Project

General

Profile

Bug #1224

Crash while reading a live per-pid trace

Added by Jérémie Galarneau 7 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
src.ctf.lttng-live
Start date:
02/17/2020
Due date:
% Done:

0%

Estimated time:

Description

I got this crash while consuming a live per-pid trace with short-lived applications.

bt
#0  0x00007f35ca27def7 in read_unsigned_bitfield (bfcr=0x5615a1325e80, buf=0x4 <error: Cannot access memory at address 0x4>, at=1408, field_size=8, 
    bo=CTF_BYTE_ORDER_LITTLE, v=0x7fff9d233d68) at bfcr.c:476
#1  0x00007f35ca27f831 in read_basic_int_and_call_cb (bfcr=0x5615a1325e80, buf=0x4 <error: Cannot access memory at address 0x4>, at=1408) at bfcr.c:657
#2  0x00007f35ca27fb93 in read_bit_array_class_and_call_begin (bfcr=0x5615a1325e80, read_basic_and_call_cb=0x7f35ca27f6ac <read_basic_int_and_call_cb>) at bfcr.c:758
#3  0x00007f35ca27fcf1 in read_basic_int_class_and_call_begin (bfcr=0x5615a1325e80) at bfcr.c:797
#4  0x00007f35ca28025a in read_basic_begin_state (bfcr=0x5615a1325e80) at bfcr.c:942
#5  0x00007f35ca2808e0 in handle_state (bfcr=0x5615a1325e80) at bfcr.c:1178
#6  0x00007f35ca280f1c in bt_bfcr_start (bfcr=0x5615a1325e80, cls=0x5615a136fff0, buf=0x7f35c929b010 "\301\037\374\301у\250~6\261D)\245\217\362Uy", offset=784, 
    packet_offset=784, sz=4096, status=0x7fff9d233f08) at bfcr.c:1315
#7  0x00007f35ca281f99 in read_dscope_begin_state (notit=0x5615a1325c80, dscope_fc=0x5615a136fff0, done_state=STATE_EMIT_MSG_EVENT, 
    continue_state=STATE_DSCOPE_EVENT_PAYLOAD_CONTINUE, dscope_field=0x5615a0f3f940) at msg-iter.c:593
#8  0x00007f35ca28460d in read_event_payload_begin_state (notit=0x5615a1325c80) at msg-iter.c:1475
#9  0x00007f35ca284d73 in handle_state (notit=0x5615a1325c80) at msg-iter.c:1738
#10 0x00007f35ca2875e8 in bt_msg_iter_get_next_message (notit=0x5615a1325c80, msg_iter=0x5615a0f2deb0, message=0x7fff9d234130) at msg-iter.c:2858
#11 0x00007f35ca2a2da7 in lttng_live_iterator_next_handle_one_active_data_stream (lttng_live_msg_iter=0x5615a0f3e6e0, lttng_live_stream=0x5615a111fd60, 
    message=0x7fff9d234130) at lttng-live.c:758
#12 0x00007f35ca2a306c in lttng_live_iterator_next_msg_on_stream (lttng_live_msg_iter=0x5615a0f3e6e0, stream_iter=0x5615a111fd60, curr_msg=0x7fff9d234130)
    at lttng-live.c:916
#13 0x00007f35ca2a3176 in next_stream_iterator_for_trace (lttng_live_msg_iter=0x5615a0f3e6e0, live_trace=0x5615a111fe00, youngest_trace_stream_iter=0x7fff9d2341c8)
    at lttng-live.c:965
#14 0x00007f35ca2a3544 in next_stream_iterator_for_session (lttng_live_msg_iter=0x5615a0f3e6e0, session=0x5615a0f2fbf0, youngest_session_stream_iter=0x7fff9d234258)
    at lttng-live.c:1122
#15 0x00007f35ca2a38b8 in lttng_live_msg_iter_next (self_msg_it=0x5615a0f2deb0, msgs=0x5615a0f2df90, capacity=15, count=0x7fff9d234380) at lttng-live.c:1300
#16 0x00007f35cabae5f2 in call_iterator_next_method (iterator=0x5615a0f2deb0, msgs=0x5615a0f2df90, capacity=15, user_count=0x7fff9d234380) at iterator.c:853
#17 0x00007f35cabae6e4 in bt_self_component_port_input_message_iterator_next (iterator=0x5615a0f2deb0, msgs=0x7fff9d234378, user_count=0x7fff9d234380)
    at iterator.c:897
#18 0x00007f35ca7bf27c in muxer_upstream_msg_iter_next (muxer_upstream_msg_iter=0x5615a0f2fe30, is_ended=0x7fff9d23441b) at muxer.c:397
#19 0x00007f35ca7c09ca in validate_muxer_upstream_msg_iter (muxer_upstream_msg_iter=0x5615a0f2fe30, is_ended=0x7fff9d23441b) at muxer.c:939
