* wrong value of stack argument retrieved by systemtap
@ 2006-12-13 23:17 Gui,Jian
0 siblings, 0 replies; only message in thread
From: Gui,Jian @ 2006-12-13 23:17 UTC (permalink / raw)
To: systemtap
Hi,
On my RHEL4_U4/2.6.9-42/i686, the following command always causes
system crash:
stap -e 'probe vfs.do_sync_read { printf("%d", pos) }'
LKET will crash for the same reason for it records pos too.
Here, pos is the 64bit value pointed by the fourth argument (ppos)
of do_sync_read() function.
If I print ppos with:
stap -e 'probe kernel.function("do_sync_read") {printf("%p\n",$ppos)}'
The result is 0x00000000, 0x0000001a, etc. Seems not valid addresses.
The access of such addresses causes system crash.
In distro 2.6.9-42 kernel, CONFIG_REGPARM is set and the first three
arguments are passed in registers. ppos will be passed in stack.
From DWARF info, it should be 0x94(%esp), which is also shown at
instruction address 0xc015adc7.
But the probe address of do_sync_read() is 0xc015ad95 much earlier.
At that address %esp is different from its value at 0xc015adc7.
Thus 0x94(%esp) at the probe address is not the actual postion of ppos
and the value retrieved by systemtap is incorrect.
If I change the probe address to 0xc015adc2 in the C file, recompile
the module and run it with staprun, things are ok again.
Is this a systemtap bug or elfutils bug? Any hints? Thanks.
-------------------------------------------------------------
Content of function__dwarf_tvar_get_ppos_0_locals() in C file:
intptr_t addr;
{ // DWARF expression: 0x74(148)
{
intptr_t s0;
s0 = fetch_register (4) + 148L;
addr = s0;
}
}
{ // synthesized
addr = deref (4, addr);
}
THIS->__retvalue = addr;
----------------------------------------
do_sync_read() in vmlinux-2.6.9-42.ELsmp:
c015ad92 <do_sync_read>:
c015ad92: 55 push %ebp
c015ad93: 57 push %edi
c015ad94: 56 push %esi
c015ad95: be 00 f0 ff ff mov $0xfffff000,%esi
c015ad9a: 53 push %ebx
c015ad9b: 83 c4 80 add $0xffffff80,%esp
c015ad9e: 89 e5 mov %esp,%ebp
c015ada0: 21 e6 and %esp,%esi
c015ada2: 8b 3e mov (%esi),%edi
c015ada4: 89 44 24 14 mov %eax,0x14(%esp)
c015ada8: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp)
c015adaf: 00
c015adb0: c7 44 24 0c 01 00 00 movl $0x1,0xc(%esp)
c015adb7: 00
c015adb8: c7 44 24 10 ff ff ff movl $0xffffffff,0x10(%esp)
c015adbf: ff
c015adc0: 8b 5f 74 mov 0x74(%edi),%ebx
c015adc3: 89 7c 24 30 mov %edi,0x30(%esp)
c015adc7: 8b bc 24 94 00 00 00 mov 0x94(%esp),%edi
c015adce: 81 c3 f0 01 00 00 add $0x1f0,%ebx
c015add4: 89 5c 24 18 mov %ebx,0x18(%esp)
c015add8: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
c015addf: 00
c015ade0: c7 44 24 24 00 00 00 movl $0x0,0x24(%esp)
c015ade7: 00
c015ade8: c7 44 24 34 00 00 00 movl $0x0,0x34(%esp)
c015adef: 00
c015adf0: c7 44 24 38 00 00 00 movl $0x0,0x38(%esp)
c015adf7: 00
c015adf8: 8b 1e mov (%esi),%ebx
c015adfa: c7 44 24 5c f5 04 12 movl $0xc01204f5,0x5c(%esp)
c015ae01: c0
c015ae02: 89 5c 24 58 mov %ebx,0x58(%esp)
c015ae06: 8d 5c 24 60 lea 0x60(%esp),%ebx
c015ae0a: 89 5c 24 60 mov %ebx,0x60(%esp)
c015ae0e: 89 5c 24 64 mov %ebx,0x64(%esp)
c015ae12: 8b 1f mov (%edi),%ebx
c015ae14: 8b 77 04 mov 0x4(%edi),%esi
c015ae17: 89 5c 24 3c mov %ebx,0x3c(%esp)
c015ae1b: 89 74 24 40 mov %esi,0x40(%esp)
c015ae1f: 8b 78 10 mov 0x10(%eax),%edi
c015ae22: 89 e8 mov %ebp,%eax
c015ae24: 56 push %esi
c015ae25: 53 push %ebx
c015ae26: ff 57 0c call *0xc(%edi)
c015ae29: 5b pop %ebx
c015ae2a: 3d ef fd ff ff cmp $0xfffffdef,%eax
c015ae2f: 89 c1 mov %eax,%ecx
c015ae31: 5e pop %esi
c015ae32: 75 09 jne c015ae3d <do_sync_read+0xab>
c015ae34: 89 e8 mov %ebp,%eax
c015ae36: e8 eb f7 01 00 call c017a626 <wait_on_sync_kiocb>
c015ae3b: 89 c1 mov %eax,%ecx
c015ae3d: 8b 44 24 3c mov 0x3c(%esp),%eax
c015ae41: 8b 9c 24 94 00 00 00 mov 0x94(%esp),%ebx
c015ae48: 8b 54 24 40 mov 0x40(%esp),%edx
c015ae4c: 89 03 mov %eax,(%ebx)
c015ae4e: 89 c8 mov %ecx,%eax
c015ae50: 89 53 04 mov %edx,0x4(%ebx)
c015ae53: 83 ec 80 sub $0xffffff80,%esp
c015ae56: 5b pop %ebx
c015ae57: 5e pop %esi
c015ae58: 5f pop %edi
c015ae59: 5d pop %ebp
c015ae5a: c3 ret
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-12-13 10:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-12-13 23:17 wrong value of stack argument retrieved by systemtap Gui,Jian
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).