From anders@totem.fix.no  Sat Aug 31 08:45:23 2002
Return-Path: <anders@totem.fix.no>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CEC7A37B400; Sat, 31 Aug 2002 08:45:23 -0700 (PDT)
Received: from totem.fix.no (totem.fix.no [80.91.32.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 731B643E42; Sat, 31 Aug 2002 08:45:23 -0700 (PDT)
	(envelope-from anders@totem.fix.no)
Received: by totem.fix.no (Postfix, from userid 1000)
	id B4E1A20273; Sat, 31 Aug 2002 17:45:26 +0200 (CEST)
Message-Id: <20020831154526.B4E1A20273@totem.fix.no>
Date: Sat, 31 Aug 2002 17:45:26 +0200 (CEST)
From: Anders Nordby <anders@FreeBSD.org>
Reply-To: Anders Nordby <anders@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: current@FreeBSD.org
Subject: Truss segfaults when tracing sshd
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         42255
>Category:       bin
>Synopsis:       Truss segfaults when tracing sshd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 31 08:50:01 PDT 2002
>Closed-Date:    Sun Dec 01 13:40:36 PST 2002
>Last-Modified:  Sun Dec 01 13:40:36 PST 2002
>Originator:     Anders Nordby <anders@FreeBSD.org>
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:

FreeBSD current 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sat Aug 31 09:31:05 GMT 2002     root@current:/usr/obj/usr/src/sys/MYGENERIC  i386

Filesystems mounted:

/dev/ad0s1a on / (ufs, local)
devfs on /dev (devfs, local)
/dev/ad0s1f on /tmp (ufs, local, soft-updates)
/dev/ad0s1g on /usr (ufs, local, soft-updates)
/dev/ad0s1e on /var (ufs, local, soft-updates)
eggsilo:/space/distfiles on /usr/ports/distfiles (nfs)
procfs on /proc (procfs, local)

The processor on the system is a 466 MHz Intel Celeron.

>Description:

Find your sshd process:

# sockstat -l | grep sshd
root     sshd       175   3  tcp6   *:22                  *:*
root     sshd       175   4  tcp4   *:22                  *:*

Truss it through gdb:

# gdb truss
GNU gdb 5.2.0 (FreeBSD) 20020627
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
(no debugging symbols found)...
(gdb) run -p 175
Starting program: /usr/bin/truss -p 175

Now log in to the machine (I'm logging in as root), and return to gdb:

(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x08049c77 in free ()
(gdb) bt
#0  0x08049c77 in free ()
#1  0x2806d000 in ?? ()
#2  0x08049e3e in free ()
#3  0x0804eb6d in free ()
#4  0x08049182 in free ()
#5  0x08048d31 in free ()
(gdb)

>How-To-Repeat:

On a vanilla -current system from today:

# truss -p `sockstat -l | egrep 'sshd.*tcp4' | awk '{print $3}'`

Log into the system with sshd, and truss will segfault:

Segmentation fault (core dumped)

This also seems to happen if you truss sshd while logging out another ssh
session.

>Fix:

N/A
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Sat Aug 31 14:21:59 PDT 2002 
Responsible-Changed-Why:  
I'll deal with this unless Matthew wants to take it from me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42255 

From: David Malone <dwmalone@maths.tcd.ie>
To: Anders Nordby <anders@FreeBSD.org>
Cc: FreeBSD-gnats-submit@FreeBSD.org, current@FreeBSD.org,
	mdodd@FreeBSD.org
Subject: Re: bin/42255: Truss segfaults when tracing sshd
Date: Sat, 31 Aug 2002 22:21:48 +0100

 On Sat, Aug 31, 2002 at 05:45:26PM +0200, Anders Nordby wrote:
 > # truss -p `sockstat -l | egrep 'sshd.*tcp4' | awk '{print $3}'`
 > 
 > Log into the system with sshd, and truss will segfault:
 
 There is an even easier way to reproduce this:
 
 gonzo 9% sleep 10 &
 [2] 35245
 gonzo 10% truss -p 35245
 *segfaults*
 
 It is actually just strcmping a NULL syscall name, which can happen
 if you truss a process which is waiting for a syscall to return
 when you first attach to the process.
 
 The patch below seems to fix the problem, but I Matthew would like
 a more complex fix.
 
 	David.
 
 ndex: syscalls.c
 ===================================================================
 RCS file: /cvs/FreeBSD-CVS/src/usr.bin/truss/syscalls.c,v
 retrieving revision 1.25
 diff -u -r1.25 syscalls.c
 --- syscalls.c  7 Aug 2002 11:35:18 -0000       1.25
 +++ syscalls.c  31 Aug 2002 21:10:51 -0000
 @@ -411,7 +411,7 @@
    if (trussinfo->flags & FOLLOWFORKS)
      len += fprintf(trussinfo->outfile, "%5d: ", trussinfo->pid);
  
 -  if (!strcmp(name, "execve") || !strcmp(name, "exit")) {
 +  if (name != NULL && (!strcmp(name, "execve") || !strcmp(name, "exit"))) {
      clock_gettime(CLOCK_REALTIME, &trussinfo->after);
    }
  
 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Sun Dec 1 13:36:48 PST 2002 
State-Changed-Why:  
I committed the patch to -current a few weeks ago. The issue 
does not arise in -stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42255 
>Unformatted:
