Actions
Bug #1224
openCrash while reading a live per-pid trace
Status:
New
Priority:
Normal
Assignee:
-
Category:
src.ctf.lttng-live
Target version:
Start date:
02/17/2020
Due date:
% Done:
0%
Estimated time:
Description
I got this crash while consuming a live per-pid trace with short-lived applications.
bt #0 0x00007f35ca27def7 in read_unsigned_bitfield (bfcr=0x5615a1325e80, buf=0x4 <error: Cannot access memory at address 0x4>, at=1408, field_size=8, bo=CTF_BYTE_ORDER_LITTLE, v=0x7fff9d233d68) at bfcr.c:476 #1 0x00007f35ca27f831 in read_basic_int_and_call_cb (bfcr=0x5615a1325e80, buf=0x4 <error: Cannot access memory at address 0x4>, at=1408) at bfcr.c:657 #2 0x00007f35ca27fb93 in read_bit_array_class_and_call_begin (bfcr=0x5615a1325e80, read_basic_and_call_cb=0x7f35ca27f6ac <read_basic_int_and_call_cb>) at bfcr.c:758 #3 0x00007f35ca27fcf1 in read_basic_int_class_and_call_begin (bfcr=0x5615a1325e80) at bfcr.c:797 #4 0x00007f35ca28025a in read_basic_begin_state (bfcr=0x5615a1325e80) at bfcr.c:942 #5 0x00007f35ca2808e0 in handle_state (bfcr=0x5615a1325e80) at bfcr.c:1178 #6 0x00007f35ca280f1c in bt_bfcr_start (bfcr=0x5615a1325e80, cls=0x5615a136fff0, buf=0x7f35c929b010 "\301\037\374\301у\250~6\261D)\245\217\362Uy", offset=784, packet_offset=784, sz=4096, status=0x7fff9d233f08) at bfcr.c:1315 #7 0x00007f35ca281f99 in read_dscope_begin_state (notit=0x5615a1325c80, dscope_fc=0x5615a136fff0, done_state=STATE_EMIT_MSG_EVENT, continue_state=STATE_DSCOPE_EVENT_PAYLOAD_CONTINUE, dscope_field=0x5615a0f3f940) at msg-iter.c:593 #8 0x00007f35ca28460d in read_event_payload_begin_state (notit=0x5615a1325c80) at msg-iter.c:1475 #9 0x00007f35ca284d73 in handle_state (notit=0x5615a1325c80) at msg-iter.c:1738 #10 0x00007f35ca2875e8 in bt_msg_iter_get_next_message (notit=0x5615a1325c80, msg_iter=0x5615a0f2deb0, message=0x7fff9d234130) at msg-iter.c:2858 #11 0x00007f35ca2a2da7 in lttng_live_iterator_next_handle_one_active_data_stream (lttng_live_msg_iter=0x5615a0f3e6e0, lttng_live_stream=0x5615a111fd60, message=0x7fff9d234130) at lttng-live.c:758 #12 0x00007f35ca2a306c in lttng_live_iterator_next_msg_on_stream (lttng_live_msg_iter=0x5615a0f3e6e0, stream_iter=0x5615a111fd60, curr_msg=0x7fff9d234130) at lttng-live.c:916 #13 0x00007f35ca2a3176 in next_stream_iterator_for_trace (lttng_live_msg_iter=0x5615a0f3e6e0, live_trace=0x5615a111fe00, youngest_trace_stream_iter=0x7fff9d2341c8) at lttng-live.c:965 #14 0x00007f35ca2a3544 in next_stream_iterator_for_session (lttng_live_msg_iter=0x5615a0f3e6e0, session=0x5615a0f2fbf0, youngest_session_stream_iter=0x7fff9d234258) at lttng-live.c:1122 #15 0x00007f35ca2a38b8 in lttng_live_msg_iter_next (self_msg_it=0x5615a0f2deb0, msgs=0x5615a0f2df90, capacity=15, count=0x7fff9d234380) at lttng-live.c:1300 #16 0x00007f35cabae5f2 in call_iterator_next_method (iterator=0x5615a0f2deb0, msgs=0x5615a0f2df90, capacity=15, user_count=0x7fff9d234380) at iterator.c:853 #17 0x00007f35cabae6e4 in bt_self_component_port_input_message_iterator_next (iterator=0x5615a0f2deb0, msgs=0x7fff9d234378, user_count=0x7fff9d234380) at iterator.c:897 #18 0x00007f35ca7bf27c in muxer_upstream_msg_iter_next (muxer_upstream_msg_iter=0x5615a0f2fe30, is_ended=0x7fff9d23441b) at muxer.c:397 #19 