DTrace panic while probing syscall::open (and possibly many
others)
Wesley Shields
wxs at FreeBSD.org
Tue May 19 21:18:45 UTC 2009
On Mon, May 18, 2009 at 06:18:38PM +0200, Thomas Backman wrote:
>
> On May 18, 2009, at 06:11 PM, Wesley Shields wrote:
>
> > On Wed, May 13, 2009 at 03:19:05PM +0200, Thomas Backman wrote:
> >> OK, so I first posted a thread on the forums about this in 7.2-
> >> RELEASE:
> >> http://forums.freebsd.org/showthread.php?t=3834
> >> Then filed a PR, kern/134408:
> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=134408
> >>
> >> The very same bug remains in 8-CURRENT/amd64 as of May 13, ~10(am)
> >> GMT+2.
> >>
> >> Steps to reproduce:
> >> 1) Build DTrace capable kernel (I followed the wiki DTrace
> >> instructions)
> >> 2) Reboot; kldload dtraceall
> >> 3) dtrace -n 'syscall::open:entry { self->path = arg0; }
> >> syscall::open:return { printf("%s\n", copyinstr(self->path)); }'
> >> 4) Crash.
> >>
> >> Backtrace:
> >> [...]
> >
> > It's not the probe that is the problem. I suspect it's the copyinstr.
> >
> >> Same panic on two computers (a "real" one, A64 3200+, nForce4, 2GB
> >> RAM;
> >> and a Macbook Pro C2D running VMware Fusion). Same panic in 7.2 and
> >> 8.0.
> >
> > I can easily reproduce this also.
> >
> > -- WXS
>
> Yup, it's copyinstr() crashing. It works if you simply replace
> printf(...) with printf("file opened\n") which doesn't copy anything
> in, and the backtrace seems (even to me ;) to point towards it.
It's also worth noting that copyin() also causes the same panic. The
ASSERT() in dtrace_copycheck() is catching it.
The "Solaris Dynamic Tracing Guide" mentions that the specified address
must correspond to a faulted-in page in the current process. I'm not
sure how I could go about finding that out.
-- WXS
More information about the freebsd-current
mailing list