This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

wrong value of stack argument retrieved by systemtap

From: "Gui,Jian" <guij at cn dot ibm dot com>
To: systemtap at sources dot redhat dot com
Date: Wed, 13 Dec 2006 18:42:55 +0800
Subject: wrong value of stack argument retrieved by systemtap

Hi,

On my RHEL4_U4/2.6.9-42/i686, the following command always causes
system crash:
  stap -e 'probe vfs.do_sync_read { printf("%d", pos) }'

LKET will crash for the same reason for it records pos too.
Here, pos is the 64bit value pointed by the fourth argument (ppos)
of do_sync_read() function.

If I print ppos with:
 stap -e 'probe kernel.function("do_sync_read") {printf("%p\n",$ppos)}'

The result is 0x00000000, 0x0000001a, etc. Seems not valid addresses.
The access of such addresses causes system crash.

In distro 2.6.9-42 kernel, CONFIG_REGPARM is set and the first three
arguments are passed in registers. ppos will be passed in stack.
From DWARF info, it should be 0x94(%esp), which is also shown at
instruction address 0xc015adc7.

But the probe address of do_sync_read() is 0xc015ad95 much earlier.
At that address %esp is different from its value at 0xc015adc7.
Thus 0x94(%esp) at the probe address is not the actual postion of ppos
and the value retrieved by systemtap is incorrect.

If I change the probe address to 0xc015adc2 in the C file, recompile
the module and run it with staprun, things are ok again.

Is this a systemtap bug or elfutils bug? Any hints? Thanks.


-------------------------------------------------------------
Content of function__dwarf_tvar_get_ppos_0_locals() in C file:

    intptr_t addr;
    { // DWARF expression: 0x74(148)
      {
        intptr_t s0;
        s0 = fetch_register (4) + 148L;
        addr = s0;
      }
    }
    { // synthesized
    addr = deref (4, addr);
    }
    THIS->__retvalue = addr;

----------------------------------------
do_sync_read() in vmlinux-2.6.9-42.ELsmp:

c015ad92 <do_sync_read>:
c015ad92:       55                      push   %ebp
c015ad93:       57                      push   %edi
c015ad94:       56                      push   %esi
c015ad95:       be 00 f0 ff ff          mov    $0xfffff000,%esi
c015ad9a:       53                      push   %ebx
c015ad9b:       83 c4 80                add    $0xffffff80,%esp
c015ad9e:       89 e5                   mov    %esp,%ebp
c015ada0:       21 e6                   and    %esp,%esi
c015ada2:       8b 3e                   mov    (%esi),%edi
c015ada4:       89 44 24 14             mov    %eax,0x14(%esp)
c015ada8:       c7 44 24 08 00 00 00    movl   $0x0,0x8(%esp)
c015adaf:       00
c015adb0:       c7 44 24 0c 01 00 00    movl   $0x1,0xc(%esp)
c015adb7:       00
c015adb8:       c7 44 24 10 ff ff ff    movl   $0xffffffff,0x10(%esp)
c015adbf:       ff
c015adc0:       8b 5f 74                mov    0x74(%edi),%ebx
c015adc3:       89 7c 24 30             mov    %edi,0x30(%esp)
c015adc7:       8b bc 24 94 00 00 00    mov    0x94(%esp),%edi
c015adce:       81 c3 f0 01 00 00       add    $0x1f0,%ebx
c015add4:       89 5c 24 18             mov    %ebx,0x18(%esp)
c015add8:       c7 44 24 1c 00 00 00    movl   $0x0,0x1c(%esp)
c015addf:       00
c015ade0:       c7 44 24 24 00 00 00    movl   $0x0,0x24(%esp)
c015ade7:       00
c015ade8:       c7 44 24 34 00 00 00    movl   $0x0,0x34(%esp)
c015adef:       00
c015adf0:       c7 44 24 38 00 00 00    movl   $0x0,0x38(%esp)
c015adf7:       00
c015adf8:       8b 1e                   mov    (%esi),%ebx
c015adfa:       c7 44 24 5c f5 04 12    movl   $0xc01204f5,0x5c(%esp)
c015ae01:       c0
c015ae02:       89 5c 24 58             mov    %ebx,0x58(%esp)
c015ae06:       8d 5c 24 60             lea    0x60(%esp),%ebx
c015ae0a:       89 5c 24 60             mov    %ebx,0x60(%esp)
c015ae0e:       89 5c 24 64             mov    %ebx,0x64(%esp)
c015ae12:       8b 1f                   mov    (%edi),%ebx
c015ae14:       8b 77 04                mov    0x4(%edi),%esi
c015ae17:       89 5c 24 3c             mov    %ebx,0x3c(%esp)
c015ae1b:       89 74 24 40             mov    %esi,0x40(%esp)
c015ae1f:       8b 78 10                mov    0x10(%eax),%edi
c015ae22:       89 e8                   mov    %ebp,%eax
c015ae24:       56                      push   %esi
c015ae25:       53                      push   %ebx
c015ae26:       ff 57 0c                call   *0xc(%edi)
c015ae29:       5b                      pop    %ebx
c015ae2a:       3d ef fd ff ff          cmp    $0xfffffdef,%eax
c015ae2f:       89 c1                   mov    %eax,%ecx
c015ae31:       5e                      pop    %esi
c015ae32:       75 09                   jne    c015ae3d <do_sync_read+0xab>
c015ae34:       89 e8                   mov    %ebp,%eax
c015ae36:       e8 eb f7 01 00          call   c017a626 <wait_on_sync_kiocb>
c015ae3b:       89 c1                   mov    %eax,%ecx
c015ae3d:       8b 44 24 3c             mov    0x3c(%esp),%eax
c015ae41:       8b 9c 24 94 00 00 00    mov    0x94(%esp),%ebx
c015ae48:       8b 54 24 40             mov    0x40(%esp),%edx
c015ae4c:       89 03                   mov    %eax,(%ebx)
c015ae4e:       89 c8                   mov    %ecx,%eax
c015ae50:       89 53 04                mov    %edx,0x4(%ebx)
c015ae53:       83 ec 80                sub    $0xffffff80,%esp
c015ae56:       5b                      pop    %ebx
c015ae57:       5e                      pop    %esi
c015ae58:       5f                      pop    %edi
c015ae59:       5d                      pop    %ebp
c015ae5a:       c3                      ret

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]