search

wkz / ply

Light-weight Dynamic Tracer for Linux
https://wkz.github.io/ply
GNU General Public License v2.0
399 stars 152 forks source link

Segmentation fault in loc_assign_pre #3

Closed bkutil closed 7 years ago

bkutil commented 7 years ago

Running ply compiled from f66d77d9, the following script produces a segv:

kprobe:SyS_read
{
        $sizes.quantize(arg(2))
}

When loc_assign is called on n->dyn.call.func being NULL.

Kernel: Linux 4.9.0-1-amd64 #1 SMP Debian 4.9.2-2 (2017-01-12) x86_64

Backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  loc_assign_pre (n=0x55d017614370, _probe=<optimized out>) at annotate.c:103
103         return n->dyn.call.func->loc_assign(n);
(gdb) bt
#0  loc_assign_pre (n=0x55d017614370, _probe=<optimized out>) at annotate.c:103
#1  0x000055d0156c7900 in node_walk (n=0x55d017614370, pre=0x55d0156cad60 <loc_assign_pre>, post=0x0, ctx=0x55d01761a690) at lang/ast.c:583
#2  0x000055d0156c7b26 in _node_walk_list (head=<optimized out>, pre=pre@entry=0x55d0156cad60 <loc_assign_pre>, post=post@entry=0x0, ctx=ctx@entry=0x55d01761a690) at lang/ast.c:567
#3  0x000055d0156c7955 in node_walk (n=0x55d017619670, pre=0x55d0156cad60 <loc_assign_pre>, post=0x0, ctx=0x55d01761a690) at lang/ast.c:631
#4  0x000055d0156c7995 in node_walk (n=0x55d017619910, pre=0x55d0156cad60 <loc_assign_pre>, post=0x0, ctx=0x55d01761a690) at lang/ast.c:627
#5  0x000055d0156c79b5 in node_walk (n=0x55d01761a3d0, pre=0x55d0156cad60 <loc_assign_pre>, post=0x0, ctx=0x55d01761a690) at lang/ast.c:603
#6  0x000055d0156c7b26 in _node_walk_list (head=<optimized out>, pre=pre@entry=0x55d0156cad60 <loc_assign_pre>, post=post@entry=0x0, ctx=ctx@entry=0x55d01761a690) at lang/ast.c:567
#7  0x000055d0156c7955 in node_walk (n=0x55d01761a690, pre=0x55d0156cad60 <loc_assign_pre>, post=0x0, ctx=0x55d01761a690) at lang/ast.c:631
#8  0x000055d0156cb478 in loc_assign (script=<optimized out>) at annotate.c:180
#9  annotate_script (script=<optimized out>) at annotate.c:433
#10 0x000055d0156c40bc in main (argc=<optimized out>, argv=<optimized out>) at ply.c:212
wkz commented 7 years ago

Thanks for the detailed report!

The problem has been fixed in c0fdf05 on the syntax branch. That branch contains lots of other changes as well though so your script will not be valid as-is and the docs have not been updated yet unfortuately.

An equivalent would be:

kprobe:SyS_read
{
    @["sizes"].quantize(arg(2))
}

Note: It might be more interesting to see the returned value from read:

kretprobe:SyS_read { @["sizes"].quantize(retval()) }

wkz commented 7 years ago

Syntax branch has been merged to master.