From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933186AbdACAar (ORCPT <rfc822;w@1wt.eu>);
        Mon, 2 Jan 2017 19:30:47 -0500
Received: from mail.kernel.org ([198.145.29.136]:36666 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S933041AbdACAaj (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jan 2017 19:30:39 -0500
Date: Mon, 2 Jan 2017 21:30:33 -0300
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Krister Johansen <kjlx@templeofstupid.com>
Cc: Namhyung Kim <namhyung@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        =?iso-8859-1?Q?Fr=E9d=E9ric?= Weisbecker <fweisbec@gmail.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 perf/core] perf script: fix a use after free crash.
Message-ID: <20170103003033.GD27864@kernel.org>
References: <20161011092839.GC7837@templeofstupid.com>
 <20161026002010.GD2525@templeofstupid.com>
 <20161026134453.GA4936@kernel.org>
 <20161111004046.GA2185@templeofstupid.com>
 <20161122190106.GE5390@kernel.org>
 <20161229013947.GA2341@templeofstupid.com>
 <20170102151514.GB21178@kernel.org>
 <20170102173530.GA27864@kernel.org>
 <20170102173657.GB27864@kernel.org>
 <20170102193904.GC27864@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170102193904.GC27864@kernel.org>
X-Url: http://acmel.wordpress.com
User-Agent: Mutt/1.7.1 (2016-10-04)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Em Mon, Jan 02, 2017 at 04:39:04PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Mon, Jan 02, 2017 at 02:36:57PM -0300, Arnaldo Carvalho de Melo escreveu:
> > Em Mon, Jan 02, 2017 at 02:35:30PM -0300, Arnaldo Carvalho de Melo escreveu:
> > > Em Mon, Jan 02, 2017 at 12:15:14PM -0300, Arnaldo Carvalho de Melo escreveu:
> >  {
> >         zfree(&iter->priv);
> >         iter->he = NULL;
> > +       map__zput(al->map);
> 
> What this pairs to? I was expecting that since this is called via:
> 
>    hist_entry_iter__add()
>    {
>            <SNIP>
>            err2 = iter->ops->finish_entry(iter, al);
>    }
> 
> Then it would have to match something done earlier in
> hist_entry_iter__add(), most likely by some iter->ops->() method, but I
> couldn'd find anything to that extent, can you clarify?

With the following patch it has been running all day, care to explain
why it is needed? I need to run this on valgrind or with Masami's
refcount debugger to get more clues :-\

- Arnaldo

diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
index 72f5c82798e9..c27bda16e9cd 100644
--- a/tools/perf/util/hist.c
+++ b/tools/perf/util/hist.c
@@ -980,7 +980,6 @@ iter_finish_cumulative_entry(struct hist_entry_iter *iter,
 {
 	zfree(&iter->priv);
 	iter->he = NULL;
-	map__zput(al->map);
 
 	return 0;
 }