On Mon, 12 Jan 2026 22:49:38 +0100
Jiri Olsa <[email protected]> wrote:
> To recreate same stack setup for return probe as we have for entry
> probe, we set the instruction pointer to the attached function address,
> which gets us the same unwind setup and same stack trace.
>
> With the fix, entry probe:
>
> # bpftrace -e 'kprobe:__x64_sys_newuname* { print(kstack)}'
> Attaching 1 probe...
>
> __x64_sys_newuname+9
> do_syscall_64+134
> entry_SYSCALL_64_after_hwframe+118
>
> return probe:
>
> # bpftrace -e 'kretprobe:__x64_sys_newuname* { print(kstack)}'
> Attaching 1 probe...
>
> __x64_sys_newuname+4
> do_syscall_64+134
> entry_SYSCALL_64_after_hwframe+118
But is this really correct?
The stack trace of the return from __x86_sys_newuname is from offset "+4".
The stack trace from entry is offset "+9". Isn't it confusing that the
offset is likely not from the return portion of that function?
-- Steve
>
> Fixes: 6d08340d1e35 ("Revert "perf/x86: Always store regs->ip in
> perf_callchain_kernel()"")
> Reported-by: Mahe Tardy <[email protected]>
> Signed-off-by: Jiri Olsa <[email protected]>
