From owner-freebsd-bugs@FreeBSD.ORG  Sat Jan 17 08:29:01 2015
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D3F8A4BB
 for <freebsd-bugs@FreeBSD.org>; Sat, 17 Jan 2015 08:29:01 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B51639BD
 for <freebsd-bugs@FreeBSD.org>; Sat, 17 Jan 2015 08:29:01 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t0H8T1xA090704
 for <freebsd-bugs@FreeBSD.org>; Sat, 17 Jan 2015 08:29:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 196819] mptutil show drives and mptutil show config segfaulted
 on 10.1-RELEASE
Date: Sat, 17 Jan 2015 08:29:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: cdyhaj799@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-196819-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2015 08:29:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196819

            Bug ID: 196819
           Summary: mptutil show drives and mptutil show config segfaulted
                    on 10.1-RELEASE
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: cdyhaj799@gmail.com

# uname -r
10.1-RELEASE
# mptutil show drives
Segmentation fault (core dumped)
# mptutil show config
Segmentation fault (core dumped)

Download the 10.1-RELEASE source code and compile mptutil with -g; 
Using GDB:
# gdb ./mptutil
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) run show drives
Starting program: /root/10.1-RELEASE/10.1.0/usr.sbin/mptutil/mptutil show
drives

Program received signal SIGSEGV, Segmentation fault.
0x0000000800f0c24c in sbrk () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800f0c24c in sbrk () from /lib/libc.so.7
#1  0x0000000800f0c7af in sbrk () from /lib/libc.so.7
#2  0x0000000800f17df5 in free () from /lib/libc.so.7
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
#4  0x0000000000405ce9 in show_drives (ac=<value optimized out>, av=<value
optimized out>)
    at mpt_show.c:500
#5  0x000000000040192c in main (ac=2, av=0x7fffffffea98) at mptutil.c:117
(gdb) frame 3
#3  0x000000000040253a in mpt_fetch_disks (fd=<value optimized out>, 
    ndisks=0x7fffffffe9bc, disksp=0x7fffffffe9c0) at mpt_cam.c:292
292            cam_freeccb(ccb);
Current language:  auto; currently minimal
(gdb) l
287            cam_freeccb(ccb);
288            return (error);
289        }
290    
291        if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
292            cam_freeccb(ccb);
293            return (EIO);
294        }
295        cam_freeccb(ccb);
296    
(gdb) p ccb->ccb_h.status
$1 = 1

Looks ccb was freed at line mpt_cam.c:263 already and reused later.
this is maybe the reason segment fault when ccb is freed again at
mpt_cam.c:292.

Comment line 291-295 out, it does not crash. But not the right way to fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.