From inyaoo@gmail.com  Wed Jun 29 14:43:48 2011
Return-Path: <inyaoo@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A3A7B106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jun 2011 14:43:48 +0000 (UTC)
	(envelope-from inyaoo@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 265768FC18
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jun 2011 14:43:47 +0000 (UTC)
Received: by wwe6 with SMTP id 6so1308747wwe.31
        for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jun 2011 07:43:47 -0700 (PDT)
Received: by 10.227.179.14 with SMTP id bo14mr795692wbb.90.1309358626978;
        Wed, 29 Jun 2011 07:43:46 -0700 (PDT)
Received: from localhost (load-me-in-a-browser-if-this-tor-node-is-causing-you-grief.riseup.net [77.109.139.87])
        by mx.google.com with ESMTPS id en1sm957495wbb.35.2011.06.29.07.43.40
        (version=SSLv3 cipher=OTHER);
        Wed, 29 Jun 2011 07:43:44 -0700 (PDT)
Message-Id: <86r56cu29j.fsf@gmail.com>
Date: Wed, 29 Jun 2011 18:43:20 +0400
From: Pan Tsu <inyaoo@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [dtrace] crash in dt_proc_lookup when attaching to PID, assert(dpr != NULL)

>Number:         158431
>Category:       bin
>Synopsis:       [dtrace] crash in dt_proc_lookup when attaching to PID, assert(dpr != NULL)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnn
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 29 14:50:08 UTC 2011
>Closed-Date:    Mon May 28 18:45:06 UTC 2012
>Last-Modified:  Mon May 28 18:45:06 UTC 2012
>Originator:     Pan Tsu
>Release:        FreeBSD 9.0-CURRENT r223641M amd64
>Organization:
>Environment:
include GENERIC
option KDTRACE_HOOKS
option KDTRACE_FRAME
option DDB_CTF
makeoption WITH_CTF=1
>Description:
Tracing of an already running process doesn't seem to work, e.g.

  $ dtruss -p 1234
  $ dtrace -P pid1234

also without any probes

  $ dtrace -p 1234

or when no PID is specified explicitly

  $ dtrace -P 'syscall { @[probefunc,ustack()] = count(); }'
>How-To-Repeat:
# kldload dtraceall
# sleep 60 &
# gdb -q --args dtrace -p $!
(gdb) r
Starting program: /usr/sbin/dtrace -p 31535
[New LWP 100977]
[New Thread 80b807400 (LWP 100977/dtrace)]
[New Thread 80b80f800 (LWP 100513/dtrace)]
dtrace: no probes specified
Assertion failed: (dpr != NULL), file /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c, line 751.

Program received signal SIGABRT, Aborted.
[Switching to Thread 80b807400 (LWP 100977/dtrace)]
0x00000008101429dc in thr_kill () at thr_kill.S:3
3       thr_kill.S: No such file or directory.
        in thr_kill.S
Current language:  auto; currently asm
(gdb) bt
#0  0x00000008101429dc in thr_kill () at thr_kill.S:3
#1  0x00000008101e3fd3 in abort () at /usr/src/lib/libc/stdlib/abort.c:65
#2  0x0000000808d8a031 in __assert (expr=Could not find the frame base for "__assert".
) at assert.h:56
#3  0x0000000808d8af2d in dt_proc_lookup (dtp=0x80b841000, P=0x80d7ffb40, remove=0)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:751
#4  0x0000000808d8af92 in dt_proc_destroy (dtp=0x80b841000, P=0x80d7ffb40)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:763
#5  0x0000000808d8bc6e in dt_proc_hash_destroy (dtp=0x80b841000)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:1162
#6  0x0000000808daa4b5 in dtrace_close (dtp=0x80b841000)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_open.c:1554
#7  0x0000000000402775 in dfatal (fmt=0x408572 "no probes %s\n")
    at /usr/src/cddl/usr.sbin/dtrace/../../../cddl/contrib/opensolaris/cmd/dtrace/dtrace.c:236
#8  0x0000000000406b2c in main (argc=3, argv=0x7ffffffed9c0)
    at /usr/src/cddl/usr.sbin/dtrace/../../../cddl/contrib/opensolaris/cmd/dtrace/dtrace.c:1825
(gdb) bt f
#0  0x00000008101429dc in thr_kill () at thr_kill.S:3
No locals.
#1  0x00000008101e3fd3 in abort () at /usr/src/lib/libc/stdlib/abort.c:65
        act = {
  __sigaction_u = {
    __sa_handler = 0,
    __sa_sigaction = 0
  },
  sa_flags = 0,
  sa_mask = {
    __bits = {4294967263, 4294967295, 4294967295, 4294967295}
  }
}
#2  0x0000000808d8a031 in __assert (expr=Could not find the frame base for "__assert".
) at assert.h:56
No locals.
#3  0x0000000808d8af2d in dt_proc_lookup (dtp=0x80b841000, P=0x80d7ffb40, remove=0)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:751
        dph = (dt_proc_hash_t *) 0x80b894300
        pid = 0
        dpr = (dt_proc_t *) 0x0
        dpp = (dt_proc_t **) 0x80b894338
#4  0x0000000808d8af92 in dt_proc_destroy (dtp=0x80b841000, P=0x80d7ffb40)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:763
        dpr = (dt_proc_t *) 0x80b841000
        dph = (dt_proc_hash_t *) 0xfefefefefefefeff
        npr = (dt_proc_notify_t *) 0x7ffffffed028
        npp = (dt_proc_notify_t **) 0x0
        rflag = -2139062144
#5  0x0000000808d8bc6e in dt_proc_hash_destroy (dtp=0x80b841000)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_proc.c:1162
        dph = (dt_proc_hash_t *) 0x80b894300
        dpr = (dt_proc_t *) 0x80bbea800
#6  0x0000000808daa4b5 in dtrace_close (dtp=0x80b841000)
    at /usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace/common/dt_open.c:1554
        idp = (dt_ident_t *) 0x7ffffffed9c0
        ndp = (dt_ident_t *) 0x206
        dmp = (dt_module_t *) 0xa
        pvp = (dt_provider_t *) 0xff0100001f000001
        pgp = (dtrace_prog_t *) 0x6
        dxp = (dt_xlator_t *) 0x8080808080808080
        dirp = (dt_dirpath_t *) 0x80b841000
        i = 8
#7  0x0000000000402775 in dfatal (fmt=0x408572 "no probes %s\n")
    at /usr/src/cddl/usr.sbin/dtrace/../../../cddl/contrib/opensolaris/cmd/dtrace/dtrace.c:236
        ap = {{
    gp_offset = 16,
    fp_offset = 48,
    overflow_arg_area = 0x7ffffffed750,
    reg_save_area = 0x7ffffffed680
  }}
#8  0x0000000000406b2c in main (argc=3, argv=0x7ffffffed9c0)
    at /usr/src/cddl/usr.sbin/dtrace/../../../cddl/contrib/opensolaris/cmd/dtrace/dtrace.c:1825
        buf = {
  dtbd_size = 0,
  dtbd_cpu = 0,
  dtbd_errors = 0,
  dtbd_drops = 0,
  dtbd_data = 0x0,
  dtbd_oldest = 0
}
        act = {
  __sigaction_u = {
    __sa_handler = 0x7ffffffed900,
    __sa_sigaction = 0x7ffffffed900
  },
  sa_flags = -75296,
  sa_mask = {
    __bits = {32767, 4294891968, 32767, 0}
  }
}
        oact = {
  __sigaction_u = {
    __sa_handler = 0x1,
    __sa_sigaction = 0x1
  },
  sa_flags = 6363853,
  sa_mask = {
    __bits = {8, 4294891632, 32767, 4294891608}
  }
}
        status = {{
    dtst_dyndrops = 0,
    dtst_dyndrops_rinsing = 0,
    dtst_dyndrops_dirty = 0,
    dtst_specdrops = 0,
    dtst_specdrops_busy = 0,
    dtst_specdrops_unavail = 0,
    dtst_errors = 0,
    dtst_filled = 0,
    dtst_stkstroverflows = 0,
    dtst_dblerrors = 0,
    dtst_killed = 0 '\0',
    dtst_exiting = 0 '\0',
    dtst_pad = "\000\000\000\000\000"
  }, {
    dtst_dyndrops = 0,
    dtst_dyndrops_rinsing = 0,
    dtst_dyndrops_dirty = 0,
    dtst_specdrops = 0,
    dtst_specdrops_busy = 0,
    dtst_specdrops_unavail = 0,
    dtst_errors = 0,
    dtst_filled = 0,
    dtst_stkstroverflows = 0,
    dtst_dblerrors = 0,
    dtst_killed = 0 '\0',
    dtst_exiting = 0 '\0',
    dtst_pad = "\000\000\000\000\000"
  }}
        opt = -2
        dcp = (dtrace_cmd_t *) 0x3
        done = 0
        mode = 0
        err = 32767
        i = 0
        c = -1
        p = 0x7ffffffedd81 ""
        v = (char **) 0x0
        P = (struct proc_handle *) 0x80d7ffb40
        pid = 31535
>Fix:
>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/158431: commit references a PR
Date: Wed,  3 Aug 2011 09:56:08 +0000 (UTC)

