runtime: when ptrace_scope is 2 or 3, certain tests in runtime-gdb_test.go fail

[fuowang]

Go version

go version go1.23.2 linux/arm64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://goproxy.cn,direct'
GOROOT='/usr/lib/golang'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN=''
GOTOOLDIR='/usr/lib/golang/pkg/tool/linux_arm64'
GOVCS=''
GOVERSION='go1.23.2'
GCCGO='gccgo'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/usr/lib/golang/src/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3558252436=/tmp/go-build -gno-record-gcc-switches'

What did you do?

The ptrace_scope kernel parameter controls the level of restrictions on process tracing with ptrace in Linux.
It determines which processes can be traced by others.

The values are:
0 - Default attach security permissions.
1 - Restricted attach. Only child processes plus normal permissions.
2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
3 - No attach. No process may call ptrace at all. Irrevocable.

This parameter enhances security by limiting unauthorized access to process memory and control.
When kernel parameter ptrace_scope is set to 2 or 3, certain test cases within runtime-gdb_test.go will fail.

Steps 1. cat /proc/sys/kernel/yama/ptrace_scope
Steps 2. whoami && id -u
Steps 3. cd /usr/lib/golang/src/runtime && go test ./runtime-gdb_test.go --count=1

What did you see happen?

1. The value of ptrace_scope is 0 or 1. Non-root and root user.
   The test passes.
   
   
   
   

2. The value of ptrace_scope is 2. Non-root user.

2.1 The failed test cases are: TestGdbBacktrace, TestGdbPanic, TestGdbPython, TestGdbInfCallstack, TestGdbPythonCgo

=== CONT  TestGdbBacktrace
    runtime-gdb_test.go:471: gdb output:
        Loading Go Runtime support.
        Breakpoint 1 at 0x67878: file /tmp/go-build257553814/main.go, line 17.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        No stack.
        The program is not being run.
    runtime-gdb_test.go:489: could not find '#0.*main\.eee' in backtrace
--- FAIL: TestGdbBacktrace (1.32s)
=== CONT  TestGdbPanic
    runtime-gdb_test.go:685: gdb output:
        Loading Go Runtime support.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        No stack.
    runtime-gdb_test.go:699: could not find '(#.* .* in )?main\.crash' in backtrace
--- FAIL: TestGdbPanic (1.32s)
=== CONT  TestGdbPython
    runtime-gdb_test.go:303: gdb output:
        Loading Go Runtime support.
        Loaded  Script                                                                 
        Yes     /usr/lib/golang/src/runtime/runtime-gdb.py                             
        Breakpoint 1 at 0x9dff4: file /tmp/go-build363570173/main.go, line 26.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        BEGIN info goroutines
        END
        BEGIN print mapvar
        No symbol "mapvar" in current context.
        END
        BEGIN print slicemap
        No symbol "slicemap" in current context.
        END
        BEGIN print strvar
        No symbol "strvar" in current context.
        END
        BEGIN print chanint
        No symbol "chanint" in current context.
        END
        BEGIN print chanstr
        No symbol "chanstr" in current context.
        END
        BEGIN info locals
        No frame selected.
        END
        BEGIN goroutine 1 bt
        No such goroutine:  1
        END
        BEGIN goroutine all bt
        END
        No breakpoint at main.go:15.
        Breakpoint 2 at 0x9e118: file /tmp/go-build363570173/main.go, line 29.
        The program is not being run.
        BEGIN goroutine 1 bt at the end
        No such goroutine:  1
        END
    runtime-gdb_test.go:335: info goroutines failed: END
        BEGIN print mapvar
        No symbol "mapvar" in current context.
--- FAIL: TestGdbPython (1.57s)
=== CONT  TestGdbInfCallstack
    runtime-gdb_test.go:767: gdb output:
        Loading Go Runtime support.
        Breakpoint 1 at 0x1200544d8: file /usr/lib/golang/src/runtime/asm_arm64.s, line 1201.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        No stack.
        The program is not being run.
    runtime-gdb_test.go:783: could not find '#0.*setg_gcc' in backtrace
--- FAIL: TestGdbInfCallstack (1.94s)
=== CONT  TestGdbPythonCgo
    runtime-gdb_test.go:303: gdb output:
        Loading Go Runtime support.
        Loading Go Runtime support.
        Breakpoint 1 at 0x12008e9a4: file /tmp/go-build548209976/main.go, line 27.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        BEGIN info goroutines
        END
        BEGIN print mapvar
        No symbol "mapvar" in current context.
        END
        BEGIN print slicemap
        No symbol "slicemap" in current context.
        END
        BEGIN print strvar
        No symbol "strvar" in current context.
        END
        BEGIN print chanint
        No symbol "chanint" in current context.
        END
        BEGIN print chanstr
        No symbol "chanstr" in current context.
        END
        BEGIN info locals
        No frame selected.
        END
        BEGIN goroutine 1 bt
        No such goroutine:  1
        END
        BEGIN goroutine all bt
        END
        No breakpoint at main.go:15.
        Breakpoint 2 at 0x12008eac8: file /tmp/go-build548209976/main.go, line 30.
        The program is not being run.
        BEGIN goroutine 1 bt at the end
        No such goroutine:  1
        END
    runtime-gdb_test.go:335: info goroutines failed: END
        BEGIN print mapvar
        No symbol "mapvar" in current context.
--- FAIL: TestGdbPythonCgo (2.21s)

