Re: [PATCH] perf script: perf script tests fails with segfault

[Namhyung Kim <namhyung@kernel.org>]

CC-ing Adrian,

On Thu, Mar 20, 2025 at 02:45:51PM +0530, Aditya Bodkhe wrote:
> perf script: pert script tests fails with segmentation fault as below:
> 
> 1. Run perf test -vvv 'perf script tests'
> 
> 	 92: perf script tests:
> 	--- start ---
> 	test child forked, pid 103769
> 	DB test
> 	[ perf record: Woken up 1 times to write data ]
> 	[ perf record: Captured and wrote 0.012 MB /tmp/perf-test-script.7rbftEpOzX/perf.data (9 samples) ]
> 	/usr/libexec/perf-core/tests/shell/script.sh: line 35: 103780 Segmentation fault      (core dumped) perf script -i "${perfdatafile}" -s "${db_test}"
> 	--- Cleaning up ---
> 	---- end(-1) ----
>  	92: perf script tests                                               : FAILED!
> 
> Backtrace pointed to :
> 	#0  0x0000000010247dd0 in maps.machine ()
> 	#1  0x00000000101d178c in db_export.sample ()
> 	#2  0x00000000103412c8 in python_process_event ()
> 	#3  0x000000001004eb28 in process_sample_event ()
> 	#4  0x000000001024fcd0 in machines.deliver_event ()
> 	#5  0x000000001025005c in perf_session.deliver_event ()
> 	#6  0x00000000102568b0 in __ordered_events__flush.part.0 ()
> 	#7  0x0000000010251618 in perf_session.process_events ()
> 	#8  0x0000000010053620 in cmd_script ()
> 	#9  0x00000000100b5a28 in run_builtin ()
> 	#10 0x00000000100b5f94 in handle_internal_command ()
> 	#11 0x0000000010011114 in main ()
> 
> Further investigation reveals that this occurs in the `perf script tests`,
> because it uses `db_test.py` script. This script sets `perf_db_export_mode = True`.
> 
> With `perf_db_export_mode` enabled, if a sample originates from a hypervisor,
> perf doesn't set maps for “[H]” sample in the code. Consequently, `al->maps` remains NULL
> when `maps__machine(al->maps)` is called from `db_export__sample`.
> 
> To prevent this NULL pointer dereference, add a check for `al->maps == NULL`
> before calling `maps__machine()`. If `al->maps` is NULL, return `-1` to avoid
> the segmentation fault.
> 
> Reported-by: Disha Goel <Disha.Goel@ibm.com>
> Signed-off-by: Aditya Bodkhe <aditya.b1@linux.ibm.com>
> ---
>  tools/perf/util/db-export.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/tools/perf/util/db-export.c b/tools/perf/util/db-export.c
> index 50f916374d87..f355878a8c82 100644
> --- a/tools/perf/util/db-export.c
> +++ b/tools/perf/util/db-export.c
> @@ -365,6 +365,11 @@ int db_export__sample(struct db_export *dbe, union perf_event *event,
>         if (err)
>                 return err;
> 
> +       if (!al->maps) {
> +          err = -1;
> +          goto out_put;
> +       }

Maybe better to check it before db_export__evsel().  Also it seems it
should not goto out_put as it doesn't get the main_thread yet.

Thanks,
Namhyung

> +
>         machine = maps__machine(al->maps);
>         err = db_export__machine(dbe, machine);
>         if (err)
> -- 
> 2.43.0
>