From owner-freebsd-dtrace@FreeBSD.ORG Thu Oct 24 02:59:09 2013 Return-Path: Delivered-To: dtrace@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 49EC2E96 for ; Thu, 24 Oct 2013 02:59:09 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qa0-x235.google.com (mail-qa0-x235.google.com [IPv6:2607:f8b0:400d:c00::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0C2132320 for ; Thu, 24 Oct 2013 02:59:08 +0000 (UTC) Received: by mail-qa0-f53.google.com with SMTP id k15so1047999qaq.5 for ; Wed, 23 Oct 2013 19:59:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=i7BE0nbIKNPmCaeN5gVWISSLN62Dox2gMORfvdO0Q84=; b=vY0zFZWW45f567mULGgzsB40ejYER9DIORomgD3HoY4N8f2RdalcvVJ+MUdmLjhg9I /0Y8gkG1K1jMNSpZPJqFJa7qZJ9G7qDchkgkTcU4tgtXdRZF1GTIPr2t8QJp7JLqL/66 +OSfm6OsGlMgrbV3tOXm2VSqrueFg5uiLueNqckQOfLr+wCH9FAcTtn+RGI8cspCfKPg 5Lfex7OspoVDjIci99Ejqwqf5h6IncPxBQDNT/E2e8Kv3gkmuW/RQiQJBnES5+CBwrvq ubFHl2NQaw9fxju8VDPORX0b0r+kqWxosHibH3whQrvtDkiVp2XkxvDJknE9GNMKk1+F UDRg== X-Received: by 10.49.62.137 with SMTP id y9mr469445qer.59.1382583548273; Wed, 23 Oct 2013 19:59:08 -0700 (PDT) Received: from charmander (24-212-218-13.cable.teksavvy.com. [24.212.218.13]) by mx.google.com with ESMTPSA id d7sm3080813qas.10.2013.10.23.19.59.07 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 19:59:07 -0700 (PDT) Sender: Mark Johnston Date: Wed, 23 Oct 2013 22:59:02 -0400 From: Mark Johnston To: symbolics@gmx.com Subject: Re: Firefox crash during dtrace attach under -CURRENT Message-ID: <20131024025902.GA2286@charmander> References: <20131023203009.GA92945@lemon> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20131023203009.GA92945@lemon> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: dtrace@freebsd.org X-BeenThere: freebsd-dtrace@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "A discussion list for developers working on DTrace in FreeBSD." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2013 02:59:09 -0000 On Wed, Oct 23, 2013 at 09:30:09PM +0100, symbolics@gmx.com wrote: > Hi, > > http://dtrace.org/blogs/brendan/2011/02/11/dtrace-pid-provider-arguments/ > > I tried to follow some of the examples but I crash the Firefox process > each time. Sometimes DTrace manages to collect a little data before the > death. > > [...] > > Is this a known problem or should I send a PR? Thanks for reporting this: I was able to reproduce the crash and managed to find a nasty pair of bugs. Could you test the patch below and let me know if it fixes the problem for you as well? If you see more crashes, please include the backtrace and signo from gdb again; it would likely be a different problem that needs to be debugged and fixed separately. For anyone interested, the bug is that fasttrap's ebp push instruction emulation code is just wrong: it's supposed to save %rbp at %rsp - 8. But instead it tries to save %rsp at %rsp - 8, and also reverses the uaddr/kaddr arguments to copyout(), resulting in strange crashes. I managed to narrow in on the problem with a test program that prints %rbp immediately before and after a tracepoint. Can anyone review this diff? I'd like to check it in soon, assuming that I haven't also made a mistake somewhere. :) Thanks, -Mark diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c index 8b5ce9f..bb5c9af 100644 --- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c +++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c @@ -1399,12 +1399,12 @@ fasttrap_pid_probe(struct reg *rp) #ifdef __amd64 if (p->p_model == DATAMODEL_NATIVE) { addr = rp->r_rsp - sizeof (uintptr_t); - ret = fasttrap_sulword((void *)addr, &rp->r_rsp); + ret = fasttrap_sulword(&rp->r_rbp, (void *)addr); } else { #endif #ifdef __i386__ addr = rp->r_rsp - sizeof (uint32_t); - ret = fasttrap_suword32((void *)addr, &rp->r_rsp); + ret = fasttrap_suword32(&rp->r_rbp, (void *)addr); #endif #ifdef __amd64 }