From: John Garry <john.garry@huawei.com> To: Andi Kleen <ak@linux.intel.com>, Jiri Olsa <jolsa@redhat.com>, Ingo Molnar <mingo@redhat.com>, Peter Zijlstra <peterz@infradead.org>, "Arnaldo Carvalho de Melo" <acme@kernel.org>, Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Linuxarm <linuxarm@huawei.com>, "linux-arm-kernel@lists.infradead.org" <linux-arm-kernel@lists.infradead.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, Namhyung Kim <namhyung@kernel.org> Subject: perf segmentation fault from NULL dereference Date: Tue, 25 Sep 2018 16:53:40 +0100 [thread overview] Message-ID: <712b7c31-f681-7737-71e7-c028b8d2bba5@huawei.com> (raw) Hi, I am seeing this perf crash on my arm64-based system: root@localhost:~# ./perf_debug_ record -e armv8_pmuv3_0/br_mis_pred/ sleep 1 perf: Segmentation fault Obtained 9 stack frames. ./perf_debug_() [0x4c5ef8] [0xffff82ba267c] ./perf_debug_() [0x4bc5a8] ./perf_debug_() [0x419550] ./perf_debug_() [0x41a928] ./perf_debug_() [0x472f58] ./perf_debug_() [0x473210] ./perf_debug_() [0x4070f4] /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe0) [0xffff8294c8a0] Segmentation fault (core dumped) I find 'cycles' event is fine. I bisected the issue to here: commit bfd8f72c2778f5bd63dc9eb6d23bd7a0d99cff6d (HEAD, refs/bisect/bad) Author: Andi Kleen <ak@linux.intel.com> Date: Fri Nov 17 13:42:58 2017 -0800 perf record: Synthesize unit/scale/... in event update Move the code to synthesize event updates for scale/unit/cpus to a common utility file, and use it both from stat and record. This allows to access scale and other extra qualifiers from perf script. Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: http://lkml.kernel.org/r/20171117214300.32746-2-andi@firstfloor.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> I am suspicious that this is a real issue, as this patch has been in mainline for some time... This simple change fixes the issue me: diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 91e6d9c..f4fd826 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3576,7 +3576,7 @@ int perf_event__process_feature(struct perf_tool *tool, int max, err; u16 type; - if (!evsel->own_cpus) + if (!evsel->own_cpus || !(evsel->attr.read_format & PERF_FORMAT_ID)) // roundabout check for !evsel->id return 0; ev = cpu_map_data__alloc(evsel->own_cpus, &size, &type, &max); It turns out that evsel->id is NULL on a call to perf_event__process_feature(), which upsets this code: ev->header.type = PERF_RECORD_EVENT_UPDATE; ev->header.size = (u16)size; ev->type = PERF_EVENT_UPDATE__CPUS; ev->id = evsel->id[0]; Please me let me know if a valid issue so we can get a fix in. Apologies for crying wolf if I'm off the mark. Cheers, John
WARNING: multiple messages have this Message-ID (diff)
From: john.garry@huawei.com (John Garry) To: linux-arm-kernel@lists.infradead.org Subject: perf segmentation fault from NULL dereference Date: Tue, 25 Sep 2018 16:53:40 +0100 [thread overview] Message-ID: <712b7c31-f681-7737-71e7-c028b8d2bba5@huawei.com> (raw) Hi, I am seeing this perf crash on my arm64-based system: root at localhost:~# ./perf_debug_ record -e armv8_pmuv3_0/br_mis_pred/ sleep 1 perf: Segmentation fault Obtained 9 stack frames. ./perf_debug_() [0x4c5ef8] [0xffff82ba267c] ./perf_debug_() [0x4bc5a8] ./perf_debug_() [0x419550] ./perf_debug_() [0x41a928] ./perf_debug_() [0x472f58] ./perf_debug_() [0x473210] ./perf_debug_() [0x4070f4] /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe0) [0xffff8294c8a0] Segmentation