of common Linux distributions. E.g.
[root#centos6-4-hv ~]# cat /etc/*-release
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
[root#centos6-4-hv ~]# modinfo -F filename hv_utils
/lib/modules/2.6.32-358.el6.i686/kernel/drivers/hv/hv_utils.ko
However, it is the usermode daemon, hv_kvp_daemon, that copies KVP data to the system. On startup, hv_kvp_daemon creates files to store kvp data under
/var/lib/hyperv (source). Each file is known as a 'pool', and there is a file for each data pool. E.g.
[root#centos6-4-hv hyperv]# ls -al /var/lib/hyperv/
total 36
drwxr-xr-x. 2 root root 4096 Sep 11 21:33 .
drwxr-xr-x. 16 root root 4096 Sep 10 13:59 ..
-rw-r--r--. 1 root root 2560 Sep 10 17:05 .kvp_pool_0
-rw-r--r--. 1 root root 0 Sep 10 14:02 .kvp_pool_1
-rw-r--r--. 1 root root 0 Sep 10 14:02 .kvp_pool_2
-rw-r--r--. 1 root root 28160 Sep 10 14:02 .kvp_pool_3
-rw-r--r--. 1 root root 0 Sep 10 14:02 .kvp_pool_4
The prefix of each file is the pool number. This corresponds to the KVP source. E.g. remember that source '0' is used for transmitting data from host to guest? That means our KVP data is in /var/lib/hyperv/.kvp_pool_0. E.g.
[root#centos6-4-hv hyperv]# cat /var/lib/hyperv/.kvp_pool_0
cloudstack-vm-userdatausername=root;password=1pass#word1[root#centos6-4-hv hyperv]#
These KVP data files contain an array of key / value pairs. Each is a byte array of a fixed size. (source)
/*
* Maximum key size - the registry limit for the length of an entry name
* is 256 characters, including the null terminator
*/
#define HV_KVP_EXCHANGE_MAX_KEY_SIZE (512)
/*
* bytes, including any null terminators
*/
#define HV_KVP_EXCHANGE_MAX_VALUE_SIZE (2048)
The byte array contains a UTF-8 encoded string, which is padded out to the max size with null characters. However, null string termination is not guaranteed (see kvp_send_key).
Provided there is only one key and the key name known, the easiest way to parse the file is to use sed. To remove null characters and the key name used in our example, you would use the following:
[root#centos6-4-hv hyperv]# cat /var/lib/hyperv/.kvp_pool_0 | sed 's/\x0//g' | sed 's/cloudstack-vm-userdata//g' > userdata
[root#centos6-4-hv hyperv]# more userdata
username=root;password=1pass#word1
Here is a bash script to read the key-value pairs for a given file:
#!/bin/bash
fname=$1
echo "Reading $fname"
nb=$(wc -c < $1)
nkv=$(( nb / (512+2048) ))
for n in $(seq 0 $(( $nkv - 1 )) ); do
offset=$(( $n * (512 + 2048) ))
k=$(dd if=$fname count=512 bs=1 skip=$offset status=none | sed 's/\x0.*//g')
v=$(dd if=$fname count=2048 bs=1 skip=$(( $offset + 512 )) status=none | sed 's/\x0.*//g')
echo "$k = $v"
done
Same functionality in java:
String guest_param_file="/var/lib/hyperv/.kvp_pool_3";
if (new File(guest_param_file).exists())
{
try
{
BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(guest_param_file),"UTF-8"));
char [] ckey=new char[512] ;
char [] cvalue=new char[2048] ;
while (true)
{
int charcount=br.read(ckey);
if (charcount==-1)
{
break;
}
br.read(cvalue);
String key=new String(ckey).trim();
String value=new String(cvalue).trim();
System.out.println( key+" = "+value);
}
br.close();
}
catch (UnsupportedEncodingException ex)
{
}
catch (FileNotFoundException ex)
{
}
catch (IOException ex)
{
}
}

remove usb node

My aim is to disable usb port usage except a specific kind of usb. Every time a usb device is inserted a udev rule is called and it runs a program to handle the work.
I can't unload usb_storage module since it is needed for usage, so how can i remove usb dev link if it doesn't meet my case?
unbind the device. Pass vendor id and product id to below script.
VENDOR=$1
PRODUCT=$2
if [ n$VENDOR = n ] || [ n$PRODUCT = n ]; then
echo "Unbinding the first non-hub device..."
ID=`grep -l "^0$" /sys/bus/usb/drivers/usb/*/maxchild | sed -e "s|/sys/bus/usb/drivers/usb/\(.*\)/maxchild|\1|" | head -n 1`
VENDOR=`cat /sys/bus/usb/drivers/usb/$ID/idVendor`
PRODUCT=`cat /sys/bus/usb/drivers/usb/$ID/idProduct`
echo $ID > /sys/bus/usb/drivers/usb/unbind
echo "Device found ($VENDOR:$PRODUCT), and unbound!"
exit 0
fi
Regards,
Barun Parichha