Date: Wed, 23 Oct 2013 22:59:02 -0400 From: Mark Johnston <markj@freebsd.org> To: symbolics@gmx.com Cc: dtrace@freebsd.org Subject: Re: Firefox crash during dtrace attach under -CURRENT Message-ID: <20131024025902.GA2286@charmander> In-Reply-To: <20131023203009.GA92945@lemon> References: <20131023203009.GA92945@lemon>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 23, 2013 at 09:30:09PM +0100, symbolics@gmx.com wrote: > Hi, > > http://dtrace.org/blogs/brendan/2011/02/11/dtrace-pid-provider-arguments/ > > I tried to follow some of the examples but I crash the Firefox process > each time. Sometimes DTrace manages to collect a little data before the > death. > > [...] > > Is this a known problem or should I send a PR? Thanks for reporting this: I was able to reproduce the crash and managed to find a nasty pair of bugs. Could you test the patch below and let me know if it fixes the problem for you as well? If you see more crashes, please include the backtrace and signo from gdb again; it would likely be a different problem that needs to be debugged and fixed separately. For anyone interested, the bug is that fasttrap's ebp push instruction emulation code is just wrong: it's supposed to save %rbp at %rsp - 8. But instead it tries to save %rsp at %rsp - 8, and also reverses the uaddr/kaddr arguments to copyout(), resulting in strange crashes. I managed to narrow in on the problem with a test program that prints %rbp immediately before and after a tracepoint. Can anyone review this diff? I'd like to check it in soon, assuming that I haven't also made a mistake somewhere. :) Thanks, -Mark diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c index 8b5ce9f..bb5c9af 100644 --- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c +++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c @@ -1399,12 +1399,12 @@ fasttrap_pid_probe(struct reg *rp) #ifdef __amd64 if (p->p_model == DATAMODEL_NATIVE) { addr = rp->r_rsp - sizeof (uintptr_t); - ret = fasttrap_sulword((void *)addr, &rp->r_rsp); + ret = fasttrap_sulword(&rp->r_rbp, (void *)addr); } else { #endif #ifdef __i386__ addr = rp->r_rsp - sizeof (uint32_t); - ret = fasttrap_suword32((void *)addr, &rp->r_rsp); + ret = fasttrap_suword32(&rp->r_rbp, (void *)addr); #endif #ifdef __amd64 }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131024025902.GA2286>