From owner-freebsd-current@FreeBSD.ORG  Tue May 19 21:18:45 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9C0E9106564A
	for <freebsd-current@freebsd.org>; Tue, 19 May 2009 21:18:45 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158])
	by mx1.freebsd.org (Postfix) with ESMTP id 760068FC13
	for <freebsd-current@freebsd.org>; Tue, 19 May 2009 21:18:45 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: by syn.atarininja.org (Postfix, from userid 1001)
	id 097035C38; Tue, 19 May 2009 17:18:45 -0400 (EDT)
Date: Tue, 19 May 2009 17:18:44 -0400
From: Wesley Shields <wxs@FreeBSD.org>
To: Thomas Backman <serenity@exscape.org>
Message-ID: <20090519211844.GB39529@atarininja.org>
References: <949B5884-5303-4EFF-AC7D-293640FFA012@exscape.org>
	<20090518161148.GA56646@atarininja.org>
	<C994D84B-C67E-4BA3-9A7C-D5A3175BD29C@exscape.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <C994D84B-C67E-4BA3-9A7C-D5A3175BD29C@exscape.org>
User-Agent: Mutt/1.5.19 (2009-01-05)
Cc: freebsd-current@freebsd.org
Subject: Re: DTrace panic while probing syscall::open (and possibly many
	others)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2009 21:18:45 -0000

On Mon, May 18, 2009 at 06:18:38PM +0200, Thomas Backman wrote:
> 
> On May 18, 2009, at 06:11 PM, Wesley Shields wrote:
> 
> > On Wed, May 13, 2009 at 03:19:05PM +0200, Thomas Backman wrote:
> >> OK, so I first posted a thread on the forums about this in 7.2- 
> >> RELEASE:
> >> http://forums.freebsd.org/showthread.php?t=3834
> >> Then filed a PR, kern/134408:
> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=134408
> >>
> >> The very same bug remains in 8-CURRENT/amd64 as of May 13, ~10(am)
> >> GMT+2.
> >>
> >> Steps to reproduce:
> >> 1) Build DTrace capable kernel (I followed the wiki DTrace  
> >> instructions)
> >> 2) Reboot; kldload dtraceall
> >> 3) dtrace -n 'syscall::open:entry { self->path = arg0; }
> >> syscall::open:return { printf("%s\n", copyinstr(self->path)); }'
> >> 4) Crash.
> >>
> >> Backtrace:
> >> [...]
> >
> > It's not the probe that is the problem. I suspect it's the copyinstr.
> >
> >> Same panic on two computers (a "real" one, A64 3200+, nForce4, 2GB  
> >> RAM;
> >> and a Macbook Pro C2D running VMware Fusion). Same panic in 7.2 and  
> >> 8.0.
> >
> > I can easily reproduce this also.
> >
> > -- WXS
> 
> Yup, it's copyinstr() crashing. It works if you simply replace  
> printf(...) with printf("file opened\n") which doesn't copy anything  
> in, and the backtrace seems (even to me ;) to point towards it.

It's also worth noting that copyin() also causes the same panic. The
ASSERT() in dtrace_copycheck() is catching it.

The "Solaris Dynamic Tracing Guide" mentions that the specified address
must correspond to a faulted-in page in the current process. I'm not
sure how I could go about finding that out.

-- WXS