Re: DTrace - capturing two userspace strack frames on top of system call

Reply: Mark Johnston : "Re: DTrace - capturing two userspace strack frames on top of system call"
In reply to: Mark Johnston : "Re: DTrace - capturing two userspace strack frames on top of system call"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Martin Cracauer <cracauer_at_cons.org>
Date: Mon, 23 Jan 2023 21:54:05 UTC

Mark Johnston wrote on Mon, Jan 23, 2023 at 11:52:12AM -0500: 
> On Sun, Jan 22, 2023 at 10:04:50PM -0500, Martin Cracauer wrote:
> > Actually the error only appears on arm64 for me.  I moved the script
> > to amd64 and it works as I thought.
> 
> Support for userspace tracing on arm64 is definitely less mature than on
> amd64, so this isn't too surprising, unfortunately.
> 
> Is the problem reproducible with a trivial program compiled with
> -fno-omit-frame-pointer?

Yes:
$ gcc -O2 -fno-omit-frame-pointer -Wall -Werror -o crasparse crasparse.c
# dtrace -n 'syscall::write*:entry /arg1/ { @traces[ustack()] = count(); }' -c ./crasparse
dtrace: error on enabled probe ID 1 (ID 57136: syscall:freebsd:writev:entry): invalid address (0x0) in action #2
[...]

Should I make a bugzilla entry out of this?

Martin

> > Martin Cracauer wrote on Sun, Jan 22, 2023 at 08:54:31PM -0500: 
> > > I want to capture the (userland) stack trace on top  of the write(2)
> > > system call.  I seem to have some difficulty switching from kernel to
> > > user mode here.  For every write system call I want to print the
> > > calling userlevel frames.  I can't care whether they are individually
> > > printed or counted.
> > > 
> > > Here is what I think should do it:
> > > syscall::write*:entry /arg1/ { @traces[ustack()] = count(); }
> > > 
> > > However, I get one error each for each write call:
> > > dtrace: error on enabled probe ID 2 (ID 56902:
> > >   syscall:freebsd:write:entry): invalid address (0x0) in action #2
> > > 
> > > This gives the same error:
> > > syscall::write*:entry /arg1/ { ustack(); }
> > > 
> > > 
> > > %%
> > > 
> > > If I use system stackframes it works, but of course it doesn't print
> > > the calling frames:
> > > 
> > > syscall::write*:entry /arg1/ { @traces[stack()] = count(); }
> > > 
> > > dtrace: script 'stack-to-write.dtrace' matched 3 probes
> > > dtrace: buffer size lowered to 2m
> > > dtrace: aggregation size lowered to 2m
> > > dtrace: pid 11790 has exited
> > > 
> > > 
> > >               kernel`handle_el0_sync+0x40
> > >               136
> > > 
> > > %%
> > > 
> > > Is what I am trying to do even possible? Can I mix kernel and
> > > userlevel space like this? 
> > > 
> > > Any other ideas? I could brute-force it with LD_PRELOAD overloading
> > > of write(2), but dtrace would be more elegant.
> > > 
> > > Thanks in advance
> > >     Martin
> > > -- 
> > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> > > Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/
> > 
> > -- 
> > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> > Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/
> > 

-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/