Bug 3667 - fcore crashes on large (eclipse) java process
Summary: fcore crashes on large (eclipse) java process
Status: RESOLVED FIXED
Alias: None
Product: frysk
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Phil Muldoon
URL:
Keywords:
Depends on:
Blocks: 2243
  Show dependency treegraph
 
Reported: 2006-12-06 17:55 UTC by Phil Muldoon
Modified: 2007-10-10 17:26 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Phil Muldoon 2006-12-06 17:55:45 UTC
[pmuldoon@localhost bindir]$ fcore 31807
*** glibc detected *** fcore: realloc(): invalid next size: 0x085d0bb8 ***
======= Backtrace: =========
/lib/libc.so.6[0x457838c0]
/lib/libc.so.6(realloc+0xfe)[0x457857ae]
fcore[0x808c87d]
fcore[0x808c112]
fcore[0x806959c]
fcore[0x8068ee1]
fcore[0x8079fed]
fcore[0x806a355]
fcore[0x806a411]
fcore[0x8059ddc]
/usr/lib/libgcj.so.7rh(_ZN3gnu4java4lang10MainThread9call_mainEJvv+0xd4)[0x475b6564]
======= Memory map: ========
00001000-00113000 rwxp 00001000 00:00 0 
00116000-00117000 r-xp 00116000 00:00 0          [vdso]
00117000-00256000 rwxp 00117000 00:00 0 
00d13000-00d1c000 r-xp 00000000 03:02 262185     /lib/libnss_files-2.5.so
00d1c000-00d1d000 r-xp 00008000 03:02 262185     /lib/libnss_files-2.5.so
00d1d000-00d1e000 rwxp 00009000 03:02 262185     /lib/libnss_files-2.5.so
08048000-080dd000 r-xp 00000000 03:02 2576042    /usr/bin/fcore
080dd000-08175000 rwxp 00095000 03:02 2576042    /usr/bin/fcore
085c9000-085ea000 rwxp 085c9000 00:00 0 
44d4d000-44d66000 r-xp 00000000 03:02 270596     /lib/ld-2.5.so
44d66000-44d67000 r-xp 00018000 03:02 270596     /lib/ld-2.5.so
44d67000-44d68000 rwxp 00019000 03:02 270596     /lib/ld-2.5.so
4571c000-45853000 r-xp 00000000 03:02 270597     /lib/libc-2.5.so
45853000-45855000 r-xp 00137000 03:02 270597     /lib/libc-2.5.so
45855000-45856000 rwxp 00139000 03:02 270597     /lib/libc-2.5.so
45856000-45859000 rwxp 45856000 00:00 0 
4585b000-45880000 r-xp 00000000 03:02 270604     /lib/libm-2.5.so
45880000-45881000 r-xp 00024000 03:02 270604     /lib/libm-2.5.so
45881000-45882000 rwxp 00025000 03:02 270604     /lib/libm-2.5.so
45884000-45886000 r-xp 00000000 03:02 270598     /lib/libdl-2.5.so
45886000-45887000 r-xp 00001000 03:02 270598     /lib/libdl-2.5.so
45887000-45888000 rwxp 00002000 03:02 270598     /lib/libdl-2.5.so
4588a000-4589d000 r-xp 00000000 03:02 270599     /lib/libpthread-2.5.so
4589d000-4589e000 r-xp 00012000 03:02 270599     /lib/libpthread-2.5.so
4589e000-4589f000 rwxp 00013000 03:02 270599     /lib/libpthread-2.5.so
4589f000-458a1000 rwxp 4589f000 00:00 0 
458a3000-458b5000 r-xp 00000000 03:02 2587152    /usr/lib/libz.so.1.2.3
458b5000-458b6000 rwxp 00011000 03:02 2587152    /usr/lib/libz.so.1.2.3
45b02000-45b09000 r-xp 00000000 03:02 270600     /lib/librt-2.5.so
45b09000-45b0a000 r-xp 00006000 03:02 270600     /lib/librt-2.5.so
45b0a000-45b0b000 rwxp 00007000 03:02 270600     /lib/librt-2.5.so
45b34000-45b3f000 r-xp 00000000 03:02 2424834    /lib/libgcc_s-4.1.1-20061011.so.1
45b3f000-45b40000 rwxp 0000a000 03:02 2424834    /lib/libgcc_s-4.1.1-20061011.so.1
467ac000-4823e000 r-xp 00000000 03:02 2573169    /usr/lib/libgcj.so.7rh.0.0
4823e000-486a0000 rwxp 01a92000 03:02 2573169    /usr/lib/libgcj.so.7rh.0.0
486a0000-486e8000 rwxp 486a0000 00:00 0 
4b702000-4b713000 r-xp 00000000 03:02 2424853    /lib/libaudit.so.0.0.0
4b713000-4b715000 rwxp 00011000 03:02 2424853    /lib/libaudit.so.0.0.0
b6800000-b6821000 rw-p b6800000 00:00 0 
b6821000-b6900000 ---p b6821000 00:00 0 
b698d000-b698e000 ---p b698d000 00:00 0 
b698e000-b738e000 rw-p b698e000 00:00 0 
b738e000-b738f000 ---p b738e000 00:00 0 
b738f000-b7d8f000 rw-p b738f000 00:00 0 
b7d8f000-b7f8f000 r--p 00000000 03:02 2560420    /usr/lib/locale/locale-archive
b7f8f000-b7f92000 rw-p b7f8f000 00:00 0 
b7fa5000-b7fac000 r--s 00000000 03:02 65799      /usr/lib/gconv/gconv-modules.cache
b7fac000-b7fad000 rw-p b7fac000 00:00 0 
bf931000-bf947000 rw-p bf931000 00:00 0          [stack]
Aborted
[pmuldoon@localhost bindir]$
Comment 1 Phil Muldoon 2006-12-06 22:24:35 UTC
I added some comments to the uslurp, and it seems to be dying on realloc. What
is puzzling is I read the maps twice: once to forward count the number of maps,
and then again to actually read the maps. The first time around the reallocs
pass, but the second time around they fail on the first realloc. Also this seems
limited to large maps files.

