Project

General

Profile

Actions
Copy link

Bug #1362

open

Listing a trigger with an event rule matches condition with a uprobe on an elf symbol crashes

Added by Jérémie Galarneau over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Jérémie Galarneau
Target version:
LTTng - 2.14
Start date:
10/24/2022
Due date:
% Done:

0%

Estimated time:

Description

Running against d67dc273f.

When listing triggers, I get a crash:

[root@carbonara lttng-tools]# /tmp/lttng/bin/lttng list-triggers
- name: uprobe_trigger
  owner uid: 0
  condition: event rule matches
    rule: uprobe_trigger (type: kernel:uprobe, location type: ELF, location: tests/regression/tools/notification//../../..//utils/testapp/userspace-probe-elf-binary/.libs/userspace-probe-elf-binary:test_function)
    errors: none
 action:notify
lttng: ../../src/common/dynamic-array.hpp:53: void* lttng_dynamic_array_get_element(const lttng_dynamic_array*, size_t): Assertion `element_index < array->size' failed.
Aborted (core dumped)

gdb output:

Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/tmp/lttng/bin/lttng list-triggers'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007ffbb3aa164c in ?? () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffbb3aa164c in ?? () from /usr/lib/libc.so.6
#1  0x00007ffbb3a51958 in raise () from /usr/lib/libc.so.6
#2  0x00007ffbb3a3b53d in abort () from /usr/lib/libc.so.6
#3  0x00007ffbb3a3b45c in ?? () from /usr/lib/libc.so.6
#4  0x00007ffbb3a4a486 in __assert_fail () from /usr/lib/libc.so.6
#5  0x0000564a49b9d130 in lttng_dynamic_array_get_element (array=0x564a4ab6c040, element_index=0) at ../../src/common/dynamic-array.hpp:53
#6  0x0000564a49b9d378 in lttng_action_path_copy (src=0x564a4ab6c040, dst=0x564a4ab6c540) at actions/path.cpp:110
#7  0x0000564a49b4d505 in lttng_error_query_action_create (trigger=0x564a4ab6b5d0, action_path=0x564a4ab6c040) at error-query.cpp:232
#8  0x0000564a49b3ee7c in print_action_errors (trigger=0x564a4ab6b5d0, action_path_indexes=0x0, action_path_length=0) at commands/list_triggers.cpp:765
#9  0x0000564a49b3f99a in print_one_action (trigger=0x564a4ab6b5d0, action=0x564a4ab6b4e0, action_path_indexes=0x0, action_path_length=0) at commands/list_triggers.cpp:965
#10 0x0000564a49b400c7 in print_one_trigger (trigger=0x564a4ab6b5d0) at commands/list_triggers.cpp:1123
#11 0x0000564a49b4036e in print_sorted_triggers (triggers=0x564a4ab6b110) at commands/list_triggers.cpp:1201
#12 0x0000564a49b40c92 in cmd_list_triggers (argc=0, argv=0x7fffa9404f18) at commands/list_triggers.cpp:1420
#13 0x0000564a49b438d6 in handle_command (argc=1, argv=0x7fffa9404f10) at lttng.cpp:238
#14 0x0000564a49b4402c in parse_args (argc=2, argv=0x7fffa9404f08) at lttng.cpp:427
#15 0x0000564a49b441a8 in main (argc=2, argv=0x7fffa9404f08) at lttng.cpp:476

This is a trigger created by the following test:
tests/regression/tools/notification/test_notification_kernel_userspace_probe

It can be reproduced by stopping the test before invoking the event-generating application.

No data to display

Actions
Copy link

Also available in: Atom PDF