2.2 The abnormal test cases are: TestGdbAutotmpTypes, TestGdbConst

=== CONT  TestGdbAutotmpTypes
    runtime-gdb_test.go:550: gdb output:
        Loading Go Runtime support.
        Breakpoint 1 at 0x6bc84: file /tmp/go-build891356755/main.go, line 9.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        The program is not being run.
        All types matching regular expression "astruct":
        
        File runtime:
                []main.astruct;
                bucket<string,main.astruct>;
                hash<string,main.astruct>;
                main.astruct;
                typedef hash<string,main.astruct> * map[string]main.astruct;
                typedef noalg.[8]main.astruct noalg.[8]main.astruct;
                noalg.map.bucket[string]main.astruct;
                noalg.map.hdr[string]main.astruct;
--- PASS: TestGdbAutotmpTypes (1.15s)
=== CONT  TestGdbConst
    runtime-gdb_test.go:622: gdb output:
        Loading Go Runtime support.
        Breakpoint 1 at 0x6bb80: file /tmp/go-build216296900/main.go, line 9.
        warning: Could not trace the inferior process.
        Error: 
        warning: ptrace: Operation not permitted
        During startup program exited with code 127.
        $1 = 42
        $2 = 18446744073709551615
        $3 = -1
        $4 = 1 '\001'
        $5 = 8192
--- PASS: TestGdbConst (1.17s)

3. The value of ptrace_scope is 2. Root user.
   The test passes.
   

4. The value of ptrace_scope is 3. Non-root and root user.
   Same as the second scenario.
   
   

What did you expect to see?

When the kernel parameter ptrace_scope is set to 2 or 3, certain test cases in runtime-gdb_test.go will fail. We should skip these tests.

[gabyhelp]

Related Issues and Documentation

• runtime: GDBPython test failed on linux/arm64 #28738 (closed)
• runtime: fatal error stack traces are swallowed for binaries with elevated privileges #68103
• x/build: `TestGdbBacktrace` fails on Linux builders with `gdb` version `>=11.1` due to AppArmor restrictions on `/proc/.../task/.../mem` #54352
• runtime/pprof: TestStackBarrierProfiling fails with "SIGTRAP: trace trap PC=0x459cfd m=2" on linux #13864 (closed)
• Unexpected Behavior After Calling ptrace TRACEME #35811 (closed)
• runtime: TestGdbPythonCgo failure with "malformed backtrace" on linux-amd64 builder #35743
• syscall: ptrace weird behaviour #50920 (closed)
• runtime/pprof: bad stack split during tests #10450 (closed)
• runtime/trace: TestTraceStress fails on windows-gce-386 builder #11776 (closed)
• runtime/pprof: TestStackBarrierProfiling hangs #15477 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[gopherbot]

Change https://go.dev/cl/620857 mentions this issue: runtime: add the checkPtraceScope to skip certain tests