crash/0008-Fix-segmentation-fault-in-value_search_module_6_4.patch

From ced754d3f8ce796d0d894dbb0f340e9c905c206a Mon Sep 17 00:00:00 2001
From: Tao Liu <ltao@redhat.com>
Date: Wed, 3 Apr 2024 15:06:54 +0800
Subject: [PATCH] Fix segmentation fault in value_search_module_6_4()

The following segmentation fault occurred during session initialization:

  $ crash vmlinx vmcore
  ...
  please wait... (determining panic task)Segmentation fault

Here is the backtrace of the crash-utility:

  (gdb) bt
  #0  value_search_module_6_4 (value=18446603338276298752, offset=0x7ffffffface0) at symbols.c:5564
  #1  0x0000555555812bd0 in value_to_symstr (value=18446603338276298752,
      buf=buf@entry=0x7fffffffb9c0 "", radix=10, radix@entry=0) at symbols.c:5872
  #2  0x00005555557694a2 in display_memory (addr=<optimized out>, count=2048, flag=208,
      memtype=memtype@entry=1, opt=opt@entry=0x0) at memory.c:1740
  #3  0x0000555555769e1f in raw_stack_dump (stackbase=<optimized out>, size=<optimized out>)
      at memory.c:2194
  #4  0x00005555557923ff in get_active_set_panic_task () at task.c:8639
  #5  0x00005555557930d2 in get_dumpfile_panic_task () at task.c:7628
  #6  0x00005555557a89d3 in panic_search () at task.c:7380
  #7  get_panic_context () at task.c:6267
  #8  task_init () at task.c:687
  #9  0x00005555557305b3 in main_loop () at main.c:787
  ...

This is due to lack of existence check on module symbol table.  Not all
mod_mem_type will be existent for a module, e.g. in the following module
case:

  (gdb) p lm->symtable[0]
  $1 = (struct syment *) 0x4dcbad0
  (gdb) p lm->symtable[1]
  $2 = (struct syment *) 0x4dcbb70
  (gdb) p lm->symtable[2]
  $3 = (struct syment *) 0x4dcbc10
  (gdb) p lm->symtable[3]
  $4 = (struct syment *) 0x0
  (gdb) p lm->symtable[4]
  $5 = (struct syment *) 0x4dcbcb0
  (gdb) p lm->symtable[5]
  $6 = (struct syment *) 0x4dcbd00
  (gdb) p lm->symtable[6]
  $7 = (struct syment *) 0x0

MOD_RO_AFTER_INIT(3) and MOD_INIT_RODATA(6) do not exist, which should
be skipped, otherwise the segmentation fault will happen.

Fixes: 7750e61fdb2a ("Support module memory layout change on Linux 6.4")
Closes: https://github.com/crash-utility/crash/issues/176
Reported-by: Naveen Chaudhary <naveenchaudhary2010@hotmail.com>
Signed-off-by: Tao Liu <ltao@redhat.com>

Conflict: NA
Reference:https://github.com/crash-utility/crash/commit/ced754d3f8ce796d0d894dbb0f340e9c905c206a
---
 symbols.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/symbols.c b/symbols.c
index cbc9ed13..b7627a83 100644
--- a/symbols.c
+++ b/symbols.c
@@ -5577,6 +5577,9 @@ value_search_module_6_4(ulong value, ulong *offset)
 			continue;
 
 		for_each_mod_mem_type(t) {
+			if (!lm->symtable[t])
+				continue;
+
 			sp = lm->symtable[t];
 			sp_end = lm->symend[t];
fix segmentation fault in value_search_module_6_4() (cherry picked from commit f6332c374b4635b619527217641eb4f774b2423c) 2025-04-28 00:11:52 -04:00			`From ced754d3f8ce796d0d894dbb0f340e9c905c206a Mon Sep 17 00:00:00 2001`
			`From: Tao Liu <ltao@redhat.com>`
			`Date: Wed, 3 Apr 2024 15:06:54 +0800`
			`Subject: [PATCH] Fix segmentation fault in value_search_module_6_4()`

			`The following segmentation fault occurred during session initialization:`

			`$ crash vmlinx vmcore`
			`...`
			`please wait... (determining panic task)Segmentation fault`

			`Here is the backtrace of the crash-utility:`

			`(gdb) bt`
			`#0 value_search_module_6_4 (value=18446603338276298752, offset=0x7ffffffface0) at symbols.c:5564`
			`#1 0x0000555555812bd0 in value_to_symstr (value=18446603338276298752,`
			`buf=buf@entry=0x7fffffffb9c0 "", radix=10, radix@entry=0) at symbols.c:5872`
			`#2 0x00005555557694a2 in display_memory (addr=<optimized out>, count=2048, flag=208,`
			`memtype=memtype@entry=1, opt=opt@entry=0x0) at memory.c:1740`
			`#3 0x0000555555769e1f in raw_stack_dump (stackbase=<optimized out>, size=<optimized out>)`
			`at memory.c:2194`
			`#4 0x00005555557923ff in get_active_set_panic_task () at task.c:8639`
			`#5 0x00005555557930d2 in get_dumpfile_panic_task () at task.c:7628`
			`#6 0x00005555557a89d3 in panic_search () at task.c:7380`
			`#7 get_panic_context () at task.c:6267`
			`#8 task_init () at task.c:687`
			`#9 0x00005555557305b3 in main_loop () at main.c:787`
			`...`

			`This is due to lack of existence check on module symbol table. Not all`
			`mod_mem_type will be existent for a module, e.g. in the following module`
			`case:`

			`(gdb) p lm->symtable[0]`
			`$1 = (struct syment *) 0x4dcbad0`
			`(gdb) p lm->symtable[1]`
			`$2 = (struct syment *) 0x4dcbb70`
			`(gdb) p lm->symtable[2]`
			`$3 = (struct syment *) 0x4dcbc10`
			`(gdb) p lm->symtable[3]`
			`$4 = (struct syment *) 0x0`
			`(gdb) p lm->symtable[4]`
			`$5 = (struct syment *) 0x4dcbcb0`
			`(gdb) p lm->symtable[5]`
			`$6 = (struct syment *) 0x4dcbd00`
			`(gdb) p lm->symtable[6]`
			`$7 = (struct syment *) 0x0`

			`MOD_RO_AFTER_INIT(3) and MOD_INIT_RODATA(6) do not exist, which should`
			`be skipped, otherwise the segmentation fault will happen.`

			`Fixes: 7750e61fdb2a ("Support module memory layout change on Linux 6.4")`
			`Closes: https://github.com/crash-utility/crash/issues/176`
			`Reported-by: Naveen Chaudhary <naveenchaudhary2010@hotmail.com>`
			`Signed-off-by: Tao Liu <ltao@redhat.com>`

			`Conflict: NA`
			`Reference:https://github.com/crash-utility/crash/commit/ced754d3f8ce796d0d894dbb0f340e9c905c206a`
			`---`
			`symbols.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/symbols.c b/symbols.c`
			`index cbc9ed13..b7627a83 100644`
			`--- a/symbols.c`
			`+++ b/symbols.c`
			`@@ -5577,6 +5577,9 @@ value_search_module_6_4(ulong value, ulong *offset)`
			`continue;`

			`for_each_mod_mem_type(t) {`
			`+ if (!lm->symtable[t])`
			`+ continue;`
			`+`
			`sp = lm->symtable[t];`
			`sp_end = lm->symend[t];`