 Author: avg
 Date: Wed Aug  3 09:55:59 2011
 New Revision: 224632
 URL: http://svn.freebsd.org/changeset/base/224632
 
 Log:
   fix a serious bug in libproc's proc_attach
   
   proc_attach always frees any struct proc_handle data
   that it allocates, but that is supposed to be done
   only in error conditions.
   
   PR:		bin/158431
   Approved by:	re (kib)
   MFC after:	1 week
 
 Modified:
   head/lib/libproc/proc_create.c
 
 Modified: head/lib/libproc/proc_create.c
 ==============================================================================
 --- head/lib/libproc/proc_create.c	Wed Aug  3 09:42:48 2011	(r224631)
 +++ head/lib/libproc/proc_create.c	Wed Aug  3 09:55:59 2011	(r224632)
 @@ -79,12 +79,11 @@ proc_attach(pid_t pid, int flags, struct
  	else
  		phdl->status = PS_STOP;
  
 +out:
  	if (error)
  		proc_free(phdl);
  	else
  		*pphdl = phdl;
 -out:
 -	proc_free(phdl);
  	return (error);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/158431: commit references a PR
Date: Sat, 20 Aug 2011 11:47:21 +0000 (UTC)

 Author: avg
 Date: Sat Aug 20 11:47:11 2011
 New Revision: 225027
 URL: http://svn.freebsd.org/changeset/base/225027
 
 Log:
   MFC r224632: fix a serious bug in libproc's proc_attach
   
   PR:		bin/158431
 
 Modified:
   stable/8/lib/libproc/proc_create.c
 Directory Properties:
   stable/8/lib/libproc/   (props changed)
 
 Modified: stable/8/lib/libproc/proc_create.c
 ==============================================================================
 --- stable/8/lib/libproc/proc_create.c	Sat Aug 20 11:44:48 2011	(r225026)
 +++ stable/8/lib/libproc/proc_create.c	Sat Aug 20 11:47:11 2011	(r225027)
 @@ -79,12 +79,11 @@ proc_attach(pid_t pid, int flags, struct
  	else
  		phdl->status = PS_STOP;
  
 +out:
  	if (error)
  		proc_free(phdl);
  	else
  		*pphdl = phdl;
 -out:
 -	proc_free(phdl);
  	return (error);
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: gnn 
State-Changed-When: Fri Apr 13 20:24:35 UTC 2012 
State-Changed-Why:  
The latest fixes to user tracing in DTrace will cure this problem. 
Of course, using just -p PID without any probes will result 
in dtrace hanging with nothing to do, but it will no longer 
exit nor cause the underlying process to exit. 

http://svn.freebsd.org/changeset/base/234234 



Responsible-Changed-From-To: freebsd-bugs->gnn 
Responsible-Changed-By: gnn 
Responsible-Changed-When: Fri Apr 13 20:24:35 UTC 2012 
Responsible-Changed-Why:  
The latest fixes to user tracing in DTrace will cure this problem. 
Of course, using just -p PID without any probes will result 
in dtrace hanging with nothing to do, but it will no longer 
exit nor cause the underlying process to exit. 

http://svn.freebsd.org/changeset/base/234234 


http://www.freebsd.org/cgi/query-pr.cgi?pr=158431 
State-Changed-From-To: patched->closed 
State-Changed-By: gnn 
State-Changed-When: Mon May 28 18:44:27 UTC 2012 
State-Changed-Why:  
Closed waiting for feedback on a committed fix. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158431 
>Unformatted:
