[lttng-dev] Core seen with lttng_abi_map_channel()
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue Jul 12 13:55:55 UTC 2016
----- On Jul 12, 2016, at 7:05 AM, Aravind HT <aravind.ht at gmail.com> wrote:
> Hi,
> Below is a recent core that I saw. Unfortunately the code is optimized, but
> still it points to a call to free(lttng_chan);
> (gdb) bt
> #0 0x00007f3cbb0df367 in __GI_raise (sig=sig at entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:55
> #1 0x00007f3cbb0e233a in __GI_abort () at abort.c:89
> #2 0x00007f3cbb11928c in __libc_message (do_abort=do_abort at entry=2,
> fmt=fmt at entry=0x7f3cbb2158c8 "*** Error in `%s': %s: 0x%s ***\n") at
> ../sysdeps/posix/libc_fatal.c:175
> #3 0x00007f3cbb122cbe in malloc_printerr (action=3, str=0x7f3cbb211a87 "free():
> invalid pointer", ptr=<optimized out>) at malloc.c:4960
> #4 0x00007f3cbb12349b in _int_free (av=<optimized out>, p=<optimized out>,
> have_lock=0) at malloc.c:3831
> #5 0x00007f3cb79551c5 in lttng_abi_map_channel () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #6 0x00007f3cb79554c8 in ?? () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #7 0x00007f3cb7952846 in ?? () from
> /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #8 0x00007f3cb8974294 in start_thread (arg=0x7f3cb1ad7700) at
> pthread_create.c:336
> #9 0x00007f3cbb19413d in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
> Think we should not be freeing lttng_chan here.
> https://github.com/dgoulet/lttng-ust-dev/blob/master/liblttng-ust/lttng-ust-abi.c#L516
By the way, this is an old repository. You should refer to https://github.com/lttng/lttng-ust/
instead.
There is indeed an issue there. I pushed the following fix into master,
cherry-picked into stable 2.7 and 2.8:
commit 3eae1fb99c6821530888b470528299ff187021a8
Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Date: Tue Jul 12 09:51:40 2016 -0400
Fix: remove invalid free
On this error path, we should not free lttng_chan, because it is located
within an allocated shm memory area associated with the channel now. It
is invalid to free this pointer.
This is invoked on a channel creation error path.
Reported-by: Aravind HT <aravind.ht at gmail.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Thanks,
Mathieu
> Regards,
> Aravind.
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20160712/2638bd10/attachment.html>
More information about the lttng-dev
mailing list