[lttng-dev] Core seen with lttng_abi_map_channel()

Aravind HT aravind.ht at gmail.com
Tue Jul 12 17:39:00 UTC 2016 

Thanks Mathieu.

On Tue, Jul 12, 2016 at 7:25 PM, Mathieu Desnoyers <
mathieu.desnoyers at efficios.com> wrote:

> ----- On Jul 12, 2016, at 7:05 AM, Aravind HT <aravind.ht at gmail.com>
> wrote:
>
> Hi,
> Below is a recent core that I saw. Unfortunately the code is optimized,
> but still it points to a call to free(lttng_chan);
>
> (gdb) bt
> #0  0x00007f3cbb0df367 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
> #1  0x00007f3cbb0e233a in __GI_abort () at abort.c:89
> #2  0x00007f3cbb11928c in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7f3cbb2158c8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
> #3  0x00007f3cbb122cbe in malloc_printerr (action=3, str=0x7f3cbb211a87 "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4960
> #4  0x00007f3cbb12349b in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3831
> #5  0x00007f3cb79551c5 in lttng_abi_map_channel () from /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #6  0x00007f3cb79554c8 in ?? () from /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #7  0x00007f3cb7952846 in ?? () from /var/tmp/iso-path.24284/altroot/usr/lib64/liblttng-ust.so.0
> #8  0x00007f3cb8974294 in start_thread (arg=0x7f3cb1ad7700) at pthread_create.c:336
> #9  0x00007f3cbb19413d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
>
>
> Think we should not be freeing lttng_chan here.
>
>
> https://github.com/dgoulet/lttng-ust-dev/blob/master/liblttng-ust/lttng-ust-abi.c#L516
>
> By the way, this is an old repository. You should refer to
> https://github.com/lttng/lttng-ust/
> instead.
>
> There is indeed an issue there. I pushed the following fix into master,
> cherry-picked into stable 2.7 and 2.8:
>
> commit 3eae1fb99c6821530888b470528299ff187021a8
> Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
> Date: Tue Jul 12 09:51:40 2016 -0400
>
> Fix: remove invalid free
>
> On this error path, we should not free lttng_chan, because it is located
> within an allocated shm memory area associated with the channel now. It
> is invalid to free this pointer.
>
> This is invoked on a channel creation error path.
>
> Reported-by: Aravind HT <aravind.ht at gmail.com>
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
>
> Thanks,
>
> Mathieu
>
>
>
> Regards,
> Aravind.
>
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
>
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> http://www.efficios.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20160712/db7923b0/attachment.html>

More information about the lttng-dev mailing list