golang
runtime: when ptrace_scope is 2 or 3, certain tests in runtime-gdb_test.go fail
Go version
go version go1.23.2 linux/arm64
Output of go env in your module/workspace:
GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://goproxy.cn,direct'
GOROOT='/usr/lib/golang'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN=''
GOTOOLDIR='/usr/lib/golang/pkg/tool/linux_arm64'
GOVCS=''
GOVERSION='go1.23.2'
GCCGO='gccgo'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/usr/lib/golang/src/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3558252436=/tmp/go-build -gno-record-gcc-switches'
What did you do?
The ptrace_scope kernel parameter controls the level of restrictions on process tracing with ptrace in Linux. It determines which processes can be traced by others.
The values are: 0 - Default attach security permissions. 1 - Restricted attach. Only child processes plus normal permissions. 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. 3 - No attach. No process may call ptrace at all. Irrevocable.
This parameter enhances security by limiting unauthorized access to process memory and control. When kernel parameter ptrace_scope is set to 2 or 3, certain test cases within runtime-gdb_test.go will fail.
Steps 1. cat /proc/sys/kernel/yama/ptrace_scope
Steps 2. whoami && id -u
Steps 3. cd /usr/lib/golang/src/runtime && go test ./runtime-gdb_test.go --count=1
What did you see happen?
-
The value of ptrace_scope is 0 or 1. Non-root and root user. The test passes.
-
The value of ptrace_scope is 2. Non-root user.
2.1 The failed test cases are: TestGdbBacktrace, TestGdbPanic, TestGdbPython, TestGdbInfCallstack, TestGdbPythonCgo
=== CONT TestGdbBacktrace
runtime-gdb_test.go:471: gdb output:
Loading Go Runtime support.
Breakpoint 1 at 0x67878: file /tmp/go-build257553814/main.go, line 17.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
No stack.
The program is not being run.
runtime-gdb_test.go:489: could not find '#0.*main\.eee' in backtrace
--- FAIL: TestGdbBacktrace (1.32s)
=== CONT TestGdbPanic
runtime-gdb_test.go:685: gdb output:
Loading Go Runtime support.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
No stack.
runtime-gdb_test.go:699: could not find '(#.* .* in )?main\.crash' in backtrace
--- FAIL: TestGdbPanic (1.32s)
=== CONT TestGdbPython
runtime-gdb_test.go:303: gdb output:
Loading Go Runtime support.
Loaded Script
Yes /usr/lib/golang/src/runtime/runtime-gdb.py
Breakpoint 1 at 0x9dff4: file /tmp/go-build363570173/main.go, line 26.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
BEGIN info goroutines
END
BEGIN print mapvar
No symbol "mapvar" in current context.
END
BEGIN print slicemap
No symbol "slicemap" in current context.
END
BEGIN print strvar
No symbol "strvar" in current context.
END
BEGIN print chanint
No symbol "chanint" in current context.
END
BEGIN print chanstr
No symbol "chanstr" in current context.
END
BEGIN info locals
No frame selected.
END
BEGIN goroutine 1 bt
No such goroutine: 1
END
BEGIN goroutine all bt
END
No breakpoint at main.go:15.
Breakpoint 2 at 0x9e118: file /tmp/go-build363570173/main.go, line 29.
The program is not being run.
BEGIN goroutine 1 bt at the end
No such goroutine: 1
END
runtime-gdb_test.go:335: info goroutines failed: END
BEGIN print mapvar
No symbol "mapvar" in current context.
--- FAIL: TestGdbPython (1.57s)
=== CONT TestGdbInfCallstack
runtime-gdb_test.go:767: gdb output:
Loading Go Runtime support.
Breakpoint 1 at 0x1200544d8: file /usr/lib/golang/src/runtime/asm_arm64.s, line 1201.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
No stack.
The program is not being run.
runtime-gdb_test.go:783: could not find '#0.*setg_gcc' in backtrace
--- FAIL: TestGdbInfCallstack (1.94s)
=== CONT TestGdbPythonCgo
runtime-gdb_test.go:303: gdb output:
Loading Go Runtime support.
