2023-04-25 17:36:43

by Will Ochowicz

[permalink] [raw]
Subject: Bug: "perf record" reporting buffer overflow when writing data

Hi all,

[1.] One line summary of the problem: "perf record" reporting buffer overflow when writing data
[2.] Full description of the problem/report:
I was using perf to monitor the performance of a node server, and when I stopped the server, perf crashed while writing the data with a message of

> [ perf record: Woken up 96 times to write data ]
> *** buffer overflow detected ***: terminated

I downloaded perf version 5.10.158 (the same version that caused the issue) and compiled with debug symbols, but did not run into issues. However, after I started adding libraries to enable additional features, the buffer overflow began again.
Below is the stack trace from where the crash occurred:
      
Thread 1 "perf" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
at ./nptl/pthread_kill.c:44
#1 0x00007ffff72d4d2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 0x00007ffff7285ef2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007ffff7270472 in __GI_abort () at ./stdlib/abort.c:79
#4 0x00007ffff72c92d0 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff73e3210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#5 0x00007ffff7361e82 in __GI___fortify_fail (msg=msg@entry=0x7ffff73e31b6 "buffer overflow detected")
at ./debug/fortify_fail.c:26
#6 0x00007ffff7360990 in __GI___chk_fail () at ./debug/chk_fail.c:28
#7 0x00005555557e7ddd in memcpy (__len=40, __src=0x555556a28b38, __dest=0x7fffffff843c)
at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
#8 write_buildid (fd=0x7fffffff8590, misc=<optimized out>, pid=-1, bid=0x555556a28b38,
name_len=<optimized out>, name=0x555556a28c0c "/opt/pylon/lib/libpylonbase-6.1.1.so") at util/build-id.c:312
#9 machine__write_buildid_table (machine=machine@entry=0x555555d9bef0, fd=fd@entry=0x7fffffff8590)
at util/build-id.c:361
#10 0x00005555557e865e in perf_session__write_buildid_table (session=session@entry=0x555555d9bd00,
fd=fd@entry=0x7fffffff8590) at util/build-id.c:374
#11 0x000055555581c4b9 in write_build_id (ff=ff@entry=0x7fffffff8590, evlist=evlist@entry=0x555555d96d60)
at util/header.c:320
#12 0x0000555555824fa3 in do_write_feat (evlist=0x555555d96d60, p=<synthetic pointer>, type=2, ff=0x7fffffff8590)
at util/header.c:3224
#13 perf_header__adds_write (fd=3, evlist=0x555555d96d60, header=<optimized out>) at util/header.c:3269
#14 perf_session__write_header (session=<optimized out>, evlist=0x555555d96d60, fd=3, at_exit=at_exit@entry=true)
at util/header.c:3353
#15 0x0000555555760777 in record__finish_output (rec=0x555555b9bb40 <record>) at builtin-record.c:1236
#16 0x0000555555763560 in __cmd_record (rec=0x555555b9bb40 <record>, argv=<optimized out>, argc=<optimized out>)
at builtin-record.c:2026
#17 cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:2835
#18 0x00005555557dc8a3 in run_builtin (p=p@entry=0x555555ba6cb8 <commands+216>, argc=argc@entry=8,
argv=argv@entry=0x7fffffffdb90) at perf.c:312
#19 0x000055555574af48 in handle_internal_command (argv=0x7fffffffdb90, argc=8) at perf.c:364
#20 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:408
#21 main (argc=8, argv=0x7fffffffdb90) at perf.c:538

Strangely, the buffer overflow crash only happens when I am also loading an additional addon to my node server that loads additional shared libraries (Basler and opencv). The matrix below summarizes:

With additional node add-on   Without additional node add-on
With base features      Works  Works
Without base features   Crashes      Works

I don't know exactly which features are causing the crash, and before I manually try every permutation of features to narrow down what caused the issue, I wanted to reach out and see if you all had any thoughts.

[3.] Keywords (i.e., modules, networking, kernel): perf, crash
[4.] Kernel information
[4.1.] Kernel version (from /proc/version): Linux version 5.10.0-20-amd64 ([email protected]) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.158-2 (2022-12-13)
[6.] Output of Oops.. message (if applicable) with symbolic information
resolved (see Documentation/admin-guide/oops-tracing.rst)
[7.] A small shell script or example program which triggers the
problem (if possible)
[8.] Environment
[8.1.] Software (add the output of the ver_linux script here) 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13)
[8.2.] Processor information (from /proc/cpuinfo):
processor   : 0
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1891.238
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 0
cpu cores   : 8
apicid            : 0
initial apicid    : 0
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 1
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2114.562
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 1
cpu cores   : 8
apicid            : 2
initial apicid    : 2
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 2
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2183.107
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 2
cpu cores   : 8
apicid            : 4
initial apicid    : 4
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 3
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1928.901
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 3
cpu cores   : 8
apicid            : 6
initial apicid    : 6
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 4
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2964.900
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 4
cpu cores   : 8
apicid            : 8
initial apicid    : 8
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 5
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2435.195
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 5
cpu cores   : 8
apicid            : 10
initial apicid    : 10
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 6
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1723.210
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 6
cpu cores   : 8
apicid            : 12
initial apicid    : 12
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 7
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1935.527
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 7
cpu cores   : 8
apicid            : 14
initial apicid    : 14
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 8
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2198.113
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 0
cpu cores   : 8
apicid            : 1
initial apicid    : 1
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 9
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2189.612
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 1
cpu cores   : 8
apicid            : 3
initial apicid    : 3
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 10
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2178.306
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 2
cpu cores   : 8
apicid            : 5
initial apicid    : 5
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 11
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2108.897
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 3
cpu cores   : 8
apicid            : 7
initial apicid    : 7
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 12
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2720.893
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 4
cpu cores   : 8
apicid            : 9
initial apicid    : 9
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 13
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 2427.818
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 5
cpu cores   : 8
apicid            : 11
initial apicid    : 11
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 14
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1725.886
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 6
cpu cores   : 8
apicid            : 13
initial apicid    : 13
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

processor   : 15
vendor_id   : AuthenticAMD
cpu family  : 23
model       : 8
model name  : AMD Ryzen 7 2700X Eight-Core Processor
stepping    : 2
microcode   : 0x800820d
cpu MHz           : 1731.828
cache size  : 512 KB
physical id : 0
siblings    : 16
core id           : 7
cpu cores   : 8
apicid            : 15
initial apicid    : 15
fpu         : yes
fpu_exception     : yes
cpuid level : 13
wp          : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed
bogomips    : 7399.11
TLB size    : 2560 4K pages
clflush size      : 64
cache_alignment   : 64
address sizes     : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

[8.6.] SCSI information (from /proc/scsi/scsi): N/A
[8.7.] Other information that might be relevant to the problem
(please look in /proc and include all information that you
think to be relevant):
Stack Overflow with some of the same information: https://stackoverflow.com/questions/76054841/perf-record-reporting-buffer-overflow-with-no-backtrace

________________________________
*** The information contained in this communication may be confidential, is intended only for the use of the recipient(s) named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copies of it. If you have any questions concerning this message, please contact the sender. ***


2023-04-26 02:22:41

by Yang Jihong

[permalink] [raw]
Subject: Re: Bug: "perf record" reporting buffer overflow when writing data

