Actions
Bug #9060
closed
::dtrace_options causes mdb to dump core
Start date:
2018-02-06
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
I started a DTrace consumer:
[root@headnode (emy-10) ~]# dtrace -n 'BEGIN{}'
dtrace: description 'BEGIN' matched 1 probe
CPU ID FUNCTION:NAME
0 1 :BEGIN
and then tried to view its options using "mdb -k", but mdb crashed:
[root@headnode (emy-10) ~]# mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc pcplusmp scsi_vhci ufs ip hook neti sockfs arp usba uhci mm stmf_sbd stmf zfs sd lofs idm crypto random cpc logindmux ptm kvm sppp nsmb smbsrv nfs ipc ]
> ::walk dtrace_state
0xffffff14805355c0
> 0xffffff14805355c0::dtrace_options
OPTION VALUE
bufsize 4M
bufpolicy switch
dynvarsize 1M
aggsize 0
specsize 0
nspec 1
strsize 256
cleanrate 101hz
cpu unbound
bufresize 0
grabanon UNSET
flowindent UNSET
quiet UNSET
stackframes 20
ustackframes 20
aggrate 1hz
switchrate 1hz
statusrate 1hz
destructive UNSET
stackindent UNSET
rawbytes UNSET
jstackframes 50
jstackstrsize 512
aggsortkey UNSET
aggsortrev UNSET
aggsortpos UNSET
aggsortkeypos UNSET
*** mdb: received signal SEGV at:
[1] mdb`dcmd_invoke+0x7c()
[2] mdb`mdb_call_idcmd+0x112()
[3] mdb`mdb_call+0x3e1()
[4] mdb`yyparse+0xdb4()
[5] mdb`mdb_run+0x2cd()
[6] mdb`main+0xc9d()
[7] mdb`_start+0x6c()
mdb: (c)ore dump, (q)uit, (r)ecover, or (s)top for debugger [cqrs]?
mdb: attempting to dump core ...
Segmentation Fault (core dumped)
[root@headnode (emy-10) ~]#
The root cause for this appears to be that "::dtrace_options" uses a table, dtrace_options, that needs to be kept in sync with the DTRACEOPT values in uts/common/sys/dtrace.h, but that's gotten out of sync. DTRACEOPT_MAX is now larger than the _dtrace_options array, causing us to walk off the end of the array and attempt to call a NULL function pointer.
Updated by
Actions