This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug runtime/14546] New: DWARF unwinder can corrupt probe memory


http://sourceware.org/bugzilla/show_bug.cgi?id=14546

             Bug #: 14546
           Summary: DWARF unwinder can corrupt probe memory
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
        AssignedTo: systemtap@sourceware.org
        ReportedBy: smakarov@redhat.com
    Classification: Unclassified


As far back as release 1.8 we have the following problem:

$ stap -e 'probe kernel.function("irq_*").call { x = 1; y = 1; z = 1;
println(backtrace()); println(backtrace()); printf("CORRUPTED: %d %d %d\n", x,
y, z) }'
0xffffffff8105f3b0 0xffffffff815fe2fe 0xffffffff815fcfde
CORRUPTED: 2 6 0

(Other values like 2 -48 0 might also appear.)

Namely, at least the first two words of the probe's local memory can be
corrupted by a repeated call to backtrace().

(There's also evidence that a *single* call to backtrace() can produce
corruption, but here results seem to vary for people who've tried to
replicate.)

(This bug is evidently dependent on the fact that "struct unwind_context
uwcontext;" is laid out at the very end of common_probe_context.h. So if it's
placed elsewhere in the file, the corruption becomes far less obvious...)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]