Loading Go Runtime support.
Breakpoint 1 at 0x12008e9a4: file /tmp/go-build548209976/main.go, line 27.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
BEGIN info goroutines
END
BEGIN print mapvar
No symbol "mapvar" in current context.
END
BEGIN print slicemap
No symbol "slicemap" in current context.
END
BEGIN print strvar
No symbol "strvar" in current context.
END
BEGIN print chanint
No symbol "chanint" in current context.
END
BEGIN print chanstr
No symbol "chanstr" in current context.
END
BEGIN info locals
No frame selected.
END
BEGIN goroutine 1 bt
No such goroutine: 1
END
BEGIN goroutine all bt
END
No breakpoint at main.go:15.
Breakpoint 2 at 0x12008eac8: file /tmp/go-build548209976/main.go, line 30.
The program is not being run.
BEGIN goroutine 1 bt at the end
No such goroutine: 1
END
runtime-gdb_test.go:335: info goroutines failed: END
BEGIN print mapvar
No symbol "mapvar" in current context.
--- FAIL: TestGdbPythonCgo (2.21s)
2.2 The abnormal test cases are: TestGdbAutotmpTypes, TestGdbConst
=== CONT TestGdbAutotmpTypes
runtime-gdb_test.go:550: gdb output:
Loading Go Runtime support.
Breakpoint 1 at 0x6bc84: file /tmp/go-build891356755/main.go, line 9.
warning: Could not trace the inferior process.
Error:
warning: ptrace: Operation not permitted
During startup program exited with code 127.
The program is not being run.
All types matching regular expression "astruct":
File runtime:
[]main.astruct;
bucket<string,main.astruct>;
hash<string,main.astruct>;
main.astruct;
typedef hash<string,main.astruct> * map[string]main.astruct;
typedef noalg.[8]main.astruct noalg.[8]main.astruct;
noalg.map.bucket[string]main.astruct;
noalg.map.hdr[string]main.astruct;
--- PASS: TestGdbAutotmpTypes (1.15s)
=== CONT TestGdbConst
runtime-gdb_test.go:622: gdb output:
Loading Go Runtime support.
Breakpoint 1 at 0x6bb80: file /tmp/go-build216296900/main.go, line 9.
warning: Could not trace the inferior process.
Error:
warning: ptrace: 不允许的操作
During startup program exited with code 127.
$1 = 42
$2 = 18446744073709551615
$3 = -1
$4 = 1 '\001'
$5 = 8192
--- PASS: TestGdbConst (1.17s)
-
The value of ptrace_scope is 2. Root user. The test passes.
-
The value of ptrace_scope is 3. Non-root and root user. Same as the second scenario.
What did you expect to see?
When the kernel parameter ptrace_scope is set to 2 or 3, certain test cases in runtime-gdb_test.go will fail. We should skip these tests.
Related Issues and Documentation
- runtime: GDBPython test failed on linux/arm64 #28738 (closed)
- runtime: fatal error stack traces are swallowed for binaries with elevated privileges #68103
- x/build: `TestGdbBacktrace` fails on Linux builders with `gdb` version `>=11.1` due to AppArmor restrictions on `/proc/.../task/.../mem` #54352
- runtime/pprof: TestStackBarrierProfiling fails with "SIGTRAP: trace trap PC=0x459cfd m=2" on linux #13864 (closed)
- Unexpected Behavior After Calling ptrace TRACEME #35811 (closed)
- runtime: TestGdbPythonCgo failure with "malformed backtrace" on linux-amd64 builder #35743
- syscall: ptrace weird behaviour #50920 (closed)
- runtime/pprof: bad stack split during tests #10450 (closed)
- runtime/trace: TestTraceStress fails on windows-gce-386 builder #11776 (closed)
- runtime/pprof: TestStackBarrierProfiling hangs #15477 (closed)
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Change https://go.dev/cl/620857 mentions this issue: runtime: add the checkPtraceScope to skip certain tests