[pmuldoon@localhost frysk_bin]$ ./frysk-core/frysk/bindir/fcore 31807
Counting maps
Inside slurp
Read 4006 bytes, read buffer should be 8191
realloc size 12198
realloc completed
Read 4061 bytes, read buffer should be 8191
realloc size 16259
realloc completed
Read 4021 bytes, read buffer should be 8191
realloc size 20280
realloc completed
Read 4045 bytes, read buffer should be 8191
realloc size 24325
realloc completed
Read 4074 bytes, read buffer should be 8191
realloc size 28399
realloc completed
Read 4037 bytes, read buffer should be 8191
realloc size 32436
realloc completed
Read 2121 bytes, read buffer should be 8191
realloc size 34557
realloc completed
Read 0 bytes, read buffer should be 8191
realloc size 34557
realloc completed
Building program header

Building notes
Building program segments
Running segment construct

Inside slurp
Read 4006 bytes, read buffer should be 8191
realloc size 12198
*** glibc detected *** ./frysk-core/frysk/bindir/fcore: realloc(): invalid next
size: 0x095f8bd8 ***
Comment 2 Phil Muldoon 2007-10-10 17:26:13 UTC
This was due to utilization of large memory blocks while using libelf to
encapsulate entire segments. This was rewritten to stream data.

2007-08-17  Phil Muldoon  <pmuldoon@redhat.com>

        * TestFCore.java (ProgramHeaderMapsTester): Delete.
        (testAuxv): Delete core when done.
        (findLowAddress): New.
        (getElf): Made private.
        (getIsa): Ditto.
        (getArch): Ditto.
        (giveMeABlockedProc): Ditto.
        (giveMeAProc): Ditto.
        (constructCore): Ditto.
        (testProgramSegmentHeader): Refactored to check segments
        are correctly includexd.
        * LinuxElfCorefile.java (writeNoteData): New. Don't use
        elf to write segments.
        (writeSegments): Ditto. Write elf segment data.
        (constructCorefile): Refactor, do not use Sections.
        (FillENoteSection): Delete.
        (constructSectionData): Return byte[].
        (buildNotes): Was fileENoteSection. Return
        byte[].
        (CoreMapsBuilder.buildMap): Just build Program Segment
        header info. Do not write elf data.