* "Segmentation fault" of pahole @ 2025-08-11 1:18 Changqing Li 2025-08-13 23:45 ` Ihor Solodrai 0 siblings, 1 reply; 10+ messages in thread From: Changqing Li @ 2025-08-11 1:18 UTC (permalink / raw) To: acme, dwarves Hi, Dear maintainers I met a "Segmentation fault" error of pahole. It happened when I passed an ELF file without .symtab section. Maybe I passed an unsupport file, but I think it should not segfault, maybe a warnning or error message is better. Here is the detailed info: Pahole version: # pahole --version v1.29 Reproduce Command: root@intel-x86-64:/~# pahole --btf_features=default -J /boot/vmlinux-6.12.40-yocto-standard pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 error 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 (core 0, socket 0) Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff Segmentation fault (core dumped) root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto-standard | grep .symtab [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 (gdb) bt #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/pahole/1.29/btf_encoder.c:196 #1 0x00007ffff7f92a7d in btf_encoder__elf_functions (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/btf_encoder.c:1374 #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, detached_filename=<optimized out>, warning: could not convert 'btf' from the host encoding (ANSI_X3.4-1968) to UTF-32. This normally should not happen, please file a bug report. base_btf=0x0, verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 #3 0x000055555555db49 in pahole_stealer__btf_encode (cu=0x7fffd8001e50, conf_load=0x555555565280 <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3126 #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, cu=<optimized out>, conf=<optimized out>) at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/pahole/1.29/dwarf_loader.c:3672 #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at pthread_create.c:448 #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 (gdb) Command "pahole --btf_features=default -J /boot/.debug/vmlinux-6.12.40-yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto-standard has .symtab section. root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto-standard /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with debug_info, not stripped root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40-yocto-standard | grep .symtab [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 [49] .symtab SYMTAB 0000000000000000 154cf200 Analyzation: if the ELF file doesn't have .symtab section, in function |elf_functions__new, |funcs->symtab will be NULL, goto out_delete, then run elf_functions__delete. https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n176 And segfault happened in line: list_del(&funcs->node), since funcs->node not added into the list elf_functions_list yet. https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n170 Should we check if the node is added into list elf_functions_list before list_del? Please help to review this issue, thanks. Regards Changqing ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-11 1:18 "Segmentation fault" of pahole Changqing Li @ 2025-08-13 23:45 ` Ihor Solodrai 2025-08-14 9:20 ` Changqing Li 0 siblings, 1 reply; 10+ messages in thread From: Ihor Solodrai @ 2025-08-13 23:45 UTC (permalink / raw) To: Changqing Li, acme, dwarves On 8/10/25 6:18 PM, Changqing Li wrote: > Hi, Dear maintainers > > I met a "Segmentation fault" error of pahole. It happened when I > passed an ELF file without .symtab section. > Maybe I passed an unsupport file, but I think it should not segfault, > maybe a warnning or error message is better. > > > Here is the detailed info: > Pahole version: > # pahole --version > v1.29 > > Reproduce Command: > root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ > vmlinux-6.12.40-yocto-standard > pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 error > 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 (core > 0, socket 0) > Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 > e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 > 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff > Segmentation fault (core dumped) > > root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard > /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, x86-64, > version 1 (SYSV), statically linked, > BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped > > root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- > standard | grep .symtab > [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 > [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 > [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 > > > (gdb) bt > #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ > pahole/1.29/btf_encoder.c:196 > #1 0x00007ffff7f92a7d in btf_encoder__elf_functions > (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ > btf_encoder.c:1374 > #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, > detached_filename=<optimized out>, warning: could not convert 'btf' from > the host encoding (ANSI_X3.4-1968) to UTF-32. > This normally should not happen, please file a bug report. > base_btf=0x0, > verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 > <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 > #3 0x000055555555db49 in pahole_stealer__btf_encode (cu=0x7fffd8001e50, > conf_load=0x555555565280 <conf_load>) > at /usr/src/debug/pahole/1.29/pahole.c:3126 > #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 > <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 > #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, > cu=<optimized out>, conf=<optimized out>) > at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 > #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ > pahole/1.29/dwarf_loader.c:3672 > #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at > pthread_create.c:448 > #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ > linux/x86_64/clone3.S:78 > (gdb) > > > Command "pahole --btf_features=default -J /boot/.debug/vmlinux-6.12.40- > yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- > standard has .symtab section. > root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- > standard > /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, > x86-64, version 1 (SYSV), statically linked, > BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with debug_info, > not stripped > > root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- > yocto-standard | grep .symtab > [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 > [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 > [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 > [49] .symtab SYMTAB 0000000000000000 154cf200 > Hi Changqing Li, thanks for the bug report. I couldn't reproduce this error with a stripped vmlinux: $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all v1.29 fails with: $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) Error creating BTF encoder. v1.30 fails with: $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument Different errors are not nice, but at least no segfault. Could you please share the vmlinux binary that causes the error? And also check if you get a segfault on v1.30 too? Thanks. > > Analyzation: > if the ELF file doesn't have .symtab section, in function | > elf_functions__new, |funcs->symtab will be NULL, goto out_delete, then > run elf_functions__delete. > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ > btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n176 > > And segfault happened in line: list_del(&funcs->node), since funcs- > >node not added into the list elf_functions_list yet. > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ > btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n170 > > Should we check if the node is added into list elf_functions_list before > list_del? Please help to review this issue, thanks. > > Regards > Changqing > > > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-13 23:45 ` Ihor Solodrai @ 2025-08-14 9:20 ` Changqing Li 2025-08-14 9:42 ` Changqing Li 0 siblings, 1 reply; 10+ messages in thread From: Changqing Li @ 2025-08-14 9:20 UTC (permalink / raw) To: Ihor Solodrai, acme, dwarves On 8/14/25 07:45, Ihor Solodrai wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender > and know the content is safe. > > On 8/10/25 6:18 PM, Changqing Li wrote: >> Hi, Dear maintainers >> >> I met a "Segmentation fault" error of pahole. It happened when I >> passed an ELF file without .symtab section. >> Maybe I passed an unsupport file, but I think it should not segfault, >> maybe a warnning or error message is better. >> >> >> Here is the detailed info: >> Pahole version: >> # pahole --version >> v1.29 >> >> Reproduce Command: >> root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ >> vmlinux-6.12.40-yocto-standard >> pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 error >> 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 (core >> 0, socket 0) >> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 >> e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 >> 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >> Segmentation fault (core dumped) >> >> root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard >> /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, x86-64, >> version 1 (SYSV), statically linked, >> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped >> >> root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- >> standard | grep .symtab >> [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 >> [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 >> [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 >> >> >> (gdb) bt >> #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ >> pahole/1.29/btf_encoder.c:196 >> #1 0x00007ffff7f92a7d in btf_encoder__elf_functions >> (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ >> btf_encoder.c:1374 >> #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, >> detached_filename=<optimized out>, warning: could not convert 'btf' from >> the host encoding (ANSI_X3.4-1968) to UTF-32. >> This normally should not happen, please file a bug report. >> base_btf=0x0, >> verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 >> <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 >> #3 0x000055555555db49 in pahole_stealer__btf_encode (cu=0x7fffd8001e50, >> conf_load=0x555555565280 <conf_load>) >> at /usr/src/debug/pahole/1.29/pahole.c:3126 >> #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 >> <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 >> #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, >> cu=<optimized out>, conf=<optimized out>) >> at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 >> #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ >> pahole/1.29/dwarf_loader.c:3672 >> #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at >> pthread_create.c:448 >> #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ >> linux/x86_64/clone3.S:78 >> (gdb) >> >> >> Command "pahole --btf_features=default -J /boot/.debug/vmlinux-6.12.40- >> yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- >> standard has .symtab section. >> root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- >> standard >> /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >> x86-64, version 1 (SYSV), statically linked, >> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with debug_info, >> not stripped >> >> root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- >> yocto-standard | grep .symtab >> [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 >> [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 >> [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 >> [49] .symtab SYMTAB 0000000000000000 154cf200 >> > > Hi Changqing Li, thanks for the bug report. > > I couldn't reproduce this error with a stripped vmlinux: > > $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all > > v1.29 fails with: > $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) > Error creating BTF encoder. > > v1.30 fails with: > $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) > pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument > > Different errors are not nice, but at least no segfault. > > Could you please share the vmlinux binary that causes the error? > And also check if you get a segfault on v1.30 too? > > Thanks. > Hi, Ihor Thanks for checking this. Here is my retest result: On version 1.29: root@intel-x86-64:~# pahole --btf_features=default -J /boot/vmlinux-6.12.40-yocto-standard pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU 0 (core 0, socket 0) Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff Segmentation fault (core dumped) root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ root@intel-x86-64:~# pahole --btf_features=default -J /root/vmlinux-6.12.40-yocto-standard Error creating BTF encoder. We can see that the same vmlinux-6.12.40-yocto-standard have different result. After do some debugging, I found that /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo file /boot/.debug/vmlinux-6.12.40-yocto-standard. after I move .debug to .xxx, it will not segfault. root@intel-x86-64:/boot# mv .debug/ .xxx root@intel-x86-64:/boot# pahole --btf_features=default -J /boot/vmlinux-6.12.40-yocto-standard Error creating BTF encoder. dwfl_module_getdwarf in cus__process_dwflmod return different when with or without debug, without .debug, dw=NULL, with .debug, dw will have a value, then causes the different process. On version 1.30 root@intel-x86-64:~# pahole --version v1.30 root@intel-x86-64:~# pahole --btf_features=default -J /boot/vmlinux-6.12.40-yocto-standard pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU 0 (core 0, socket 0) Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff Segmentation fault (core dumped) root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ root@intel-x86-64:~# pahole --btf_features=default -J /root/vmlinux-6.12.40-yocto-standard pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument root@intel-x86-64:~# cd /root root@intel-x86-64:~# mkdir .debug root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto-standard .debug/ root@intel-x86-64:~# pahole --btf_features=default -J /root/vmlinux-6.12.40-yocto-standard pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU 0 (core 0, socket 0) Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff Segmentation fault (core dumped) I can share my /boot/vmlinux-6.12.40-yocto-standard and /boot/.debug/vmlinux-6.12.40-yocto-standard, but it will be big attachment, I am not sure if it is ok to send big attachment in the mailist. Can you check with my new test result? if still need the vmlinux-6.12.40-yocto-standard, I can try send to this maillist. Regards Changqing >> >> Analyzation: >> if the ELF file doesn't have .symtab section, in function | >> elf_functions__new, |funcs->symtab will be NULL, goto out_delete, then >> run elf_functions__delete. >> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ >> btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n176 >> >> And segfault happened in line: list_del(&funcs->node), since funcs- >> >node not added into the list elf_functions_list yet. >> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ >> btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n170 >> >> Should we check if the node is added into list elf_functions_list before >> list_del? Please help to review this issue, thanks. >> >> Regards >> Changqing >> >> >> >> > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-14 9:20 ` Changqing Li @ 2025-08-14 9:42 ` Changqing Li 2025-08-18 13:56 ` Alan Maguire 0 siblings, 1 reply; 10+ messages in thread From: Changqing Li @ 2025-08-14 9:42 UTC (permalink / raw) To: Ihor Solodrai, acme, dwarves On 8/14/25 17:20, Changqing Li wrote: > > On 8/14/25 07:45, Ihor Solodrai wrote: >> CAUTION: This email comes from a non Wind River email account! >> Do not click links or open attachments unless you recognize the >> sender and know the content is safe. >> >> On 8/10/25 6:18 PM, Changqing Li wrote: >>> Hi, Dear maintainers >>> >>> I met a "Segmentation fault" error of pahole. It happened when I >>> passed an ELF file without .symtab section. >>> Maybe I passed an unsupport file, but I think it should not segfault, >>> maybe a warnning or error message is better. >>> >>> >>> Here is the detailed info: >>> Pahole version: >>> # pahole --version >>> v1.29 >>> >>> Reproduce Command: >>> root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ >>> vmlinux-6.12.40-yocto-standard >>> pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 >>> error >>> 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 >>> (core >>> 0, socket 0) >>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 >>> e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 >>> 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>> Segmentation fault (core dumped) >>> >>> root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard >>> /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>> x86-64, >>> version 1 (SYSV), statically linked, >>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped >>> >>> root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- >>> standard | grep .symtab >>> [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 >>> [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 >>> [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 >>> >>> >>> (gdb) bt >>> #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ >>> pahole/1.29/btf_encoder.c:196 >>> #1 0x00007ffff7f92a7d in btf_encoder__elf_functions >>> (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ >>> btf_encoder.c:1374 >>> #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, >>> detached_filename=<optimized out>, warning: could not convert 'btf' >>> from >>> the host encoding (ANSI_X3.4-1968) to UTF-32. >>> This normally should not happen, please file a bug report. >>> base_btf=0x0, >>> verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 >>> <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 >>> #3 0x000055555555db49 in pahole_stealer__btf_encode >>> (cu=0x7fffd8001e50, >>> conf_load=0x555555565280 <conf_load>) >>> at /usr/src/debug/pahole/1.29/pahole.c:3126 >>> #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 >>> <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 >>> #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, >>> cu=<optimized out>, conf=<optimized out>) >>> at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 >>> #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ >>> pahole/1.29/dwarf_loader.c:3672 >>> #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at >>> pthread_create.c:448 >>> #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ >>> linux/x86_64/clone3.S:78 >>> (gdb) >>> >>> >>> Command "pahole --btf_features=default -J >>> /boot/.debug/vmlinux-6.12.40- >>> yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- >>> standard has .symtab section. >>> root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- >>> standard >>> /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>> x86-64, version 1 (SYSV), statically linked, >>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with >>> debug_info, >>> not stripped >>> >>> root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- >>> yocto-standard | grep .symtab >>> [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 >>> [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 >>> [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 >>> [49] .symtab SYMTAB 0000000000000000 154cf200 >>> >> >> Hi Changqing Li, thanks for the bug report. >> >> I couldn't reproduce this error with a stripped vmlinux: >> >> $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all >> >> v1.29 fails with: >> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >> Error creating BTF encoder. >> >> v1.30 fails with: >> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >> pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument >> >> Different errors are not nice, but at least no segfault. >> >> Could you please share the vmlinux binary that causes the error? >> And also check if you get a segfault on v1.30 too? >> >> Thanks. >> > Hi, Ihor > Thanks for checking this. Here is my retest result: > On version 1.29: > root@intel-x86-64:~# pahole --btf_features=default -J > /boot/vmlinux-6.12.40-yocto-standard > pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 > error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU > 0 (core 0, socket 0) > Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 > 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff > Segmentation fault (core dumped) > root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ > root@intel-x86-64:~# pahole --btf_features=default -J > /root/vmlinux-6.12.40-yocto-standard > Error creating BTF encoder. > > We can see that the same vmlinux-6.12.40-yocto-standard have different > result. After do some debugging, I found that > /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo > file /boot/.debug/vmlinux-6.12.40-yocto-standard. > after I move .debug to .xxx, it will not segfault. > root@intel-x86-64:/boot# mv .debug/ .xxx > root@intel-x86-64:/boot# pahole --btf_features=default -J > /boot/vmlinux-6.12.40-yocto-standard > Error creating BTF encoder. > > dwfl_module_getdwarf in cus__process_dwflmod return different when > with or without debug, without .debug, dw=NULL, > with .debug, dw will have a value, then causes the