Re: [PATCH v3 dwarves 0/6] Support for new btf_type_tag encoding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2023-05-24 at 03:18 +0300, Eduard Zingerman wrote:
[...] 
>   - gcc       / LLVM-main / pahole-new
>     - kernel build : ok
>     - bpf tests    : ok
>     - btfdiff      : ok but dwarf dump sometimes segfaults

Regarding this segfault. I can reproduce it using pahole 'next' branch
if btfdiff is executed several times. So, the proposed patch-set is
not the cause.

Specifically, it happens when the following command is executed:

  pahole -F dwarf --flat_arrays --sort ... vmlinux

With the following stack trace:

  Thread 1 "pahole" received signal SIGSEGV, Segmentation fault.
  0x00007ffff7f819ad in __rb_erase_color (node=0x7fffd4045830, parent=0x0, root=0x5555555672d8 <structures.tree>) at /home/eddy/work/dwarves-fork/rbtree.c:134
  134			if (parent->rb_left == node)
  (gdb) bt
  #0  0x00007ffff7f819ad in __rb_erase_color (node=0x7fffd4045830, parent=0x0, root=0x5555555672d8 <structures.tree>) at /home/eddy/work/dwarves-fork/rbtree.c:134
  #1  0x00007ffff7f82014 in rb_erase (node=0x7fff21ae5b80, root=0x5555555672d8 <structures.tree>) at /home/eddy/work/dwarves-fork/rbtree.c:275
  #2  0x0000555555559c3d in __structures__delete () at /home/eddy/work/dwarves-fork/pahole.c:440
  #3  0x0000555555559c70 in structures__delete () at /home/eddy/work/dwarves-fork/pahole.c:448
  #4  0x0000555555560bb6 in main (argc=13, argv=0x7fffffffdcd8) at /home/eddy/work/dwarves-fork/pahole.c:3584

I tried random testing the rb_tree implementation and can reliably
reproduce the error using the diff at the end of the email.
E.g. it happens for test sequence (using add/delete functions adapted
to work on int values instead of 'struct structure'):

  60 4 24 34 15 2 80 26 82 67 92 77 9.

Will figure out a fix for rb_erase code tomorrow.

--- testing code for rb_erase ---

diff --git a/pahole.c b/pahole.c
index 6fc4ed6..6c60c9e 100644
--- a/pahole.c
+++ b/pahole.c
@@ -8,6 +8,7 @@
 
 #include <argp.h>
 #include <assert.h>
+#include <signal.h>
 #include <stdio.h>
 #include <dwarf.h>
 #include <elfutils/version.h>
@@ -3408,10 +3409,97 @@ out_free:
 	return ret;
 }
 
+struct test_struct {
+	struct rb_node rb_node;
+	int val;
+};
+
+static struct rb_root test_tree = RB_ROOT;
+static struct test_struct structs[100] = {};
+static int free_struct_idx = 0;
+static int num_tries = 0;
+
+static void test_add(int val)
+{
+        struct rb_node **p = &test_tree.rb_node;
+        struct rb_node *parent = NULL;
+	struct test_struct *str;
+
+        while (*p != NULL) {
+		int rc;
+
+                parent = *p;
+                str = rb_entry(parent, struct test_struct, rb_node);
+		rc = str->val - val;
+
+		if (rc > 0)
+                        p = &(*p)->rb_left;
+                else if (rc < 0)
+                        p = &(*p)->rb_right;
+		else {
+			return;
+		}
+        }
+
+	str = &structs[free_struct_idx++];
+	str->val = val;
+
+	rb_link_node(&str->rb_node, parent, p);
+        rb_insert_color(&str->rb_node, &test_tree);
+
+	return;
+}
+
+static void test_delete()
+{
+	struct rb_node *next = rb_first(&test_tree);
+
+	while (next) {
+		struct test_struct *pos = rb_entry(next, struct test_struct, rb_node);
+		next = rb_next(&pos->rb_node);
+		rb_erase(&pos->rb_node, &structures__tree);
+	}
+}
+
+void test_erase_once()
+{
+	test_tree = RB_ROOT;
+	free_struct_idx = 0;
+	bzero(structs, sizeof(structs));
+	int size = rand() % 16;
+	for (int i = 0; i < size; ++i) {
+		int val = rand() % 100;
+		test_add(val);
+	}
+	test_delete();
+	++num_tries;
+}
+
+static void sigsegv_handler(int nSignum, siginfo_t* si, void* vcontext) {
+	fprintf(stderr, "SIGSEGV after %d iters: [%d]", num_tries, free_struct_idx);
+	for (int i = 0; i < free_struct_idx; ++i)
+		fprintf(stderr, " %d", structs[i].val);
+	fprintf(stderr, "\n");
+	exit(1);
+}
+
 int main(int argc, char *argv[])
 {
 	int err, remaining, rc = EXIT_FAILURE;
 
+	int seed = clock();
+	fprintf(stderr, "seed = %d\n", seed);
+	srand(seed);
+	struct sigaction action = {};
+	action.sa_flags = SA_SIGINFO;
+	action.sa_sigaction = sigsegv_handler;
+	sigaction(SIGSEGV, &action, NULL);
+	for (int i = 0; i < 1000 * 1000; ++i) {
+		test_erase_once();
+	}
+	fprintf(stderr, "done\n");
+	return 0;
+
 	if (argp_parse(&pahole__argp, argc, argv, 0, &remaining, NULL)) {
 		argp_help(&pahole__argp, stderr, ARGP_HELP_SEE, argv[0]);
 		goto out;





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux