Project

General

Profile

Bug #4229

mdb hangs on exit when long umem cache names exist

Added by Josef Sipek over 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
mdb - modular debugger
Start date:
2013-10-18
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

libumem allows caches to have an ASCII name - up to 31 chars. If a 31-char long name is used, mdb will hang on exit. (A shorter cache name works as expected.)

$ <download attached test file>
$ gcc -Wall -O1 -lumem -o test test.c
$ ./test 30
making cache of length 30: 123456789012345678901234567890
Segmentation Fault (core dumped)
$ echo '' | mdb core
$ ./test 31
making cache of length 31: 1234567890123456789012345678901
Segmentation Fault (core dumped)
$ echo '' | mdb core
<hang>

The hang is mdb pegging a CPU looping inside the teardown code:

nv_hashstring+0x2c(81b2e9d, 8102c68, 8046828, 8074053)
mdb_nv_lookup+0x10(8102c68, 81b2e9d, 81038b0, 81b09dd)
mdb_module_remove_walker+0x1b(8102c50)
mdb_module_unload_common+0x11e(81038b0, 8139f28, 80468c8, 809af3f, 0, 54)
mdb_module_unload+0xe(81038b0, 2, 80468d8, 2)
mdb_module_unload_all+0x20(2)
mdb_destroy+0x3a(8103e98, 8139f10, 80476b8, 8083b76, 0, 8139f10)
terminate+0x10(0, 8139f10, 80476b8, 8083ad9)
main+0x14d2(2, 80476e8, 80476f4, 80476dc)
_start+0x7d(2, 8047830, 8047834, 0, 804783e, 804784a)

Profiling stacks using DTrace shows that we're looping somewhere in:

              mdb`mdb_module_unload+0xe
              mdb`mdb_module_unload_all+0x20
              mdb`mdb_destroy+0x3a
              mdb`terminate+0x10
              mdb`main+0x14d2
              mdb`_start+0x7d

The culprit seems to be libumem:

$ sudo dtrace -n 'pid$target::mdb_module_unload:entry{ trace(copyinstr(arg0)) }' -p `pgrep mdb`
dtrace: description 'pid$target::mdb_module_unload:entry' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  77990          mdb_module_unload:entry   ld.so.1                          
  0  77990          mdb_module_unload:entry   libc.so.1                        
  0  77990          mdb_module_unload:entry   libumem.so.1 

Files

test.c (755 Bytes) test.c Josef Sipek, 2013-10-18 12:51 AM

Also available in: Atom PDF