public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
From: "wcohen at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug translator/27785] New: The ioctl_handler.stp example causes stap to segmentation fault
Date: Tue, 27 Apr 2021 18:46:17 +0000	[thread overview]
Message-ID: <bug-27785-6586@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=27785

            Bug ID: 27785
           Summary: The ioctl_handler.stp example causes stap to
                    segmentation fault
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: wcohen at redhat dot com
  Target Milestone: ---

When looking through the test results for systemtap examples I found that the
ioctl_handler.stp example failed to build.  This can be replicated on the
previous systemtap-4.4 and the systemtap built from the current git repo.  It
is pretty easy to replicate:

$ stap --example -v -p4 ioctl_handler.stp
Pass 1: parsed user script and 494 library scripts using
331292virt/95960res/12460shr/83072data kb, in 140usr/20sys/157real ms.
Segmentation fault (core dumped)

Ran stap in gdb to get a backtrace of where the problem occurred.  Looks like
catch_error_var field of the try_block is null:

Reading symbols from
/usr/lib/debug/usr/bin/stap-4.5-1.202104221025.fc33.x86_64.debug...
(gdb) run --example -v -p4 ioctl_handler.stp
Starting program: /usr/bin/stap --example -v -p4 ioctl_handler.stp
Missing separate debuginfos, use: dnf debuginfo-install
glibc-2.32-4.fc33.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Pass 1: parsed user script and 494 library scripts using
331292virt/95852res/12328shr/83072data kb, in 140usr/30sys/170real ms.

Program received signal SIGSEGV, Segmentation fault.
0x0000555555616b92 in symuse_collecting_visitor::visit_try_block
(this=0x7fffffff8330, s=0x555556ff5ff0) at staptree.cxx:2534
2534      if (s->catch_error_var->referent)
(gdb) print s
$1 = (try_block *) 0x555556ff5ff0
(gdb) print *s
$2 = {<statement> = {<visitable> = {_vptr.visitable = 0x55555585eb30 <vtable
for try_block+16>}, tok = 0x55555633dbf0}, 
  try_block = 0x55555714b220, catch_block = 0x5555571524f0, catch_error_var =
0x0}
(gdb) where
#0  0x0000555555616b92 in symuse_collecting_visitor::visit_try_block
(this=0x7fffffff8330, s=0x555556ff5ff0)
    at staptree.cxx:2534
#1  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330,
s=0x5555564f8320) at staptree.cxx:1957
#2  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330,
s=0x55555a992f60) at staptree.cxx:1957
#3  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330,
s=0x55555e5a80d0) at staptree.cxx:1957
#4  0x0000555555640250 in probewrite_evaluator::visit_probewrite_op
(this=0x7fffffff8980, e=0x555557c1d400)
    at elaborate.cxx:4455
#5  0x000055555562726a in update_visitor::require<expression>
(this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#6  0x000055555561bc6e in update_visitor::replace<expression> (clearok=false,
src=@0x55555e5aa3f0: 0x555557c1d400, 
    this=0x7fffffff8980) at staptree.h:1331
#7  update_visitor::visit_if_statement (this=0x7fffffff8980, s=0x55555e5aa3e0)
at staptree.cxx:3461
#8  0x0000555555626e9a in update_visitor::require<statement>
(this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#9  0x000055555561b130 in update_visitor::replace<statement> (clearok=false,
src=<optimized out>, this=0x7fffffff8980)
    at staptree.h:1331
#10 update_visitor::visit_block (this=0x7fffffff8980, s=0x55555e5aa3b0) at
staptree.cxx:3426
#11 0x0000555555626e9a in update_visitor::require<statement>
(this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#12 0x000055555561b130 in update_visitor::replace<statement> (clearok=false,
src=<optimized out>, this=0x7fffffff8980)
    at staptree.h:1331
#13 update_visitor::visit_block (this=0x7fffffff8980, s=0x55555e5aa770) at
staptree.cxx:3426
#14 0x0000555555626e9a in update_visitor::require<statement>
(this=0x7fffffff8980, src=<optimized out>, 
--Type <RET> for more, q to quit, c to continue without paging--
    clearok=<optimized out>) at staptree.h:1300
#15 0x0000555555626f9e in update_visitor::replace<statement>
(this=0x7fffffff8980, src=@0x55555e5a9b90: 0x55555e5aa770, 
    clearok=<optimized out>) at staptree.h:1331
#16 0x00005555556318e0 in alias_expansion_builder::build_with_suffix
(this=0x55555a874db0, sess=..., use=<optimized out>, 
    location=0x55555e475dd0, finished_results=std::vector of length 0, capacity
0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:938
#17 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>,
sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at
elaborate.cxx:867

#18 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874d00,
s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0,
builders=std::set with 0 elements) at elaborate.cxx:479
#19 0x000055555562c861 in match_node::find_and_build (this=0x555556c3a730,
s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653

#20 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0,
s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653
#21 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=...,
optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#22 0x000055555563191a in alias_expansion_builder::build_with_suffix
(this=0x55555a874ae0, sess=..., use=<optimized out>, 
    location=0x55555a992ed0, finished_results=std::vector of length 0, capacity
0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:943
#23 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>,
sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at
elaborate.cxx:867

#24 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874a30,
s=..., p=0x55555a9920b0, loc=0x55555a992ed0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0,
builders=std::set with 0 elements) at elaborate.cxx:479
--Type <RET> for more, q to quit, c to continue without paging--
#25 0x000055555562c861 in match_node::find_and_build (this=0x555559d428a0,
s=..., p=0x55555a9920b0, loc=0x55555a992ed0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653
#26 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0,
s=..., p=0x55555a9920b0, loc=0x55555a992ed0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653
#27 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=...,
optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#28 0x000055555563191a in alias_expansion_builder::build_with_suffix
(this=0x55555a874540, sess=..., use=<optimized out>, 
    location=0x55555a21a5b0, finished_results=std::vector of length 0, capacity
0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:943
#29 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>,
sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at
elaborate.cxx:867
#30 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874490,
s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0,
builders=std::set with 0 elements) at elaborate.cxx:479
#31 0x000055555562c861 in match_node::find_and_build (this=0x55555a21cf10,
s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653
#32 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0,
s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0
elements) at elaborate.cxx:653
#33 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=...,
optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#34 0x00005555555e8f75 in semantic_pass_symbols (s=...) at elaborate.cxx:1950
#35 semantic_pass (s=...) at elaborate.cxx:2540
#36 passes_0_4 (s=...) at main.cxx:1049
#37 0x00005555555db94e in main (argc=<optimized out>, argv=0x7fffffffc138) at
main.cxx:1534
(gdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.

             reply	other threads:[~2021-04-27 18:46 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-27 18:46 wcohen at redhat dot com [this message]
2021-04-27 19:48 ` [Bug translator/27785] " fche at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-27785-6586@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=systemtap@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).