266113 – kvm_close tries to munmap NULL memory

Bug 266113 - kvm_close tries to munmap NULL memory

Summary: kvm_close tries to munmap NULL memory

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	13.1-RELEASE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ashish SHUKLA

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-08-30 08:20 UTC by Ashish SHUKLA
Modified:	2022-10-26 13:45 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Fix (824 bytes, application/mbox) 2022-08-30 08:20 UTC, Ashish SHUKLA	no flags	Details
Fix v2 (729 bytes, patch) 2022-10-13 04:07 UTC, Ashish SHUKLA	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ashish SHUKLA freebsd_committer

2022-08-30 08:20:25 UTC

Created attachment 236241 [details]
Fix

While trying to investigate bug #266027, where munmap returns errno 22, e.g.

  1249 meilisearch RET   __sysctl -1 errno 2 No such file or directory
  1249 meilisearch CALL  close(0x9)
  1249 meilisearch RET   close 0
  1249 meilisearch CALL  close(0xa)
  1249 meilisearch RET   close 0
  1249 meilisearch CALL  munmap(0,0)
  1249 meilisearch RET   munmap -1 errno 22 Invalid argument
  1249 meilisearch CALL  ioctl(0x2,TIOCGETA,0x7fffffff3a50)
  1249 meilisearch RET   ioctl 0
  1249 meilisearch CALL  compat11.stat(0x80842a440,0x7fffffff31e0)
  1249 meilisearch NAMI  "./data.ms"
  1249 meilisearch STRU  struct stat {dev=96, ino=3848946, mode=040755, nlink=5, uid=80, gid=0, rdev=7714475, atime=1661368882.434254000, mtime=1661369653.564538000, ctime=1661369653.564538000, birthtime=1661368882.433964000, size=512, blksize=32768, blocks=8, flags=0x0 }
  1249 meilisearch RET   compat11.stat 0


I traced  it to kvm_close:


GNU gdb (GDB) 12.1 [GDB v12.1 for FreeBSD]
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.1".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from work/stage/usr/local/bin/meilisearch...
(gdb) break munmap
Breakpoint 1 at 0x652c330
(gdb) commands
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>bt
>cont
>end
(gdb) break kvm_close
Function "kvm_close" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (kvm_close) pending.
(gdb) commands
Type commands for breakpoint(s) 2, one per line.
End with a line saying just "end".
>bt
>print kd
>cont
>end
(gdb) set pagination off
(gdb) run --no-analytics
Starting program: /usr/home/abbe/abbe-freebsd-ports/textproc/meilisearch/work/stage/usr/local/bin/meilisearch --no-analytics

Breakpoint 1, munmap () at munmap.S:4
4       munmap.S: No such file or directory.
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e9088 "/usr/local/lib/liblmdb.so.0", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x102381c "liblmdb.so.0", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x102381c "liblmdb.so.0", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e5028, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e5188 "/lib/libkvm.so.7", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x1023829 "libkvm.so.7", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x1023829 "libkvm.so.7", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e5048, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e91c8 "/usr/lib/libprocstat.so.1", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x102378d "libprocstat.so.1", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x102378d "libprocstat.so.1", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e5068, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e5268 "/lib/libthr.so.3", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x10237a7 "libthr.so.3", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x10237a7 "libthr.so.3", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e5088, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e52a8 "/lib/libgcc_s.so.1", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x10237bc "libgcc_s.so.1", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x10237bc "libgcc_s.so.1", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e50a8, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e52e8 "/lib/libc.so.7", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x10237e4 "libc.so.7", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x10237e4 "libc.so.7", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e50c8, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e5308 "/lib/libm.so.5", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x1023812 "libm.so.5", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x1023812 "libm.so.5", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8008, needed=0x8076e50e8, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e5348 "/lib/libelf.so.2", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x807724891 "libelf.so.2", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x807724891 "libelf.so.2", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076e8c08, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076e8c08, needed=0x8076e51a8, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()

