[libunwind] problem unwinding syscalls in 2.6 linux

[Mike Bennett]

I'm using libunwind (0.98.2) to dump the stack of a process
in linux (2.6, glibc version 2.3.3 ) and I see different results
between what I get from walking the stack using the ptrace
flavor of libunwind and what I get from doing a stack trace
of the same process under gdb (version 6.0-2).

In particular, it appears walking the stack of a process in a
syscall isn't being unwound correctly.

I've tried to isolate a test case for this; it involves a patch
to the test-ptrace.c utility to attach to an existing pid. Please
find a 'diff -c' of this attached to this email.

To summarize, I create a process sitting on a syscall (read) by
running:
  'cat > dev/null'
in a different window, obtaining its pid and attaching to
it first by gdb:
    gdb - <pid>
then doing the 'where' command.
Next, for comparision, I ran the modified test-ptrace using
  './test-ptrace -v -P <pid>'
to see libunwind's version of the stack. The different
call stacks are shown below.

>From my own testing, it appears a process *not* in a syscall
can be traced correctly using libunwind. I know that linux 2.6
x86 introduced a new syscall implementation...

Any tips or pointers on where to go next would be appreciated!
Thanks!
  -mike


== GDB RESULTS SUMMARY ==
gdb's 'where' command gives the following call stack:
(gdb) where
#0  0xffffe410 in ?? ()
#1  0xbffff408 in ?? ()
#2  0x00000400 in ?? ()
#3  0x0804ead8 in ?? ()
#4  0x40104f83 in read () from /lib/tls/libc.so.6
#5  0x0804a779 in ?? ()

== LIBUNWIND RESULTS SUMMARY ==
Via the modified test-ptrace, I got the following callstack
of the same process (extra detail snipped):
00000000ffffe410                                  (sp=00000000bffff3d8)
0000000008048e6d                                  (sp=00000000bffff410)
0000000008049899                                  (sp=00000000bffff430)
000000004003f95d __libc_start_main                (sp=00000000bffff510)
0000000008048c31                                  (sp=00000000bffff570)

The first frame matches, but from there things go awry.

------------------------------------------------------------------
------------------------------------------------------------------
------------------------------------------------------------------

DETAILS FOLLOW:

============ the GDB attach ====================

/usr/local/build/libunwind-0.98.2/tests% gdb - 15670
GNU gdb 6.0-2mdk (Mandrake Linux)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux-gnu"...-: No such file or
directory.

Attaching to process 15670
Reading symbols from /bin/cat...(no debugging symbols found)...done.
Using host libthread_db library "/lib/tls/libthread_db.so.1".
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
0xffffe410 in ?? ()
(gdb) where
#0  0xffffe410 in ?? ()
#1  0xbffff408 in ?? ()
#2  0x00000400 in ?? ()
#3  0x0804ead8 in ?? ()
#4  0x40104f83 in read () from /lib/tls/libc.so.6
#5  0x0804a779 in ?? ()
(gdb) info frame
Stack level 0, frame at 0xbffff3dc:
 eip = 0xffffe410; saved eip 0xbffff408
 called by frame at 0xbffff3e0
 Arglist at 0xbffff3d4, args:
 Locals at 0xbffff3d4, Previous frame's sp is 0xbffff3dc
 Saved registers:
  eip at 0xbffff3d8
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /bin/cat, process 15670

============ the modified TEST-PTRACE attach ====================

/usr/local/build/libunwind-0.98.2/tests% ./test-ptrace -v -P 15670
attaching to remote process pid 15670
00000000ffffe410                                  (sp=00000000bffff3d8)
        proc=000000000004d0b3-00000000bffff5d8
        handler=4004d0b3 lsda=40009331
0000000008048e6d                                  (sp=00000000bffff410)
        proc=000000000004d0b3-00000000bffff5d8
        handler=4004d0b3 lsda=40009331
0000000008049899                                  (sp=00000000bffff430)
        proc=000000000004d0b3-00000000bffff5d8
        handler=4004d0b3 lsda=40009331
000000004003f95d __libc_start_main                (sp=00000000bffff510)
        proc=000000000004d0b3-00000000bffff5d8
        handler=4004d0b3 lsda=40009331
0000000008048c31                                  (sp=00000000bffff570)
        proc=000000000004d0b3-00000000bffff5d8
        handler=4004d0b3 lsda=40009331
================
^C

============= OS version ================
/usr/local/build/libunwind-0.98.2/tests% uname -a
Linux anarchy 2.6.3-7mdk #1 Wed Mar 17 15:56:42 CET 2004 i686 unknown unknown
GNU/Linux

============= glibc version ================

GNU C Library stable release version 2.3.3, by Roland McGrath et al.
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 3.3.2 (Mandrake Linux 10.0 3.3.2-4mdk).
Compiled on a Linux 2.6.0 system on 2004-02-16.
Available extensions:
        GNU libio by Per Bothner
        crypt add-on version 2.1 by Michael Glad and others
        linuxthreads-0.10 by Xavier Leroy
        BIND-8.2.3-T5B
        libthread_db work sponsored by Alpha Processor Inc
        NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Thread-local storage support included.
Report bugs using the `glibcbug' script to <address@hidden>.

============= test-ptrace.c patch (attached) =============
============= created by 'diff -c' =======================
============= this was against libunwind-0.98.2 ==========

test-ptrace.c_patch
Description: Binary data