lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aQz0pwBSEHfkMBZX@google.com>
Date: Thu, 6 Nov 2025 11:19:03 -0800
From: Namhyung Kim <namhyung@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Guilherme Amadio <amadio@...too.org>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org
Subject: Re: Crash when running perf top with perf-6.17.7

On Wed, Nov 05, 2025 at 09:07:23AM -0800, Ian Rogers wrote:
> On Wed, Nov 5, 2025 at 8:36 AM Guilherme Amadio <amadio@...too.org> wrote:
> >
> > Hi Arnaldo,
> >
> > After updating to perf-6.17.7, perf top crashes for me (seems to happen
> > since perf-6.17, but doesn't happen with perf-6.16):
> >
> > gentoo perf $ perf top
> > perf: Segmentation fault
> > -------- backtrace --------
> > perf: Segmentation fault
> > -------- backtrace --------
> > Segmentation fault         (core dumped) perf top
> >
> > The stack trace from the crash is below. If this is not enough information,
> > please let me know what additional information you'd like to have.
> 
> This is a BUILD_NONDISTRO=1 build that is default off and
> non-distributable as libbfd is incompatible with perf's GPLv2 license.
> I think the perf libbfd code should just be deleted so we can focus
> energy on distributable code.
> 
> Most recently the libbfd code was factored into its own file:
> https://lore.kernel.org/lkml/20250929190805.201446-5-irogers@google.com/
> we still don't have the dlopen support:
> https://lore.kernel.org/lkml/20251007163835.3152881-1-irogers@google.com/
> even though shipping with libLLVM/capstone linked (ie not dlopen)
> isn't possible in distributions like SuSE:
> https://lore.kernel.org/linux-perf-users/aPkivW2WoySU1Zkc@suse.de/
> For addr2line the fallback options are fairly clear (LLVM first, then
> libbfd then the forked command):
> https://web.git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools-next.git/tree/tools/perf/util/srcline.c?h=perf-tools-next#n117
> there should probably be a similar clean up for read build id. That
> said, the symbol-minimal.c code:
> https://web.git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools-next.git/tree/tools/perf/util/symbol-minimal.c?h=perf-tools-next#n33
> has no library or forked tool dependencies, so perhaps we can just use
> this for all our build ID needs.
> 
> I'll see if there's a cleanup for read build id similar to the
> addr2line cleanup that can be done and try to fix the libbfd
> implementation in the process. However, as I said at the top, this
> would be less work if we just delete the code. Do people really care
> if a build ID, line number of objdump was provided to them by libbfd?
> I suspect I've introduced this regression by making build ID mmaps the
> default, anyway...

Looks like a problem in libbfd.  Why does it crash when reading
build-ID?  A thread-safety problem?

Thanks,
Namhyung

> >
> > Core was generated by `perf top'.
> > Program terminated with signal SIGSEGV, Segmentation fault.
> > #0  close_one () at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:197
> >
> > warning: 197    /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c: No such file or directory
> > [Current thread is 1 (Thread 0x7f8769c466c0 (LWP 144140))]
> > (gdb) bt
> > #0  close_one () at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:197
> > #1  0x00007f87885286dd in _bfd_cache_init_unlocked (abfd=abfd@...ry=0x5567f738eb40) at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:561
> > #2  0x00007f8788529021 in bfd_cache_init (abfd=abfd@...ry=0x5567f738eb40) at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:587
> > #3  0x00007f878853618a in bfd_fopen (filename=filename@...ry=0x7f8769c3fa98 "/usr/bin/perf", target=target@...ry=0x0, mode=0x7f878860c4b9 "r", fd=84)
> >     at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/opncls.c:291
> > #4  0x00007f87885363c9 in bfd_fdopenr (filename=filename@...ry=0x7f8769c3fa98 "/usr/bin/perf", target=target@...ry=0x0, fd=<optimized out>)
> >     at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/opncls.c:407
> > #5  0x00005567c5cf4436 in read_build_id (filename=filename@...ry=0x7f8769c3fa98 "/usr/bin/perf", bid=bid@...ry=0x7f8769c3d8f0, block=block@...ry=false)
> >     at util/symbol-elf.c:886
> > #6  0x00005567c5cf7240 in filename__read_build_id (filename=filename@...ry=0x7f8769c3fa98 "/usr/bin/perf", bid=bid@...ry=0x7f8769c3d8f0, block=block@...ry=false)
> >     at util/symbol-elf.c:968
> > #7  0x00005567c5caaba4 in perf_record_mmap2__read_build_id (event=event@...ry=0x7f8769c3fa50, machine=machine@...ry=0x5567f7392a00, is_kernel=is_kernel@...ry=false)
> >     at util/synthetic-events.c:404
> > #8  0x00005567c5cabff2 in perf_event__synthesize_mmap_events (tool=tool@...ry=0x0, event=event@...ry=0x7f8769c3fa50, pid=pid@...ry=144076, tgid=tgid@...ry=144076,
> >     process=process@...ry=0x5567c5c5d491 <mmap_handler>, machine=machine@...ry=0x5567f7392a00, mmap_data=true) at util/synthetic-events.c:536
> > #9  0x00005567c5c598fb in machine__init_live (machine=machine@...ry=0x5567f7392a00, pid=pid@...ry=144076) at util/machine.c:167
> > #10 0x00005567c5c5b987 in machine__new_live (host_env=host_env@...ry=0x7f8769c40b70, kernel_maps=kernel_maps@...ry=false, pid=pid@...ry=144076) at util/machine.c:178
> > #11 0x00005567c5c56b13 in __dump_stack (file=0x7f87887f25c0 <_IO_2_1_stdout_>, stackdump=stackdump@...ry=0x7f8769c40d90, stackdump_size=15) at util/debug.c:318
> > #12 0x00005567c5bfb299 in ui__signal_backtrace (sig=<optimized out>) at ui/tui/setup.c:111
> > #13 <signal handler called>
> > #14 close_one () at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:197
> > #15 0x00007f87885286dd in _bfd_cache_init_unlocked (abfd=abfd@...ry=0x5567f738e8c0) at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:561
> > #16 0x00007f8788529021 in bfd_cache_init (abfd=abfd@...ry=0x5567f738e8c0) at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/cache.c:587
> > #17 0x00007f878853618a in bfd_fopen (filename=filename@...ry=0x5567f73ca048 "/usr/lib64/libfribidi.so.0.4.0", target=target@...ry=0x0, mode=0x7f878860c4b9 "r", fd=63)
> >     at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/opncls.c:291
> > #18 0x00007f87885363c9 in bfd_fdopenr (filename=filename@...ry=0x5567f73ca048 "/usr/lib64/libfribidi.so.0.4.0", target=target@...ry=0x0, fd=<optimized out>)
> >     at /tmp/portage/sys-libs/binutils-libs-2.45-r1/work/binutils-2.45/bfd/opncls.c:407
> > #19 0x00005567c5cf4436 in read_build_id (filename=filename@...ry=0x5567f73ca048 "/usr/lib64/libfribidi.so.0.4.0", bid=bid@...ry=0x7f8769c425d0, block=block@...ry=false)
> >     at util/symbol-elf.c:886
> > #20 0x00005567c5cf7240 in filename__read_build_id (filename=filename@...ry=0x5567f73ca048 "/usr/lib64/libfribidi.so.0.4.0", bid=bid@...ry=0x7f8769c425d0,
> >     block=block@...ry=false) at util/symbol-elf.c:968
> > #21 0x00005567c5caaba4 in perf_record_mmap2__read_build_id (event=event@...ry=0x5567f73ca000, machine=machine@...ry=0x5567f7280b18, is_kernel=is_kernel@...ry=false)
> >     at util/synthetic-events.c:404
> > #22 0x00005567c5cabff2 in perf_event__synthesize_mmap_events (tool=tool@...ry=0x0, event=event@...ry=0x5567f73ca000, pid=pid@...ry=5227, tgid=5227,
> >     process=process@...ry=0x5567c5c19264 <perf_event__process>, machine=machine@...ry=0x5567f7280b18, mmap_data=false) at util/synthetic-events.c:536
> > #23 0x00005567c5cac2a5 in __event__synthesize_thread (comm_event=comm_event@...ry=0x5567f73c8060, mmap_event=mmap_event@...ry=0x5567f73ca000,
> >     fork_event=fork_event@...ry=0x5567f73c8080, namespaces_event=namespaces_event@...ry=0x5567f7246870, pid=5227, full=full@...ry=1,
> >     process=0x5567c5c19264 <perf_event__process>, tool=0x0, machine=0x5567f7280b18, needs_mmap=true, mmap_data=false) at util/synthetic-events.c:851
> > #24 0x00005567c5cac50d in __perf_event__synthesize_threads (tool=0x0, process=0x5567c5c19264 <perf_event__process>, machine=0x5567f7280b18, needs_mmap=true,
> >     mmap_data=false, dirent=0x5567f7377400, start=475, num=19) at util/synthetic-events.c:986
> > #25 0x00005567c5cac5c4 in synthesize_threads_worker (arg=<optimized out>) at util/synthetic-events.c:1018
> > #26 0x00007f87886c0379 in start_thread (arg=<optimized out>) at pthread_create.c:448
> > #27 0x00007f8788728fac in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
> >
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