Re: last_100_frees.stp on aarch64 is crashing while doing sprint_ubacktrace()

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

From: Mark Wielaard <mjw@redhat.com>
To: William Cohen <wcohen@redhat.com>
Cc: "Frank Ch. Eigler" <fche@redhat.com>,
	systemtap@sourceware.org,
	       Pratyush	Anand <panand@redhat.com>,
	Dave Long <dave.long@linaro.org>
Subject: Re: last_100_frees.stp on aarch64 is crashing while doing sprint_ubacktrace()
Date: Mon, 22 Jun 2015 14:15:00 -0000	[thread overview]
Message-ID: <1434982534.3016.383.camel@bordewijk.wildebeest.org> (raw)
In-Reply-To: <55881358.5010803@redhat.com>

On Mon, 2015-06-22 at 09:53 -0400, William Cohen wrote:
> The original traceback was:
> 
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: Call trace:
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fa2e0>] processCFI.constprop.119+0x77c/0x8d8 [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fb3f4>] unwind_frame.constprop.115+0x44c/0xe1c [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fbe80>] unwind+0xbc/0x148 [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fc104>] _stp_stack_user_get+0x9c/0x1d8 [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fd7f4>] probe_2718+0x234/0x524 [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffdfffc4fde48>] stapiu_probe_prehandler+0x1d4/0x384 [stap_30b4cb5617d66b47c47d1ba687c18f92_2825]
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffe00001a2af0>] uprobe_notify_resume+0x3b4/0x8fc
> Jun 19 10:36:46 apm-mustang-ev3-11 kernel: [<fffffe00000972ec>] do_notify_resume+0x80/0x8c
> 
> Adjusting the addresses for the module by itself and Using addr2line the call trace maps back to:
> a2e0
> /root/systemtap_write/install/share/systemtap/runtime/unwind.c:429
> b3f4
> /root/systemtap_write/install/share/systemtap/runtime/unwind.c:1287
> be80
> /root/systemtap_write/install/share/systemtap/runtime/unwind.c:1518
> c104
> /root/systemtap_write/install/share/systemtap/runtime/stack.c:491
> d7f4
> /root/systemtap_write/install/share/systemtap/runtime/stack.c:591
> de48
> /tmp/stapUGCcwL/l100_src.c:867
> 
> I hope that provides a bit more insight into what is going wrong in the systemtap unwinder runtime.

Most certainly. Assuming that maps to current git sources the crash is
at the end of the following case statement, at the memcpy:

  case DW_CFA_restore_extended:
          value = get_uleb128(&ptr.p8, end);
          if (compat_task) {
                  dbug_unwind(1, "map DW_CFA_restore_extended value %ld to reg_info idx %ld\n",
                              value, COMPAT_REG_MAP(DWARF_REG_MAP(value)));
                 value = COMPAT_REG_MAP(DWARF_REG_MAP(value));
          } else {
                  dbug_unwind(1, "map DW_CFA_restore_extended value %ld to reg_info idx %ld\n",
                              value, DWARF_REG_MAP(value));
                  value = DWARF_REG_MAP(value);
          }
          memcpy(&REG_STATE.regs[value], &state->cie_regs[value], sizeof(struct unwind_item));
          break;

Note how value comes from DWARF_REG_MAP. It maps the DWARF register
number to the number we use in the arrays. It is defined as follows in
runtime/unwind/arm64.h

#define DWARF_REG_MAP(r) \
        ((r >= 0 && r <= 31) ? r /* regs[0-30] + sp */  \
         : 9999)

So, if it doesn't recognize (or more accurately, isn't interested in)
the DWARF register number it will return a ridiculously large number.
Which we will use directly to index the register array. Oops...

In all other cases, except this and DW_CFA_restore, an helper function
is called (set_*_rule) which will only use the reg value if (reg <
ARRAY_SIZE(REG_STATE.regs)).

So we will need something like:

diff --git a/runtime/unwind.c b/runtime/unwind.c
index d38363b..4dbab33 100644
--- a/runtime/unwind.c
+++ b/runtime/unwind.c
@@ -426,7 +426,8 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc,
                                                    value, DWARF_REG_MAP(value));
                                        value = DWARF_REG_MAP(value);
                                }
-                               memcpy(&REG_STATE.regs[value], &state->cie_regs[value], sizeof(struct unwind_item));
+                               if (value < ARRAY_SIZE(REG_STATE.regs))
+                                       memcpy(&REG_STATE.regs[value], &state->cie_regs[value], sizeof(struct unwind_item));
                                break;
                        case DW_CFA_undefined:
                                value = get_uleb128(&ptr.p8, end);
@@ -641,7 +642,8 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc,
                                            value, DWARF_REG_MAP(value));
                                value = DWARF_REG_MAP(value);
                        }
-                       memcpy(&REG_STATE.regs[value], &state->cie_regs[value], sizeof(struct unwind_item));
+                       if (value < ARRAY_SIZE(REG_STATE.regs))
+                               memcpy(&REG_STATE.regs[value], &state->cie_regs[value], sizeof(struct unwind_item));
                        break;
                }
                dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc);

Does that help in your case?

Thanks,

Mark

next prev parent reply	other threads:[~2015-06-22 14:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-19 15:15 William Cohen
2015-06-19 16:29 ` William Cohen
2015-06-19 16:38 ` Frank Ch. Eigler
2015-06-19 21:01   ` William Cohen
2015-06-22  9:00     ` Mark Wielaard
2015-06-22 13:53       ` William Cohen
2015-06-22 14:15         ` Mark Wielaard [this message]
2015-06-22 14:47           ` William Cohen
2015-06-22 15:07             ` Mark Wielaard
2015-06-22 17:07         ` Josh Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1434982534.3016.383.camel@bordewijk.wildebeest.org \
    --to=mjw@redhat.com \
    --cc=dave.long@linaro.org \
    --cc=fche@redhat.com \
    --cc=panand@redhat.com \
    --cc=systemtap@sourceware.org \
    --cc=wcohen@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).