Re: DTrace - capturing two userspace strack frames on top of system call
Date: Mon, 23 Jan 2023 03:04:50 UTC
Actually the error only appears on arm64 for me. I moved the script
to amd64 and it works as I thought.
Martin
Martin Cracauer wrote on Sun, Jan 22, 2023 at 08:54:31PM -0500:
> I want to capture the (userland) stack trace on top of the write(2)
> system call. I seem to have some difficulty switching from kernel to
> user mode here. For every write system call I want to print the
> calling userlevel frames. I can't care whether they are individually
> printed or counted.
>
> Here is what I think should do it:
> syscall::write*:entry /arg1/ { @traces[ustack()] = count(); }
>
> However, I get one error each for each write call:
> dtrace: error on enabled probe ID 2 (ID 56902:
> syscall:freebsd:write:entry): invalid address (0x0) in action #2
>
> This gives the same error:
> syscall::write*:entry /arg1/ { ustack(); }
>
>
> %%
>
> If I use system stackframes it works, but of course it doesn't print
> the calling frames:
>
> syscall::write*:entry /arg1/ { @traces[stack()] = count(); }
>
> dtrace: script 'stack-to-write.dtrace' matched 3 probes
> dtrace: buffer size lowered to 2m
> dtrace: aggregation size lowered to 2m
> dtrace: pid 11790 has exited
>
>
> kernel`handle_el0_sync+0x40
> 136
>
> %%
>
> Is what I am trying to do even possible? Can I mix kernel and
> userlevel space like this?
>
> Any other ideas? I could brute-force it with LD_PRELOAD overloading
> of write(2), but dtrace would be more elegant.
>
> Thanks in advance
> Martin
> --
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/
--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/