different process. > > On version 1.30 > root@intel-x86-64:~# pahole --version > v1.30 > root@intel-x86-64:~# pahole --btf_features=default -J > /boot/vmlinux-6.12.40-yocto-standard > pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 > error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU > 0 (core 0, socket 0) > Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 > 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff > Segmentation fault (core dumped) > root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ > root@intel-x86-64:~# pahole --btf_features=default -J > /root/vmlinux-6.12.40-yocto-standard > pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument > root@intel-x86-64:~# cd /root > root@intel-x86-64:~# mkdir .debug > root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto-standard > .debug/ > root@intel-x86-64:~# pahole --btf_features=default -J > /root/vmlinux-6.12.40-yocto-standard > pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 > error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU > 0 (core 0, socket 0) > Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 > 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff > > Segmentation fault (core dumped) I think this " Invalid argument " change is caused by this commit: https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=b4a071d99bb9e7c0d3c6ea7a6835389a4d350ed4 encode BTF with DWARF less files is not support for v1.30, so, since /boot/vmlinux-6.12.40-yocto-standard without debuginfo, it taken as in invalid argument, I think it is ok, but maybe more clear reason is better. Regards Changqing > > > I can share my /boot/vmlinux-6.12.40-yocto-standard and > /boot/.debug/vmlinux-6.12.40-yocto-standard, but it will be big > attachment, I am not sure > > if it is ok to send big attachment in the mailist. > > Can you check with my new test result? if still need the > vmlinux-6.12.40-yocto-standard, I can try send to this maillist. > > > Regards > > Changqing > >>> >>> Analyzation: >>> if the ELF file doesn't have .symtab section, in function | >>> elf_functions__new, |funcs->symtab will be NULL, goto out_delete, then >>> run elf_functions__delete. >>> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ >>> btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n176 >>> >>> And segfault happened in line: list_del(&funcs->node), since funcs- >>> >node not added into the list elf_functions_list yet. >>> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/ >>> btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n170 >>> >>> Should we check if the node is added into list elf_functions_list >>> before >>> list_del? Please help to review this issue, thanks. >>> >>> Regards >>> Changqing >>> >>> >>> >>> >> ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-14 9:42 ` Changqing Li @ 2025-08-18 13:56 ` Alan Maguire 2025-08-18 17:56 ` Ihor Solodrai 0 siblings, 1 reply; 10+ messages in thread From: Alan Maguire @ 2025-08-18 13:56 UTC (permalink / raw) To: Changqing Li, Ihor Solodrai, acme, dwarves On 14/08/2025 10:42, Changqing Li wrote: > > On 8/14/25 17:20, Changqing Li wrote: >> >> On 8/14/25 07:45, Ihor Solodrai wrote: >>> CAUTION: This email comes from a non Wind River email account! >>> Do not click links or open attachments unless you recognize the >>> sender and know the content is safe. >>> >>> On 8/10/25 6:18 PM, Changqing Li wrote: >>>> Hi, Dear maintainers >>>> >>>> I met a "Segmentation fault" error of pahole. It happened when I >>>> passed an ELF file without .symtab section. >>>> Maybe I passed an unsupport file, but I think it should not segfault, >>>> maybe a warnning or error message is better. >>>> >>>> >>>> Here is the detailed info: >>>> Pahole version: >>>> # pahole --version >>>> v1.29 >>>> >>>> Reproduce Command: >>>> root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ >>>> vmlinux-6.12.40-yocto-standard >>>> pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 >>>> error >>>> 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 >>>> (core >>>> 0, socket 0) >>>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 >>>> e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 >>>> 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>>> Segmentation fault (core dumped) >>>> >>>> root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard >>>> /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>> x86-64, >>>> version 1 (SYSV), statically linked, >>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped >>>> >>>> root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- >>>> standard | grep .symtab >>>> [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 >>>> [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 >>>> [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 >>>> >>>> >>>> (gdb) bt >>>> #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ >>>> pahole/1.29/btf_encoder.c:196 >>>> #1 0x00007ffff7f92a7d in btf_encoder__elf_functions >>>> (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ >>>> btf_encoder.c:1374 >>>> #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, >>>> detached_filename=<optimized out>, warning: could not convert 'btf' >>>> from >>>> the host encoding (ANSI_X3.4-1968) to UTF-32. >>>> This normally should not happen, please file a bug report. >>>> base_btf=0x0, >>>> verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 >>>> <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 >>>> #3 0x000055555555db49 in pahole_stealer__btf_encode >>>> (cu=0x7fffd8001e50, >>>> conf_load=0x555555565280 <conf_load>) >>>> at /usr/src/debug/pahole/1.29/pahole.c:3126 >>>> #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 >>>> <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 >>>> #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, >>>> cu=<optimized out>, conf=<optimized out>) >>>> at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 >>>> #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ >>>> pahole/1.29/dwarf_loader.c:3672 >>>> #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at >>>> pthread_create.c:448 >>>> #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ >>>> linux/x86_64/clone3.S:78 >>>> (gdb) >>>> >>>> >>>> Command "pahole --btf_features=default -J /boot/.debug/ >>>> vmlinux-6.12.40- >>>> yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- >>>> standard has .symtab section. >>>> root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- >>>> standard >>>> /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>> x86-64, version 1 (SYSV), statically linked, >>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with >>>> debug_info, >>>> not stripped >>>> >>>> root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- >>>> yocto-standard | grep .symtab >>>> [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 >>>> [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 >>>> [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 >>>> [49] .symtab SYMTAB 0000000000000000 154cf200 >>>> >>> >>> Hi Changqing Li, thanks for the bug report. >>> >>> I couldn't reproduce this error with a stripped vmlinux: >>> >>> $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all >>> >>> v1.29 fails with: >>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>> Error creating BTF encoder. >>> >>> v1.30 fails with: >>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>> pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument >>> >>> Different errors are not nice, but at least no segfault. >>> >>> Could you please share the vmlinux binary that causes the error? >>> And also check if you get a segfault on v1.30 too? >>> >>> Thanks. >>> >> Hi, Ihor >> Thanks for checking this. Here is my retest result: >> On version 1.29: >> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >> vmlinux-6.12.40-yocto-standard >> pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 >> error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU >> 0 (core 0, socket 0) >> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 >> 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >> 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >> Segmentation fault (core dumped) >> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >> vmlinux-6.12.40-yocto-standard >> Error creating BTF encoder. >> >> We can see that the same vmlinux-6.12.40-yocto-standard have different >> result. After do some debugging, I found that >> /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo >> file /boot/.debug/vmlinux-6.12.40-yocto-standard. >> after I move .debug to .xxx, it will not segfault. >> root@intel-x86-64:/boot# mv .debug/ .xxx >> root@intel-x86-64:/boot# pahole --btf_features=default -J /boot/ >> vmlinux-6.12.40-yocto-standard >> Error creating BTF encoder. >> >> dwfl_module_getdwarf in cus__process_dwflmod return different when >> with or without debug, without .debug, dw=NULL, >> with .debug, dw will have a value, then causes the different process. >> >> On version 1.30 >> root@intel-x86-64:~# pahole --version >> v1.30 >> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >> vmlinux-6.12.40-yocto-standard >> pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 >> error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU >> 0 (core 0, socket 0) >> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >> Segmentation fault (core dumped) >> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >> vmlinux-6.12.40-yocto-standard >> pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument >> root@intel-x86-64:~# cd /root >> root@intel-x86-64:~# mkdir .debug >> root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto- >> standard .debug/ >> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >> vmlinux-6.12.40-yocto-standard >> pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 >> error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU >> 0 (core 0, socket 0) >> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >> >> Segmentation fault (core dumped) > > I think this " Invalid argument " change is caused by this commit: > > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/? > id=b4a071d99bb9e7c0d3c6ea7a6835389a4d350ed4 > > encode BTF with DWARF less files is not support for v1.30, so, since / > boot/vmlinux-6.12.40-yocto-standard without debuginfo, it taken as in > invalid argument, > > I think it is ok, but maybe more clear reason is better. > Thanks for the report! With latest pahole (next branch of https://git.kernel.org/pub/scm/devel/pahole/pahole.git/ ) including Arnaldo's change commit 97bf0a0b0572ec023761da9226b068b59b471de0 Author: Arnaldo Carvalho de Melo <acme@kernel.org> Date: Tue Jul 22 11:22:27 2025 -0300 pahole: Don't fail when encoding BTF on an object with no DWARF info I see the following pahole results against a stripped vmlinux: $ pahole --btf_features=default -J vmlinux.stripped $ echo $? 