Re: who(XXXXX): syscall 54 in the last few snapshots

Sun, 11 Oct 2015 09:07:19 -0700 

On Sun, Oct 11, 2015 at 11:53:10AM +0300, Atanas Vladimirov wrote:
> Hi,
> I got *who(XXXXX): syscall 54* in the last few snapshots.
> If you need more info just ask.

syscall 54 is for ioctl syscall.

> ~$ ktrace -i who
> ~$ kdump
>  ............................................
>  16759 who      RET   read 2819/0xb03
>  16759 who      CALL  close(4)
>  16759 who      RET   close 0
>  16759 who      CALL  kbind(0x7f7ffffdcd58,0x18,0x962191a9ce60cd08)
>  16759 who      RET   kbind 0
>  16759 who      CALL  kbind(0x7f7ffffdccc8,0x18,0x962191a9ce60cd08)
>  16759 who      RET   kbind 0
>  16759 who      CALL  write(1,0x1d987d241000,0x2f)
>  16759 who      GIO   fd 1 wrote 47 bytes
>        "vlado    ttyp0    Oct 11 11:37   (192.168.1.2)
>        "
>  16759 who      RET   write 47/0x2f
>  16759 who      CALL  read(3,0x1d98baae1000,0x4000)
>  16759 who      RET   read 0
>  16759 who      CALL  kbind(0x7f7ffffdce28,0x18,0x962191a9ce60cd08)
>  16759 who      RET   kbind 0
>  16759 who      CALL  kbind(0x7f7ffffdce08,0x18,0x962191a9ce60cd08)
>  16759 who      RET   kbind 0
>  16759 who      CALL
> mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL
> mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL
> mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
>  16759 who      RET   mprotect 0
>  16759 who      CALL  munmap(0x1d98aa7a1000,0x1000)
>  16759 who      RET   munmap 0
>  16759 who      CALL  exit(0)

This ktrace showed a process that exit(0). This process wasn't killed
by pledge(2).

> ~$ dmesg
> OpenBSD 5.8-current (GENERIC.MP) #1456: Sat Oct 10 21:51:05 MDT 2015
>     [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Could you try to rebuild who(1) ? You will need to add `abort' in all
pledge calls in order to generate a coredump, and obtain a
fullbacktrace.

$ grep -FRn 'pledge(' /usr/src/usr.bin/who/
/usr/src/usr.bin/who/who.c:77:  if (pledge("stdio rpath getpw tty", NULL) == -1)
/usr/src/usr.bin/who/who.c:293:         if (pledge("stdio rpath getpw", NULL) 
== -1)
/usr/src/usr.bin/who/who.c:296:         if (pledge("stdio getpw", NULL) == -1)

For example, line 77: if (pledge("stdio rpath getpw tty abort", NULL) == -1)

When you get a who.core, you can use gdb to extract the backtrace:
$ gdb who who.core 
(gdb) bt

Thanks.
-- 
Sebastien Marie

Reply via email to