RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 843067 - perf top segfault when the number of event records is zero
Summary: perf top segfault when the number of event records is zero
Keywords:
Status: CLOSED DUPLICATE of bug 827474
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Jiri Olsa
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-25 13:42 UTC by Takahisa Tanaka
Modified: 2019-07-12 07:41 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-26 10:55:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Takahisa Tanaka 2012-07-25 13:42:45 UTC 
Description of problem:
When running 'perf top, and the number of event record is zero, 
press ENTER key, then perf command terminates with segfault.

The patch to fix this issue has already been posted, and was merged in the stock kernel v3.4.

  [tip:perf/core] perf hists browser: Fix NULL deref in hists browsing code
  https://lkml.org/lkml/2012/4/13/305

This patch isn't applied to perf-2.6.32-279.2.1.el6(07/25/2012 latest).
Please backport this patch.

Version-Release number of selected component (if applicable):


How reproducible:
every time when the number of event record is zero.

Steps to Reproduce:
# perf top -e syscalls:sys_enter_sendmsg   <--- sys_xxx_xxxxx can be anything.

  <<< press ENTER key >>>

perf: Segmentation fault
#

  
Actual results:
perf top tui crash

Expected results:
perf command terminates normally without segfault.

Additional info:
# rpm -q kernel perf
kernel-2.6.32-279.el6.x86_64
perf-2.6.32-279.el6.x86_64
# gdb -q perf
Reading symbols from /usr/bin/perf...Reading symbols from /usr/lib/debug/usr/bin/perf.debug...done.
done.
(gdb) run top -e syscalls:sys_enter_sendmsg
Starting program: /usr/bin/perf top -e syscalls:sys_enter_sendmsg
[Thread debugging using libthread_db enabled]

                                                     [New Thread 0x7ffff1129700 (LWP 44119)]

Events: 0  syscalls:sys_enter_sendmsg

  <<< press ENTER key >>>

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff1129700 (LWP 44119)]
hist_browser__toggle_fold (evsel=0xab4c50, nr_events=1, helpline=<value optimized out>,
    ev_name=0xab3220 "syscalls:sys_enter_sendmsg", left_exits=false, timer=0x41f1a0 <perf_top__sort_new_samples>,
    arg=0x7fffffffd700, delay_secs=2) at util/ui/browsers/hists.c:191
191             if (map_symbol__toggle_fold(self->selection)) {
Missing separate debuginfos, use: debuginfo-install elfutils-libelf-0.152-1.el6.x86_64 glibc-2.12-1.80.el6.x86_64 newt-0.52.11-3.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 perl-libs-5.10.1-127.el6.x86_64 python-libs-2.6.6-29.el6_2.2.x86_64 slang-2.2.1-1.el6.x86_64
(gdb) bt
#0  hist_browser__toggle_fold (evsel=0xab4c50, nr_events=1, helpline=<value optimized out>,
    ev_name=0xab3220 "syscalls:sys_enter_sendmsg", left_exits=false, timer=0x41f1a0 <perf_top__sort_new_samples>,
    arg=0x7fffffffd700, delay_secs=2) at util/ui/browsers/hists.c:191
#1  hist_browser__run (evsel=0xab4c50, nr_events=1, helpline=<value optimized out>,
    ev_name=0xab3220 "syscalls:sys_enter_sendmsg", left_exits=false, timer=0x41f1a0 <perf_top__sort_new_samples>,
    arg=0x7fffffffd700, delay_secs=2) at util/ui/browsers/hists.c:364
#2  perf_evsel__hists_browse (evsel=0xab4c50, nr_events=1, helpline=<value optimized out>,
    ev_name=0xab3220 "syscalls:sys_enter_sendmsg", left_exits=false, timer=0x41f1a0 <perf_top__sort_new_samples>,
    arg=0x7fffffffd700, delay_secs=2) at util/ui/browsers/hists.c:883
#3  0x0000000000471b34 in perf_evlist__tui_browse_hists (evlist=0xab33c0,
    help=0x488b60 "For a higher level overview, try: perf top --sort comm,dso", timer=0x41f1a0 <perf_top__sort_new_samples>,
    arg=0x7fffffffd700, delay_secs=2) at util/ui/browsers/hists.c:1254
#4  0x000000000041f6e4 in display_thread_tui (arg=0x7fffffffd700) at builtin-top.c:544
#5  0x0000003cf9007851 in start_thread () from /lib64/libpthread.so.0
#6  0x0000003cf84e767d in clone () from /lib64/libc.so.6
(gdb) p self
$1 = (struct hist_browser *) 0x7fffec0008c0
(gdb) p self->selection
$2 = (struct map_symbol *) 0x0
(gdb) q
A debugging session is active.ings

        Inferior 1 [process 44116] will be killed.

Quit anyway? (y or n) y
#
Comment 2 Jiri Olsa 2012-09-26 10:55:23 UTC 
fixed by 3.4 perf tool sync BZ 827474

*** This bug has been marked as a duplicate of bug 827474 ***
Note You need to log in before you can comment on or make changes to this bug.