Project

General

Profile

Bug #9060

::dtrace_options causes mdb to dump core

Added by Robert Mustacchi about 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
DTrace
Start date:
2018-02-06
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

I started a DTrace consumer:

[root@headnode (emy-10) ~]# dtrace -n 'BEGIN{}' 
dtrace: description 'BEGIN' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0      1                           :BEGIN 

and then tried to view its options using "mdb -k", but mdb crashed:

[root@headnode (emy-10) ~]# mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc pcplusmp scsi_vhci ufs ip hook neti sockfs arp usba uhci mm stmf_sbd stmf zfs sd lofs idm crypto random cpc logindmux ptm kvm sppp nsmb smbsrv nfs ipc ]
> ::walk dtrace_state
0xffffff14805355c0
> 0xffffff14805355c0::dtrace_options
OPTION                    VALUE
bufsize                   4M
bufpolicy                 switch
dynvarsize                1M
aggsize                   0
specsize                  0
nspec                     1
strsize                   256
cleanrate                 101hz
cpu                       unbound
bufresize                 0
grabanon                  UNSET
flowindent                UNSET
quiet                     UNSET
stackframes               20
ustackframes              20
aggrate                   1hz
switchrate                1hz
statusrate                1hz
destructive               UNSET
stackindent               UNSET
rawbytes                  UNSET
jstackframes              50
jstackstrsize             512
aggsortkey                UNSET
aggsortrev                UNSET
aggsortpos                UNSET
aggsortkeypos             UNSET

*** mdb: received signal SEGV at:
    [1] mdb`dcmd_invoke+0x7c()
    [2] mdb`mdb_call_idcmd+0x112()
    [3] mdb`mdb_call+0x3e1()
    [4] mdb`yyparse+0xdb4()
    [5] mdb`mdb_run+0x2cd()
    [6] mdb`main+0xc9d()
    [7] mdb`_start+0x6c()

mdb: (c)ore dump, (q)uit, (r)ecover, or (s)top for debugger [cqrs]? 
mdb: attempting to dump core ...
Segmentation Fault (core dumped)
[root@headnode (emy-10) ~]#

The root cause for this appears to be that "::dtrace_options" uses a table, dtrace_options, that needs to be kept in sync with the DTRACEOPT values in uts/common/sys/dtrace.h, but that's gotten out of sync. DTRACEOPT_MAX is now larger than the _dtrace_options array, causing us to walk off the end of the array and attempt to call a NULL function pointer.

#1

Updated by Electric Monk over 2 years ago

  • Status changed from New to Closed

git commit 9d0ac662182643f3b6579f48816de772cb77b47c

commit  9d0ac662182643f3b6579f48816de772cb77b47c
Author: John Levon <john.levon@joyent.com>
Date:   2018-07-19T14:29:30.000Z

    9060 ::dtrace_options causes mdb to dump core
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF