Bug 196819 - mptutil show drives and mptutil show config segfaulted on 10.1-RELEASE
Summary: mptutil show drives and mptutil show config segfaulted on 10.1-RELEASE
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.1-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: Fernando Apesteguía
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-17 08:29 UTC by Roy Yang
Modified: 2023-01-25 12:18 UTC (History)
1 user (show)

See Also:

Attachments
Fix for the bug I filed (374 bytes, patch)
2015-01-17 08:47 UTC, Roy Yang 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roy Yang 2015-01-17 08:29:01 UTC 
# uname -r
10.1-RELEASE
# mptutil show drives
Segmentation fault (core dumped)
# mptutil show config
Segmentation fault (core dumped)

Download the 10.1-RELEASE source code and compile mptutil with -g; 
Using GDB:
# gdb ./mptutil
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) run show drives
Starting program: /root/10.1-RELEASE/10.1.0/usr.sbin/mptutil/mptutil show drives

Program received signal SIGSEGV, Segmentation fault.
0x0000000800f0c24c in sbrk () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800f0c24c in sbrk () from /lib/libc.so.7
#1  0x0000000800f0c7af in sbrk () from /lib/libc.so.7
#2  0x0000000800f17df5 in free () from /lib/libc.so.7
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
#4  0x0000000000405ce9 in show_drives (ac=<value optimized out>, av=<value optimized out>)
    at mpt_show.c:500
#5  0x000000000040192c in main (ac=2, av=0x7fffffffea98) at mptutil.c:117
(gdb) frame 3
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
292			cam_freeccb(ccb);
Current language:  auto; currently minimal
(gdb) l
287			cam_freeccb(ccb);
288			return (error);
289		}
290	
291		if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
292			cam_freeccb(ccb);
293			return (EIO);
294		}
295		cam_freeccb(ccb);
296	
(gdb) p ccb->ccb_h.status
$1 = 1

Looks ccb was freed at line mpt_cam.c:263 already and reused later.
this is maybe the reason segment fault when ccb is freed again at mpt_cam.c:292.

Comment line 291-295 out, it does not crash. But not the right way to fix.
Comment 1 Roy Yang 2015-01-17 08:47:11 UTC 
Created attachment 151764 [details]
Fix for the bug I filed

Test the following two commands:
mptutil show drives
mptutil show config

does not crash & show the right output 
on my setup.
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-25 12:18:50 UTC 
This code has changed a lot since the PR was opened the patch is no useful anymore. There does not seem to be more reports like this.

Closing