Bug 203411

Summary: trace-cmd causes a segmentation fault, when executing with arguments "profile -F sleep 1"
Product: Tools Reporter: Tzvetomir Stoyanov (tstoyanov)
Component: Trace-cmd/KernelsharkAssignee: Default virtual assignee for Trace-cmd and kernelshark (tools_tracecmd_kernelshark)
Status: RESOLVED CODE_FIX    
Severity: normal CC: kaslevs
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.0.7-200.fc29.x86_64 Subsystem:
Regression: Yes Bisected commit-id:

Description Tzvetomir Stoyanov 2019-04-24 11:26:30 UTC 
When trace-cmd is executed with those arguments, a segmentation fault occurs:

./trace-cmd profile -F sleep 1
Segmentation fault (core dumped)

back trace:
#0  allocate_page (handle=0x4a1a10, cpu=0, offset=12288) at trace-input.c:927
#1  0x000000000042d2aa in get_page (handle=0x4a1a10, cpu=0, offset=12288) at trace-input.c:1116
#2  0x000000000042d40d in get_next_page (handle=0x4a1a10, cpu=0) at trace-input.c:1142
#3  0x000000000042e339 in tracecmd_peek_data (handle=0x4a1a10, cpu=0) at trace-input.c:1776
#4  0x000000000042e6d4 in tracecmd_read_data (handle=0x4a1a10, cpu=0) at trace-input.c:1841
#5  0x0000000000424d82 in trace_stream_read (pids=0x47b7d0, nr_pids=8, tv=0x7fffffffd3c0) at trace-stream.c:105
#6  0x000000000040aa1f in trace_waitpid (type=TRACE_TYPE_STREAM, pid=24759, status=0x7fffffffd408, options=1) at trace-record.c:1114
#7  0x000000000040b151 in run_cmd (type=TRACE_TYPE_STREAM, argc=2, argv=0x7fffffffd600) at trace-record.c:1331
#8  0x0000000000412ffd in record_trace (argc=5, argv=0x7fffffffd5e8, ctx=0x7fffffffd470) at trace-record.c:5065
#9  0x000000000041338d in trace_profile (argc=5, argv=0x7fffffffd5e8) at trace-record.c:5199
#10 0x0000000000408bc5 in main (argc=5, argv=0x7fffffffd5e8) at trace-cmd.c:118

The problem seems to be in the lookup table "struct page **pages" in struct cpu_data. In case pipes are used with this tracecmd_input handler, only a single page is allocated in this lookup table. Later, when get_page() is called, there is use case where more pages are addressed (in the backtrace above, the page with index 3 is addressed, cpu_data->pages[3])

trace-cmd: current (git20190424)
Comment 1 Tzvetomir Stoyanov 2019-05-03 13:42:13 UTC 
Proposed a fix:

https://patchwork.kernel.org/patch/10926627/
Comment 2 Slavomir Kaslev 2019-06-07 06:30:05 UTC 
Fixed in c2fc2bc296f7cf59a6614f942880d0060ac4178e.