5

I read data from /proc/<pid>/environ and got bizarre results. How this could be possible?

open("/proc/24696/environ", O_RDONLY)   = 10
read(10, "24694\nPPid:\t2606\nTracerPid:\t0\nUi"..., 4096) = 1470144576

open("/proc/25387/environ", O_RDONLY)   = 10
read(10, "686\nPPid:\t1\nTracerPid:\t0\nUid:\t10"..., 4096) = 5905728

How come read returns bigger value than count (4096) ?

This does not happen every time, though.

Debian 7, 3.2.0-4-amd64 #1 SMP Debian 3.2.84-1 x86_64 GNU/Linux

Update:

I don't think it is strace bug - I also print result of glibc's read function with same result.

Update 2:

I created a test app which reproduces problem, https://gist.github.com/lstipakov/70c5b5e96112c7f1f6204d70b2c8280e

It enumerates all processes under /proc and reads from environ file. Problem reproduces in less than minute:

// do read, which sometimes returns weird values on 3.2.0-4-amd64 #1 SMP Debian 3.2.84-1 x86_64 GNU/Linux
char tmp[4096];
auto val = read(fd, tmp, sizeof(tmp));
if (val > sizeof(tmp)) {
    std::cout << path << " read " << val << std::endl;
}

CXXFLAGS="-std=c++11" make proc && sudo ./proc

after few seconds:

/proc/24341/environ read 812785856

Could be reproduced by compiling openvpn in a loop:

$ while true; do make clean; make; done
lstipakov
  • 3,138
  • 5
  • 31
  • 46
  • Implemenation of read function [environ_read](http://lxr.free-electrons.com/source/fs/proc/base.c?v=3.2#L969) looks OK. It seems that it is `strace` who treat result of the reading incorrectly. Did you observe similar results *without* `strace`? – Tsyvarev Feb 01 '17 at 09:14
  • 1
    yes, I print result of glibc's `read()` method and got same value. – lstipakov Feb 01 '17 at 09:22
  • Could you make a little test program with exactly those two system calls? – CL. Feb 01 '17 at 10:01
  • @CL. added link to example with description. – lstipakov Feb 01 '17 at 12:12
  • 1
    Tried to reproduce something like that, but no success. Have you figured out what was the problem? Can you see any correlation when this problem occurs? for example it maybe occurs when you read from some specific pids only, i mean any common circumstances when the issue occurs. What about data have been read in this erroneous cases? – Alex Hoppus Feb 02 '17 at 07:51
  • @AlexHoppus did you try on 3.2.0-4-amd64 #1 SMP Debian 3.2.84-1 x86_64 GNU/Linux? For me it reproduces almost immediately if there is some activity in background (for example I compiled openvpn package). – lstipakov Feb 02 '17 at 12:06
  • 2
    Linux 3.2 is ancient. I can't reproduce the issue on Linux 4.8, but I suspect it may be affected by [e8905ec27e2f4ea1b9f7e03df68a060b3ae6fca8](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=e8905ec27e2f4ea1b9f7e03df68a060b3ae6fca8) which I think landed in 3.6. – ephemient Feb 03 '17 at 06:54
  • ephemien, Please post your comment as an answer, so that the question can be closed – Stian Skjelstad Mar 23 '17 at 10:29

0 Answers0