[Bug 196819] mptutil show drives and mptutil show config segfaulted on 10.1-RELEASE

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Jan 17 08:29:02 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196819

            Bug ID: 196819
           Summary: mptutil show drives and mptutil show config segfaulted
                    on 10.1-RELEASE
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: cdyhaj799 at gmail.com

# uname -r
10.1-RELEASE
# mptutil show drives
Segmentation fault (core dumped)
# mptutil show config
Segmentation fault (core dumped)

Download the 10.1-RELEASE source code and compile mptutil with -g; 
Using GDB:
# gdb ./mptutil
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) run show drives
Starting program: /root/10.1-RELEASE/10.1.0/usr.sbin/mptutil/mptutil show
drives

Program received signal SIGSEGV, Segmentation fault.
0x0000000800f0c24c in sbrk () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800f0c24c in sbrk () from /lib/libc.so.7
#1  0x0000000800f0c7af in sbrk () from /lib/libc.so.7
#2  0x0000000800f17df5 in free () from /lib/libc.so.7
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
#4  0x0000000000405ce9 in show_drives (ac=<value optimized out>, av=<value
optimized out>)
    at mpt_show.c:500
#5  0x000000000040192c in main (ac=2, av=0x7fffffffea98) at mptutil.c:117
(gdb) frame 3
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
292            cam_freeccb(ccb);
Current language:  auto; currently minimal
(gdb) l
287            cam_freeccb(ccb);
288            return (error);
289        }
290    
291        if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
292            cam_freeccb(ccb);
293            return (EIO);
294        }
295        cam_freeccb(ccb);
296    
(gdb) p ccb->ccb_h.status
$1 = 1

Looks ccb was freed at line mpt_cam.c:263 already and reused later.
this is maybe the reason segment fault when ccb is freed again at
mpt_cam.c:292.

Comment line 291-295 out, it does not crash. But not the right way to fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list