Actions
Bug #2602
closed
mdb ::sockparams SEGV
Start date:
2012-04-08
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:
Description
Can someone confirm this?
# mdb -k
> ::sockparams
ADDR FAM TYP PRO STRDEV SOCKMOD REFS FLGS
ffffff0078d59cc0 32 1 0 ? ? 0 0
*** mdb: received signal SEGV at:
[1] sockfs.so`sockparams_prt+0xc2()
[2] mdb`dcmd_invoke+0x64()
[3] mdb`mdb_call_idcmd+0xff()
[4] mdb`walk_dcmd+0x32()
[5] genunix.so`list_walk_step+0x91()
[6] mdb`walk_step+0x5e()
[7] mdb`walk_common+0x71()
[8] mdb`mdb_pwalk_dcmd+0x99()
[9] sockfs.so`sockparams_walk_list+0x51()
[10] sockfs.so`sockparams_prt+0x20d()
[11] mdb`dcmd_invoke+0x64()
[12] mdb`mdb_call_idcmd+0xff()
[13] mdb`mdb_call+0x390()
[14] mdb`yyparse+0x4e5()
[15] mdb`mdb_run+0x2cd()
[16] mdb`main+0x13af()
[17] mdb`_start+0x6c()
SEGV is here usr/src/cmd/mdb/common/modules/sockfs/sockfs.c
mdb_printf("%0?p %3u %3u %3u %15s %15s %6u %#6x\n",
addr,
sp.sp_family, sp.sp_type, sp.sp_protocol,
(sp.sp_sdev_info.sd_devpath != 0) ?
sp.sp_sdev_info.sd_devpath : "-",
sp.sp_smod_name, sp.sp_refcnt,
sp.sp_flags);
Files
Updated by Rich Lowe about 11 years ago
I haven't reproduced the bug (haven't tried to, really).
I'd guess that if we're crashing there it's because sd_devpath and sd_smod_name are pointers which we are not reading out separately, but just trying to chase it in our own address space.
Updated by Aleksey Ivanov about 11 years ago
- Status changed from New to In Progress
Updated by Richard PALO about 11 years ago
Just for info, output is slightly different on this system:
running OpenIndiana Build oi_151a2 32-bit (illumos fc320b2833d3)
$ pfexec mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc pcplusmp scsi_vhci zfs ip hook neti sockfs arp usba stmf stmf_sbd fctl md lofs random idm fcp fcip crypto sppp nsmb smbsrv nfs ufs logindmux ptm ipc ]
> ::sockparams
ADDR FAM TYP PRO STRDEV SOCKMOD REFS FLGS
*** mdb: received signal SEGV at:
[1] libc.so.1`strlen+0x30()
[2] mdb`mdb_iob_vprintf+0x26()
[3] mdb`mdb_printf+0x18()
[4] sockfs.so`sockparams_prt+0xf1()
[5] mdb`dcmd_invoke+0x4e()
[6] mdb`mdb_call_idcmd+0x134()
[7] mdb`walk_dcmd+0x25()
[8] genunix.so`list_walk_step+0x99()
[9] mdb`walk_step+0x59()
[10] mdb`walk_common+0x80()
[11] mdb`mdb_pwalk_dcmd+0x95()
[12] sockfs.so`sockparams_walk_list+0x48()
[13] sockfs.so`sockparams_prt+0x18e()
[14] mdb`dcmd_invoke+0x4e()
[15] mdb`mdb_call_idcmd+0x134()
[16] mdb`mdb_call+0x32e()
[17] mdb`yyparse+0x473()
[18] mdb`mdb_run+0x2eb()
[19] mdb`main+0x13e3()
[20] mdb`_start+0x7d()
mdb: (c)ore dump, (q)uit, (r)ecover, or (s)top for debugger [cqrs]?
Updated by Aleksey Ivanov about 11 years ago
There is an invalid address in sp.sp_smod_name.
Updated by Rich Lowe about 11 years ago
Right, see the first comment. You need to read the strings out of the target, too, with mdb_readstr
Updated by Aleksey Ivanov about 11 years ago
- File sockfs.c.diff sockfs.c.diff added
The patch to sockfs.c
Updated by Aleksey Ivanov about 11 years ago
- File 2_sockfs.c.diff 2_sockfs.c.diff added
correct size of buffers
Updated by Rich Lowe almost 11 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
- Tags deleted (
needs-triage)
Resolved in r13735 commit:1c48a05ba37d
Actions