[lttng-dev] Core seen with lttng_abi_map_channel()

Mathieu Desnoyers mathieu.desnoyers at efficios.com
Tue Jul 12 13:55:55 UTC 2016 

----- On Jul 12, 2016, at 7:05 AM, Aravind HT <aravind.ht at gmail.com> wrote: 

> Hi,
> Below is a recent core that I saw. Unfortunately the code is optimized, but
> still it points to a call to free(lttng_chan);

> (gdb) bt
> #0  0x00007f3cbb0df367 in __GI_raise (sig=sig at entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:55
> #1  0x00007f3cbb0e233a in __GI_abort () at abort.c:89
> #2  0x00007f3cbb11928c in __libc_message (do_abort=do_abort at entry=2,
> fmt=fmt at entry=0x7f3cbb2158c8 "*** Error in `%s': %s: 0x%s ***\n") at
> ../sysdeps/posix/libc_fatal.c:175
> #3  0x00007f3cbb122cbe in malloc_printerr (action=3, str=0x7f3cbb211a87 "free():
> invalid pointer", ptr=<optimized out>) at malloc.c:4960
> #4  0x00007f3cbb12349b in _int_free (av=<optimized out>, p=<optimized out>,
> have_lock=0) at malloc.c:3831
> #5  0x00007f3cb79551c5 in lttng_abi_map_channel () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #6  0x00007f3cb79554c8 in ?? () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #7  0x00007f3cb7952846 in ?? () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #8  0x00007f3cb8974294 in start_thread (arg=0x7f3cb1ad7700) at
> pthread_create.c:336
> #9  0x00007f3cbb19413d in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

> Think we should not be freeing lttng_chan here.

> https://github.com/dgoulet/lttng-ust-dev/blob/master/liblttng-ust/lttng-ust-abi.c#L516

By the way, this is an old repository. You should refer to https://github.com/lttng/lttng-ust/ 
instead. 

There is indeed an issue there. I pushed the following fix into master, 
cherry-picked into stable 2.7 and 2.8: 

commit 3eae1fb99c6821530888b470528299ff187021a8 
Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com> 
Date: Tue Jul 12 09:51:40 2016 -0400 

Fix: remove invalid free 

On this error path, we should not free lttng_chan, because it is located 
within an allocated shm memory area associated with the channel now. It 
is invalid to free this pointer. 

This is invoked on a channel creation error path. 

Reported-by: Aravind HT <aravind.ht at gmail.com> 
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com> 

Thanks, 

Mathieu 

> Regards,
> Aravind.

> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev

-- 
Mathieu Desnoyers 
EfficiOS Inc. 
http://www.efficios.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20160712/2638bd10/attachment.html>

More information about the lttng-dev mailing list