NullReferenceException in AddUniversalDynamicSymbol when opening nettrace with invalid symbol ranges #2373
Description
Opening certain EventPipe .nettrace files containing universal trace format symbols crashes with a NullReferenceException during ETLX conversion.
Suspected root cause:
AddUniversalDynamicSymbol in TraceLog.cs passes the symbol size to ForAllUnresolvedCodeAddressesInRange using an (int) cast, while the downstream UniversalMapping uses a (long) cast:
perfview/src/TraceEvent/TraceLog.cs
Line 8546 in 46f2cfa
perfview/src/TraceEvent/TraceLog.cs
Line 7134 in 46f2cfa
When a ProcessSymbol event has an invalid address range (e.g., StartAddress=0x0, EndAddress=0xFFFFFFFFFFFFFFFF), the (int) truncation produces -1, which wraps to 0xFFFFFFFFFFFFFFFF as a ulong — causing the loop to iterate over every code
address in the process. Meanwhile, UniversalMapping correctly interprets the (long) cast as negative, leaving imageSize at 0. The resulting zero-size module cannot be found by FindModuleAndIndexContainingAddress, leaving loadedModule null and
causing the NRE at loadedModule.ModuleID.
This was observed with nettrace files generated by one-collect's record-trace without root access on Linux, where /proc/kallsyms returns zeroed addresses, causing the kernel symbol startup_64 to be emitted as [0x0, 0xFFFFFFFFFFFFFFFF).
Started: Opening with-rbp-chain-walk.nettrace
Creating ETLX file C:\Users\mihw\AppData\Local\Temp\PerfView (4)\with-rbp-chain-walk_d0b9d067.etlx from \\wsl.localhost\Ubuntu-24.04\home\mihw\repo\mihw-notes\stack-investigation\traces\with-rbp-chain-walk.nettrace
[Opening a log file of size 0 MB.]
[ELAPSED 0 seconds. READ 131,072 events. TIMESTAMP 0ms. WRITTEN 19MB. ]
[ELAPSED 1 seconds. READ 262,144 events. TIMESTAMP 0ms. WRITTEN 39MB. ]
[ELAPSED 1 seconds. READ 393,216 events. TIMESTAMP 0ms. WRITTEN 58MB. ]
[ELAPSED 1 seconds. READ 524,288 events. TIMESTAMP 0ms. WRITTEN 77MB. ]
[ELAPSED 1 seconds. READ 655,360 events. TIMESTAMP 0ms. WRITTEN 97MB. ]
[ELAPSED 2 seconds. READ 786,432 events. TIMESTAMP 0ms. WRITTEN 116MB. ]
[ELAPSED 2 seconds. READ 917,504 events. TIMESTAMP 0ms. WRITTEN 135MB. ]
[ELAPSED 2 seconds. READ 1,048,576 events. TIMESTAMP 0ms. WRITTEN 155MB. ]
[ELAPSED 3 seconds. READ 1,179,648 events. TIMESTAMP 0ms. WRITTEN 174MB. ]
[ELAPSED 3 seconds. READ 1,310,720 events. TIMESTAMP 0ms. WRITTEN 193MB. ]
[ELAPSED 4 seconds. READ 1,441,792 events. TIMESTAMP 0ms. WRITTEN 213MB. ]
[ELAPSED 4 seconds. READ 1,572,864 events. TIMESTAMP 0ms. WRITTEN 232MB. ]
[ELAPSED 4 seconds. READ 1,703,936 events. TIMESTAMP 0ms. WRITTEN 252MB. ]
[ELAPSED 5 seconds. READ 1,835,008 events. TIMESTAMP 0ms. WRITTEN 271MB. ]
[ELAPSED 5 seconds. READ 1,966,080 events. TIMESTAMP 0ms. WRITTEN 290MB. ]
[ELAPSED 5 seconds. READ 2,097,152 events. TIMESTAMP 0ms. WRITTEN 310MB. ]
[ELAPSED 6 seconds. READ 2,228,224 events. TIMESTAMP 0ms. WRITTEN 329MB. ]
WARNING: Events occurred > 10msec before process 12975 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12977 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12976 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12978 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12979 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12980 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12981 start at 0.000 msec
WARNING: Events occurred > 10msec before process 12982 start at 0.000 msec
Error: Exception EventPipe conversion: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Diagnostics.Tracing.Etlx.TraceCodeAddresses.<>c__DisplayClass33_0.<AddUniversalDynamicSymbol>b__0(CodeAddressInfo& info)
at Microsoft.Diagnostics.Tracing.Etlx.TraceCodeAddresses.ForAllUnresolvedCodeAddressesInRange(TraceProcess process, UInt64 start, Int64 length, Boolean considerResolved, ForAllCodeAddrAction body)
at Microsoft.Diagnostics.Tracing.Etlx.TraceCodeAddresses.AddUniversalDynamicSymbol(ProcessSymbolTraceData data, TraceProcess process)
at Microsoft.Diagnostics.Tracing.SourceConverters.NettraceUniversalConverter.AfterProcess(TraceLog traceLog)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.CopyRawEvents(TraceEventDispatcher rawEvents, IStreamWriter writer)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.<>c__DisplayClass134_0.<FastSerialization.IFastSerializable.ToStream>b__0()
at FastSerialization.DeferedRegion.Write(Serializer serializer, Action toStream)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.FastSerialization.IFastSerializable.ToStream(Serializer serializer)
at FastSerialization.Serializer.WriteObjectData(IFastSerializable obj, Tags beginTag)
at FastSerialization.Serializer.WriteObjectRef(IFastSerializable obj, Boolean defered)
at FastSerialization.Serializer..ctor(IStreamWriter writer, IFastSerializable entryObject)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.CreateFromEventPipeEventSources(TraceEventDispatcher source, IOStreamStreamWriter streamWriter, TraceLogOptions options)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.CreateFromEventPipeEventSources(TraceEventDispatcher source, String etlxFilePath, TraceLogOptions options)
at Microsoft.Diagnostics.Tracing.Etlx.TraceLog.CreateFromEventPipeDataFile(String filePath, String etlxFilePath, TraceLogOptions options)
at PerfView.EventPipePerfViewData.GetTraceLog(TextWriter log, Action`3 onLostEvents)
[Error: exception while opening EventPipe data.]
Completed: Opening with-rbp-chain-walk.nettrace (Elapsed Time: 6.332 sec)
Possible fixes:
- Skip symbols with EndAddress <= StartAddress (invalid range)
- Change (int) to (long) cast for consistency with UniversalMapping
- Add null guard on loadedModule as defense-in-depth
Expected
.nettrace file opens and shows views, possibly with an indicator that the symbols had invalid ranges
Actual
When double clicking the nettrace, no views appeared, and just the message Error: exception while opening EventPipe data. appeared.