#20 0x00007f35ca7c0abc in validate_muxer_upstream_msg_iters (muxer_msg_iter=0x5615a0f29380) at muxer.c:967
#21 0x00007f35ca7c0d1f in muxer_msg_iter_do_next_one (muxer_comp=0x5615a0f2d620, muxer_msg_iter=0x5615a0f29380, msg=0x5615a0f3d140) at muxer.c:1026
#22 0x00007f35ca7c1028 in muxer_msg_iter_do_next (muxer_comp=0x5615a0f2d620, muxer_msg_iter=0x5615a0f29380, msgs=0x5615a0f3d140, capacity=15, count=0x7fff9d234628)
    at muxer.c:1098
#23 0x00007f35ca7c1b07 in muxer_msg_iter_next (self_msg_iter=0x5615a0f2ddd0, msgs=0x5615a0f3d140, capacity=15, count=0x7fff9d234628) at muxer.c:1364
#24 0x00007f35cabae5f2 in call_iterator_next_method (iterator=0x5615a0f2ddd0, msgs=0x5615a0f3d140, capacity=15, user_count=0x7fff9d234628) at iterator.c:853
#25 0x00007f35cabae6e4 in bt_self_component_port_input_message_iterator_next (iterator=0x5615a0f2ddd0, msgs=0x7fff9d234620, user_count=0x7fff9d234628)
    at iterator.c:897
#26 0x00007f35ca7987b6 in pretty_consume (comp=0x5615a0f2d710) at pretty.c:182
#27 0x00007f35caba8079 in consume_graph_sink (comp=0x5615a0f2d710) at graph.c:580
#28 0x00007f35caba81a3 in consume_sink_node (graph=0x5615a0f2d310, node=0x5615a0f25ea0 = {...}) at graph.c:621
#29 0x00007f35caba84fe in consume_no_check (graph=0x5615a0f2d310) at graph.c:695
#30 0x00007f35caba8860 in bt_graph_run (graph=0x5615a0f2d310) at graph.c:757
#31 0x000056159f2bcf98 in cmd_run (cfg=0x5615a0f2ada0) at babeltrace2.c:2545
#32 0x000056159f2bdbea in main (argc=4, argv=0x7fff9d2348b8) at babeltrace2.c:2816
(gdb) frame 2
#2  0x00007f35ca27fb93 in read_bit_array_class_and_call_begin (bfcr=0x5615a1325e80, read_basic_and_call_cb=0x7f35ca27f6ac <read_basic_int_and_call_cb>) at bfcr.c:758
758            status = read_basic_and_call_cb(bfcr, bfcr->buf.addr,
(gdb) p *bfcr
$1 = {
  log_level = BT_LOGGING_LEVEL_WARNING, 
  self_comp = 0x0, 
  stack = 0x5615a1325f60, 
  cur_basic_field_class = 0x5615a1370950, 
  state = BFCR_STATE_READ_BASIC_BEGIN, 
  last_bo = CTF_BYTE_ORDER_LITTLE, 
  cur_bo = CTF_BYTE_ORDER_LITTLE, 
  stitch = {
    buf = '\000' <repeats 15 times>, 
    offset = 0, 
    at = 4
  }, 
  buf = {
    addr = 0x4 <error: Cannot access memory at address 0x4>, 
    offset = 784, 
    at = 624, 
    packet_offset = 784, 
    sz = 31984, 
    buf_sz = 4096
  }, 
  user = {
    cbs = {
      classes = {
        signed_int = 0x7f35ca285714 <bfcr_signed_int_cb>, 
        unsigned_int = 0x7f35ca285598 <bfcr_unsigned_int_char_cb>, 
        floating_point = 0x7f35ca2857d9 <bfcr_floating_point_cb>, 
        string_begin = 0x7f35ca285895 <bfcr_string_begin_cb>, 
        string = 0x7f35ca28590c <bfcr_string_cb>, 
        string_end = 0x7f35ca285a33 <bfcr_string_end_cb>, 
        compound_begin = 0x7f35ca285a9a <bfcr_compound_begin_cb>, 
        compound_end = 0x7f35ca285b81 <bfcr_compound_end_cb>
      }, 
      query = {
        get_sequence_length = 0x7f35ca285c4d <bfcr_get_sequence_length_cb>, 
        borrow_variant_selected_field_class = 0x7f35ca285d7f <bfcr_borrow_variant_selected_field_class_cb>
      }
    }, 
    data = 0x5615a1325c80
  }
}

I'm not sure how buf in the structure above got into this state.

#1

Updated by Jonathan Rajotte Julien 7 months ago

  • Author changed from 215 to 69
#2

Updated by Jonathan Rajotte Julien 7 months ago

Migrated from internal bug tracker.

Also available in: Atom PDF