NetBSD Problem Report #36078
From www@NetBSD.org Sat Mar 24 11:18:50 2007
Return-Path: <www@NetBSD.org>
Received: by narn.NetBSD.org (Postfix, from userid 31301)
id A47AC63B853; Sat, 24 Mar 2007 11:18:50 +0000 (UTC)
Message-Id: <20070324111850.A47AC63B853@narn.NetBSD.org>
Date: Sat, 24 Mar 2007 11:18:50 +0000 (UTC)
From: antiright@gmail.com
Reply-To: antiright@gmail.com
To: gnats-bugs@NetBSD.org
Subject: pstat segfaults when used for kernel core file with -v and -T options
X-Send-Pr-Version: www-1.0
>Number: 36078
>Category: bin
>Synopsis: pstat segfaults when used for kernel core file with -v and -T options
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 24 11:20:00 +0000 2007
>Originator: Jeffrey Bedard
>Release: 4.99.16 (amd64)
>Organization:
>Environment:
NetBSD antiright.dyndns.org 4.99.16 NetBSD 4.99.16 (AR) #7: Thu Mar 22 08:41:32 EDT 2007 root@antiright.dyndns.org:/usr/sources/src-current/sys/arch/amd64/compile/AR amd64
>Description:
pstat segfaults when used on a kernel core file when the -T or -v options are specified. This segfault occurs in kinfo_vnodes(), according to gdb.
(gdb) r -M netbsd.0.core -T
Starting program: /usr/sbin/pstat -M netbsd.0.core -T
...
230/3404 files
Program received signal SIGSEGV, Segmentation fault.
0x000000000040240b in kinfo_vnodes ()
(gdb) r -M netbsd.0.core -v
...
Starting program: /usr/sbin/pstat -M netbsd.0.core -v
...
Program received signal SIGSEGV, Segmentation fault.
0x000000000040240b in kinfo_vnodes ()
(gdb) bt
#0 0x000000000040240b in kinfo_vnodes ()
#1 0x00000000004024ba in loadvnodes ()
#2 0x0000000000402688 in vnodemode ()
#3 0x0000000000402f7a in main ()
Running with pstat compiled with -g3:
0x0000000000402e99 in kinfo_vnodes (avnodes=0x7f7fffffdfbc) at pstat.c:744
744 TAILQ_FOREACH(vp, &mount.mnt_vnodelist, v_mntvnodes) {
>How-To-Repeat:
pstat -M netbsd.0.core -v
pstat -M netbsd.0.core -T
>Fix:
vp->v_mntvnodes.tqe_next within TAILQ_FOREACH is the source of the segfault. vp is uninitialized before this call.
patch:
--- pstat.c.orig 2007-03-24 06:14:47.000000000 -0400
+++ pstat.c 2007-03-24 07:12:33.000000000 -0400
@@ -731,25 +731,30 @@
struct vnode *vp, vnode;
char *beg, *bp, *ep;
int numvnodes;
-
+
KGET(V_NUMV, numvnodes);
if ((bp = malloc((numvnodes + 20) * (VPTRSZ + VNODESZ))) == NULL)
err(1, "malloc");
beg = bp;
ep = bp + (numvnodes + 20) * (VPTRSZ + VNODESZ);
KGET(V_MOUNTLIST, mountlist);
+
+ vp=(struct vnode *)bp;
+
for (mp = mountlist.cqh_first;;
mp = mount.mnt_list.cqe_next) {
KGET2(mp, &mount, sizeof(mount), "mount entry");
- TAILQ_FOREACH(vp, &mount.mnt_vnodelist, v_mntvnodes) {
- KGET2(vp, &vnode, sizeof(vnode), "vnode");
- if (bp + VPTRSZ + VNODESZ > ep)
+ if(vp->v_mntvnodes.tqe_next != NULL) {
+ TAILQ_FOREACH(vp, &mount.mnt_vnodelist, v_mntvnodes) {
+ KGET2(vp, &vnode, sizeof(vnode), "vnode");
+ if (bp + VPTRSZ + VNODESZ > ep)
/* XXX - should realloc */
- errx(1, "no more room for vnodes");
- memmove(bp, &vp, VPTRSZ);
- bp += VPTRSZ;
- memmove(bp, &vnode, VNODESZ);
- bp += VNODESZ;
+ errx(1, "no more room for vnodes");
+ memmove(bp, &vp, VPTRSZ);
+ bp += VPTRSZ;
+ memmove(bp, &vnode, VNODESZ);
+ bp += VNODESZ;
+ }
}
if (mp == mountlist.cqh_last)
break;
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.