Hello,

On 2023/4/26 0:54, Will Ochowicz wrote:
> Hi all,
>
> [1.] One line summary of the problem: "perf record" reporting buffer overflow when writing data
> [2.] Full description of the problem/report:
> I was using perf to monitor the performance of a node server, and when I stopped the server, perf crashed while writing the data with a message of
>
>> [ perf record: Woken up 96 times to write data ]
>> *** buffer overflow detected ***: terminated
>
> I downloaded perf version 5.10.158 (the same version that caused the issue) and compiled with debug symbols, but did not run into issues. However, after I started adding libraries to enable additional features, the buffer overflow began again.
> Below is the stack trace from where the crash occurred:
>       
> Thread 1 "perf" received signal SIGABRT, Aborted.
> __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
> at ./nptl/pthread_kill.c:44
> 44 ./nptl/pthread_kill.c: No such file or directory.
> (gdb) bt
> #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
> at ./nptl/pthread_kill.c:44
> #1 0x00007ffff72d4d2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
> #2 0x00007ffff7285ef2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
> #3 0x00007ffff7270472 in __GI_abort () at ./stdlib/abort.c:79
> #4 0x00007ffff72c92d0 in __libc_message (action=action@entry=do_abort,
> fmt=fmt@entry=0x7ffff73e3210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
> #5 0x00007ffff7361e82 in __GI___fortify_fail (msg=msg@entry=0x7ffff73e31b6 "buffer overflow detected")
> at ./debug/fortify_fail.c:26
> #6 0x00007ffff7360990 in __GI___chk_fail () at ./debug/chk_fail.c:28
> #7 0x00005555557e7ddd in memcpy (__len=40, __src=0x555556a28b38, __dest=0x7fffffff843c)
> at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
> #8 write_buildid (fd=0x7fffffff8590, misc=<optimized out>, pid=-1, bid=0x555556a28b38,
> name_len=<optimized out>, name=0x555556a28c0c "/opt/pylon/lib/libpylonbase-6.1.1.so") at util/build-id.c:312
> #9 machine__write_buildid_table (machine=machine@entry=0x555555d9bef0, fd=fd@entry=0x7fffffff8590)
> at util/build-id.c:361
> #10 0x00005555557e865e in perf_session__write_buildid_table (session=session@entry=0x555555d9bd00,
> fd=fd@entry=0x7fffffff8590) at util/build-id.c:374
> #11 0x000055555581c4b9 in write_build_id (ff=ff@entry=0x7fffffff8590, evlist=evlist@entry=0x555555d96d60)
> at util/header.c:320
> #12 0x0000555555824fa3 in do_write_feat (evlist=0x555555d96d60, p=<synthetic pointer>, type=2, ff=0x7fffffff8590)
> at util/header.c:3224
> #13 perf_header__adds_write (fd=3, evlist=0x555555d96d60, header=<optimized out>) at util/header.c:3269
> #14 perf_session__write_header (session=<optimized out>, evlist=0x555555d96d60, fd=3, at_exit=at_exit@entry=true)
> at util/header.c:3353
> #15 0x0000555555760777 in record__finish_output (rec=0x555555b9bb40 <record>) at builtin-record.c:1236
> #16 0x0000555555763560 in __cmd_record (rec=0x555555b9bb40 <record>, argv=<optimized out>, argc=<optimized out>)
> at builtin-record.c:2026
> #17 cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:2835
> #18 0x00005555557dc8a3 in run_builtin (p=p@entry=0x555555ba6cb8 <commands+216>, argc=argc@entry=8,
> argv=argv@entry=0x7fffffffdb90) at perf.c:312
> #19 0x000055555574af48 in handle_internal_command (argv=0x7fffffffdb90, argc=8) at perf.c:364
> #20 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:408
> #21 main (argc=8, argv=0x7fffffffdb90) at perf.c:538


Can you confirm the following two questions on your environment?
1. readelf -n /opt/pylon/lib/libpylonbase-6.1.1.so
Let's see what the output is.

2. Patch the following fix and check whether the problem recurs:

diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 41882ae8452e..059f88eca630 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf,
size_t size)
size_t sz = min(size, descsz);
memcpy(bf, ptr, sz);
memset(bf + sz, 0, size - sz);
- err = descsz;
+ err = sz;
break;
}
}

Thanks,
Yang.

2023-04-27 01:20:12

by Yang Jihong

[permalink] [raw]
Subject: Re: Bug: "perf record" reporting buffer overflow when writing data

Hello,

On 2023/4/26 20:52, Will Ochowicz wrote:
> Hi Yang,
>
> 1. Displaying notes found in: .note.gnu.build-id
>   Owner                Data size        Description
>   GNU                  0x00000028       NT_GNU_BUILD_ID (unique
> build ID bitstring)
>     Build ID:
> 6236326637343061343961353463366632643232333465366562353039656634
> 3938656130663039
>
> 2. That patch did fix the issue.
Thanks for your test to help confirm the problem.
I'll send a fix patch.

>
> Would you mind giving me a quick explanation of the issue for my own
> edification?
>
According to the coredump stack trace, the following code causes the
out-of-bounds access problem:

#7 0x00005555557e7ddd in memcpy (__len=40, __src=0x555556a28b38,
__dest=0x7fffffff843c) at
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
#8 write_buildid (fd=0x7fffffff8590, misc=<optimized out>, pid=-1,
bid=0x555556a28b38, name_len=<optimized out>, name=0x555556a28c0c
"/opt/pylon/lib/libpylonbase-6.1.1.so") at util/build-id.c:312

That is, an error occurred when writing the build_id of the
"/opt/pylon/lib/libpylonbase-6.1.1.so" file.

The corresponding code is as follows:

write_buildid()
{
...
memcpy(&b.data, bid->data, bid->size);
...
}

b.data is an array whose size is Build_ID_SIZE(20), but bid->size is
greater than this value. Check the perf code and find this problem.

Thanks,
Yang.