lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 10 May 2024 13:56:27 -0700
From: Namhyung Kim <namhyung@...nel.org>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: perf annotate --data-type segfault

Hi Arnaldo,

On Fri, May 10, 2024 at 7:40 AM Arnaldo Carvalho de Melo
<acme@...nel.org> wrote:
>
> root@...ber:~# perf --debug type-profile annotate --data-type -i perf.data.perf-trace-bpf &> perf--debug.type-profile-annotate--data-type.perf-trace-bpf.output
> Segmentation fault (core dumped)
> root@...ber:~#
[SNIP]
> 0x00000000006c3fba in __zfree (ptr=0x0) at ../../lib/zalloc.c:13
> 13              free(*ptr);
> (gdb) bt
> #0  0x00000000006c3fba in __zfree (ptr=0x0) at ../../lib/zalloc.c:13
> #1  0x00000000006728b5 in delete_data_type_histograms (adt=0xd151f70) at util/annotate-data.c:1829
> #2  0x0000000000672958 in annotated_data_type__tree_delete (root=0xe82e40) at util/annotate-data.c:1843
> #3  0x000000000055658e in dso__delete (dso=0xe82dd0) at util/dso.c:1487
> #4  0x000000000055673e in dso__put (dso=0xe82dd0) at util/dso.c:1523
> #5  0x000000000058289d in __dso__zput (dso=0x11fc500) at util/dso.h:644
> #6  0x0000000000583dc5 in map__exit (map=0x11fc4e0) at util/map.c:298
> #7  0x0000000000583e03 in map__delete (map=0x11fc4e0) at util/map.c:303
> #8  0x0000000000583e6c in map__put (map=0x11fc4e0) at util/map.c:310
> #9  0x00000000005854c3 in __map__zput (map=0x11fcdf0) at util/map.h:196
> #10 0x0000000000585e13 in maps__exit (maps=0x11fb740) at util/maps.c:236
> #11 0x0000000000585f0e in maps__delete (maps=0x11fb740) at util/maps.c:258
> #12 0x0000000000585fcf in maps__put (maps=0x11fb740) at util/maps.c:275
> #13 0x0000000000597d2c in thread__delete (thread=0x11fb580) at util/thread.c:96
> #14 0x0000000000597fd6 in thread__put (thread=0x11fb580) at util/threadc:140
> #15 0x00000000005c4940 in __thread__zput (thread=0x25bb7c8) at util/thread.h:83
> #16 0x00000000005c8267 in hist_entry__delete (he=0x25bb720) at util/hist.c:1318
> #17 0x00000000005c5bc2 in hists__delete_entry (hists=0xe7f9f0, he=0x25bb720) at util/hist.c:388
> #18 0x00000000005c5d10 in hists__delete_entries (hists=0xe7f9f0) at util/hist.c:416
> #19 0x00000000005cc62d in hists__delete_all_entries (hists=0xe7f9f0) at util/hist.c:2872
> #20 0x00000000005cc6a7 in hists_evsel__exit (evsel=0xe7f780) at util/hist.c:2884
> #21 0x000000000053378a in evsel__exit (evsel=0xe7f780) at util/evsel.c:1495
> #22 0x00000000005337cf in evsel__delete (evsel=0xe7f780) at util/evsel.c:1503
> #23 0x00000000005288af in evlist__purge (evlist=0xe7e410) at util/evlist.c:163
> #24 0x00000000005289bc in evlist__delete (evlist=0xe7e410) at util/evlist.c:185
> #25 0x0000000000589c2d in perf_session__delete (session=0xe7daf0) at util/session.c:313
> #26 0x00000000004136cb in cmd_annotate (argc=0, argv=0x7fffffffe400) at builtin-annotate.c:936
> #27 0x0000000000507cf9 in run_builtin (p=0xe55fd8 <commands+408>, argc=4, argv=0x7fffffffe400) at perf.c:350
> #28 0x0000000000507f68 in handle_internal_command (argc=4, argv=0x7fffffffe400) at perf.c:403
> #29 0x00000000005080b7 in run_argv (argcp=0x7fffffffe1dc, argv=0x7fffffffe1d0) at perf.c:447
> #30 0x00000000005083ae in main (argc=4, argv=0x7fffffffe400) at perf.c:561
> (gdb)
>
> 1826    static void delete_data_type_histograms(struct annotated_data_type *adt)
> 1827    {
> 1828            for (int i = 0; i < adt->nr_histograms; i++)
> 1829                    zfree(&(adt->histograms[i]));
> 1830            zfree(&adt->histograms);
> 1831    }

I don't understand why it has a NULL histogram entry.
One possibility would be it get a failure in the allocation
or it's freed but the nr_histograms field is not updated.

I also found a problem related to the type annotation.
I'll send a patchset to address the issues soon.

Thanks,
Namhyung

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