[autofs] Automount daemon getting killed by SIGBUS

Leonardo Chiquitto Mon, 22 Feb 2010 11:50:27 -0800

Hello,

We have a user reporting periodic crashes in automount. The daemon gets
killed by SIGBUS when returning from spawn_mount():


Core was generated by `/usr/sbin/automount -p /var/run/automount.pid'.
Program terminated with signal 7, Bus error.
#0  0x0000555555566bd0 in spawn_mount (logopt=Cannot access memory at
address 0x80004062242c
) at spawn.c:412
412     }

0x0000555555566bcd <spawn_mount+829>:   mov    %r12d,%eax
0x0000555555566bd0 <spawn_mount+832>:   pop    %rbx
0x0000555555566bd1 <spawn_mount+833>:   pop    %r12
0x0000555555566bd3 <spawn_mount+835>:   pop    %r13
0x0000555555566bd5 <spawn_mount+837>:   pop    %r14
0x0000555555566bd7 <spawn_mount+839>:   pop    %r15
0x0000555555566bd9 <spawn_mount+841>:   leaveq 
0x0000555555566bda <spawn_mount+842>:   retq   

Is it possible that we're exceeding stack usage at this point, mostly
due to the call to alloca()? Do you think we should replace alloca() with
regular malloc() in spawn.c (patch below)?

Thanks!
Leonardo

Index: autofs-5.0.5/daemon/spawn.c
===================================================================
--- autofs-5.0.5.orig/daemon/spawn.c
+++ autofs-5.0.5/daemon/spawn.c
@@ -288,14 +288,15 @@ int spawnv(unsigned logopt, const char *
 int spawnl(unsigned logopt, const char *prog, ...)
 {
        va_list arg;
-       int argc;
+       int argc, ret;
        char **argv, **p;
 
        va_start(arg, prog);
        for (argc = 1; va_arg(arg, char *); argc++);
        va_end(arg);
 
-       if (!(argv = alloca(sizeof(char *) * argc)))
+       argv = malloc(sizeof(char *) * argc);
+       if (!argv)
                return -1;
 
        va_start(arg, prog);
@@ -303,7 +304,11 @@ int spawnl(unsigned logopt, const char *
        while ((*p++ = va_arg(arg, char *)));
        va_end(arg);
 
-       return do_spawn(logopt, -1, SPAWN_OPT_NONE, prog, (const char **) argv);
+       ret = do_spawn(logopt, -1, SPAWN_OPT_NONE, prog, (const char **) argv);
+
+       free(argv);
+
+       return ret;
 }
 
 int spawn_mount(unsigned logopt, ...)
@@ -345,7 +350,8 @@ int spawn_mount(unsigned logopt, ...)
        }
 
        /* Alloc 1 extra slot in case we need to use the "-f" option */
-       if (!(argv = alloca(sizeof(char *) * argc + 2)))
+       argv = malloc(sizeof(char *) * argc + 2);
+       if (!argv)
                return -1;
 
        argv[0] = arg0;
@@ -422,6 +428,8 @@ int spawn_mount(unsigned logopt, ...)
                ret = MNT_FORCE_FAIL;
        }
 
+       free(argv);
+
        return ret;
 }
 
@@ -475,7 +483,8 @@ int spawn_bind_mount(unsigned logopt, ..
                }
        }
 
-       if (!(argv = alloca(sizeof(char *) * argc + 2)))
+       argv = malloc(sizeof(char *) * argc + 2);
+       if (!argv)
                return -1;
 
        argv[0] = arg0;
@@ -539,6 +548,8 @@ int spawn_bind_mount(unsigned logopt, ..
                ret = MNT_FORCE_FAIL;
        }
 
+       free(argv);
+
        return ret;
 }
 
@@ -577,7 +588,8 @@ int spawn_umount(unsigned logopt, ...)
                }
        }
 
-       if (!(argv = alloca(sizeof(char *) * argc + 1)))
+       argv = malloc(sizeof(char *) * argc + 1);
+       if (!argv)
                return -1;
 
        argv[0] = arg0;
@@ -627,6 +639,8 @@ int spawn_umount(unsigned logopt, ...)
                ret = 0;
        }
 
+       free(argv);
+
        return ret;
 }
 

_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs

[autofs] Automount daemon getting killed by SIGBUS

Reply via email to