On 8/14/25 07:45, Ihor Solodrai wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender
and know the content is safe.
On 8/10/25 6:18 PM, Changqing Li wrote:
Hi, Dear maintainers
I met a "Segmentation fault" error of pahole. It happened when I
passed an ELF file without .symtab section.
Maybe I passed an unsupport file, but I think it should not segfault,
maybe a warnning or error message is better.
Here is the detailed info:
Pahole version:
# pahole --version
v1.29
Reproduce Command:
root@intel-x86-64:/~# pahole --btf_features=default -J /boot/
vmlinux-6.12.40-yocto-standard
pahole[599]: segfault at 8 ip 00007f7c92d819e2 sp 00007f7c799febe0 error
6 in libdwarves.so.1.0.0[189e2,7f7c92d72000+1c000] likely on CPU 0 (core
0, socket 0)
Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18
e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42
08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff
Segmentation fault (core dumped)
root@intel-x86-64:~# file /boot/vmlinux-6.12.40-yocto-standard
/boot/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable, x86-64,
version 1 (SYSV), statically linked,
BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, stripped
root@intel-x86-64:/usr/bin# readelf -S /boot/vmlinux-6.12.40-yocto-
standard | grep .symtab
[ 4] __ksymtab PROGBITS ffffffff82c11e00 01e11e00
[ 5] __ksymtab_gpl PROGBITS ffffffff82c24730 01e24730
[ 6] __ksymtab_strings PROGBITS ffffffff82c397f0 01e397f0
(gdb) bt
#0 elf_functions__new (elf=<optimized out>) at /usr/src/debug/
pahole/1.29/btf_encoder.c:196
#1 0x00007ffff7f92a7d in btf_encoder__elf_functions
(encoder=encoder@entry=0x7fffd8008dc0) at /usr/src/debug/pahole/1.29/
btf_encoder.c:1374
#2 0x00007ffff7f94489 in btf_encoder__new (cu=cu@entry=0x7fffd8001e50,
detached_filename=<optimized out>, warning: could not convert 'btf' from
the host encoding (ANSI_X3.4-1968) to UTF-32.
This normally should not happen, please file a bug report.
base_btf=0x0,
verbose=<optimized out>, conf_load=conf_load@entry=0x555555565280
<conf_load>) at /usr/src/debug/pahole/1.29/btf_encoder.c:2431
#3 0x000055555555db49 in pahole_stealer__btf_encode (cu=0x7fffd8001e50,
conf_load=0x555555565280 <conf_load>)
at /usr/src/debug/pahole/1.29/pahole.c:3126
#4 pahole_stealer (cu=0x7fffd8001e50, conf_load=0x555555565280
<conf_load>) at /usr/src/debug/pahole/1.29/pahole.c:3187
#5 0x00007ffff7f9d023 in cus__steal_now (cus=<optimized out>,
cu=<optimized out>, conf=<optimized out>)
at /usr/src/debug/pahole/1.29/dwarf_loader.c:3266
#6 dwarf_loader__worker_thread (arg=0x7fffffffe700) at /usr/src/debug/
pahole/1.29/dwarf_loader.c:3672
#7 0x00007ffff7dbe722 in start_thread (arg=<optimized out>) at
pthread_create.c:448
#8 0x00007ffff7e314fc in __GI___clone3 () at ../sysdeps/unix/sysv/
linux/x86_64/clone3.S:78
(gdb)
Command "pahole --btf_features=default -J /boot/.debug/vmlinux-6.12.40-
yocto-standard " works well since /boot/.debug/vmlinux-6.12.40-yocto-
standard has .symtab section.
root@intel-x86-64:/usr/bin# file /boot/.debug/vmlinux-6.12.40-yocto-
standard
/boot/.debug/vmlinux-6.12.40-yocto-standard: ELF 64-bit LSB executable,
x86-64, version 1 (SYSV), statically linked,
BuildID[sha1]=1e73fe48101f07b9d991dc045ab9f9672a0feac0, with debug_info,
not stripped
root@intel-x86-64:/usr/bin# readelf -S /boot/.debug/vmlinux-6.12.40-
yocto-standard | grep .symtab
[ 4] __ksymtab NOBITS ffffffff82c11e00 00001000
[ 5] __ksymtab_gpl NOBITS ffffffff82c24730 00001000
[ 6] __ksymtab_strings NOBITS ffffffff82c397f0 00001000
[49] .symtab SYMTAB 0000000000000000 154cf200
Hi Changqing Li, thanks for the bug report.
