Project

General

Profile

Actions

Bug #98

closed

Segfaults with wrong number of subbuffers on channel

Added by David Goulet over 12 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
High
Target version:
Start date:
02/23/2012
Due date:
% Done:

0%

Estimated time:

Description

Referring to LTTng-Tools bug #89, I can not segfault the session daemon anymore but the lttng-ust tracer now is the one segfaulting.

Using git HEAD version of both lttng-tools (faf09bcfc465cdf7a5892339ee36b2dcef85b227) and lttng-ust (a7859af5c73c3f7cc863702d322d86fc2c4523ab), running those commands trigger the segfault (ref to bug #89):

lttng create
lttng enable-channel test -u --num-subbuf 3 # known bad number of buffers.
lttng enable-event -u -a
lttng start

./hello

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff69ef700 (LWP 6078)]
0x00007ffff7bbb5e0 in handle_message (arg=0x7ffff7dda660) at lttng-ust-comm.c:304
304 lur.u.channel.memory_map_size = *args.channel.memory_map_size;
(gdb) bt full
#0 0x00007ffff7bbb5e0 in handle_message (arg=0x7ffff7dda660) at lttng-ust-comm.c:304
ret = 0
lur = {handle = 1, cmd = 81, ret_code = 4294967274, ret_val = 4294967274, u = {
channel = {memory_map_size = 0}, stream = {memory_map_size = 0}, version = {
major = 0, minor = 0, patchlevel = 0}, tracepoint = {
name = '\000' <repeats 255 times>, loglevel = 0,
padding = '\000' <repeats 15 times>}}}
ops = <value optimized out>
shm_fd = 0
wait_fd = 0
args = {channel = {shm_fd = 0x0, wait_fd = 0x0, memory_map_size = 0x0}, stream = {
shm_fd = 0x0, wait_fd = 0x0, memory_map_size = 0x0}}
#1 ust_listener_thread (arg=0x7ffff7dda660) at lttng-ust-comm.c:754
len = <value optimized out>
lum = {handle = 1, cmd = 81, u = {channel = {overwrite = 0, subbuf_size = 4096,
num_subbuf = 3, switch_timer_interval = 0, read_timer_interval = 200,
output = LTTNG_UST_MMAP, padding = '\000' <repeats 287 times>}, stream = {
padding = "\000\000\000\000\000\000\000\000\000\020\000\000\000\000\000",
u = {
padding = "\003", '\000' <repeats 11 times>"\310, ", '\000' <repeats 274 times>}}, event = {instrumentation = LTTNG_UST_TRACEPOINT,
name = "\000\000\000\000\000\020\000\000\000\000\000\000\003", '\000' <repeats 11 times>"\310, ", '\000' <repeats 230 times>, loglevel_type = LTTNG_UST_LOGLEVEL_ALL,
loglevel = 0, padding = '\000' <repeats 15 times>, u = {
padding = '\000' <repeats 287 times>}}, context = {
ctx = LTTNG_UST_CONTEXT_VTID,
padding = "\000\000\000\000\000\020\000\000\000\000\000\000\003\000\000",
u = {
padding = "\000\000\000\000\000\000\000\000\310", '\000' <repeats 278 times>}}, version = {major = 0, minor = 0, patchlevel = 4096}, tracepoint = {
name = "\000\000\000\000\000\000\000\000\000\020\000\000\000\000\000\000\003", '\000' <repeats 11 times>"\310, ", '\000' <repeats 226 times>, loglevel = 0,
padding = '\000' <repeats 15 times>}}}
ret = 5
has_waited = 0
func = "ust_listener_thread"
PRETTY_FUNCTION = "ust_listener_thread"
#2 0x00007ffff758d9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
res = <value optimized out>
pd = 0x7ffff69ef700
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737331001088, 835048330591342492,
8388608, 140737331001792, 0, 0, -835033771145293924, -835032103077015652},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION
= "start_thread"
#3 0x00007ffff70e670d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#4 0x0000000000000000 in ?? ()
No symbol table info available.


Related issues 1 (0 open1 closed)

Related to LTTng-tools - Bug #89: sessiond does not handle channel creation errors for USTResolvedDavid Goulet02/21/2012

Actions
Actions #1

Updated by Mathieu Desnoyers over 12 years ago

  • Status changed from New to Resolved
  • Assignee set to Mathieu Desnoyers

fixed by:

commit e6ea14c54c9b1dd79428e61e0343d8a34d87b5a8
Author: Mathieu Desnoyers <>
Date: Thu Feb 23 15:13:01 2012 -0500

fix: ust comm error handling segfault
On comm errors, UST should not try to populate fields from NULL
pointers.
Signed-off-by: Mathieu Desnoyers &lt;&gt;
Actions

Also available in: Atom PDF