Bug #8584
open
dtrace: Certain llquantize() parameters trigger assertion
0%
Description
FreeBSD PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219451
FreeBSD fix: https://svnweb.freebsd.org/changeset/base/322773, https://svnweb.freebsd.org/changeset/base/322774, https://svnweb.freebsd.org/changeset/base/322775
Reproduced using
dtrace -n 'syscall::read:return /execname == "sshd"/ { @[execname] = llquantize(arg0, 100, 0, 10, 100); @m = max(arg0)}'
> ::status
debugging core file of dtrace (64-bit) from antares
file: /usr/sbin/amd64/dtrace
initial argv: dtrace -n syscall::read:return /execname == "sshd"/ { @[execname] = llquantize(
threading model: native threads
status: process terminated by SIGABRT (Abort), pid=100886 uid=0 code=-1
panic message: Assertion failed: value < next, file ../common/dt_consume.c, line 1076
> ::stack
libc.so.1`_lwp_kill+0xa()
libc.so.1`raise+0x20(6)
libc.so.1`abort+0x98()
0xfffffd7fff218eca()
libdtrace.so.1`dt_print_llquantize+0x408(420ec0, 41a840, 6b8e70, 1ea8, 1)
libdtrace.so.1`dt_print_datum+0x353(420ec0, 41a840, 6b2b88, 6b8e70, 1ea8, 4256c0)
libdtrace.so.1`dt_print_aggs+0x27a(fffffd7fffdff778, 1, fffffd7fffdff840)
libdtrace.so.1`dt_print_agg+0x3a(4256c0, fffffd7fffdff840)
libdtrace.so.1`dt_aggregate_walk_sorted+0x11b(420ec0, fffffd7ffec08380, fffffd7fffdff840, 0)
libdtrace.so.1`dtrace_aggregate_walk_sorted+0x1b(420ec0, fffffd7ffec08380, fffffd7fffdff840)
libdtrace.so.1`dtrace_aggregate_print+0x68(420ec0, 41a840, 0)
main+0x15cc(3, fffffd7fffdffac8)
_start+0x6c()
>
Files
Updated by
Updated by Igor Kozhukhov over 5 years ago
reproduce on SPARC64 in zone with different message:
igork@bld13:~/builds/igork/du2/components/gcc-6/debian/patches$ sudo dtrace -n 'syscall::read:return /execname == "sshd"/ { @[execname] = llquantize(arg0, 100, 0, 10, 100); @m = max(arg0)}'
Assertion failed: !(arg & (UINT16_MAX << args[i].shift)), file ../common/dt_cc.c, line 1431
Abort
$ sudo mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
> $C
ffffffff7fffe401 libc.so.1`_lwp_kill+8(1, 6, 0, 0, 0, 0)
ffffffff7fffe4b1 libc.so.1`raise+0x14(0, 0, ffffffff7fffee10, 1, 0, 0)
ffffffff7fffe561 libc.so.1`abort+0xac(ffffffff7fffeef0, ffffffff7fffeef0, 5c, 80808080, ff0000, 80808080)
ffffffff7fffe641 libc.so.1`_assert+0x6c(fffffffe79c76ba8, fffffffe79c75d60, 597, 0, 0, ffffffff7ffff291)
ffffffff7fffe8f1 libdtrace.so.1`dt_compile_agg+0x7c0(100113880, 100618e70, 100644320, ffff, 1006441d0, 10)
ffffffff7fffea91 libdtrace.so.1`dt_compile_one_clause+0x2a4(100113880, 100643e40, 708, fffffffe79d9b608, 1fc, fffffffe79d9b860)
ffffffff7fffeb41 libdtrace.so.1`dt_compile_clause+0x14(100113880, 100643e40, 992, 1c8, fffffffe79d8faf4, fffffffe79d92c68)
ffffffff7fffebf1 libdtrace.so.1`dt_compile+0x6e8(100113880, 16b, 0, 0, 80, 1)
ffffffff7fffeea1 libdtrace.so.1`dtrace_program_strcompile+0x24(100113880, ffffffff7ffffdb2, 3, 80, 1, 10010dbc0)
ffffffff7fffef71 compile_str+0x50(10010f3c0, ffffffff7ffffbd8, 1000084e0, 80808080, ff00, ff0000)
ffffffff7ffff021 main+0xf18(3, ffffffff7ffffbd8, 100009f20, 10010d0f0, 100000, 1)
ffffffff7ffff271 _start_crt+0x6c(3, ffffffff7ffffbd8, ffffffff6f61c5e4, 0, 0, 0)
ffffffff7ffff321 _start+0x14(0, 0, 0, 0, 0, 0)
> ::status
debugging core file of dtrace (64-bit) from bld13
file: /usr/sbin/dtrace
initial argv: dtrace -n syscall::read:return /execname == "sshd"/ { @[execname] = llquantize(
threading model: native threads
status: process terminated by SIGABRT (Abort), pid=75235 uid=0 code=-1
panic message: Assertion failed: !(arg & (UINT16_MAX << args[i].shift)), file ../common/dt_cc.c, line 1431
sparc has bigendian and more visible to aligned problems and overflow
reference to code:
https://github.com/joyent/illumos-joyent/blame/master/usr/src/lib/libdtrace/common/dt_cc.c#L1431
code was introduced by commit:
https://github.com/joyent/illumos-joyent/commit/2b6389efff8da018d426952e20428e7e60d568a3#diff-8700a4e2456f6604f2cdc8157a45e49cR1352
Updated by Carlos Neira over 5 years ago
I'm using latest SmartOS and the issue is still there I'll check the FreeBSD patch to make this go away.
Igor Kozhukhov wrote:
reproduce on SPARC64 in zone with different message:
[...][...]
sparc has bigendian and more visible to aligned problems and overflow
reference to code:
https://github.com/joyent/illumos-joyent/blame/master/usr/src/lib/libdtrace/common/dt_cc.c#L1431code was introduced by commit:
https://github.com/joyent/illumos-joyent/commit/2b6389efff8da018d426952e20428e7e60d568a3#diff-8700a4e2456f6604f2cdc8157a45e49cR1352
Updated by Carlos Neira over 5 years ago
- File dt_cc.c.patch dt_cc.c.patch added
Here is the patch applied on illumos, I just tested in amd64. I don't have access to a Sparc to try a fix on that platform.
carlos neira wrote:
I'm using latest SmartOS and the issue is still there I'll check the FreeBSD patch to make this go away.
Igor Kozhukhov wrote:
reproduce on SPARC64 in zone with different message:
[...][...]
sparc has bigendian and more visible to aligned problems and overflow
reference to code:
https://github.com/joyent/illumos-joyent/blame/master/usr/src/lib/libdtrace/common/dt_cc.c#L1431code was introduced by commit:
https://github.com/joyent/illumos-joyent/commit/2b6389efff8da018d426952e20428e7e60d568a3#diff-8700a4e2456f6604f2cdc8157a45e49cR1352