The trace-cmd report command crashes while displaying a file recorded with "--proc-map" and "-B" options: #trace-cmd record --proc-map -B test -e sched -F sleep 1 The "--proc-map" options saves the address map of "sleep" into the trace.dat file. This information is used by KernelShark. The "-B" options traces the specified events into a ftrace instance "test". When such file is opened using libtracecmd APIs, the proc-map is parsed and saved into a tracecmd_input handler, as linked list "pid_maps". Later, when the ftrace instance "test" is parsed, a copy of this handler is used to fill it with the instance's trace data. Both tracecmd_input handlers share the same "pid_maps" list, thus leads to a double free of the list, when handlers are destroyed. As this "pid_maps" is not used in ftrace buffers, the "pid_maps" list of the copy can be initialized to NULL. Signed-off-by: Tzvetomir Stoyanov (VMware) <tz.stoyanov@xxxxxxxxx> --- lib/trace-cmd/trace-input.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/trace-cmd/trace-input.c b/lib/trace-cmd/trace-input.c index 55c3d80a..7583d5cb 100644 --- a/lib/trace-cmd/trace-input.c +++ b/lib/trace-cmd/trace-input.c @@ -3712,6 +3712,8 @@ tracecmd_buffer_instance_handle(struct tracecmd_input *handle, int indx) new_handle->flags |= TRACECMD_FL_BUFFER_INSTANCE; + new_handle->pid_maps = NULL; + /* Save where we currently are */ offset = lseek64(handle->fd, 0, SEEK_CUR); -- 2.26.2