bug#49190: uptime returns an incorrect (18801 days) number of days on OsX

Manson Thomas Thu, 24 Jun 2021 01:27:11 -0700

well you guess just about right about Apple not making it easy to debug ;)

 $ /usr/bin/uptime
10:25  up 38 days, 40 mins, 3 users, load averages: 1.98 2.19 2.32


 $  sudo dtruss /usr/bin/uptime
dtrace: system integrity protection is on, some features will not be available

dtrace: failed to execute /usr/bin/uptime: (os/kern) failure




/tmp/coreutils/bin/uptime
 10:25:37  up 18802 days  7:41,  3 users,  load average: 3.91, 2.55, 2.44

$ sudo dtruss /tmp/coreutils/bin/uptime
Password:
dtrace: system integrity protection is on, some features will not be available

SYSCALL(args) = return
 10:24:07  up 18802 days  7:40,  3 users,  load average: 2.48, 2.29, 2.37
open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0
ioctl(0x3, 0x80086804, 0x7FFEEDCAA910) = 0 0
close(0x3) = 0 0
mprotect(0x101F83000, 0x4000, 0x1) = 0 0
mprotect(0x101F64000, 0x4000, 0x1) = 0 0
access("/AppleInternal/XBS/.isChrooted\0", 0x0, 0x0) = -1 2
bsdthread_register(0x7FFF20337498, 0x7FFF20337484, 0x2000) = 1073742047 0
shm_open(0x7FFF2020FF66, 0x0, 0x2020ECBB) = 3 0
fstat64(0x3, 0x7FFEEDCA9650, 0x0) = 0 0
mmap(0x0, 0x1000, 0x1, 0x40001, 0x3, 0x0) = 0x101F76000 0
close(0x3) = 0 0
ioctl(0x2, 0x4004667A, 0x7FFEEDCA9704) = 0 0
mprotect(0x101F94000, 0x1000, 0x0) = 0 0
mprotect(0x101FA0000, 0x1000, 0x0) = 0 0
mprotect(0x101FA1000, 0x1000, 0x0) = 0 0
mprotect(0x101FAD000, 0x1000, 0x0) = 0 0
mprotect(0x101FAE000, 0x1000, 0x0) = 0 0
mprotect(0x101FBA000, 0x1000, 0x0) = 0 0
mprotect(0x101F8F000, 0x90, 0x1) = 0 0
mprotect(0x101FBB000, 0x1000, 0x1) = 0 0
mprotect(0x101F8F000, 0x90, 0x3) = 0 0
mprotect(0x101F8F000, 0x90, 0x1) = 0 0
issetugid(0x0, 0x0, 0x0) = 0 0
getentropy(0x7FFEEDCA8D40, 0x20, 0x0) = 0 0
getentropy(0x7FFEEDCA8D90, 0x40, 0x0) = 0 0
getpid(0x0, 0x0, 0x0) = 13143 0
stat64("/AppleInternal\0", 0x7FFEEDCA9C20, 0x0) = -1 2
csops_audittoken(0x3357, 0x7, 0x7FFEEDCA9750) = -1 22
proc_info(0x2, 0x3357, 0xD) = 64 0
csops_audittoken(0x3357, 0x7, 0x7FFEEDCA9840) = -1 22
sysctlbyname(kern.osvariant_status, 0x15, 0x7FFEEDCA9C70,
0x7FFEEDCA9C68, 0x0) = 0 0
csops(0x3357, 0x0, 0x7FFEEDCA9CA4) = 0 0
geteuid(0x0, 0x0, 0x0) = 0 0
getuid(0x0, 0x0, 0x0) = 0 0
dtrace: error on enabled probe ID 1712 (ID 566:
syscall::sysctl:return): invalid kernel access in action #10 at DIF
offset 28
gettid(0x7FFEEDCA88E0, 0x7FFEEDCA88E4, 0x0) = -1 3
geteuid(0x0, 0x0, 0x0) = 0 0
getegid(0x0, 0x0, 0x0) = 0 0
csops(0x3357, 0x0, 0x7FFEEDCA962C) = 0 0
gettid(0x7FFEEDCA88B0, 0x7FFEEDCA88B4, 0x0) = -1 3
geteuid(0x0, 0x0, 0x0) = 0 0
getegid(0x0, 0x0, 0x0) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x0) = 3 0
fcntl_nocancel(0x3, 0x3, 0x0) = 0 0
getrlimit(0x1008, 0x7FFEEDCAB250, 0x0) = 0 0
fstat64(0x3, 0x7FFEEDCAB1C8, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x0) = 3 0
fcntl_nocancel(0x3, 0x3, 0x0) = 0 0
fstat64(0x3, 0x7FFEEDCAB308, 0x0) = 0 0
fstat64(0x3, 0x7FFEEDCAB108, 0x0) = 0 0
lseek(0x3, 0x0, 0x1) = 0 0
lseek(0x3, 0x0, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0",
0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
open_nocancel("/var/run/utmpx\0", 0x2, 0x0) = 3 0
fcntl_nocancel(0x3, 0x2, 0x1) = 0 0
fstat64(0x3, 0x7FFEEDCAB620, 0x0) = 0 0
fstat64(0x3, 0x7FFEEDCAB448, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
kill(156, 0) = 0 0
kill(36256, 0) = 0 0
kill(71582, 0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
dtrace: error on enabled probe ID 1712 (ID 566:
syscall::sysctl:return): invalid kernel access in action #10 at DIF
offset 28
access("/etc/localtime\0", 0x4, 0x0) = 0 0
open_nocancel("/etc/localtime\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB450, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
issetugid(0x0, 0x0, 0x0) = 0 0
open_nocancel("/var/db/timezone/zoneinfo/posixrules\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEDCAB2A0, 0x0) = 0 0
dtrace: error on enabled probe ID 1684 (ID 954:
syscall::read_nocancel:return): invalid kernel access in action #12 at
DIF offset 68
close_nocancel(0x3) = 0 0
shm_open(0x7FFF22BA1088, 0x0, 0x0) = 3 0
mmap(0x0, 0x1000, 0x1, 0x40001, 0x3, 0x0) = 0x101FBC000 0
close_nocancel(0x3) = 0 0
getuid(0x0, 0x0, 0x0) = 0 0
geteuid(0x0, 0x0, 0x0) = 0 0
getgid(0x0, 0x0, 0x0) = 0 0
getegid(0x0, 0x0, 0x0) = 0 0
open("/tmp/coreutils/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo\0",
0x0, 0x0) = -1 2
open("/tmp/coreutils/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo\0",
0x0, 0x0) = -1 2
open("/tmp/coreutils/share/locale/en_US/LC_MESSAGES/coreutils.mo\0",
0x0, 0x0) = -1 2
open("/tmp/coreutils/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo\0",
0x0, 0x0) = -1 2
open("/tmp/coreutils/share/locale/en.utf8/LC_MESSAGES/coreutils.mo\0",
0x0, 0x0) = -1 2
open("/tmp/coreutils/share/locale/en/LC_MESSAGES/coreutils.mo\0", 0x0,
0x0) = -1 2
fstat64(0x1, 0x7FFEEDCAB368, 0x0) = 0 0
ioctl(0x1, 0x4004667A, 0x7FFEEDCAB3B4) = 0 0
dtrace: error on enabled probe ID 1712 (ID 566:
syscall::sysctl:return): invalid kernel access in action #10 at DIF
offset 28
dtrace: error on enabled probe ID 1682 (ID 956:
syscall::write_nocancel:return): invalid kernel access in action #12
at DIF offset 68
close_nocancel(0x1) = 0 0
close_nocancel(0x2) = 0 0


Cordialement,
Thomas Manson.

On Wed, Jun 23, 2021 at 7:37 PM Paul Eggert <egg...@cs.ucla.edu> wrote:
>
> On 6/23/21 10:03 AM, Manson Thomas wrote:
> > Can you provide some dtrace command you want me to run ?
> >
> > I've got dtrace on my machine, but I don't know how to use it.
>
> You're ahead of me, as I don't have dtrace (I don't use macOS). :-)
>
> I believe you can run "dtruss /usr/bin/uptime". You may need appropriate
> (root) privileges, so perhaps "sudo dtruss /usr/bin/uptime". Or perhaps
> you need to go to further lengths, as Apple doesn't make it easy to
> debug its programs.
>
> https://stackoverflow.com/questions/33476432/is-there-a-workaround-for-dtrace-cannot-control-executables-signed-with-restri

bug#49190: uptime returns an incorrect (18801 days) number of days on OsX

Reply via email to