I couldn't reproduce this error with a stripped vmlinux:
$ objcopy --strip-all ~/kernels/bpf-next/.tmp_vmlinux1 vmlinux-strip-all
v1.29 fails with:
$ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all)
Error creating BTF encoder.
v1.30 fails with:
$ ./build/pahole --btf_features=default -J $(realpath vmlinux-strip-all)
pahole: /home/isolodrai/pahole/vmlinux-strip-all: Invalid argument
Different errors are not nice, but at least no segfault.
Could you please share the vmlinux binary that causes the error?
And also check if you get a segfault on v1.30 too?
Thanks.
Hi, Ihor
Thanks for checking this. Here is my retest result:
On version 1.29:
root@intel-x86-64:~# pahole --btf_features=default -J
/boot/vmlinux-6.12.40-yocto-standard
pahole[333]: segfault at 8 ip 00007fd5025179e2 sp 00007fd4e73febe0 error
6 in libdwarves.so.1.0.0[189e2,7fd502508000+1c000] likely on CPU 0 (core
0, socket 0)
Code: 74 19 ff ff 48 39 dd 75 ef 4c 89 ef e8 67 19 ff ff 49 8b 7c 24 18
e8 8d 13 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42
08 48 89 10 e8 42 19 ff ff e9 30 ff ff ff e8 58 0a ff ff
Segmentation fault (core dumped)
root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/
root@intel-x86-64:~# pahole --btf_features=default -J
/root/vmlinux-6.12.40-yocto-standard
Error creating BTF encoder.
We can see that the same vmlinux-6.12.40-yocto-standard have different
result. After do some debugging, I found that
/boot/vmlinux-6.12.40-yocto-standard segfault since it has debuginfo
file /boot/.debug/vmlinux-6.12.40-yocto-standard.
after I move .debug to .xxx, it will not segfault.
root@intel-x86-64:/boot# mv .debug/ .xxx
root@intel-x86-64:/boot# pahole --btf_features=default -J
/boot/vmlinux-6.12.40-yocto-standard
Error creating BTF encoder.
dwfl_module_getdwarf in cus__process_dwflmod return different when with
or without debug, without .debug, dw=NULL,
with .debug, dw will have a value, then causes the different process.
On version 1.30
root@intel-x86-64:~# pahole --version
v1.30
root@intel-x86-64:~# pahole --btf_features=default -J
/boot/vmlinux-6.12.40-yocto-standard
pahole[314]: segfault at 8 ip 00007f2b0b6b2bf3 sp 00007f2af05feb20 error
6 in libdwarves.so.1.0.0[18bf3,7f2b0b6a3000+1c000] likely on CPU 0 (core
0, socket 0)
Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 18
e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42
08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff
Segmentation fault (core dumped)
root@intel-x86-64:~# cp /boot/vmlinux-6.12.40-yocto-standard /root/
root@intel-x86-64:~# pahole --btf_features=default -J
/root/vmlinux-6.12.40-yocto-standard
pahole: /root/vmlinux-6.12.40-yocto-standard: Invalid argument
root@intel-x86-64:~# cd /root
root@intel-x86-64:~# mkdir .debug
root@intel-x86-64:~# cp /boot/.debug/vmlinux-6.12.40-yocto-standard .debug/
root@intel-x86-64:~# pahole --btf_features=default -J
/root/vmlinux-6.12.40-yocto-standard
pahole[441]: segfault at 8 ip 00007f64a9032bf3 sp 00007f648dffeb20 error
6 in libdwarves.so.1.0.0[18bf3,7f64a9023000+1c000] likely on CPU 0 (core
0, socket 0)
Code: 33 17 ff ff 48 39 dd 75 ee 4c 89 ef e8 26 17 ff ff 49 8b 7c 24 18
e8 5c 11 ff ff 49 8b 14 24 49 8b 44 24 08 4c 89 e7 45 31 e4 <48> 89 42
08 48 89 10 e8 01 17 ff ff e9 2d ff ff ff e8 37 08 ff ff
Segmentation fault (core dumped)
I can share my /boot/vmlinux-6.12.40-yocto-standard and
/boot/.debug/vmlinux-6.12.40-yocto-standard, but it will be big
attachment, I am not sure
if it is ok to send big attachment in the mailist.
Can you check with my new test result? if still need the
vmlinux-6.12.40-yocto-standard, I can try send to this maillist.
Regards
Changqing
Analyzation:
if the ELF file doesn't have .symtab section, in function |
elf_functions__new, |funcs->symtab will be NULL, goto out_delete, then
run elf_functions__delete.
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/
btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n176
And segfault happened in line: list_del(&funcs->node), since funcs-
>node not added into the list elf_functions_list yet.
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/
btf_encoder.c?id=06350d14776a77e16ea5064030fea63bbdd22f27#n170
Should we check if the node is added into list elf_functions_list before
list_del? Please help to review this issue, thanks.
Regards
Changqing
