Firefox crash during dtrace attach under -CURRENT

Mark Johnston markj at freebsd.org
Thu Oct 24 02:59:09 UTC 2013 

On Wed, Oct 23, 2013 at 09:30:09PM +0100, symbolics at gmx.com wrote:
> Hi,
> 
> http://dtrace.org/blogs/brendan/2011/02/11/dtrace-pid-provider-arguments/
> 
> I tried to follow some of the examples but I crash the Firefox process
> each time. Sometimes DTrace manages to collect a little data before the
> death.
> 
> [...]
> 
> Is this a known problem or should I send a PR?

Thanks for reporting this: I was able to reproduce the crash and managed
to find a nasty pair of bugs. Could you test the patch below and let me
know if it fixes the problem for you as well? If you see more crashes,
please include the backtrace and signo from gdb again; it would likely
be a different problem that needs to be debugged and fixed separately.

For anyone interested, the bug is that fasttrap's ebp push instruction
emulation code is just wrong: it's supposed to save %rbp at %rsp - 8.
But instead it tries to save %rsp at %rsp - 8, and also reverses the
uaddr/kaddr arguments to copyout(), resulting in strange crashes. I
managed to narrow in on the problem with a test program that prints %rbp
immediately before and after a tracepoint.

Can anyone review this diff? I'd like to check it in soon, assuming
that I haven't also made a mistake somewhere. :)

Thanks,
-Mark

diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
index 8b5ce9f..bb5c9af 100644
--- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
+++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
@@ -1399,12 +1399,12 @@ fasttrap_pid_probe(struct reg *rp)
 #ifdef __amd64
 		if (p->p_model == DATAMODEL_NATIVE) {
 			addr = rp->r_rsp - sizeof (uintptr_t);
-			ret = fasttrap_sulword((void *)addr, &rp->r_rsp);
+			ret = fasttrap_sulword(&rp->r_rbp, (void *)addr);
 		} else {
 #endif
 #ifdef __i386__
 			addr = rp->r_rsp - sizeof (uint32_t);
-			ret = fasttrap_suword32((void *)addr, &rp->r_rsp);
+			ret = fasttrap_suword32(&rp->r_rbp, (void *)addr);
 #endif
 #ifdef __amd64
 		}

More information about the freebsd-dtrace mailing list