[lttng-dev] Segfault when dlopening/dlclosing instrumented shared libraries

Simon Marchi simon.marchi at polymtl.ca
Sun May 29 01:44:05 UTC 2016 

Hi,

I'd like to know if I am doing anything wrong, or if this is expected 
not to work.

I made a mini program that does dlopen/dlsym/call/dlclose with two 
shared libraries that are instrumented with LTTng (each shared object is 
its own tracepoint provider).  The program segfaults when running the 
lttng ust destructors:


#0  0x00007ffff78b1d76 in strlen () from /usr/lib/libc.so.6
#1  0x00007ffff7186b97 in get_tracepoint (name=0x440783380e410686 
<error: Cannot access memory at address 0x440783380e410686>) at 
tracepoint.c:257
#2  0x00007ffff7187d20 in tracepoint_remove_probe 
(name=0x440783380e410686 <error: Cannot access memory at address 
0x440783380e410686>, probe=0xe0a01aa0301a00e, data=0x606db0) at 
tracepoint.c:593
#3  0x00007ffff7187e8b in __tracepoint_probe_unregister 
(name=0x440783380e410686 <error: Cannot access memory at address 
0x440783380e410686>, probe=0xe0a01aa0301a00e, data=0x606db0) at 
tracepoint.c:619
#4  0x00007ffff73c58b0 in unregister_event (event=0x606db0) at 
lttng-events.c:203
#5  0x00007ffff73c59b8 in _lttng_event_unregister (event=0x606db0) at 
lttng-events.c:218
#6  0x00007ffff73c59ef in lttng_session_destroy (session=0x7fffe8000930) 
at lttng-events.c:230
#7  0x00007ffff73bf802 in lttng_release_session (objd=1) at 
lttng-ust-abi.c:595
#8  0x00007ffff73bee72 in lttng_ust_objd_unref (id=1, is_owner=0) at 
lttng-ust-abi.c:213
#9  0x00007ffff73bfe62 in lttng_channel_release (objd=2) at 
lttng-ust-abi.c:908
#10 0x00007ffff73bee72 in lttng_ust_objd_unref (id=2, is_owner=0) at 
lttng-ust-abi.c:213
#11 0x00007ffff73bff80 in lttng_enabler_release (objd=3) at 
lttng-ust-abi.c:979
#12 0x00007ffff73bee72 in lttng_ust_objd_unref (id=3, is_owner=1) at 
lttng-ust-abi.c:213
#13 0x00007ffff73beece in objd_table_destroy () at lttng-ust-abi.c:232
#14 0x00007ffff73bffa1 in lttng_ust_abi_exit () at lttng-ust-abi.c:992
#15 0x00007ffff73bdf30 in lttng_ust_cleanup (exiting=1) at 
lttng-ust-comm.c:1706
#16 0x00007ffff73be1b8 in lttng_ust_exit () at lttng-ust-comm.c:1773
#17 0x00007ffff7de8a7a in _dl_fini () from /lib64/ld-linux-x86-64.so.2
#18 0x00007ffff7869be8 in __run_exit_handlers () from /usr/lib/libc.so.6
#19 0x00007ffff7869c35 in exit () from /usr/lib/libc.so.6
#20 0x00007ffff7854748 in __libc_start_main () from /usr/lib/libc.so.6
#21 0x0000000000400699 in _start ()


When I try with a single shared object though, I do not see the 
segfault.

The lttng doc makes it clear that dlclosing a tracepoint provider is not 
supported and suggests two alternatives, that effectively make the 
tracepoint provider's lifetime the same as the process (statically link 
it in the application or use LD_PRELOAD).  So I'll understand perfectly 
if the answer is "it's not supported".  However Mathieu mentioned on IRC 
(that's my understanding) that dlclose should probably work if the 
callsites of the tracepoints are all contained in the same .so.  In 
other words, if nothing else uses tracepoints from the .so.

I have made a small example in this gist: 
https://gist.github.com/simark/e4994ad149db8afa6cb72d5d2ac8b00c

To reproduce:

$ lttng create && lttng enable-event -u -a && lttng start
$ ./main
$ lttng stop && lttng destroy

So, is there a way to make this work, or is it hopeless?

Thanks,

Simon

More information about the lttng-dev mailing list