Breakpoint 1, munmap () at munmap.S:4
4       in munmap.S
#0  munmap () at munmap.S:4
#1  0x00000008076dad20 in map_object (fd=fd@entry=3, path=path@entry=0x8076e5388 "/lib/libutil.so.9", sb=sb@entry=0x7fffffffd338) at /usr/src/libexec/rtld-elf/map_object.c:334
#2  0x00000008076d512e in do_load_object (fd=3, name=0x807739622 "libutil.so.9", sbp=0x7fffffffd338, flags=0, path=<optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:2821
#3  load_object (name=0x807739622 "libutil.so.9", fd_u=<optimized out>, fd_u@entry=-1, refobj=<optimized out>, refobj@entry=0x8076ec008, flags=<optimized out>, flags@entry=0) at /usr/src/libexec/rtld-elf/rtld.c:2793
#4  0x00000008076cdbf3 in process_needed (obj=0x8076ec008, needed=0x8076e5228, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2626
#5  load_needed_objects (first=<optimized out>, flags=0) at /usr/src/libexec/rtld-elf/rtld.c:2647
#6  _rtld (sp=<optimized out>, exit_proc=0x7fffffffe900, objp=0x7fffffffe908) at /usr/src/libexec/rtld-elf/rtld.c:849
#7  0x00000008076cbf89 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#8  0x0000000000000000 in ?? ()
warning: Could not load shared library symbols for [vdso].
Do you need "set solib-search-path" or "set sysroot"?
CLOSIN' KVM

Breakpoint 2, kvm_close (kd=0x80801b000) at /usr/src/lib/libkvm/kvm.c:280
280             if (kd == NULL) {
#0  kvm_close (kd=0x80801b000) at /usr/src/lib/libkvm/kvm.c:280
#1  0x00000000070712c1 in core::ptr::drop_in_place<sysinfo::freebsd::system::SystemInfo> ()
#2  0x000000000705e70f in core::ops::function::FnOnce::call_once ()
#3  0x00000000070f21c0 in once_cell::imp::OnceCell<T>::initialize::{{closure}} ()
#4  0x000000000726453e in once_cell::imp::initialize_or_wait ()
#5  0x00000000070f1d02 in once_cell::imp::OnceCell<T>::initialize ()
#6  0x000000000711f3cd in <meilisearch_lib::options::IndexerOpts as clap::derive::Args>::augment_args ()
#7  0x00000000070365f2 in <meilisearch_http::option::Opt as clap::derive::Args>::augment_args ()
#8  0x0000000006d2d393 in meilisearch::main::{{closure}} ()
#9  0x0000000006d1cf86 in <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll ()
#10 0x0000000006d2c268 in meilisearch::main ()
#11 0x0000000006c90043 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#12 0x0000000006c91ed1 in std::rt::lang_start::{{closure}} ()
#13 0x000000000746cf51 in std::rt::lang_start_internal ()
#14 0x0000000006d33762 in main ()
$1 = (kvm_t *) 0x80801b000

Breakpoint 1, munmap () at munmap.S:4
4       munmap.S: No such file or directory.
#0  munmap () at munmap.S:4
#1  0x000000080772a877 in kvm_close (kd=0x80801b000) at /usr/src/lib/libkvm/kvm.c:307
#2  0x00000000070712c1 in core::ptr::drop_in_place<sysinfo::freebsd::system::SystemInfo> ()
#3  0x000000000705e70f in core::ops::function::FnOnce::call_once ()
#4  0x00000000070f21c0 in once_cell::imp::OnceCell<T>::initialize::{{closure}} ()
#5  0x000000000726453e in once_cell::imp::initialize_or_wait ()
#6  0x00000000070f1d02 in once_cell::imp::OnceCell<T>::initialize ()
#7  0x000000000711f3cd in <meilisearch_lib::options::IndexerOpts as clap::derive::Args>::augment_args ()
#8  0x00000000070365f2 in <meilisearch_http::option::Opt as clap::derive::Args>::augment_args ()
#9  0x0000000006d2d393 in meilisearch::main::{{closure}} ()
#10 0x0000000006d1cf86 in <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll ()
#11 0x0000000006d2c268 in meilisearch::main ()
#12 0x0000000006c90043 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#13 0x0000000006c91ed1 in std::rt::lang_start::{{closure}} ()
#14 0x000000000746cf51 in std::rt::lang_start_internal ()
#15 0x0000000006d33762 in main ()
CLOSED KVM
New LWP 502834 of process 36294]
[New LWP 502835 of process 36294]
[New LWP 502836 of process 36294]
[New LWP 502837 of process 36294]

888b     d888          d8b 888 d8b                                            888
8888b   d8888          Y8P 888 Y8P                                            888
88888b.d88888              888                                                888
888Y88888P888  .d88b.  888 888 888 .d8888b   .d88b.   8888b.  888d888 .d8888b 88888b.
888 Y888P 888 d8P  Y8b 888 888 888 88K      d8P  Y8b     "88b 888P"  d88P"    888 "88b
888  Y8P  888 88888888 888 888 888 "Y8888b. 88888888 .d888888 888    888      888  888
888   "   888 Y8b.     888 888 888      X88 Y8b.     888  888 888    Y88b.    888  888
888       888  "Y8888  888 888 888  88888P'  "Y8888  "Y888888 888     "Y8888P 888  888



And then to narrow down it to munmap in it:


GNU gdb (GDB) 12.1 [GDB v12.1 for FreeBSD]
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.1".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from work/stage/usr/local/bin/meilisearch...
(gdb) break kvm_close
Function "kvm_close" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (kvm_close) pending.
(gdb) commands
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>print kd
>print kd->sparse_map
>print kd->pt_sparse_size
>bt
>cont
>end
(gdb) set pagination off
(gdb) run --no-analytics
Starting program: /usr/home/abbe/abbe-freebsd-ports/textproc/meilisearch/work/stage/usr/local/bin/meilisearch --no-analytics
warning: Could not load shared library symbols for [vdso].
Do you need "set solib-search-path" or "set sysroot"?
CLOSIN' KVM

Breakpoint 1, kvm_close (kd=0x80801b000) at /usr/src/lib/libkvm/kvm.c:280
280             if (kd == NULL) {
$1 = (kvm_t *) 0x80801b000
$2 = (void *) 0x0
$3 = 0
#0  kvm_close (kd=0x80801b000) at /usr/src/lib/libkvm/kvm.c:280
#1  0x00000000070712c1 in core::ptr::drop_in_place<sysinfo::freebsd::system::SystemInfo> ()
#2  0x000000000705e70f in core::ops::function::FnOnce::call_once ()
#3  0x00000000070f21c0 in once_cell::imp::OnceCell<T>::initialize::{{closure}} ()
#4  0x000000000726453e in once_cell::imp::initialize_or_wait ()
#5  0x00000000070f1d02 in once_cell::imp::OnceCell<T>::initialize ()
#6  0x000000000711f3cd in <meilisearch_lib::options::IndexerOpts as clap::derive::Args>::augment_args ()
#7  0x00000000070365f2 in <meilisearch_http::option::Opt as clap::derive::Args>::augment_args ()
#8  0x0000000006d2d393 in meilisearch::main::{{closure}} ()
#9  0x0000000006d1cf86 in <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll ()
#10 0x0000000006d2c268 in meilisearch::main ()
#11 0x0000000006c90043 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#12 0x0000000006c91ed1 in std::rt::lang_start::{{closure}} ()
#13 0x000000000746cf51 in std::rt::lang_start_internal ()
#14 0x0000000006d33762 in main ()
CLOSED KVM
[New LWP 502865 of process 76791]
[New LWP 502866 of process 76791]
[New LWP 502867 of process 76791]
[New LWP 502868 of process 76791]

888b     d888          d8b 888 d8b                                            888
8888b   d8888          Y8P 888 Y8P                                            888
88888b.d88888              888                                                888
888Y88888P888  .d88b.  888 888 888 .d8888b   .d88b.   8888b.  888d888 .d8888b 88888b.
888 Y888P 888 d8P  Y8b 888 888 888 88K      d8P  Y8b     "88b 888P"  d88P"    888 "88b
888  Y8P  888 88888888 888 888 888 "Y8888b. 88888888 .d888888 888    888      888  888
888   "   888 Y8b.     888 888 888      X88 Y8b.     888  888 888    Y88b.    888  888
888       888  "Y8888  888 888 888  88888P'  "Y8888  "Y888888 888     "Y8888P 888  888




Attached patch adds additional check to prevent this

Comment 1 Yonas Yanfa 2022-09-03 04:45:38 UTC

Thanks for working on this, Ashish. I hope this patch gets committed soon.

Comment 2 Mark Johnston freebsd_committer

2022-10-12 16:31:50 UTC

This seems ok to me.  I would check sparse_map == NULL instead of checking pt_sparse_size != 0.  The reason is that the assignment to pt_sparse_size might be moved earlier by some future change, and then the code will be wrong again.

Comment 3 Ashish SHUKLA freebsd_committer

2022-10-13 04:07:09 UTC

Created attachment 237251 [details]
Fix v2

Thanks for the review. I've incorporated your suggestion, and updated the patch.

Comment 4 Mark Johnston freebsd_committer

2022-10-13 13:11:27 UTC

(In reply to Ashish SHUKLA from comment #3)
Looks good.  Feel free to commit with "Reviewed by: markj".

Comment 5 commit-hook freebsd_committer

2022-10-16 16:51:15 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e6901a29bc4345f12e9c85426cc2be81045020a6

commit e6901a29bc4345f12e9c85426cc2be81045020a6
Author:     Ashish SHUKLA <ashish@FreeBSD.org>
AuthorDate: 2022-08-30 08:18:51 +0000
Commit:     Ashish SHUKLA <ashish@FreeBSD.org>
CommitDate: 2022-10-16 16:49:16 +0000

    kvm_close(3): Check kd->sparse_map != NULL before munmap

    PR:             266113
    Reviewed by:    markj

 lib/libkvm/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 6 Ashish SHUKLA freebsd_committer

2022-10-16 16:54:22 UTC

(In reply to Mark Johnston from comment #4)

Committed, thanks for reviewing it.

Do I need to do anything for it to be merged to releng/13.1, or stable/13 branch(es) ?

Thanks!

Comment 7 Yonas Yanfa 2022-10-25 14:56:43 UTC

Bump.

Comment 8 Mark Johnston freebsd_committer

2022-10-25 15:01:32 UTC

(In reply to Ashish SHUKLA from comment #6)
It will not get merged to the releng/13.1 branch, since the bug is not severe enough to warrant an erratum notice.

To merge to stable/13, follow the steps here: https://docs.freebsd.org/en/articles/committers-guide/#_summary

I'm happy to do the MFC as well, just let me know.

Comment 9 commit-hook freebsd_committer

2022-10-26 03:27:04 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=c3af4c1ee8791f4e1bddd4df648c8d5cfdc62b2e

commit c3af4c1ee8791f4e1bddd4df648c8d5cfdc62b2e
Author:     Ashish SHUKLA <ashish@FreeBSD.org>
AuthorDate: 2022-08-30 08:18:51 +0000
Commit:     Ashish SHUKLA <ashish@FreeBSD.org>
CommitDate: 2022-10-26 03:23:24 +0000

    kvm_close(3): Check kd->sparse_map != NULL before munmap

    PR:             266113
    Reviewed by:    markj

    (cherry picked from commit e6901a29bc4345f12e9c85426cc2be81045020a6)

 lib/libkvm/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 10 Ashish SHUKLA freebsd_committer

2022-10-26 03:29:04 UTC

(In reply to Mark Johnston from comment #8)

Hi Mark,

Thanks for the guidance.

I've performed the MFC to stable/13. If nothing else is needed here, is it okay to close this PR ?

Thanks!

Comment 11 Mark Johnston freebsd_committer

2022-10-26 13:45:29 UTC

(In reply to Ashish SHUKLA from comment #10)
Yep, thanks for the patch!