Bug 27785 - The ioctl_handler.stp example causes stap to segmentation fault
Summary: The ioctl_handler.stp example causes stap to segmentation fault
Status: RESOLVED FIXED
Alias: None
Product: systemtap
Classification: Unclassified
Component: translator (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-27 18:46 UTC by William Cohen
Modified: 2021-04-27 19:48 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description William Cohen 2021-04-27 18:46:17 UTC
When looking through the test results for systemtap examples I found that the ioctl_handler.stp example failed to build.  This can be replicated on the previous systemtap-4.4 and the systemtap built from the current git repo.  It is pretty easy to replicate:

$ stap --example -v -p4 ioctl_handler.stp
Pass 1: parsed user script and 494 library scripts using 331292virt/95960res/12460shr/83072data kb, in 140usr/20sys/157real ms.
Segmentation fault (core dumped)

Ran stap in gdb to get a backtrace of where the problem occurred.  Looks like catch_error_var field of the try_block is null:

Reading symbols from /usr/lib/debug/usr/bin/stap-4.5-1.202104221025.fc33.x86_64.debug...
(gdb) run --example -v -p4 ioctl_handler.stp
Starting program: /usr/bin/stap --example -v -p4 ioctl_handler.stp
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.32-4.fc33.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Pass 1: parsed user script and 494 library scripts using 331292virt/95852res/12328shr/83072data kb, in 140usr/30sys/170real ms.

Program received signal SIGSEGV, Segmentation fault.
0x0000555555616b92 in symuse_collecting_visitor::visit_try_block (this=0x7fffffff8330, s=0x555556ff5ff0) at staptree.cxx:2534
2534	  if (s->catch_error_var->referent)
(gdb) print s
$1 = (try_block *) 0x555556ff5ff0
(gdb) print *s
$2 = {<statement> = {<visitable> = {_vptr.visitable = 0x55555585eb30 <vtable for try_block+16>}, tok = 0x55555633dbf0}, 
  try_block = 0x55555714b220, catch_block = 0x5555571524f0, catch_error_var = 0x0}
(gdb) where
#0  0x0000555555616b92 in symuse_collecting_visitor::visit_try_block (this=0x7fffffff8330, s=0x555556ff5ff0)
    at staptree.cxx:2534
#1  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330, s=0x5555564f8320) at staptree.cxx:1957
#2  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330, s=0x55555a992f60) at staptree.cxx:1957
#3  0x0000555555614bcc in traversing_visitor::visit_block (this=0x7fffffff8330, s=0x55555e5a80d0) at staptree.cxx:1957
#4  0x0000555555640250 in probewrite_evaluator::visit_probewrite_op (this=0x7fffffff8980, e=0x555557c1d400)
    at elaborate.cxx:4455
#5  0x000055555562726a in update_visitor::require<expression> (this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#6  0x000055555561bc6e in update_visitor::replace<expression> (clearok=false, src=@0x55555e5aa3f0: 0x555557c1d400, 
    this=0x7fffffff8980) at staptree.h:1331
#7  update_visitor::visit_if_statement (this=0x7fffffff8980, s=0x55555e5aa3e0) at staptree.cxx:3461
#8  0x0000555555626e9a in update_visitor::require<statement> (this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#9  0x000055555561b130 in update_visitor::replace<statement> (clearok=false, src=<optimized out>, this=0x7fffffff8980)
    at staptree.h:1331
#10 update_visitor::visit_block (this=0x7fffffff8980, s=0x55555e5aa3b0) at staptree.cxx:3426
#11 0x0000555555626e9a in update_visitor::require<statement> (this=0x7fffffff8980, src=<optimized out>, 
    clearok=<optimized out>) at staptree.h:1300
#12 0x000055555561b130 in update_visitor::replace<statement> (clearok=false, src=<optimized out>, this=0x7fffffff8980)
    at staptree.h:1331
#13 update_visitor::visit_block (this=0x7fffffff8980, s=0x55555e5aa770) at staptree.cxx:3426
#14 0x0000555555626e9a in update_visitor::require<statement> (this=0x7fffffff8980, src=<optimized out>, 
--Type <RET> for more, q to quit, c to continue without paging--
    clearok=<optimized out>) at staptree.h:1300
#15 0x0000555555626f9e in update_visitor::replace<statement> (this=0x7fffffff8980, src=@0x55555e5a9b90: 0x55555e5aa770, 
    clearok=<optimized out>) at staptree.h:1331
#16 0x00005555556318e0 in alias_expansion_builder::build_with_suffix (this=0x55555a874db0, sess=..., use=<optimized out>, 
    location=0x55555e475dd0, finished_results=std::vector of length 0, capacity 0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:938
#17 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>, sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at elaborate.cxx:867

#18 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874d00, s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:479
#19 0x000055555562c861 in match_node::find_and_build (this=0x555556c3a730, s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653

#20 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0, s=..., p=0x55555e5a7cf0, loc=0x55555e475dd0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653
#21 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=..., optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#22 0x000055555563191a in alias_expansion_builder::build_with_suffix (this=0x55555a874ae0, sess=..., use=<optimized out>, 
    location=0x55555a992ed0, finished_results=std::vector of length 0, capacity 0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:943
#23 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>, sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at elaborate.cxx:867

#24 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874a30, s=..., p=0x55555a9920b0, loc=0x55555a992ed0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:479
--Type <RET> for more, q to quit, c to continue without paging--
#25 0x000055555562c861 in match_node::find_and_build (this=0x555559d428a0, s=..., p=0x55555a9920b0, loc=0x55555a992ed0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653
#26 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0, s=..., p=0x55555a9920b0, loc=0x55555a992ed0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653
#27 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=..., optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#28 0x000055555563191a in alias_expansion_builder::build_with_suffix (this=0x55555a874540, sess=..., use=<optimized out>, 
    location=0x55555a21a5b0, finished_results=std::vector of length 0, capacity 0, suffix=std::vector of length 0, capacity 0)
    at elaborate.cxx:943
#29 0x000055555562d385 in alias_expansion_builder::build (this=<optimized out>, sess=..., use=<optimized out>, 
    location=<optimized out>, parameters=..., finished_results=...) at elaborate.cxx:867
#30 0x000055555562c6bc in match_node::find_and_build (this=0x55555a874490, s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, 
    pos=<optimized out>, results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:479
#31 0x000055555562c861 in match_node::find_and_build (this=0x55555a21cf10, s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, pos=1, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653
#32 0x000055555562c861 in match_node::find_and_build (this=0x55555589f1c0, s=..., p=0x55555a7acc10, loc=0x55555a21a5b0, pos=0, 
    results=std::vector of length 0, capacity 0, builders=std::set with 0 elements) at elaborate.cxx:653
#33 0x0000555555630875 in derive_probes (s=..., p=<optimized out>, dps=..., optional=<optimized out>, 
    rethrow_errors=<optimized out>) at elaborate.cxx:1020
#34 0x00005555555e8f75 in semantic_pass_symbols (s=...) at elaborate.cxx:1950
#35 semantic_pass (s=...) at elaborate.cxx:2540
#36 passes_0_4 (s=...) at main.cxx:1049
#37 0x00005555555db94e in main (argc=<optimized out>, argv=0x7fffffffc138) at main.cxx:1534
(gdb)
Comment 1 Frank Ch. Eigler 2021-04-27 19:48:28 UTC
commit 6afaf5c48484