fault (core dumped) I find 'cycles' event is fine. I bisected the issue to here: commit bfd8f72c2778f5bd63dc9eb6d23bd7a0d99cff6d (HEAD, refs/bisect/bad) Author: Andi Kleen <ak@linux.intel.com> Date: Fri Nov 17 13:42:58 2017 -0800 perf record: Synthesize unit/scale/... in event update Move the code to synthesize event updates for scale/unit/cpus to a common utility file, and use it both from stat and record. This allows to access scale and other extra qualifiers from perf script. Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: http://lkml.kernel.org/r/20171117214300.32746-2-andi at firstfloor.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> I am suspicious that this is a real issue, as this patch has been in mainline for some time... This simple change fixes the issue me: diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 91e6d9c..f4fd826 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3576,7 +3576,7 @@ int perf_event__process_feature(struct perf_tool *tool, int max, err; u16 type; - if (!evsel->own_cpus) + if (!evsel->own_cpus || !(evsel->attr.read_format & PERF_FORMAT_ID)) // roundabout check for !evsel->id return 0; ev = cpu_map_data__alloc(evsel->own_cpus, &size, &type, &max); It turns out that evsel->id is NULL on a call to perf_event__process_feature(), which upsets this code: ev->header.type = PERF_RECORD_EVENT_UPDATE; ev->header.size = (u16)size; ev->type = PERF_EVENT_UPDATE__CPUS; ev->id = evsel->id[0]; Please me let me know if a valid issue so we can get a fix in. Apologies for crying wolf if I'm off the mark. Cheers, John
next reply other threads:[~2018-09-25 15:53 UTC|newest] Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-09-25 15:53 John Garry [this message] 2018-09-25 15:53 ` perf segmentation fault from NULL dereference John Garry 2018-09-27 3:00 ` Andi Kleen 2018-09-27 3:00 ` Andi Kleen 2018-10-02 10:20 ` John Garry 2018-10-02 10:20 ` John Garry 2018-09-27 16:02 ` Jiri Olsa 2018-09-27 16:02 ` Jiri Olsa 2018-10-02 10:41 ` John Garry 2018-10-02 10:41 ` John Garry 2018-10-02 11:16 ` Jiri Olsa 2018-10-02 11:16 ` Jiri Olsa 2018-10-03 11:36 ` [PATCH] perf tools: Allocate id array in perf_event__synthesize_event_update_cpus Jiri Olsa 2018-10-03 11:36 ` Jiri Olsa 2018-10-03 14:08 ` John Garry 2018-10-03 14:08 ` John Garry 2018-10-03 14:16 ` Jiri Olsa 2018-10-03 14:16 ` Jiri Olsa 2018-10-03 21:20 ` [PATCH] perf tools: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus Jiri Olsa 2018-10-03 21:20 ` Jiri Olsa 2018-10-04 9:20 ` John Garry 2018-10-04 9:20 ` John Garry 2018-10-09 10:00 ` Jiri Olsa 2018-10-09 10:00 ` Jiri Olsa 2018-10-12 13:25 ` John Garry 2018-10-12 13:25 ` John Garry 2018-10-15 19:15 ` Arnaldo Carvalho de Melo 2018-10-15 19:15 ` Arnaldo Carvalho de Melo 2018-10-16 9:10 ` John Garry 2018-10-16 9:10 ` John Garry 2018-10-16 10:47 ` Jiri Olsa 2018-10-16 10:47 ` Jiri Olsa 2018-10-18 6:18 ` [tip:perf/urgent] perf evsel: " tip-bot for Jiri Olsa
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=712b7c31-f681-7737-71e7-c028b8d2bba5@huawei.com \ --to=john.garry@huawei.com \ --cc=acme@kernel.org \ --cc=ak@linux.intel.com \ --cc=alexander.shishkin@linux.intel.com \ --cc=jolsa@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxarm@huawei.com \ --cc=mingo@redhat.com \ --cc=namhyung@kernel.org \ --cc=peterz@infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.