Bug 204195 - Segfault in kernelshark when scrolling in graph window with empty file
Summary: Segfault in kernelshark when scrolling in graph window with empty file
Status: RESOLVED CODE_FIX
Alias: None
Product: Tools
Classification: Unclassified
Component: Trace-cmd/Kernelshark (show other bugs)
Hardware: All Linux
: P1 high
Assignee: Default virtual assignee for Trace-cmd and kernelshark
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-17 02:23 UTC by Steven Rostedt
Modified: 2019-07-19 20:33 UTC (History)
1 user (show)

See Also:
Kernel Version: N/A
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Steven Rostedt 2019-07-17 02:23:35 UTC 
I started kernelshark with no trace.dat file. Just changed directory to "/tmp" and started kernelshark. Then when it opens, I move the mouse to the graph area, and scrolled the wheel up and down. Causes it to segfault.

A gdb backtrace gives this:

Thread 1 "kernelshark" received signal SIGSEGV, Segmentation fault.
0x00007ffff7eba6d5 in ksmodel_zoom (histo=0x7fffffffcf60, r=<optimized out>, mark=<optimized out>, zoom_in=<optimized out>) at /work/git/trace-cmd.git/kernel-shark/src/libkshark-model.c:704
704             ksmodel_set_in_range_bining(histo, histo->n_bins, min, max, true);
Missing separate debuginfos, use: dnf debuginfo-install bzip2-libs-1.0.6-28.fc29.x86_64 dbus-libs-1.12.12-1.fc29.x86_64 expat-2.2.6-1.fc29.x86_64 fontconfig-2.13.1-3.fc29.x86_64 freeglut-3.0.0-9.fc29.x86_64 freetype-2.9.1-6.fc29.x86_64 glib2-2.58.3-1.fc29.x86_64 graphite2-1.3.10-6.fc29.x86_64 harfbuzz-1.8.7-1.fc29.x86_64 json-c-0.13.1-3.fc29.x86_64 libICE-1.0.9-14.fc29.x86_64 libSM-1.2.3-1.fc29.x86_64 libX11-1.6.7-1.fc29.x86_64 libXau-1.0.8-14.fc29.x86_64 libXdamage-1.1.4-15.fc29.x86_64 libXext-1.3.3-10.fc29.x86_64 libXfixes-5.0.3-8.fc29.x86_64 libXi-1.7.9-8.fc29.x86_64 libXrender-0.9.10-8.fc29.x86_64 libXxf86vm-1.1.4-10.fc29.x86_64 libblkid-2.32.1-1.fc29.x86_64 libcap-2.25-12.fc29.x86_64 libdrm-2.4.97-1.fc29.x86_64 libedit-3.1-24.20170329cvs.fc29.x86_64 libffi-3.1-18.fc29.x86_64 libgcc-8.3.1-2.fc29.x86_64 libgcrypt-1.8.4-1.fc29.x86_64 libglvnd-1.1.0-2.fc29.x86_64 libglvnd-glx-1.1.0-2.fc29.x86_64 libgpg-error-1.33-1.fc29.x86_64 libicu-62.2-1.fc29.x86_64 libmount-2.32.1-1.fc29.x86_64 libselinux-2.8-6.fc29.x86_64 libstdc++-8.3.1-2.fc29.x86_64 libuuid-2.32.1-1.fc29.x86_64 libxcb-1.13.1-1.fc29.x86_64 libxkbcommon-x11-0.8.2-1.fc29.x86_64 libxshmfence-1.3-3.fc29.x86_64 llvm-libs-7.0.1-4.fc29.x86_64 lz4-libs-1.8.3-1.fc29.x86_64 mesa-dri-drivers-18.3.6-3.fc29.x86_64 mesa-libGL-18.3.6-3.fc29.x86_64 mesa-libGLU-9.0.0-16.fc29.x86_64 mesa-libglapi-18.3.6-3.fc29.x86_64 ncurses-libs-6.1-8.20180923.fc29.x86_64 openssl-libs-1.1.1c-2.fc29.x86_64 pcre-8.43-2.fc29.x86_64 qt5-qtbase-5.11.3-2.fc29.x86_64 qt5-qtbase-gui-5.11.3-2.fc29.x86_64 systemd-libs-239-12.git8bca462.fc29.x86_64 xcb-util-renderutil-0.3.9-12.fc29.x86_64 xcb-util-wm-0.4.1-14.fc29.x86_64 xz-libs-5.2.4-3.fc29.x86_64 zlib-1.2.11-14.fc29.x86_64
(gdb) bt
#0  0x00007ffff7eba6d5 in ksmodel_zoom (histo=0x7fffffffcf60, r=<optimized out>, mark=<optimized out>, zoom_in=<optimized out>) at /work/git/trace-cmd.git/kernel-shark/src/libkshark-model.c:704
#1  0x00007ffff7ebaa87 in ksmodel_zoom_out (histo=<optimized out>, r=<optimized out>, mark=<optimized out>) at /work/git/trace-cmd.git/kernel-shark/src/libkshark-model.c:719
#2  0x00007ffff7f51e77 in KsGraphModel::zoomOut (this=0x7fffffffcf50, r=0.050000000000000003, mark=17) at /work/git/trace-cmd.git/kernel-shark/src/KsModels.cpp:459
#3  0x00007ffff7f54995 in KsGLWidget::wheelEvent (this=0x7fffffffce80, event=0x7fffffffbdb0) at /work/git/trace-cmd.git/kernel-shark/src/KsGLWidget.cpp:272
#4  0x00007ffff77bf108 in QWidget::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#5  0x00007ffff77802a5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#6  0x00007ffff7789557 in QApplication::notify(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#7  0x00007ffff6ce5496 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#8  0x00007ffff77db4c0 in ?? () from /lib64/libQt5Widgets.so.5
#9  0x00007ffff77dcb63 in ?? () from /lib64/libQt5Widgets.so.5
#10 0x00007ffff77802a5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#11 0x00007ffff7787800 in QApplication::notify(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#12 0x00007ffff6ce5496 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#13 0x00007ffff722ab2c in QGuiApplicationPrivate::processWheelEvent(QWindowSystemInterfacePrivate::WheelEvent*) () from /lib64/libQt5Gui.so.5
#14 0x00007ffff7230715 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /lib64/libQt5Gui.so.5
#15 0x00007ffff720badb in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Gui.so.5
#16 0x00007ffff35903ff in ?? () from /lib64/libQt5XcbQpa.so.5
#17 0x00007ffff6ce43db in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#18 0x00007ffff6cec386 in QCoreApplication::exec() () from /lib64/libQt5Core.so.5
#19 0x0000000000401404 in main (argc=<optimized out>, argv=0x7fffffffd728) at /work/git/trace-cmd.git/kernel-shark/src/kernelshark.cpp:99
Comment 1 Yordan Karadzhov 2019-07-17 09:00:42 UTC 
Hi Steve,

Thanks for the report!
I played a bit with the GUI and I found a number of other ways to crash the GUI by clicking buttons or play with the mouse before any data is loaded.

The patch-set here
https://lore.kernel.org/linux-trace-devel/20190717085306.12393-2-y.karadz@gmail.com/T/#u

tries to fix all problems I found so far.

cheers,
Yordan
Comment 2 Steven Rostedt 2019-07-19 20:33:48 UTC 
Fixed by commit eb1baa7c5d993 ("kernel-shark: Initialize all fields of struct kshark_trace_histo")
Note You need to log in before you can comment on or make changes to this bug.