From owner-freebsd-dtrace@freebsd.org  Mon May 22 09:46:18 2017
Return-Path: <owner-freebsd-dtrace@freebsd.org>
Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5BBB5D78E8D
 for <freebsd-dtrace@mailman.ysv.freebsd.org>;
 Mon, 22 May 2017 09:46:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3FBCE15E7
 for <freebsd-dtrace@FreeBSD.org>; Mon, 22 May 2017 09:46:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4M9kI5b020054
 for <freebsd-dtrace@FreeBSD.org>; Mon, 22 May 2017 09:46:18 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-dtrace@FreeBSD.org
Subject: [Bug 219451] [dtrace] Certain llquantize() parameters trigger
 assertion
Date: Mon, 22 May 2017 09:46:18 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: fk@fabiankeil.de
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter cc attachments.created
Message-ID: <bug-219451-32976@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-dtrace@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "A discussion list for developers working on DTrace in FreeBSD."
 <freebsd-dtrace.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-dtrace>, 
 <mailto:freebsd-dtrace-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-dtrace/>
List-Post: <mailto:freebsd-dtrace@freebsd.org>
List-Help: <mailto:freebsd-dtrace-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace>,
 <mailto:freebsd-dtrace-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 09:46:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219451

            Bug ID: 219451
           Summary: [dtrace] Certain llquantize() parameters trigger
                    assertion
           Product: Base System
           Version: 11.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: fk@fabiankeil.de
                CC: freebsd-dtrace@FreeBSD.org

Created attachment 182796
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D182796&action=
=3Dedit
libdtrace: Prevent an assertion from triggering with certain llquantize()
parameters

On a system based on r318579/0c33b79a4 the following dtrace command reliably
triggers an
assertion when printing output:

         fk@t520 ~ $sudo dtrace -n 'syscall::read:return /execname =3D=3D
"privoxy"/ { @[execname] =3D llquantize(arg0, 100, 0, 10, 100); @m =3D max(=
arg0)}'
         [...]
                     9800 |                                         0
                     9900 |                                         0
                    10000 |@@@@@@@@@@@@@@@@@@@@                     37
                    20000 |                                         0
         Assertion failed: (value < next), file
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume.c,
line 1083.
         Abort trap

         (gdb) where
         #0  0x00000008011effda in thr_kill () from /lib/libc.so.7
         #1  0x00000008011effa4 in __raise (s=3D6) at
/usr/src/lib/libc/gen/raise.c:52
         #2  0x00000008011eff19 in abort () at
/usr/src/lib/libc/stdlib/abort.c:65
         #3  0x000000080088c3b2 in __assert (expr=3D0x8008d3172 "value < ne=
xt",
file=3D0x8008d3078
"/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrac=
e/common/dt_consume.c",
line=3D1083)
             at
/usr/src/cddl/lib/libdtrace/../../../cddl/compat/opensolaris/include/assert=
.h:56
         #4  0x000000080088c190 in dt_print_llquantize (dtp=3D0x802633000,
fp=3D0x8014c37e8, addr=3D0x80269a110, size=3D7840, normal=3D1) at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume
.c:1083
         #5  0x000000080088e37d in dt_print_datum (dtp=3D0x802633000,
fp=3D0x8014c37e8, rec=3D0x8026900e8, addr=3D0x80269a110 "d", size=3D7848,
aggdata=3D0x802690150, normal=3D1, pd=3D0x7fffffffe750)
             at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume.c:2211
         #6  0x000000080088dc12 in dt_print_aggs (aggsdata=3D0x7fffffffe630,
naggvars=3D1, arg=3D0x7fffffffe750) at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume.c:2313
         #7  0x000000080088e6cf in dt_print_agg (aggdata=3D0x802690150,
arg=3D0x7fffffffe750) at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume.c:2361
         #8  0x0000000800895f8b in dt_aggregate_walk_sorted (dtp=3D0x802633=
000,
func=3D0x80088e610 <dt_print_agg>, arg=3D0x7fffffffe750, sfunc=3D0x0)
             at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_aggregate.c:1585
         #9  0x0000000800895d39 in dtrace_aggregate_walk_sorted
(dtp=3D0x802633000, func=3D0x80088e610 <dt_print_agg>, arg=3D0x7fffffffe750)
             at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_aggregate.c:1605
         #10 0x0000000800897f12 in dtrace_aggregate_print (dtp=3D0x80263300=
0,
fp=3D0x8014c37e8, func=3D0x800895d10 <dtrace_aggregate_walk_sorted>)
             at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_aggregate.c:2130
         #11 0x0000000000403a5e in main (argc=3D<optimized out>, argv=3D<op=
timized
out>) at
/usr/src/cddl/usr.sbin/dtrace/../../../cddl/contrib/opensolaris/cmd/dtrace/=
dtrace.c:2005
         (gdb) f 4
         #4  0x000000080088c190 in dt_print_llquantize (dtp=3D0x802633000,
fp=3D0x8014c37e8, addr=3D0x80269a110, size=3D7840, normal=3D1) at
/usr/src/cddl/lib/libdtrace/../../../cddl/contrib/opensolaris/lib/libdtrace=
/common/dt_consume
.c:1083
         1083                       assert(value < next);
         (gdb) p step
         $2915 =3D 77662796314522419
         (gdb) p value
         $2916 =3D 7834326075677972872
         (gdb) p next
         $2917 =3D 7766279631452241920

It works as expected when replacing the 10 with a 5.

Various other parameter combinations work as expected as well and I've used
similar commands for weeks without issues.

The problem is reproducible with other execnames as long as the probe fires.

The "@m =3D max(arg0)" part isn't required to trigger the assertion but I o=
nly
noticed it
after already patching the system where libdtrace is build with reduced
optimizations.

The attached patch prevents the assertion from triggering but may not be the
best solution.

The code flow in dt_print_llquantize() seems strange to me and maybe the
loop should break if "bin" reaches "last_bin" instead. My impression is that
it does a bunch of cycles at the end without doing meaningful work.

Obtained from: ElectroBSD

--=20
You are receiving this mail because:
You are on the CC list for the bug.=