This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug runtime/12141] New: Segmentation fault in apps probed by libstdc++ i686

From: "jistone at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: systemtap at sources dot redhat dot com
Date: Wed, 20 Oct 2010 06:25:02 +0000
Subject: [Bug runtime/12141] New: Segmentation fault in apps probed by libstdc++ i686
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=12141

           Summary: Segmentation fault in apps probed by libstdc++ i686
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
        AssignedTo: systemtap@sources.redhat.com
        ReportedBy: jistone@redhat.com


I can reproduce this on Fedora 12 and 13, i686 only:

$ stap -e 'probe process("/usr/lib/libstdc++.so.6").function("operator new")
{next}' -c 'stap -V'

... produces no output, when the -c stap should print its version.  So instead
I left that probe running on its own, and ran the "stap -V" in gdb:

(gdb) run -V
Starting program: /usr/local/bin/stap -V
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x0020914c in _Settings ()
    at
/usr/src/debug/gcc-4.4.4-20100630/obj-i686-redhat-linux/i686-redhat-linux/libstdc++-v3/include/parallel/settings.h:276
276        _Settings() : algorithm_strategy(heuristic), [...]
(gdb) bt
#0  0x0020914c in _Settings ()
    at
/usr/src/debug/gcc-4.4.4-20100630/obj-i686-redhat-linux/i686-redhat-linux/libstdc++-v3/include/parallel/settings.h:276
#1  __static_initialization_and_destruction_0 ()
    at ../../../../libstdc++-v3/src/parallel_settings.cc:29
#2  global constructors keyed to parallel_settings.cc(void) ()
    at ../../../../libstdc++-v3/src/parallel_settings.cc:42
#3  0x0021208d in __do_global_ctors_aux () from /usr/lib/libstdc++.so.6
#4  0x0019cd34 in _init () from /usr/lib/libstdc++.so.6
#5  0x00771da0 in _dl_init_internal () from /lib/ld-linux.so.2
#6  0x0076388f in _dl_start_user () from /lib/ld-linux.so.2

NB: We haven't even reached main!

(gdb) disassemble /r 
Dump of assembler code for function _GLOBAL__I_parallel_settings.cc(void):
[...]
   0x00209142 <+674>:     c7 81 dc 29 00 00 00 00 00 00    movl  
$0x0,0x29dc(%ecx)
=> 0x0020914c <+684>:     c7 81 e0 29 cc 00 10 27 00 00    movl  
$0x2710,0xcc29e0(%ecx)
   0x00209156 <+694>:     c7 81 e4 29 00 00 00 00 00 00    movl  
$0x0,0x29e4(%ecx)

The 0xCC sticks out like a sore thumb...  And indeed, if I kill the running
probe, this 0xCC turns back into 0x00, so it's definitely our uprobes INT3, in
a very bad place.

$ stap -l 'process("/usr/lib/libstdc++.so.6").function("operator new")' -vv |&
grep pc=
probe operator new@../../../../libstdc++-v3/libsupc++/new_opnt.cc:37
process=/usr/lib/libstdc++.so.6.0.13 reloc=.dynamic pc=0xaf200
probe operator new@../../../../libstdc++-v3/libsupc++/new_op.cc:45
process=/usr/lib/libstdc++.so.6.0.13 reloc=.dynamic pc=0xaf150

$ nm /usr/lib/debug/usr/lib/libstdc++.so.6.0.13.debug | c++filt | grep
'operator new('
000af150 T operator new(unsigned int)
000af200 T operator new(unsigned int, std::nothrow_t const&)

So far, so good.  With -DDEBUG_UPROBES, I see:

stap_uprobe_change_plus:67: +uprobe spec 0 idx 0 process stap[2907] addr
00209200 pp process("/usr/lib/libstdc++.so.6.0.13").function("operator
new@../../../../libstdc++-v3/libsupc++/new_opnt.cc:37")
stap_uprobe_change_plus:67: +uprobe spec 1 idx 1 process stap[2907] addr
00209150 pp process("/usr/lib/libstdc++.so.6.0.13").function("operator
new@../../../../libstdc++-v3/libsupc++/new_op.cc:45")
stap_uprobe_change_minus:225: -uprobe spec 0 idx 0 process stap[2907] reloc
00209200 pp process("/usr/lib/libstdc++.so.6.0.13").function("operator
new@../../../../libstdc++-v3/libsupc++/new_opnt.cc:37")
stap_uprobe_change_minus:225: -uprobe spec 1 idx 1 process stap[2907] reloc
00209150 pp process("/usr/lib/libstdc++.so.6.0.13").function("operator
new@../../../../libstdc++-v3/libsupc++/new_op.cc:45")

The addrs here confirm what I saw in gdb's disassembly, but they're clearly not
the right place.  So where would gdb probe?

(gdb) b 'operator new(unsigned int)'
Breakpoint 2 at 0x20b8ca: file ../../../../libstdc++-v3/libsupc++/new_op.cc,
line 46.
(gdb) b 'operator new(unsigned int, std::nothrow_t const&)' 
Breakpoint 3 at 0x20b97a: file ../../../../libstdc++-v3/libsupc++/new_opnt.cc,
line 38.

So it looks like our probe addresses are missing some offset, as they're both
0x277a off from where they should be.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: fche at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: jistone at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: fche at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: jistone at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: fche at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: jistone at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: roland at gnu dot org
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: fche at redhat dot com
- [Bug runtime/12141] Segmentation fault in apps probed by libstdc++ i686
  - From: roland at gnu dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]