Argument address that should be inside user stack isn't there in Pintos

Question

I am currently testing on a slightly modified version of Pintos project where a user program calls in a child process as such.

void
test_main (void) 
{
  msg ("wait(exec()) = %d", wait (exec ("child-simple")));
}

Where wait( ) and exec( ) are corresponding system calls implemented in userprog/syscall.c

According to lib/user/syscall.h in Pintos, when a system call is called, it inserts the needed arguments and the defined number for a corresponding system call into the user stack (esp). So for our example above, it should push the address for file name (which should be a const char* type) "child-simple" and the system call number corresponding to exec( ).

#define syscall1(NUMBER, ARG0)                                           \
        ({                                                               \
          int retval;                                                    \
          asm volatile                                                   \
            ("pushl %[arg0]; pushl %[number]; int $0x30; addl $8, %%esp" \
               : "=a" (retval)                                           \
               : [number] "i" (NUMBER),                                  \
                 [arg0] "g" (ARG0)                                       \
               : "memory");                                              \
          retval;                                                        \
        })

Now the problem is that while implementing the system call handler and its functions, I successfully managed to extract the system call number (int 2) from the stack pointer passed onto the syscall_handler( ) function.

case SYS_EXEC:{             // f-> esp + 4 doesn't have file address???
      is_valid_vaddr(f->esp + 4);
      f->eax = exec((char*)(f->esp+4));
      break;
    }

(SYS_EXEC is 2) Now we jump to this part in a switch statement where we have to get the address to where the file name is stored, and according to the assembly code above, it should be stored next to the system call number, which was in f->esp. After checking whether that address is valid, we call the system call exec() to deal with the given file name. But when seeing that exec() did not create a child thread and checking the memory with the hex_dump() function, there was no address to the file name "child-simple" next to the system call number. So I'm wondering where it could have gone wrong, or am I looking for it in a totally wrong place?

esp position : 0xbfffff74
syscall number : 2
bfffff70              02 00 00 00-79 b2 04 08 01 81 04 08 |    ....y.......|
bfffff80  79 b2 04 08 a7 88 04 08-b8 ff ff 0e c8 c6 04 08 |y...............|
bfffff90  00 00 00 00                                     |....            |

This was the result of the hex_dump() function, and we can see 02 00 00 00 which is the system call number on address 0xbffff74 and after that, there should be the address to the file name, but there isn't. So what's weird is how the system call number made it, but the string didn't.