0x00007f35ca7c09ca in validate_muxer_upstream_msg_iter (muxer_upstream_msg_iter=0x5615a0f2fe30, is_ended=0x7fff9d23441b) at muxer.c:939 #20 0x00007f35ca7c0abc in validate_muxer_upstream_msg_iters (muxer_msg_iter=0x5615a0f29380) at muxer.c:967 #21 0x00007f35ca7c0d1f in muxer_msg_iter_do_next_one (muxer_comp=0x5615a0f2d620, muxer_msg_iter=0x5615a0f29380, msg=0x5615a0f3d140) at muxer.c:1026 #22 0x00007f35ca7c1028 in muxer_msg_iter_do_next (muxer_comp=0x5615a0f2d620, muxer_msg_iter=0x5615a0f29380, msgs=0x5615a0f3d140, capacity=15, count=0x7fff9d234628) at muxer.c:1098 #23 0x00007f35ca7c1b07 in muxer_msg_iter_next (self_msg_iter=0x5615a0f2ddd0, msgs=0x5615a0f3d140, capacity=15, count=0x7fff9d234628) at muxer.c:1364 #24 0x00007f35cabae5f2 in call_iterator_next_method (iterator=0x5615a0f2ddd0, msgs=0x5615a0f3d140, capacity=15, user_count=0x7fff9d234628) at iterator.c:853 #25 0x00007f35cabae6e4 in bt_self_component_port_input_message_iterator_next (iterator=0x5615a0f2ddd0, msgs=0x7fff9d234620, user_count=0x7fff9d234628) at iterator.c:897 #26 0x00007f35ca7987b6 in pretty_consume (comp=0x5615a0f2d710) at pretty.c:182 #27 0x00007f35caba8079 in consume_graph_sink (comp=0x5615a0f2d710) at graph.c:580 #28 0x00007f35caba81a3 in consume_sink_node (graph=0x5615a0f2d310, node=0x5615a0f25ea0 = {...}) at graph.c:621 #29 0x00007f35caba84fe in consume_no_check (graph=0x5615a0f2d310) at graph.c:695 #30 0x00007f35caba8860 in bt_graph_run (graph=0x5615a0f2d310) at graph.c:757 #31 0x000056159f2bcf98 in cmd_run (cfg=0x5615a0f2ada0) at babeltrace2.c:2545 #32 0x000056159f2bdbea in main (argc=4, argv=0x7fff9d2348b8) at babeltrace2.c:2816
(gdb) frame 2 #2 0x00007f35ca27fb93 in read_bit_array_class_and_call_begin (bfcr=0x5615a1325e80, read_basic_and_call_cb=0x7f35ca27f6ac <read_basic_int_and_call_cb>) at bfcr.c:758 758 status = read_basic_and_call_cb(bfcr, bfcr->buf.addr, (gdb) p *bfcr $1 = { log_level = BT_LOGGING_LEVEL_WARNING, self_comp = 0x0, stack = 0x5615a1325f60, cur_basic_field_class = 0x5615a1370950, state = BFCR_STATE_READ_BASIC_BEGIN, last_bo = CTF_BYTE_ORDER_LITTLE, cur_bo = CTF_BYTE_ORDER_LITTLE, stitch = { buf = '\000' <repeats 15 times>, offset = 0, at = 4 }, buf = { addr = 0x4 <error: Cannot access memory at address 0x4>, offset = 784, at = 624, packet_offset = 784, sz = 31984, buf_sz = 4096 }, user = { cbs = { classes = { signed_int = 0x7f35ca285714 <bfcr_signed_int_cb>, unsigned_int = 0x7f35ca285598 <bfcr_unsigned_int_char_cb>, floating_point = 0x7f35ca2857d9 <bfcr_floating_point_cb>, string_begin = 0x7f35ca285895 <bfcr_string_begin_cb>, string = 0x7f35ca28590c <bfcr_string_cb>, string_end = 0x7f35ca285a33 <bfcr_string_end_cb>, compound_begin = 0x7f35ca285a9a <bfcr_compound_begin_cb>, compound_end = 0x7f35ca285b81 <bfcr_compound_end_cb> }, query = { get_sequence_length = 0x7f35ca285c4d <bfcr_get_sequence_length_cb>, borrow_variant_selected_field_class = 0x7f35ca285d7f <bfcr_borrow_variant_selected_field_class_cb> } }, data = 0x5615a1325c80 } }
I'm not sure how buf in the structure above got into this state.
Updated by Jonathan Rajotte Julien over 4 years ago
- Author changed from 215 to 69
Updated by Jonathan Rajotte Julien over 4 years ago
Migrated from internal bug tracker.
Actions