NetBSD Problem Report #36195
From martin@duskware.de Sun Apr 22 21:48:40 2007
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 2C96E63B960
for <gnats-bugs@gnats.netbsd.org>; Sun, 22 Apr 2007 21:48:40 +0000 (UTC)
Message-Id: <20070422213414.4862A63B960@narn.NetBSD.org>
Date: Sun, 22 Apr 2007 21:34:14 +0000 (UTC)
From: fenicottero@gmail.com
Reply-To: fenicottero@gmail.com
To: netbsd-bugs-owner@NetBSD.org
Subject: netstat: kvm_read: Bad address
X-Send-Pr-Version: www-1.0
>Number: 36195
>Category: kern
>Synopsis: netstat: kvm_read: Bad address
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Apr 22 21:50:00 +0000 2007
>Closed-Date: Sat Apr 04 16:16:43 +0000 2020
>Last-Modified: Sat Apr 04 16:16:43 +0000 2020
>Originator: Oleg Pilyavets
>Release: 3.0-release
>Organization:
Lebedev Physical Institute
>Environment:
NetBSD 193.205.94.231 3.0 NetBSD 3.0 (MYKERNEL) #5: Sun Jun 18 03:30:04 MSD 2006 root@spinor.triniti.nat:/usr/src/sys/arch/i386/compile/MYKERNEL i386
>Description:
netstat used intensively produces infinite amount of messages:
kvm_read: Bad address
My kernel:
# config -x /netbsd |sed 's/#.*//;/^ *$/d'
include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE
maxusers 32
options I386_CPU
options I486_CPU
options I586_CPU
options I686_CPU
options MATH_EMULATE
options VM86
options USER_LDT
options ENHANCED_SPEEDSTEP
options MTRR
options INSECURE
options RTC_OFFSET=0
options NTP
options KTRACE
options SYSTRACE
options SYSVMSG
options SYSVSEM
options SYSVSHM
options P1003_1B_SEMAPHORE
options LKM
options USERCONF
options SYSCTL_INCLUDE_DESCR
options DDB
options DDB_HISTORY_SIZE=512
options COMPAT_NOMID
options COMPAT_09
options COMPAT_10
options COMPAT_11
options COMPAT_12
options COMPAT_13
options COMPAT_14
options COMPAT_15
options COMPAT_16
options COMPAT_20
options COMPAT_43
options COMPAT_386BSD_MBRPART
options COMPAT_OSSAUDIO
options COMPAT_SVR4
options COMPAT_IBCS2
options COMPAT_LINUX
options COMPAT_FREEBSD
options COMPAT_BSDPTY
file-system FFS
file-system EXT2FS
file-system LFS
file-system MFS
file-system NFS
file-system NTFS
file-system CD9660
file-system MSDOSFS
file-system FDESC
file-system KERNFS
file-system NULLFS
file-system OVERLAY
file-system PORTAL
file-system PROCFS
file-system UMAPFS
file-system UNION
file-system CODA
file-system SMBFS
options QUOTA
options SOFTDEP
options NFSSERVER
options INET
options INET6
options NS
options ISO,TPIP
options CCITT,LLC,HDLC
options NETATALK
options PPP_BSDCOMP
options PPP_DEFLATE
options PPP_FILTER
options PFIL_HOOKS
options IPFILTER_LOG
options EISAVERBOSE
options MIIVERBOSE
options PCIVERBOSE
options SCSIVERBOSE
options USBVERBOSE
options I2OVERBOSE
options MCAVERBOSE
options NFS_BOOT_DHCP,NFS_BOOT_BOOTPARAM
options WSEMUL_VT100
options WSDISPLAY_CUSTOM_OUTPUT
options WS_KERNEL_FG=WSCOL_GREEN
options WSDISPLAY_CUSTOM_BORDER
options WSDISPLAY_COMPAT_PCVT
options WSDISPLAY_COMPAT_SYSCONS
options WSDISPLAY_COMPAT_USL
options WSDISPLAY_COMPAT_RAWKBD
options PCDISPLAY_SOFTCURSOR
options WSDISPLAY_CHARFUNCS
options WSDISPLAY_SCROLLSUPPORT
config netbsd root on ? type ?
mainbus0 at root
cpu* at mainbus?
pci* at mainbus? bus ?
pci* at pchb? bus ?
pci* at ppb? bus ?
elansc* at pci? dev ? function ?
pchb* at pci? dev ? function ?
pceb* at pci? dev ? function ?
pcib* at pci? dev ? function ?
pcmb* at pci? dev ? function ?
ppb* at pci? dev ? function ?
puc* at pci? dev ? function ?
agp* at pchb?
eisa0 at mainbus?
eisa0 at pceb?
isa0 at mainbus?
isa0 at pceb?
isa0 at pcib?
pcmcia* at pcic? controller ? socket ?
pcmcia* at tcic? controller ? socket ?
mca0 at mainbus?
pcic0 at isa? port 0x3e0 iomem 0xd0000 iosiz 0x10000
pcic1 at isa? port 0x3e2 iomem 0xe0000 iosiz 0x4000
pcic2 at isa? port 0x3e4 iomem 0xe0000 iosiz 0x4000
tcic0 at isa? port 0x240 iomem 0xd0000 iosiz 0x10000
pcic0 at pci? dev? function ?
isapnp0 at isa?
pcic* at isapnp?
cbb* at pci? dev ? function ?
cardslot* at cbb?
cardbus* at cardslot?
pcmcia* at cardslot?
npx0 at isa? port 0xf0 irq 13
pckbc0 at isa?
pckbd* at pckbc?
pms* at pckbc?
vga0 at isa?
vga* at pci? dev ? function ?
pcdisplay0 at isa?
wsdisplay* at vga? console ?
wsdisplay* at pcdisplay? console ?
wskbd* at pckbd? console ?
wsmouse* at pms? mux 0
pcppi0 at isa?
sysbeep0 at pcppi?
com* at puc? port ?
cy* at pci? dev ? function ?
cz* at pci? dev ? function ?
com* at isapnp?
com* at pcmcia? function ?
pcmcom* at pcmcia? function ?
com* at pcmcom? slave ?
com0 at isa? port 0x3f8 irq 4
com1 at isa? port 0x2f8 irq 3
com2 at isa? port 0x3e8 irq 5
com* at mca? slot ?
lpt* at puc? port ?
lpt0 at isa? port 0x378 irq 7
lpt1 at isa? port 0x278
lpt2 at isa? port 0x3bc
iop* at pci? dev ? function ?
iopsp* at iop? tid ?
ld* at iop? tid ?
dpti* at iop? tid 0
adv* at pci? dev ? function ?
adw* at pci? dev ? function ?
ahc* at pci? dev ? function ?
ahd* at pci? dev ? function ?
bha* at pci? dev ? function ?
dpt* at pci? dev ? function ?
iha* at pci? dev ? function ?
isp* at pci? dev ? function ?
mly* at pci? dev ? function ?
mpt* at pci? dev ? function ?
njs* at pci? dev ? function ?
pcscp* at pci? dev ? function ?
siop* at pci? dev ? function ?
esiop* at pci? dev ? function ?
trm* at pci? dev ? function ?
ahb* at eisa? slot ?
ahc* at eisa? slot ?
bha* at eisa? slot ?
dpt* at eisa? slot ?
uha* at eisa? slot ?
aic* at pcmcia? function ?
esp* at pcmcia? function ?
aha* at isapnp?
aic* at isapnp?
adv0 at isa? port ? irq ? drq ?
aha0 at isa? port 0x330 irq ? drq ?
aha1 at isa? port 0x334 irq ? drq ?
ahc0 at isa? port ? irq ?
aic0 at isa? port 0x340 irq 11
bha0 at isa? port 0x330 irq ? drq ?
bha1 at isa? port 0x334 irq ? drq ?
sea0 at isa? iomem 0xc8000 irq 5
uha0 at isa? port 0x330 irq ? drq ?
uha1 at isa? port 0x340 irq ? drq ?
wds0 at isa? port 0x350 irq 15 drq 6
wds1 at isa? port 0x358 irq 11 drq 5
aha* at mca? slot ?
scsibus* at scsi?
sd* at scsibus? target ? lun ?
st* at scsibus? target ? lun ?
cd* at scsibus? target ? lun ?
ch* at scsibus? target ? lun ?
ses* at scsibus? target ? lun ?
ss* at scsibus? target ? lun ?
uk* at scsibus? target ? lun ?
aac* at pci? dev ? function ?
amr* at pci? dev ? function ?
cac* at eisa? slot ?
cac* at pci? dev ? function ?
icp* at pci? dev ? function ?
mlx* at pci? dev ? function ?
mlx* at eisa? slot ?
twe* at pci? dev ? function ?
ld* at aac? unit ?
ld* at amr? unit ?
ld* at cac? unit ?
ld* at icp? unit ?
ld* at twe? unit ?
ld* at mlx? unit ?
icpsp* at icp? unit ?
pciide* at pci? dev ? function ? flags 0x0000
acardide* at pci? dev ? function ?
aceride* at pci? dev ? function ?
artsata* at pci? dev ? function ?
cmdide* at pci? dev ? function ?
cypide* at pci? dev ? function ?
geodeide* at pci? dev ? function ?
hptide* at pci? dev ? function ?
iteide* at pci? dev ? function ?
ixpide* at pci? dev ? function ?
optiide* at pci? dev ? function ?
piixide* at pci? dev ? function ?
pdcide* at pci? dev ? function ?
pdcsata* at pci? dev ? function ?
rccide* at pci? dev ? function ?
satalink* at pci? dev ? function ?
siside* at pci? dev ? function ?
slide* at pci? dev ? function ?
stpcide* at pci? dev ? function ?
viaide* at pci? dev ? function ?
wdc* at isapnp?
wdc* at pcmcia? function ?
wdc0 at isa? port 0x1f0 irq 14 flags 0x00
wdc1 at isa? port 0x170 irq 15 flags 0x00
atabus* at ata?
wd* at atabus? drive ? flags 0x0000
pseudo-device ataraid
ld* at ataraid? vendtype ? unit ?
atapibus* at atapi?
cd* at atapibus? drive ? flags 0x0000
sd* at atapibus? drive ? flags 0x0000
st* at atapibus? drive ? flags 0x0000
uk* at atapibus? drive ? flags 0x0000
fdc0 at isa? port 0x3f0 irq 6 drq 2
fd* at fdc? drive ?
edc* at mca? slot ?
ed* at edc?
an* at pci? dev ? function ?
ath* at pci? dev ? function ?
atw* at pci? dev ? function ?
bce* at pci? dev ? function ?
bge* at pci? dev ? function ?
dge* at pci? dev ? function ?
en* at pci? dev ? function ?
ep* at pci? dev ? function ?
epic* at pci? dev ? function ?
esh* at pci? dev ? function ?
ex* at pci? dev ? function ?
fpa* at pci? dev ? function ?
fxp* at pci? dev ? function ?
ipw* at pci? dev ? function ?
iwi* at pci? dev ? function ?
gsip* at pci? dev ? function ?
hme* at pci? dev ? function ?
le* at pci? dev ? function ?
lmc* at pci? dev ? function ?
mtd* at pci? dev ? function ?
ne* at pci? dev ? function ?
ntwoc* at pci? dev ? function ?
pcn* at pci? dev ? function ?
re* at pci? dev ? function ?
rtk* at pci? dev ? function ?
sf* at pci? dev ? function ?
sip* at pci? dev ? function ?
skc* at pci? dev ? function ?
sk* at skc?
ste* at pci? dev ? function ?
stge* at pci? dev ? function ?
ti* at pci? dev ? function ?
tl* at pci? dev ? function ?
tlp* at pci? dev ? function ?
txp* at pci? dev ? function ?
vge* at pci? dev ? function ?
vr* at pci? dev ? function ?
wi* at pci? dev ? function ?
wm* at pci? dev ? function ?
xge* at pci? dev ? function ?
ep* at eisa? slot ?
fea* at eisa? slot ?
tlp* at eisa? slot ?
an* at isapnp?
ep* at isapnp?
fmv* at isapnp?
le* at isapnp?
ne* at isapnp?
tr* at isapnp?
an* at pcmcia? function ?
awi* at pcmcia? function ?
cnw* at pcmcia? function ?
cs* at pcmcia? function ?
ep* at pcmcia? function ?
mbe* at pcmcia? function ?
ne* at pcmcia? function ?
ray* at pcmcia? function ?
sm* at pcmcia? function ?
wi* at pcmcia? function ?
xirc* at pcmcia? function ?
com* at xirc?
xi* at xirc?
mhzc* at pcmcia? function ?
com* at mhzc?
sm* at mhzc?
ate0 at isa? port 0x2a0 irq ?
cs0 at isa? port 0x300 iomem ? irq ? drq ?
ec0 at isa? port 0x250 iomem 0xd8000 irq 9
eg0 at isa? port 0x280 irq 9
el0 at isa? port 0x300 irq 9
ep* at isa? port ? irq ?
ef0 at isa? port 0x360 iomem 0xd0000 irq 7
ai0 at isa? port 0x360 iomem 0xd0000 irq 7
fmv0 at isa? port 0x2a0 irq ?
ix0 at isa? port 0x300 irq 10
iy0 at isa? port 0x360 irq ?
lc0 at isa? port 0x320 iomem ? irq ?
nele0 at isa? port 0x320 irq 9 drq 7
le* at nele?
bicc0 at isa? port 0x320 irq 10 drq 7
le* at bicc?
ne0 at isa? port 0x280 irq 9
ne1 at isa? port 0x300 irq 10
sm0 at isa? port 0x300 irq 10
tr0 at isa? port 0xa20 iomem 0xd8000 irq ?
tr1 at isa? port 0xa24 iomem 0xd0000 irq ?
tr* at isa? port ? irq ?
we0 at isa? port 0x280 iomem 0xd0000 irq 9
we1 at isa? port 0x300 iomem 0xcc000 irq 10
elmc* at mca? slot ?
ep* at mca? slot ?
we* at mca? slot ?
ate* at mca? slot ?
ne* at mca? slot ?
tr* at mca? slot ?
le* at mca? slot ?
acphy* at mii? phy ?
amhphy* at mii? phy ?
bmtphy* at mii? phy ?
brgphy* at mii? phy ?
ciphy* at mii? phy ?
dmphy* at mii? phy ?
exphy* at mii? phy ?
gentbi* at mii? phy ?
glxtphy* at mii? phy ?
gphyter* at mii? phy ?
icsphy* at mii? phy ?
igphy* at mii? phy ?
inphy* at mii? phy ?
iophy* at mii? phy ?
lxtphy* at mii? phy ?
makphy* at mii? phy ?
nsphy* at mii? phy ?
nsphyter* at mii? phy ?
pnaphy* at mii? phy ?
qsphy* at mii? phy ?
sqphy* at mii? phy ?
tlphy* at mii? phy ?
tqphy* at mii? phy ?
ukphy* at mii? phy ?
urlphy* at mii? phy ?
ehci* at pci? dev ? function ?
ohci* at pci? dev ? function ?
uhci* at pci? dev ? function ?
usb* at ehci?
usb* at ohci?
usb* at uhci?
uhub* at usb?
uhub* at uhub? port ? configuration ? interface ?
uhidev* at uhub? port ? configuration ? interface ?
ums* at uhidev? reportid ?
wsmouse* at ums? mux 0
uep* at uhub? port ?
wsmouse* at uep? mux 0
ukbd* at uhidev? reportid ?
wskbd* at ukbd? console ? mux 1
uhid* at uhidev? reportid ?
ulpt* at uhub? port ? configuration ? interface ?
umodem* at uhub? port ? configuration ?
ucom* at umodem?
umass* at uhub? port ? configuration ? interface ?
scsibus* at umass?
wd* at umass?
uaudio* at uhub? port ? configuration ?
umidi* at uhub? port ? configuration ?
uirda* at uhub? port ? configuration ? interface ?
irframe* at uirda?
ustir* at uhub? port ?
irframe* at ustir?
aue* at uhub? port ?
axe* at uhub? port ?
cdce* at uhub? port ?
cue* at uhub? port ?
kue* at uhub? port ?
udav* at uhub? port ?
url* at uhub? port ?
atu* at uhub? port ?
upl* at uhub? port ?
ubsa* at uhub? port ?
ucom* at ubsa? portno ?
uftdi* at uhub? port ?
ucom* at uftdi? portno ?
umct* at uhub? port ?
ucom* at umct? portno ?
uplcom* at uhub? port ?
ucom* at uplcom? portno ?
uvscom* at uhub? port ?
ucom* at uvscom? portno ?
urio* at uhub? port ?
uvisor* at uhub? port ?
ucom* at uvisor?
ukyopon* at uhub? port ?
ucom* at ukyopon? portno ?
uscanner* at uhub? port ?
usscanner* at uhub? port ?
uyap* at uhub? port ?
udsbr* at uhub? port ?
radio* at udsbr?
ugen* at uhub? port ?
oboe* at pci? dev ? function ?
irframe* at oboe?
auacer* at pci? dev ? function ?
auich* at pci? dev ? function ?
auixp* at pci? dev ? function ?
autri* at pci? dev ? function ?
auvia* at pci? dev ? function ?
azalia* at pci? dev ? function ?
clcs* at pci? dev ? function ?
clct* at pci? dev ? function ?
cmpci* at pci? dev ? function ?
eap* at pci? dev ? function ?
emuxki* at pci? dev ? function ?
esa* at pci? dev ? function ?
esm* at pci? dev ? function ?
eso* at pci? dev ? function ?
fms* at pci? dev ? function ?
neo* at pci? dev ? function ?
sv* at pci? dev ? function ?
yds* at pci? dev ? function ?
ess* at isapnp?
guspnp* at isapnp?
sb* at isapnp?
wss* at isapnp?
ym* at isapnp?
gus0 at isa? port 0x220 irq 7 drq 1 drq2 6
pas0 at isa? port 0x220 irq 7 drq 1
sb0 at isa? port 0x220 irq 5 drq 1 drq2 5
wss0 at isa? port 0x530 irq 10 drq 0 drq2 1
opl* at cmpci? flags 1
opl* at eso?
opl* at ess?
opl* at fms?
opl* at sb?
opl* at sv?
opl* at wss?
opl* at yds?
opl* at ym?
audio* at audiobus?
mpu* at cmpci?
mpu* at eso?
mpu* at fms?
mpu* at sb?
mpu* at yds?
mpu* at ym?
midi* at midibus?
midi* at pcppi?
bktr* at pci? dev ? function ?
radio* at bktr?
lms0 at isa? port 0x23c irq 5
lms1 at isa? port 0x238 irq 5
mms0 at isa? port 0x23c irq 5
mms1 at isa? port 0x238 irq 5
wsmouse* at lms? mux 0
wsmouse* at mms? mux 0
hifn* at pci? dev ? function ?
ubsec* at pci? dev ? function ?
joy* at isapnp?
joy* at pci?
joy* at eso?
weasel* at pci?
include "arch/i386/conf/GENERIC.local"
pseudo-device crypto
pseudo-device ccd 4
pseudo-device cgd 4
pseudo-device raid 8
options RAID_AUTOCONFIG
pseudo-device fss 4
pseudo-device md 1
pseudo-device vnd 4
options VND_COMPRESSION
pseudo-device bpfilter 8
pseudo-device ipfilter
pseudo-device loop
pseudo-device ppp 2
pseudo-device pppoe
pseudo-device sl 2
pseudo-device strip 2
pseudo-device irframetty
pseudo-device tap
pseudo-device tun 2
pseudo-device gre 2
pseudo-device gif 4
pseudo-device vlan
pseudo-device bridge
pseudo-device pty
pseudo-device tb 1
pseudo-device sequencer 1
pseudo-device rnd
pseudo-device clockctl
pseudo-device vcoda 4
pseudo-device nsmb
pseudo-device wsmux
pseudo-device wsfont
pseudo-device ksyms
file-system PTYFS
>How-To-Repeat:
I have 2 running system monitor "torsmo" (simultaneously) each of them every second run the command:
netstat |grep tcp |cut -c 45-67 |sort |uniq -c |cut -c 6-40 |grep -v localhost |grep -v "*.*" |cut -c 1-22
In this case I get the output:
$ torsmo
torsmo: drawing to root window
torsmo: drawing to double buffer
torsmo: forked to background, pid is 13154
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
netstat: kvm_read: Bad address
>Fix:
>Release-Note:
>Audit-Trail:
From: Jan Schaumann <jschauma@netmeister.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/36195
Date: Thu, 14 Feb 2008 14:29:44 -0800
--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
The same problem was found in FreeBSD (various versions, including 4.x,
6.x, 7.x) and other BSD versions. John Baldwin fixed it (to some
degree) in FreeBSD:
http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/netstat/route.c.diff?r1=
=3D1.87;r2=3D1.88
The problem appears to be that if your routing table changes while
netstat is running, it's possible that a pointer gets freed that netstat
wants to revisit.
John's commit message:
"Make netstat -rn more resilient to having the routing table change out
=66rom
under it while running. Note that this is still not perfect:
- Try to do something intelligent if kvm_read() fails to read a routing
table structure such as an rtentry, radix_node, or ifnet.
- Don't follow left and right node pointers in radix_nodes unless
RNF_ACTIVE is set in rn_flags. This avoids walking through freed
radix_nodes."
--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)
iD8DBQFHtMDYfFtkr68iakwRAthyAJ96Zc5Q+NUR4m1TGvG/47qE52MXcgCgvENP
NlqBnQ9VLN0aEkq6l8cffMA=
=qz4b
-----END PGP SIGNATURE-----
--YiEDa0DAkWCtVeE4--
State-Changed-From-To: open->closed
State-Changed-By: jdolecek@NetBSD.org
State-Changed-When: Sat, 04 Apr 2020 16:16:43 +0000
State-Changed-Why:
Report for NetBSD 3.0, there is hope it's been fixed since then.
>Unformatted:
(Contact us)
$NetBSD: gnats-precook-prs,v 1.4 2018/12/21 14:20:20 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home