kern/134408: "opensnoop" DTrace script panics every time (trace trap 10)

Thomas Backman serenity at exscape.org
Sun May 10 07:50:02 UTC 2009 

>Number:         134408
>Category:       kern
>Synopsis:       "opensnoop" DTrace script panics every time (trace trap 10)
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 10 07:50:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Backman
>Release:        7.2-RELEASE
>Organization:
exscape
>Environment:
FreeBSD chaos.exscape.org 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Sat May  9 13:10:23 CEST 2009     root at chaos.exscape.org:/usr/obj/usr/src/sys/DTRACE  amd64
>Description:
When running a simple DTrace script to keep track of file opens, the kernel panics, apparently while trying to copy in the file/directory path into kernel memory (copyinstr()). Switching out copyinstr() with a simple "file opened" printf causes no panic.
>How-To-Repeat:
1) Compile a DTrace capable kernel (I followed the DTrace wiki article)
2) Run: dtrace -n 'syscall::open:entry { self->path = arg0; } syscall::open:return /self->path/ { printf("%s\n", copyinstr(self->path)); }'
3) The system crashes after a few seconds (in my case).

(Broken) backtrace:
Unread portion of the kernel message buffer:

Fatal trap 10: trace trap while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x8:0xffffffff812c7e40
stack pointer	        = 0x10:0xfffffffebe806420
frame pointer	        = 0x10:0xfffffffebe806510
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= trace trap, interrupt enabled, nested task, IOPL = 2
current process		= 1306 (find)
trap number		= 10
panic: trace trap
cpuid = 0
Uptime: 56m18s
Physical memory: 2031 MB
Dumping 655 MB: 640 624 608 592 576 560 544 528 512 496 480 464 448 432 416 400 384 368 352 336 320 304 288 272 256 240 224 208 192 176 160 144 128 112 96 80 64 48 32 16

Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /bootdir/boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /bootdir/boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/smbfs.ko...Reading symbols from /bootdir/boot/kernel/smbfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/smbfs.ko
Reading symbols from /boot/kernel/libiconv.ko...Reading symbols from /bootdir/boot/kernel/libiconv.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/libiconv.ko
Reading symbols from /boot/kernel/libmchain.ko...Reading symbols from /bootdir/boot/kernel/libmchain.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/libmchain.ko
Reading symbols from /boot/kernel/dtraceall.ko...Reading symbols from /bootdir/boot/kernel/dtraceall.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/dtraceall.ko
Reading symbols from /boot/kernel/profile.ko...Reading symbols from /bootdir/boot/kernel/profile.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/profile.ko
Reading symbols from /boot/kernel/cyclic.ko...Reading symbols from /bootdir/boot/kernel/cyclic.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/cyclic.ko
Reading symbols from /boot/kernel/dtrace.ko...Reading symbols from /bootdir/boot/kernel/dtrace.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/dtrace.ko
Reading symbols from /boot/kernel/systrace.ko...Reading symbols from /bootdir/boot/kernel/systrace.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/systrace.ko
Reading symbols from /boot/kernel/sdt.ko...Reading symbols from /bootdir/boot/kernel/sdt.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sdt.ko
Reading symbols from /boot/kernel/fbt.ko...Reading symbols from /bootdir/boot/kernel/fbt.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/fbt.ko
Reading symbols from /boot/kernel/dtmalloc.ko...Reading symbols from /bootdir/boot/kernel/dtmalloc.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/dtmalloc.ko
#0  doadump () at pcpu.h:195
195		__asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xffffffff80517f28 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xffffffff8051836c in panic (fmt=0xffffffff808ad39c "%s") at /usr/src/sys/kern/kern_shutdown.c:574
#3  0xffffffff807e3e1c in trap_fatal (frame=0xffffff000ff6f000, eva=Variable "eva" is not available.
) at /usr/src/sys/amd64/amd64/trap.c:757
#4  0xffffffff807e4b0a in trap (frame=0xfffffffebe806370) at /usr/src/sys/amd64/amd64/trap.c:558
#5  0xffffffff807c8a93 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:209
#6  0xffffffff812c7e40 in vpanic_common () from /boot/kernel/dtrace.ko
#7  0xffffffff812b2127 in dtrace_panic () from /boot/kernel/dtrace.ko
#8  0xffffffff812b215d in dtrace_assfail () from /boot/kernel/dtrace.ko
#9  0x00000008007272f3 in ?? ()
#10 0xfffffffebe806560 in ?? ()
#11 0xffffffff812b2200 in dtrace_copycheck () from /boot/kernel/dtrace.ko
Previous frame inner to this frame (corrupt stack?)

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list