0 Can you reproduce the segmentation fault with the above pahole? If you can provide a way to get a stripped pahole like the above for me to test with, or provide the kernel .config used to build it, that would be great. Thanks! Alan ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-18 13:56 ` Alan Maguire @ 2025-08-18 17:56 ` Ihor Solodrai 2025-08-18 20:52 ` Arnaldo Carvalho de Melo 0 siblings, 1 reply; 10+ messages in thread From: Ihor Solodrai @ 2025-08-18 17:56 UTC (permalink / raw) To: Alan Maguire, Changqing Li, acme, dwarves; +Cc: Kernel Team, bpf On 8/18/25 6:56 AM, Alan Maguire wrote: > On 14/08/2025 10:42, Changqing Li wrote: >> >> On 8/14/25 17:20, Changqing Li wrote: >>> >>> On 8/14/25 07:45, Ihor Solodrai wrote: >>>> CAUTION: This email comes from a non Wind River email account! >>>> Do not click links or open attachments unless you recognize the >>>> sender and know the content is safe. >>>> >>>> On 8/10/25 6:18 PM, Changqing Li wrote: >>>>> Hi, Dear maintainers >>>>> >>>>> I met a "Segmentation fault" error of pahole. It happened when I >>>>> passed an ELF file without .symtab section. >>>>> Maybe I passed an unsupport file, but I think it should not segfault, >>>>> maybe a warnning or error message is better. >>>>> >>>>> >>>>> Here is the detailed info: >>>>> Pahole version: >>>>> # pahole --version >>>>> v1.29 >>>>> >>>>> Reproduce Command: >>>>> root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 >>>>> error >>>>> 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 >>>>> (core >>>>> 0, socket 0) >>>>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 >>>>> e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 >>>>> 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>>>> Segmentation fault (core dumped) >>>>> >>>>> root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard >>>>> /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>>> x86-64, >>>>> version 1 (SYSV), statically linked, >>>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped >>>>> >>>>> root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- >>>>> standard | grep .symtab >>>>> [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 >>>>> [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 >>>>> [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 >>>>> >>>>> >>>>> (gdb) bt >>>>> #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ >>>>> pahole/1.29/btf_encoder.c:196 >>>>> #1 0x00007ffff7f92a7d in btf_encoder__elf_functions >>>>> (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ >>>>> btf_encoder.c:1374 >>>>> #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, >>>>> detached_filename=<optimized out>, warning: could not convert 'btf' >>>>> from >>>>> the host encoding (ANSI_X3.4-1968) to UTF-32. >>>>> This normally should not happen, please file a bug report. >>>>> base_btf=0x0, >>>>> verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 >>>>> <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 >>>>> #3 0x000055555555db49 in pahole_stealer__btf_encode >>>>> (cu=0x7fffd8001e50, >>>>> conf_load=0x555555565280 <conf_load>) >>>>> at /usr/src/debug/pahole/1.29/pahole.c:3126 >>>>> #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 >>>>> <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 >>>>> #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, >>>>> cu=<optimized out>, conf=<optimized out>) >>>>> at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 >>>>> #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ >>>>> pahole/1.29/dwarf_loader.c:3672 >>>>> #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at >>>>> pthread_create.c:448 >>>>> #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ >>>>> linux/x86_64/clone3.S:78 >>>>> (gdb) Hi everyone. I was able to reproduce the error by feeding pahole a vmlinux with a debuglink [1], created with: vmlinux=$(realpath ~/kernels/bpf-next/.tmp_vmlinux1) objcopy --only-keep-debug $vmlinux vmlinux.debug objcopy --strip-all --add-gnu-debuglink=vmlinux.debug $vmlinux vmlinux.stripped With that, I got the following valgrind output: $ valgrind ./build/pahole --btf_features=default -J ./mbox/vmlinux.stripped ==40680== Memcheck, a memory error detector ==40680== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==40680== Using Valgrind-3.25.1 and LibVEX; rerun with -h for copyright info ==40680== Command: ./build/pahole --btf_features=default -J ./mbox/vmlinux.stripped ==40680== ==40680== Warning: set address range perms: large range [0x7c20000, 0x32e2d000) (defined) ==40680== Thread 2: ==40680== Invalid write of size 8 ==40680== at 0x487D34D: __list_del (list.h:106) ==40680== by 0x487D384: list_del (list.h:118) ==40680== by 0x487D6DB: elf_functions__delete (btf_encoder.c:170) ==40680== by 0x487D77C: elf_functions__new (btf_encoder.c:201) ==40680== by 0x4880E2A: btf_encoder__elf_functions (btf_encoder.c:1485) ==40680== by 0x4883558: btf_encoder__new (btf_encoder.c:2450) ==40680== by 0x4078DD: pahole_stealer__btf_encode (pahole.c:3160) ==40680== by 0x407B0D: pahole_stealer (pahole.c:3221) ==40680== by 0x488D2F5: cus__steal_now (dwarf_loader.c:3266) ==40680== by 0x488DF74: dwarf_loader__worker_thread (dwarf_loader.c:3678) ==40680== by 0x4A8F723: start_thread (pthread_create.c:448) ==40680== by 0x4B13613: clone (clone.S:100) ==40680== Address 0x8 is not stack'd, malloc'd or (recently) free'd As far as I understand, in principle pahole could support search for a file linked via .gnu_debuglink, but that's a separate issue. Please see a bugfix patch below. [1] https://manpages.debian.org/unstable/binutils-common/objcopy.1.en.html#add~3 From 6104783080709dad0726740615149951109f839e Mon Sep 17 00:00:00 2001 From: Ihor Solodrai <ihor.solodrai@linux.dev> Date: Mon, 18 Aug 2025 10:30:16 -0700 Subject: [PATCH] btf_encoder: fix elf_functions cleanup on error When elf_functions__new() errors out and jumps to elf_functions__delete(), pahole segfaults on attempt to list_del the elf_functions instance from a list, to which it was never added. Fix this by changing elf_functions__delete() to elf_functions__clear(), moving list_del and free calls out of it. Then clear and free on error, and remove from the list on normal cleanup in elf_functions_list__clear(). Closes: https://lore.kernel.org/dwarves/24bcc853-533c-42ab-bc37-0c13e0baa217@windriver.com/ Reported-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> --- btf_encoder.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/btf_encoder.c b/btf_encoder.c index 0bc2334..631c0b5 100644 --- a/btf_encoder.c +++ b/btf_encoder.c @@ -161,14 +161,12 @@ struct btf_kfunc_set_range { uint64_t end; }; -static inline void elf_functions__delete(struct elf_functions *funcs) +static inline void elf_functions__clear(struct elf_functions *funcs) { for (int i = 0; i < funcs->cnt; i++) free(funcs->entries[i].alias); free(funcs->entries); elf_symtab__delete(funcs->symtab); - list_del(&funcs->node); - free(funcs); } static int elf_functions__collect(struct elf_functions *functions); @@ -198,7 +196,8 @@ struct elf_functions *elf_functions__new(Elf *elf) return funcs; out_delete: - elf_functions__delete(funcs); + elf_functions__clear(funcs); + free(funcs); return NULL; } @@ -209,7 +208,9 @@ static inline void elf_functions_list__clear(struct list_head *elf_functions_lis list_for_each_safe(pos, tmp, elf_functions_list) { funcs = list_entry(pos, struct elf_functions, node); - elf_functions__delete(funcs); + elf_functions__clear(funcs); + list_del(&funcs->node); + free(funcs); } } -- 2.50.1 >>>>> >>>>> >>>>> Command "pahole --btf_features=default -J /boot/.debug/ >>>>> vmlinux-6.12.40- >>>>> yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- >>>>> standard has .symtab section. >>>>> root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- >>>>> standard >>>>> /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>>> x86-64, version 1 (SYSV), statically linked, >>>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with >>>>> debug_info, >>>>> not stripped >>>>> >>>>> root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- >>>>> yocto-standard | grep .symtab >>>>> [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 >>>>> [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 >>>>> [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 >>>>> [49] .symtab SYMTAB 0000000000000000 154cf200 >>>>> >>>> >>>> Hi Changqing Li, thanks for the bug report. >>>> >>>> I couldn't reproduce this error with a stripped vmlinux: >>>> >>>> $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all >>>> >>>> v1.29 fails with: >>>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>>> Error creating BTF encoder. >>>> >>>> v1.30 fails with: >>>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>>> pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument >>>> >>>> Different errors are not nice, but at least no segfault. >>>> >>>> Could you please share the vmlinux binary that causes the error? >>>> And also check if you get a segfault on v1.30 too? >>>> >>>> Thanks. >>>> >>> Hi, Ihor >>> Thanks for checking this. Here is my retest result: >>> On version 1.29: >>> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >>> vmlinux-6.12.40-yocto-standard >>> pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 >>> error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU >>> 0 (core 0, socket 0) >>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 >>> 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>> 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>> Segmentation fault (core dumped) >>> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>> vmlinux-6.12.40-yocto-standard >>> Error creating BTF encoder. >>> >>> We can see that the same vmlinux-6.12.40-yocto-standard have different >>> result. After do some debugging, I found that >>> /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo >>> file /boot/.debug/vmlinux-6.12.40-yocto-standard. >>> after I move .debug to .xxx, it will not segfault. >>> root@intel-x86-64:/boot# mv .debug/ .xxx >>> root@intel-x86-64:/boot# pahole --btf_features=default -J /boot/ >>> vmlinux-6.12.40-yocto-standard >>> Error creating BTF encoder. >>> >>> dwfl_module_getdwarf in cus__process_dwflmod return different when >>> with or without debug, without .debug, dw=NULL, >>> with .debug, dw will have a value, then causes the different process. >>> >>> On version 1.30 >>> root@intel-x86-64:~# pahole --version >>> v1.30 >>> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >>> vmlinux-6.12.40-yocto-standard >>> pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 >>> error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU >>> 0 (core 0, socket 0) >>> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >>> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >>> Segmentation fault (core dumped) >>> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>> vmlinux-6.12.40-yocto-standard >>> pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument >>> root@intel-x86-64:~# cd /root >>> root@intel-x86-64:~# mkdir .debug >>> root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto- >>> standard .debug/ >>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>> vmlinux-6.12.40-yocto-standard >>> pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 >>> error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU >>> 0 (core 0, socket 0) >>> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >>> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >>> >>> Segmentation fault (core dumped) >> >> I think this " Invalid argument " change is caused by this commit: >> >> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/? >> id=b4a071d99bb9e7c0d3c6ea7a6835389a4d350ed4 >> >> encode BTF with DWARF less files is not support for v1.30, so, since / >> boot/vmlinux-6.12.40-yocto-standard without debuginfo, it taken as in >> invalid argument, >> >> I think it is ok, but maybe more clear reason is better. >> > > Thanks for the report! > > With latest pahole (next branch of > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/ ) including > Arnaldo's change > > commit 97bf0a0b0572ec023761da9226b068b59b471de0 > Author: Arnaldo Carvalho de Melo <acme@kernel.org> > Date: Tue Jul 22 11:22:27 2025 -0300 > > pahole: Don't fail when encoding BTF on an object with no DWARF info > > > I see the following pahole results against a stripped vmlinux: > > $ pahole --btf_features=default -J vmlinux.stripped > $ echo $? > 0 > > Can you reproduce the segmentation fault with the above pahole? If you > can provide a way to get a stripped pahole like the above for me to test > with, or provide the kernel .config used to build it, that would be > great. Thanks! > > Alan ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-18 17:56 ` Ihor Solodrai @ 2025-08-18 20:52 ` Arnaldo Carvalho de Melo 2025-08-19 17:33 ` Alan Maguire 0 siblings, 1 reply; 10+ messages in thread From: Arnaldo Carvalho de Melo @ 2025-08-18 20:52 UTC (permalink / raw) To: Ihor Solodrai; +Cc: Alan Maguire, Changqing Li, dwarves, Kernel Team, bpf On Mon, Aug 18, 2025 at 10:56:36AM -0700, Ihor Solodrai wrote: > On 8/18/25 6:56 AM, Alan Maguire wrote: > > On 14/08/2025 10:42, Changqing Li wrote: > > > > > > On 8/14/25 17:20, Changqing Li wrote: > > > > > > > > On 8/14/25 07:45, Ihor Solodrai wrote: > > > > > CAUTION: This email comes from a non Wind River email account! > > > > > Do not click links or open attachments unless you recognize the > > > > > sender and know the content is safe. > > > > > > > > > > On 8/10/25 6:18 PM, Changqing Li wrote: > > > > > > Hi, Dear maintainers > > > > > > > > > > > > I met a "Segmentation fault" error of pahole. It happened when I > > > > > > passed an ELF file without .symtab section. > > > > > > Maybe I passed an unsupport file, but I think it should not segfault, > > > > > > maybe a warnning or error message is better. > > > > > > > > > > > > > > > > > > Here is the detailed info: > > > > > > Pahole version: > > > > > > # pahole --version > > > > > > v1.29 > > > > > > > > > > > > Reproduce Command: > > > > > > root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ > > > > > > vmlinux-6.12.40-yocto-standard > > > > > > pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 > > > > > > error > > > > > > 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 > > > > > > (core > > > > > > 0, socket 0) > > > > > > Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 > > > > > > e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 > > > > > > 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff > > > > > > Segmentation fault (core dumped) > > > > > > > > > > > > root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard > > > > > > /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, > > > > > > x86-64, > > > > > > version 1 (SYSV), statically linked, > > > > > > BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped > > > > > > > > > > > > root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- > > > > > > standard | grep .symtab > > > > > > [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 > > > > > > [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 > > > > > > [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 > > > > > > > > > > > > > > > > > > (gdb) bt > > > > > > #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ > > > > > > pahole/1.29/btf_encoder.c:196 > > > > > > #1 0x00007ffff7f92a7d in btf_encoder__elf_functions > > > > > > (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ > > > > > > btf_encoder.c:1374 > > > > > > #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, > > > > > > detached_filename=<optimized out>, warning: could not convert 'btf' > > > > > > from > > > > > > the host encoding (ANSI_X3.4-1968) to UTF-32. > > > > > > This normally should not happen, please file a bug report. > > > > > > base_btf=0x0, > > > > > > verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 > > > > > > <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 > > > > > > #3 0x000055555555db49 in pahole_stealer__btf_encode > > > > > > (cu=0x7fffd8001e50, > > > > > > conf_load=0x555555565280 <conf_load>) > > > > > > at /usr/src/debug/pahole/1.29/pahole.c:3126 > > > > > > #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 > > > > > > <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 > > > > > > #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, > > > > > > cu=<optimized out>, conf=<optimized out>) > > > > > > at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 > > > > > > #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ > > > > > > pahole/1.29/dwarf_loader.c:3672 > > > > > > #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at > > > > > > pthread_create.c:448 > > > > > > #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ > > > > > > linux/x86_64/clone3.S:78 > > > > > > (gdb) > > Hi everyone. > > I was able to reproduce the error by feeding pahole a vmlinux with a > debuglink [1], created with: > > vmlinux=$(realpath ~/kernels/bpf-next/.tmp_vmlinux1) > objcopy --only-keep-debug $vmlinux vmlinux.debug > objcopy --strip-all --add-gnu-debuglink=vmlinux.debug $vmlinux > vmlinux.stripped > > With that, I got the following valgrind output: > > $ valgrind ./build/pahole --btf_features=default -J > ./mbox/vmlinux.stripped > ==40680== Memcheck, a memory error detector > ==40680== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et > al. > ==40680== Using Valgrind-3.25.1 and LibVEX; rerun with -h for copyright > info > ==40680== Command: ./build/pahole --btf_features=default -J > ./mbox/vmlinux.stripped > ==40680== > ==40680== Warning: set address range perms: large range [0x7c20000, > 0x32e2d000) (defined) > ==40680== Thread 2: > ==40680== Invalid write of size 8 > ==40680== at 0x487D34D: __list_del (list.h:106) > ==40680== by 0x487D384: list_del (list.h:118) > ==40680== by 0x487D6DB: elf_functions__delete (btf_encoder.c:170) > ==40680== by 0x487D77C: elf_functions__new (btf_encoder.c:201) > ==40680== by 0x4880E2A: btf_encoder__elf_functions > (btf_encoder.c:1485) > ==40680== by 0x4883558: btf_encoder__new (btf_encoder.c:2450) > ==40680== by 0x4078DD: pahole_stealer__btf_encode (pahole.c:3160) > ==40680== by 0x407B0D: pahole_stealer (pahole.c:3221) > ==40680== by 0x488D2F5: cus__steal_now (dwarf_loader.c:3266) > ==40680== by 0x488DF74: dwarf_loader__worker_thread > (dwarf_loader.c:3678) > ==40680== by 0x4A8F723: start_thread (pthread_create.c:448) > ==40680== by 0x4B13613: clone (clone.S:100) > ==40680== Address 0x8 is not stack'd, malloc'd or (recently) free'd > > As far as I understand, in principle pahole could support search for a > file linked via .gnu_debuglink, but that's a separate issue. Agreed. > Please see a bugfix patch below. > > [1] > https://manpages.debian.org/unstable/binutils-common/objcopy.1.en.html#add~3 > > > From 6104783080709dad0726740615149951109f839e Mon Sep 17 00:00:00 2001 > From: Ihor Solodrai <ihor.solodrai@linux.dev> > Date: Mon, 18 Aug 2025 10:30:16 -0700 > Subject: [PATCH] btf_encoder: fix elf_functions cleanup on error > > When elf_functions__new() errors out and jumps to > elf_functions__delete(), pahole segfaults on attempt to list_del the > elf_functions instance from a list, to which it was never added. > > Fix this by changing elf_functions__delete() to > elf_functions__clear(), moving list_del and free calls out of it. Then > clear and free on error, and remove from the list on normal cleanup in > elf_functions_list__clear(). I think we should still call it __delete() to have a counterpart to __new() and just remove that removal from the list from the __delete(). Apart from that, it looks to address a bug, so with the above changed: Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> - Arnaldo > Closes: https://lore.kernel.org/dwarves/24bcc853-533c-42ab-bc37-0c13e0baa217@windriver.com/ > Reported-by: Changqing Li <changqing.li@windriver.com> > Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> > > --- > btf_encoder.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/btf_encoder.c b/btf_encoder.c > index 0bc2334..631c0b5 100644 > --- a/btf_encoder.c > +++ b/btf_encoder.c > @@ -161,14 +161,12 @@ struct btf_kfunc_set_range { > uint64_t end; > }; > > -static inline void elf_functions__delete(struct elf_functions *funcs) > +static inline void elf_functions__clear(struct elf_functions *funcs) > { > for (int i = 0; i < funcs->cnt; i++) > free(funcs->entries[i].alias); > free(funcs->entries); > elf_symtab__delete(funcs->symtab); > - list_del(&funcs->node); > - free(funcs); > } > > static int elf_functions__collect(struct elf_functions *functions); > @@ -198,7 +196,8 @@ struct elf_functions *elf_functions__new(Elf *elf) > return funcs; > > out_delete: > - elf_functions__delete(funcs); > + elf_functions__clear(funcs); > + free(funcs); > return NULL; > } > > @@ -209,7 +208,9 @@ static inline void elf_functions_list__clear(struct > list_head *elf_functions_lis > > list_for_each_safe(pos, tmp, elf_functions_list) { > funcs = list_entry(pos, struct elf_functions, node); > - elf_functions__delete(funcs); > + elf_functions__clear(funcs); > + list_del(&funcs->node); > + free(funcs); > } > } > > -- > 2.50.1 > > > > > > > > > > > > > > > > > > > > > > Command "pahole --btf_features=default -J /boot/.debug/ > > > > > > vmlinux-6.12.40- > > > > > > yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- > > > > > > standard has .symtab section. > > > > > > root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- > > > > > > standard > > > > > > /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, > > > > > > x86-64, version 1 (SYSV), statically linked, > > > > > > BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with > > > > > > debug_info, > > > > > > not stripped > > > > > > > > > > > > root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- > > > > > > yocto-standard | grep .symtab > > > > > > [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 > > > > > > [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 > > > > > > [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 > > > > > > [49] .symtab SYMTAB 0000000000000000 154cf200 > > > > > > > > > > > > > > > > Hi Changqing Li, thanks for the bug report. > > > > > > > > > > I couldn't reproduce this error with a stripped vmlinux: > > > > > > > > > > $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all > > > > > > > > > > v1.29 fails with: > > > > > $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) > > > > > Error creating BTF encoder. > > > > > > > > > > v1.30 fails with: > > > > > $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) > > > > > pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument > > > > > > > > > > Different errors are not nice, but at least no segfault. > > > > > > > > > > Could you please share the vmlinux binary that causes the error? > > > > > And also check if you get a segfault on v1.30 too? > > > > > > > > > > Thanks. > > > > > > > > > Hi, Ihor > > > > Thanks for checking this. Here is my retest result: > > > > On version 1.29: > > > > root@intel-x86-64:~# pahole --btf_features=default -J /boot/ > > > > vmlinux-6.12.40-yocto-standard > > > > pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 > > > > error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU > > > > 0 (core 0, socket 0) > > > > Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 > > > > 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > > > > 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff > > > > Segmentation fault (core dumped) > > > > root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ > > > > root@intel-x86-64:~# pahole --btf_features=default -J /root/ > > > > vmlinux-6.12.40-yocto-standard > > > > Error creating BTF encoder. > > > > > > > > We can see that the same vmlinux-6.12.40-yocto-standard have different > > > > result. After do some debugging, I found that > > > > /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo > > > > file /boot/.debug/vmlinux-6.12.40-yocto-standard. > > > > after I move .debug to .xxx, it will not segfault. > > > > root@intel-x86-64:/boot# mv .debug/ .xxx > > > > root@intel-x86-64:/boot# pahole --btf_features=default -J /boot/ > > > > vmlinux-6.12.40-yocto-standard > > > > Error creating BTF encoder. > > > > > > > > dwfl_module_getdwarf in cus__process_dwflmod return different when > > > > with or without debug, without .debug, dw=NULL, > > > > with .debug, dw will have a value, then causes the different process. > > > > > > > > On version 1.30 > > > > root@intel-x86-64:~# pahole --version > > > > v1.30 > > > > root@intel-x86-64:~# pahole --btf_features=default -J /boot/ > > > > vmlinux-6.12.40-yocto-standard > > > > pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 > > > > error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU > > > > 0 (core 0, socket 0) > > > > Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 > > > > 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > > > > 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff > > > > Segmentation fault (core dumped) > > > > root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ > > > > root@intel-x86-64:~# pahole --btf_features=default -J /root/ > > > > vmlinux-6.12.40-yocto-standard > > > > pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument > > > > root@intel-x86-64:~# cd /root > > > > root@intel-x86-64:~# mkdir .debug > > > > root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto- > > > > standard .debug/ > > > > root@intel-x86-64:~# pahole --btf_features=default -J /root/ > > > > vmlinux-6.12.40-yocto-standard > > > > pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 > > > > error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU > > > > 0 (core 0, socket 0) > > > > Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 > > > > 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 > > > > 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff > > > > > > > > Segmentation fault (core dumped) > > > > > > I think this " Invalid argument " change is caused by this commit: > > > > > > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/? > > > id=b4a071d99bb9e7c0d3c6ea7a6835389a4d350ed4 > > > > > > encode BTF with DWARF less files is not support for v1.30, so, since / > > > boot/vmlinux-6.12.40-yocto-standard without debuginfo, it taken as in > > > invalid argument, > > > > > > I think it is ok, but maybe more clear reason is better. > > > > > > > Thanks for the report! > > > > With latest pahole (next branch of > > https://git.kernel.org/pub/scm/devel/pahole/pahole.git/ ) including > > Arnaldo's change > > > > commit 97bf0a0b0572ec023761da9226b068b59b471de0 > > Author: Arnaldo Carvalho de Melo <acme@kernel.org> > > Date: Tue Jul 22 11:22:27 2025 -0300 > > > > pahole: Don't fail when encoding BTF on an object with no DWARF info > > > > > > I see the following pahole results against a stripped vmlinux: > > > > $ pahole --btf_features=default -J vmlinux.stripped > > $ echo $? > > 0 > > > > Can you reproduce the segmentation fault with the above pahole? If you > > can provide a way to get a stripped pahole like the above for me to test > > with, or provide the kernel .config used to build it, that would be > > great. Thanks! > > > > Alan ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-18 20:52 ` Arnaldo Carvalho de Melo @ 2025-08-19 17:33 ` Alan Maguire 2025-08-19 19:20 ` Ihor Solodrai 0 siblings, 1 reply; 10+ messages in thread From: Alan Maguire @ 2025-08-19 17:33 UTC (permalink / raw) To: Arnaldo Carvalho de Melo, Ihor Solodrai Cc: Changqing Li, dwarves, Kernel Team, bpf On 18/08/2025 21:52, Arnaldo Carvalho de Melo wrote: > On Mon, Aug 18, 2025 at 10:56:36AM -0700, Ihor Solodrai wrote: >> On 8/18/25 6:56 AM, Alan Maguire wrote: >>> On 14/08/2025 10:42, Changqing Li wrote: >>>> >>>> On 8/14/25 17:20, Changqing Li wrote: >>>>> >>>>> On 8/14/25 07:45, Ihor Solodrai wrote: >>>>>> CAUTION: This email comes from a non Wind River email account! >>>>>> Do not click links or open attachments unless you recognize the >>>>>> sender and know the content is safe. >>>>>> >>>>>> On 8/10/25 6:18 PM, Changqing Li wrote: >>>>>>> Hi, Dear maintainers >>>>>>> >>>>>>> I met a "Segmentation fault" error of pahole. It happened when I >>>>>>> passed an ELF file without .symtab section. >>>>>>> Maybe I passed an unsupport file, but I think it should not segfault, >>>>>>> maybe a warnning or error message is better. >>>>>>> >>>>>>> >>>>>>> Here is the detailed info: >>>>>>> Pahole version: >>>>>>> # pahole --version >>>>>>> v1.29 >>>>>>> >>>>>>> Reproduce Command: >>>>>>> root@intel-x86-64:/~# pahole --btf_features=default -J /boot/ >>>>>>> vmlinux-6.12.40-yocto-standard >>>>>>> pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 >>>>>>> error >>>>>>> 6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 >>>>>>> (core >>>>>>> 0, socket 0) >>>>>>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18 >>>>>>> e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42 >>>>>>> 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>>>>>> Segmentation fault (core dumped) >>>>>>> >>>>>>> root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard >>>>>>> /boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>>>>> x86-64, >>>>>>> version 1 (SYSV), statically linked, >>>>>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped >>>>>>> >>>>>>> root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto- >>>>>>> standard | grep .symtab >>>>>>> [ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00 >>>>>>> [ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730 >>>>>>> [ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0 >>>>>>> >>>>>>> >>>>>>> (gdb) bt >>>>>>> #0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/ >>>>>>> pahole/1.29/btf_encoder.c:196 >>>>>>> #1 0x00007ffff7f92a7d in btf_encoder__elf_functions >>>>>>> (encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/ >>>>>>> btf_encoder.c:1374 >>>>>>> #2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50, >>>>>>> detached_filename=<optimized out>, warning: could not convert 'btf' >>>>>>> from >>>>>>> the host encoding (ANSI_X3.4-1968) to UTF-32. >>>>>>> This normally should not happen, please file a bug report. >>>>>>> base_btf=0x0, >>>>>>> verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280 >>>>>>> <conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431 >>>>>>> #3 0x000055555555db49 in pahole_stealer__btf_encode >>>>>>> (cu=0x7fffd8001e50, >>>>>>> conf_load=0x555555565280 <conf_load>) >>>>>>> at /usr/src/debug/pahole/1.29/pahole.c:3126 >>>>>>> #4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280 >>>>>>> <conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187 >>>>>>> #5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>, >>>>>>> cu=<optimized out>, conf=<optimized out>) >>>>>>> at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266 >>>>>>> #6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/ >>>>>>> pahole/1.29/dwarf_loader.c:3672 >>>>>>> #7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at >>>>>>> pthread_create.c:448 >>>>>>> #8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/ >>>>>>> linux/x86_64/clone3.S:78 >>>>>>> (gdb) >> >> Hi everyone. >> >> I was able to reproduce the error by feeding pahole a vmlinux with a >> debuglink [1], created with: >> >> vmlinux=$(realpath ~/kernels/bpf-next/.tmp_vmlinux1) >> objcopy --only-keep-debug $vmlinux vmlinux.debug >> objcopy --strip-all --add-gnu-debuglink=vmlinux.debug $vmlinux >> vmlinux.stripped >> >> With that, I got the following valgrind output: >> >> $ valgrind ./build/pahole --btf_features=default -J >> ./mbox/vmlinux.stripped >> ==40680== Memcheck, a memory error detector >> ==40680== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et >> al. >> ==40680== Using Valgrind-3.25.1 and LibVEX; rerun with -h for copyright >> info >> ==40680== Command: ./build/pahole --btf_features=default -J >> ./mbox/vmlinux.stripped >> ==40680== >> ==40680== Warning: set address range perms: large range [0x7c20000, >> 0x32e2d000) (defined) >> ==40680== Thread 2: >> ==40680== Invalid write of size 8 >> ==40680== at 0x487D34D: __list_del (list.h:106) >> ==40680== by 0x487D384: list_del (list.h:118) >> ==40680== by 0x487D6DB: elf_functions__delete (btf_encoder.c:170) >> ==40680== by 0x487D77C: elf_functions__new (btf_encoder.c:201) >> ==40680== by 0x4880E2A: btf_encoder__elf_functions >> (btf_encoder.c:1485) >> ==40680== by 0x4883558: btf_encoder__new (btf_encoder.c:2450) >> ==40680== by 0x4078DD: pahole_stealer__btf_encode (pahole.c:3160) >> ==40680== by 0x407B0D: pahole_stealer (pahole.c:3221) >> ==40680== by 0x488D2F5: cus__steal_now (dwarf_loader.c:3266) >> ==40680== by 0x488DF74: dwarf_loader__worker_thread >> (dwarf_loader.c:3678) >> ==40680== by 0x4A8F723: start_thread (pthread_create.c:448) >> ==40680== by 0x4B13613: clone (clone.S:100) >> ==40680== Address 0x8 is not stack'd, malloc'd or (recently) free'd >> >> As far as I understand, in principle pahole could support search for a >> file linked via .gnu_debuglink, but that's a separate issue. > > Agreed. > >> Please see a bugfix patch below. >> >> [1] >> https://manpages.debian.org/unstable/binutils-common/objcopy.1.en.html#add~3 >> >> >> From 6104783080709dad0726740615149951109f839e Mon Sep 17 00:00:00 2001 >> From: Ihor Solodrai <ihor.solodrai@linux.dev> >> Date: Mon, 18 Aug 2025 10:30:16 -0700 >> Subject: [PATCH] btf_encoder: fix elf_functions cleanup on error >> >> When elf_functions__new() errors out and jumps to >> elf_functions__delete(), pahole segfaults on attempt to list_del the >> elf_functions instance from a list, to which it was never added. >> >> Fix this by changing elf_functions__delete() to >> elf_functions__clear(), moving list_del and free calls out of it. Then >> clear and free on error, and remove from the list on normal cleanup in >> elf_functions_list__clear(). > > I think we should still call it __delete() to have a counterpart to > __new() and just remove that removal from the list from the __delete(). > > Apart from that, it looks to address a bug, so with the above changed: > > Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> > Thanks for the fix Ihor! Sorry to bikeshed this but how about using funcs->elf as a proxy for determining if we have elf function info to add to the list, so we could then fix elf_functions__delete() to guard the list_del(): if (funcs->elf) list_del(&funcs->node); we'd just then need to tweak - funcs->elf = elf; err = elf_functions__collect(funcs); if (err < 0) goto out_delete; + funcs->elf = elf; Would that work? > - Arnaldo > >> Closes: https://lore.kernel.org/dwarves/24bcc853-533c-42ab-bc37-0c13e0baa217@windriver.com/ >> Reported-by: Changqing Li <changqing.li@windriver.com> >> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> >> >> --- >> btf_encoder.c | 11 ++++++----- >> 1 file changed, 6 insertions(+), 5 deletions(-) >> >> diff --git a/btf_encoder.c b/btf_encoder.c >> index 0bc2334..631c0b5 100644 >> --- a/btf_encoder.c >> +++ b/btf_encoder.c >> @@ -161,14 +161,12 @@ struct btf_kfunc_set_range { >> uint64_t end; >> }; >> >> -static inline void elf_functions__delete(struct elf_functions *funcs) >> +static inline void elf_functions__clear(struct elf_functions *funcs) >> { >> for (int i = 0; i < funcs->cnt; i++) >> free(funcs->entries[i].alias); >> free(funcs->entries); >> elf_symtab__delete(funcs->symtab); >> - list_del(&funcs->node); >> - free(funcs); >> } >> >> static int elf_functions__collect(struct elf_functions *functions); >> @@ -198,7 +196,8 @@ struct elf_functions *elf_functions__new(Elf *elf) >> return funcs; >> >> out_delete: >> - elf_functions__delete(funcs); >> + elf_functions__clear(funcs); >> + free(funcs); >> return NULL; >> } >> >> @@ -209,7 +208,9 @@ static inline void elf_functions_list__clear(struct >> list_head *elf_functions_lis >> >> list_for_each_safe(pos, tmp, elf_functions_list) { >> funcs = list_entry(pos, struct elf_functions, node); >> - elf_functions__delete(funcs); >> + elf_functions__clear(funcs); >> + list_del(&funcs->node); >> + free(funcs); >> } >> } >> >> -- >> 2.50.1 >> >> >> >> >>>>>>> >>>>>>> >>>>>>> Command "pahole --btf_features=default -J /boot/.debug/ >>>>>>> vmlinux-6.12.40- >>>>>>> yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto- >>>>>>> standard has .symtab section. >>>>>>> root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto- >>>>>>> standard >>>>>>> /boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, >>>>>>> x86-64, version 1 (SYSV), statically linked, >>>>>>> BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with >>>>>>> debug_info, >>>>>>> not stripped >>>>>>> >>>>>>> root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40- >>>>>>> yocto-standard | grep .symtab >>>>>>> [ 4] __ksymtab NOBITS ffffffff82c11e00 00001000 >>>>>>> [ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000 >>>>>>> [ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000 >>>>>>> [49] .symtab SYMTAB 0000000000000000 154cf200 >>>>>>> >>>>>> >>>>>> Hi Changqing Li, thanks for the bug report. >>>>>> >>>>>> I couldn't reproduce this error with a stripped vmlinux: >>>>>> >>>>>> $ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all >>>>>> >>>>>> v1.29 fails with: >>>>>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>>>>> Error creating BTF encoder. >>>>>> >>>>>> v1.30 fails with: >>>>>> $ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all) >>>>>> pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument >>>>>> >>>>>> Different errors are not nice, but at least no segfault. >>>>>> >>>>>> Could you please share the vmlinux binary that causes the error? >>>>>> And also check if you get a segfault on v1.30 too? >>>>>> >>>>>> Thanks. >>>>>> >>>>> Hi, Ihor >>>>> Thanks for checking this. Here is my retest result: >>>>> On version 1.29: >>>>> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 >>>>> error 6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU >>>>> 0 (core 0, socket 0) >>>>> Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 >>>>> 18 e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>>>> 42 08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff >>>>> Segmentation fault (core dumped) >>>>> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >>>>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> Error creating BTF encoder. >>>>> >>>>> We can see that the same vmlinux-6.12.40-yocto-standard have different >>>>> result. After do some debugging, I found that >>>>> /boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo >>>>> file /boot/.debug/vmlinux-6.12.40-yocto-standard. >>>>> after I move .debug to .xxx, it will not segfault. >>>>> root@intel-x86-64:/boot# mv .debug/ .xxx >>>>> root@intel-x86-64:/boot# pahole --btf_features=default -J /boot/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> Error creating BTF encoder. >>>>> >>>>> dwfl_module_getdwarf in cus__process_dwflmod return different when >>>>> with or without debug, without .debug, dw=NULL, >>>>> with .debug, dw will have a value, then causes the different process. >>>>> >>>>> On version 1.30 >>>>> root@intel-x86-64:~# pahole --version >>>>> v1.30 >>>>> root@intel-x86-64:~# pahole --btf_features=default -J /boot/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 >>>>> error 6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU >>>>> 0 (core 0, socket 0) >>>>> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >>>>> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>>>> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >>>>> Segmentation fault (core dumped) >>>>> root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/ >>>>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument >>>>> root@intel-x86-64:~# cd /root >>>>> root@intel-x86-64:~# mkdir .debug >>>>> root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto- >>>>> standard .debug/ >>>>> root@intel-x86-64:~# pahole --btf_features=default -J /root/ >>>>> vmlinux-6.12.40-yocto-standard >>>>> pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 >>>>> error 6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU >>>>> 0 (core 0, socket 0) >>>>> Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 >>>>> 18 e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 >>>>> 42 08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff >>>>> >>>>> Segmentation fault (core dumped) >>>> >>>> I think this " Invalid argument " change is caused by this commit: >>>> >>>> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/? >>>> id=b4a071d99bb9e7c0d3c6ea7a6835389a4d350ed4 >>>> >>>> encode BTF with DWARF less files is not support for v1.30, so, since / >>>> boot/vmlinux-6.12.40-yocto-standard without debuginfo, it taken as in >>>> invalid argument, >>>> >>>> I think it is ok, but maybe more clear reason is better. >>>> >>> >>> Thanks for the report! >>> >>> With latest pahole (next branch of >>> https://git.kernel.org/pub/scm/devel/pahole/pahole.git/ ) including >>> Arnaldo's change >>> >>> commit 97bf0a0b0572ec023761da9226b068b59b471de0 >>> Author: Arnaldo Carvalho de Melo <acme@kernel.org> >>> Date: Tue Jul 22 11:22:27 2025 -0300 >>> >>> pahole: Don't fail when encoding BTF on an object with no DWARF info >>> >>> >>> I see the following pahole results against a stripped vmlinux: >>> >>> $ pahole --btf_features=default -J vmlinux.stripped >>> $ echo $? >>> 0 >>> >>> Can you reproduce the segmentation fault with the above pahole? If you >>> can provide a way to get a stripped pahole like the above for me to test >>> with, or provide the kernel .config used to build it, that would be >>> great. Thanks! >>> >>> Alan > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-19 17:33 ` Alan Maguire @ 2025-08-19 19:20 ` Ihor Solodrai 2025-08-20 10:46 ` Alan Maguire 0 siblings, 1 reply; 10+ messages in thread From: Ihor Solodrai @ 2025-08-19 19:20 UTC (permalink / raw) To: Alan Maguire, Arnaldo Carvalho de Melo Cc: Changqing Li, dwarves, Kernel Team, bpf On 8/19/25 10:33 AM, Alan Maguire wrote: > On 18/08/2025 21:52, Arnaldo Carvalho de Melo wrote: >> On Mon, Aug 18, 2025 at 10:56:36AM -0700, Ihor Solodrai wrote: >>> >>> [...] >>> >>> Hi everyone. >>> >>> I was able to reproduce the error by feeding pahole a vmlinux with a >>> debuglink [1], created with: >>> >>> vmlinux=$(realpath ~/kernels/bpf-next/.tmp_vmlinux1) >>> objcopy --only-keep-debug $vmlinux vmlinux.debug >>> objcopy --strip-all --add-gnu-debuglink=vmlinux.debug $vmlinux >>> vmlinux.stripped >>> >>> With that, I got the following valgrind output: >>> >>> $ valgrind ./build/pahole --btf_features=default -J >>> ./mbox/vmlinux.stripped >>> ==40680== Memcheck, a memory error detector >>> ==40680== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et >>> al. >>> ==40680== Using Valgrind-3.25.1 and LibVEX; rerun with -h for copyright >>> info >>> ==40680== Command: ./build/pahole --btf_features=default -J >>> ./mbox/vmlinux.stripped >>> ==40680== >>> ==40680== Warning: set address range perms: large range [0x7c20000, >>> 0x32e2d000) (defined) >>> ==40680== Thread 2: >>> ==40680== Invalid write of size 8 >>> ==40680== at 0x487D34D: __list_del (list.h:106) >>> ==40680== by 0x487D384: list_del (list.h:118) >>> ==40680== by 0x487D6DB: elf_functions__delete (btf_encoder.c:170) >>> ==40680== by 0x487D77C: elf_functions__new (btf_encoder.c:201) >>> ==40680== by 0x4880E2A: btf_encoder__elf_functions >>> (btf_encoder.c:1485) >>> ==40680== by 0x4883558: btf_encoder__new (btf_encoder.c:2450) >>> ==40680== by 0x4078DD: pahole_stealer__btf_encode (pahole.c:3160) >>> ==40680== by 0x407B0D: pahole_stealer (pahole.c:3221) >>> ==40680== by 0x488D2F5: cus__steal_now (dwarf_loader.c:3266) >>> ==40680== by 0x488DF74: dwarf_loader__worker_thread >>> (dwarf_loader.c:3678) >>> ==40680== by 0x4A8F723: start_thread (pthread_create.c:448) >>> ==40680== by 0x4B13613: clone (clone.S:100) >>> ==40680== Address 0x8 is not stack'd, malloc'd or (recently) free'd >>> >>> As far as I understand, in principle pahole could support search for a >>> file linked via .gnu_debuglink, but that's a separate issue. >> >> Agreed. >> >>> Please see a bugfix patch below. >>> >>> [1] >>> https://manpages.debian.org/unstable/binutils-common/objcopy.1.en.html#add~3 >>> >>> >>> From 6104783080709dad0726740615149951109f839e Mon Sep 17 00:00:00 2001 >>> From: Ihor Solodrai <ihor.solodrai@linux.dev> >>> Date: Mon, 18 Aug 2025 10:30:16 -0700 >>> Subject: [PATCH] btf_encoder: fix elf_functions cleanup on error >>> >>> When elf_functions__new() errors out and jumps to >>> elf_functions__delete(), pahole segfaults on attempt to list_del the >>> elf_functions instance from a list, to which it was never added. >>> >>> Fix this by changing elf_functions__delete() to >>> elf_functions__clear(), moving list_del and free calls out of it. Then >>> clear and free on error, and remove from the list on normal cleanup in >>> elf_functions_list__clear(). >> >> I think we should still call it __delete() to have a counterpart to >> __new() and just remove that removal from the list from the __delete(). Thanks for the review. Here is a v2: From f3d6b1eb33df182bed94e09d716de0f883816513 Mon Sep 17 00:00:00 2001 From: Ihor Solodrai <ihor.solodrai@linux.dev> Date: Tue, 19 Aug 2025 12:05:38 -0700 Subject: [PATCH dwarves v2] btf_encoder: fix elf_functions cleanup on error When elf_functions__new() errors out and jumps to elf_functions__delete(), pahole segfaults on attempt to list_del() the elf_functions instance from a list, to which it was never added. Fix this by moving list_del() call out of elf_functions__delete(). Remove from the list only on normal cleanup in elf_functions_list__clear(). v1: https://lore.kernel.org/dwarves/979a1ac4-21d3-4384-8ce4-d10f41887088@linux.dev/ Closes: https://lore.kernel.org/dwarves/24bcc853-533c-42ab-bc37-0c13e0baa217@windriver.com/ Reported-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> --- btf_encoder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/btf_encoder.c b/btf_encoder.c index 3f040fe..6300a43 100644 --- a/btf_encoder.c +++ b/btf_encoder.c @@ -168,7 +168,6 @@ static inline void elf_functions__delete(struct elf_functions *funcs) free(funcs->entries[i].alias); free(funcs->entries); elf_symtab__delete(funcs->symtab); - list_del(&funcs->node); free(funcs); } @@ -210,6 +209,7 @@ static inline void elf_functions_list__clear(struct list_head *elf_functions_lis list_for_each_safe(pos, tmp, elf_functions_list) { funcs = list_entry(pos, struct elf_functions, node); + list_del(&funcs->node); elf_functions__delete(funcs); } } -- 2.50.1 >> >> Apart from that, it looks to address a bug, so with the above changed: >> >> Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> >> > > Thanks for the fix Ihor! > > Sorry to bikeshed this but how about using funcs->elf as a proxy for > determining if we have elf function info to add to the list, so we could > then fix elf_functions__delete() to guard the list_del(): > > if (funcs->elf) > list_del(&funcs->node); > > > we'd just then need to tweak > > - funcs->elf = elf; > err = elf_functions__collect(funcs); > if (err < 0) > goto out_delete; > + funcs->elf = elf; > > Would that work? Not for this bug, because we actually check for a NULL Elf earlier here: static struct elf_functions *btf_encoder__elf_functions(struct btf_encoder *encoder) { struct elf_functions *funcs = NULL; if (!encoder->cu || !encoder->cu->elf) // <-- this return NULL; funcs = elf_functions__find(encoder->cu->elf, &encoder->elf_functions_list); if (!funcs) { funcs = elf_functions__new(encoder->cu->elf); if (funcs) list_add(&funcs->node, &encoder->elf_functions_list); } return funcs; } The condition triggering an error (at least in the case of debuglink that I made up) is in elf_symtab__new(): struct elf_symtab *elf_symtab__new(const char *name, Elf *elf) { size_t symtab_index; if (name == NULL) name = ".symtab"; GElf_Shdr shdr; Elf_Scn *sec = elf_section_by_name(elf, &shdr, name, &symtab_index); if (sec == NULL) // <--- this return NULL; ... > >> [...] ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: "Segmentation fault" of pahole 2025-08-19 19:20 ` Ihor Solodrai @ 2025-08-20 10:46 ` Alan Maguire 0 siblings, 0 replies; 10+ messages in thread From: Alan Maguire @ 2025-08-20 10:46 UTC (permalink / raw) To: Ihor Solodrai, Arnaldo Carvalho de Melo Cc: Changqing Li, dwarves, Kernel Team, bpf On 19/08/2025 20:20, Ihor Solodrai wrote: > On 8/19/25 10:33 AM, Alan Maguire wrote: >> On 18/08/2025 21:52, Arnaldo Carvalho de Melo wrote: >>> On Mon, Aug 18, 2025 at 10:56:36AM -0700, Ihor Solodrai wrote: >>>> >>>> [...] >>>> >>>> Hi everyone. >>>> >>>> I was able to reproduce the error by feeding pahole a vmlinux with a >>>> debuglink [1], created with: >>>> >>>> vmlinux=$(realpath ~/kernels/bpf-next/.tmp_vmlinux1) >>>> objcopy --only-keep-debug $vmlinux vmlinux.debug >>>> objcopy --strip-all --add-gnu-debuglink=vmlinux.debug $vmlinux >>>> vmlinux.stripped >>>> >>>> With that, I got the following valgrind output: >>>> >>>> $ valgrind ./build/pahole --btf_features=default -J >>>> ./mbox/vmlinux.stripped >>>> ==40680== Memcheck, a memory error detector >>>> ==40680== Copyright (C) 2002-2024, and GNU GPL'd, by Julian >>>> Seward et >>>> al. >>>> ==40680== Using Valgrind-3.25.1 and LibVEX; rerun with -h for >>>> copyright >>>> info >>>> ==40680== Command: ./build/pahole --btf_features=default -J >>>> ./mbox/vmlinux.stripped >>>> ==40680== >>>> ==40680== Warning: set address range perms: large range >>>> [0x7c20000, >>>> 0x32e2d000) (defined) >>>> ==40680== Thread 2: >>>> ==40680== Invalid write of size 8 >>>> ==40680== at 0x487D34D: __list_del (list.h:106) >>>> ==40680== by 0x487D384: list_del (list.h:118) >>>> ==40680== by 0x487D6DB: elf_functions__delete >>>> (btf_encoder.c:170) >>>> ==40680== by 0x487D77C: elf_functions__new (btf_encoder.c:201) >>>> ==40680== by 0x4880E2A: btf_encoder__elf_functions >>>> (btf_encoder.c:1485) >>>> ==40680== by 0x4883558: btf_encoder__new (btf_encoder.c:2450) >>>> ==40680== by 0x4078DD: pahole_stealer__btf_encode >>>> (pahole.c:3160) >>>> ==40680== by 0x407B0D: pahole_stealer (pahole.c:3221) >>>> ==40680== by 0x488D2F5: cus__steal_now (dwarf_loader.c:3266) >>>> ==40680== by 0x488DF74: dwarf_loader__worker_thread >>>> (dwarf_loader.c:3678) >>>> ==40680== by 0x4A8F723: start_thread (pthread_create.c:448) >>>> ==40680== by 0x4B13613: clone (clone.S:100) >>>> ==40680== Address 0x8 is not stack'd, malloc'd or (recently) >>>> free'd >>>> >>>> As far as I understand, in principle pahole could support search for a >>>> file linked via .gnu_debuglink, but that's a separate issue. >>> >>> Agreed. >>> >>>> Please see a bugfix patch below. >>>> >>>> [1] >>>> https://manpages.debian.org/unstable/binutils-common/ >>>> objcopy.1.en.html#add~3 >>>> >>>> >>>> From 6104783080709dad0726740615149951109f839e Mon Sep 17 00:00:00 2001 >>>> From: Ihor Solodrai <ihor.solodrai@linux.dev> >>>> Date: Mon, 18 Aug 2025 10:30:16 -0700 >>>> Subject: [PATCH] btf_encoder: fix elf_functions cleanup on error >>>> >>>> When elf_functions__new() errors out and jumps to >>>> elf_functions__delete(), pahole segfaults on attempt to list_del the >>>> elf_functions instance from a list, to which it was never added. >>>> >>>> Fix this by changing elf_functions__delete() to >>>> elf_functions__clear(), moving list_del and free calls out of it. Then >>>> clear and free on error, and remove from the list on normal cleanup in >>>> elf_functions_list__clear(). >>> >>> I think we should still call it __delete() to have a counterpart to >>> __new() and just remove that removal from the list from the __delete(). > > Thanks for the review. Here is a v2: > > From f3d6b1eb33df182bed94e09d716de0f883816513 Mon Sep 17 00:00:00 2001 > From: Ihor Solodrai <ihor.solodrai@linux.dev> > Date: Tue, 19 Aug 2025 12:05:38 -0700 > Subject: [PATCH dwarves v2] btf_encoder: fix elf_functions cleanup on error > > When elf_functions__new() errors out and jumps to > elf_functions__delete(), pahole segfaults on attempt to list_del() the > elf_functions instance from a list, to which it was never added. > > Fix this by moving list_del() call out of > elf_functions__delete(). Remove from the list only on normal cleanup > in elf_functions_list__clear(). > > v1: https://lore.kernel.org/dwarves/979a1ac4-21d3-4384-8ce4- > d10f41887088@linux.dev/ > > Closes: https://lore.kernel.org/dwarves/24bcc853-533c-42ab- > bc37-0c13e0baa217@windriver.com/ > Reported-by: Changqing Li <changqing.li@windriver.com> > Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> > Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> > --- > btf_encoder.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/btf_encoder.c b/btf_encoder.c > index 3f040fe..6300a43 100644 > --- a/btf_encoder.c > +++ b/btf_encoder.c > @@ -168,7 +168,6 @@ static inline void elf_functions__delete(struct > elf_functions *funcs) > free(funcs->entries[i].alias); > free(funcs->entries); > elf_symtab__delete(funcs->symtab); > - list_del(&funcs->node); > free(funcs); > } > > @@ -210,6 +209,7 @@ static inline void elf_functions_list__clear(struct > list_head *elf_functions_lis > > list_for_each_safe(pos, tmp, elf_functions_list) { > funcs = list_entry(pos, struct elf_functions, node); > + list_del(&funcs->node); > elf_functions__delete(funcs); > } > } applied v2 to the next branch of https://git.kernel.org/pub/scm/devel/pahole/pahole.git/ Thanks! Alan ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-08-20 10:46 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-08-11 1:18 "Segmentation fault" of pahole Changqing Li 2025-08-13 23:45 ` Ihor Solodrai 2025-08-14 9:20 ` Changqing Li 2025-08-14 9:42 ` Changqing Li 2025-08-18 13:56 ` Alan Maguire 2025-08-18 17:56 ` Ihor Solodrai 2025-08-18 20:52 ` Arnaldo Carvalho de Melo 2025-08-19 17:33 ` Alan Maguire 2025-08-19 19:20 ` Ihor Solodrai 2025-08-20 10:46 ` Alan Maguire
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.