Segmentation fault in libbcc.so.0.3.0 (Fedora 26, bcc-0.3.0-2.fc26.x86_64, kernel 4.13.5-200.fc26.x86_64)

[ldorau]

! Segfault occurs with bcc-0.3.0-2.fc26.x86_64 only !
(with current master (v0.3.0-408-gd2786b6) it works well)

Output:

In file included from /virtual/main.c:3:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/sched.h:13:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/pid.h:4:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/rculist.h:10:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/rcupdate.h:40:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/preempt.h:80:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/preempt.h:6:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/include/linux/thread_info.h:37:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/thread_info.h:52:
In file included from /lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/cpufeature.h:4:
/lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/processor.h:535:30: warning: taking address of packed member 'sp0' of class or structure 'x86_hw_tss' may result in an unaligned pointer value [-Waddress-of-packed-member]
        return this_cpu_read_stable(cpu_tss.x86_tss.sp0);
                                    ^~~~~~~~~~~~~~~~~~~
/lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/percpu.h:391:59: note: expanded from macro 'this_cpu_read_stable'
#define this_cpu_read_stable(var)       percpu_stable_op("mov", var)
                                                                ^~~
/lib/modules/4.13.5-200.fc26.x86_64/build/arch/x86/include/asm/percpu.h:218:16: note: expanded from macro 'percpu_stable_op'
                    : "p" (&(var)));                    \
                             ^~~
8851 Segmentation fault

Message from dmesg:

segfault at a789fe40 ip 00007f9a8e10bee4 sp 00007ffd5dba1160 error 4 in libbcc.so.0.3.0[7f9a8db06000+16fe000]

The beginning of the generated code (/virtual/main.c) is the following:

#include <uapi/linux/ptrace.h>
#include <uapi/linux/limits.h>
#include <linux/sched.h>

OS: Fedora 26
bcc: bcc-0.3.0-2.fc26.x86_64
kernel 4.13.5-200.fc26.x86_64
clang: clang-4.0.1-5.fc26.x86_64
llvm: llvm-4.0.1-1.fc26.x86_64

[ldorau]

Steps to reproduce:

$ git clone git@github.com:pmem/vltrace.git vltrace
$ mkdir vltrace/build
$ cd vltrace/build
$ cmake ..
$ make
$ ctest -V

(sudo is required to run ctest)
vltrace commit: pmem/vltrace@66d2314

[palmtenor]

Could you get a stack trace of the segfault? The message is not very helpful since it's virtual address of the dynamically loaded libbcc.so

[ldorau]

OK, I am just downloading about 1GB of debuginfo packages ...

[ldorau]

Stack trace:

#0  0x00007ffff6988ee4 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#1  0x00007ffff6988f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#2  0x00007ffff6988f14 in llvm::RuntimeDyldELF::resolveRelocation(llvm::RelocationEntry const&, unsigned long) () from /lib64/libbcc.so.0
#3  0x00007ffff6972ba9 in llvm::RuntimeDyldImpl::resolveRelocationList(llvm::SmallVector<llvm::RelocationEntry, 64u> const&, unsigned long) () from /lib64/libbcc.so.0
#4  0x00007ffff6975520 in llvm::RuntimeDyldImpl::resolveRelocations() () from /lib64/libbcc.so.0
#5  0x00007ffff695c71f in llvm::MCJIT::finalizeLoadedModules() () from /lib64/libbcc.so.0
#6  0x00007ffff695cce1 in llvm::MCJIT::finalizeObject() () from /lib64/libbcc.so.0
#7  0x00007ffff651725a in ebpf::BPFModule::finalize (this=this@entry=0x689760) at /usr/src/debug/bcc-0.3.0/src/cc/bpf_module.cc:440
#8  0x00007ffff65176ed in ebpf::BPFModule::load_string (this=this@entry=0x689760, text=..., cflags=cflags@entry=0x0, ncflags=ncflags@entry=0) at /usr/src/debug/bcc-0.3.0/src/cc/bpf_module.cc:756
#9  0x00007ffff65104cb in bpf_module_create_c_from_string (text=0x7d9380, flags=<optimized out>, cflags=0x0, ncflags=0) at /usr/src/debug/bcc-0.3.0/src/cc/bpf_common.cc:40
#10 0x00000000004046c1 in main (argc=12, argv=0x7fffffffe3a8) at vltrace/src/vltrace.c:403

[ldorau]

Segfault occurs with bcc-0.3.0-2.fc26.x86_64 only!
(with current master (v0.3.0-408-gd2786b6) it works well)

[ldorau]

Fedora should update the bcc.fc26.x86_64 package

[ldorau]

I submitted a bug in Red Hat bugzilla for it:
https://bugzilla.redhat.com/show_bug.cgi?id=1504020

[yonghong-song]

The bug is fixed in llvm 5.0.

[ldorau]

@yonghong-song, so is this bug in llvm? I have llvm v4.0.1 installed and the bug occurs with bcc-0.3.0-2.fc26.x86_64 but with current master (v0.3.0-408-gd2786b6) it does not, so upgrading bcc from bcc-0.3.0-2.fc26.x86_64 to v0.3.0-408-gd2786b6 fixes this issue ...

[yonghong-song]

Right. The bug is in llvm.

[ldorau]

Thanks