Possible bug in putting processes to sleep


I wanted to file a bug report on this, but I think the registration mail
got caught up in the greylisting for now.

I have a small script that detects if a process with a specific name is
running, and if so, puts it to sleep straight away after detecting a
system call from it.

# cat stap_app.stp
#include <linux/signal.h>

global countdown, p_id

function do_sleep:long (process_id:long)
    struct task_struct *sigtask;
    sigtask = find_task_by_pid(THIS->process_id);
    send_sig(SIGSTOP, sigtask, 0);


probe kernel.function("sys_*") {
    if (execname() == "open-close") {
        printf("%s\n", probefunc());


Next, I run a small program that can read from a file, or write to it, or print out some info about how to use it.

The code is as follows:
# cat open-close.c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
        char *userinput = malloc(20);
        FILE *file;
        char text[100];

        if (argc < 2) {
                printf("usage: 1 for reading, 2 'text' for writing 'text' \n");

        if (strcmp(argv[1],"1") == 0) {
                file = fopen("test", "r");

                printf("LÃst = %s\n", text);

        } else if (strcmp(argv[1],"2") == 0) {
                file = fopen("test", "w");

                strcpy(userinput, argv[2]);
                fprintf(file, "%s", userinput);
                printf("skrevet: %s\n", userinput);

        } else {
                printf("usage: 1 for reading, 2 'text' for writing 'text'.. \n");

        return 0;

When I run the stap script, and I subsequently run the program, I get
# staprun /root/.systemtap/cache/af/stap_aff2f447749d27fd4480a10ee9a53dc8_47299.ko


Now for the actual question: any explanation of why two system calls are
being printed out?

Shouldn't the program be halted right after the first system call is


