Re: who(XXXXX): syscall 54 in the last few snapshots

Sun, 11 Oct 2015 11:11:02 -0700 

On 11.10.2015 18:54, Sebastien Marie wrote:

On Sun, Oct 11, 2015 at 11:53:10AM +0300, Atanas Vladimirov wrote:

Hi,
I got *who(XXXXX): syscall 54* in the last few snapshots.
If you need more info just ask.


syscall 54 is for ioctl syscall.


~$ ktrace -i who
~$ kdump
 ............................................
 16759 who      RET   read 2819/0xb03
 16759 who      CALL  close(4)
 16759 who      RET   close 0
 16759 who      CALL  kbind(0x7f7ffffdcd58,0x18,0x962191a9ce60cd08)
 16759 who      RET   kbind 0
 16759 who      CALL  kbind(0x7f7ffffdccc8,0x18,0x962191a9ce60cd08)
 16759 who      RET   kbind 0
 16759 who      CALL  write(1,0x1d987d241000,0x2f)
 16759 who      GIO   fd 1 wrote 47 bytes
       "vlado    ttyp0    Oct 11 11:37   (192.168.1.2)
       "
 16759 who      RET   write 47/0x2f
 16759 who      CALL  read(3,0x1d98baae1000,0x4000)
 16759 who      RET   read 0
 16759 who      CALL  kbind(0x7f7ffffdce28,0x18,0x962191a9ce60cd08)
 16759 who      RET   kbind 0
 16759 who      CALL  kbind(0x7f7ffffdce08,0x18,0x962191a9ce60cd08)
 16759 who      RET   kbind 0
 16759 who      CALL
mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
 16759 who      RET   mprotect 0
 16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
 16759 who      RET   mprotect 0
 16759 who      CALL
mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
 16759 who      RET   mprotect 0
 16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
 16759 who      RET   mprotect 0
 16759 who      CALL
mprotect(0x1d98aa7a1000,0x1000,0x3<PROT_READ|PROT_WRITE>)
 16759 who      RET   mprotect 0
 16759 who      CALL  mprotect(0x1d98aa7a1000,0x1000,0x1<PROT_READ>)
 16759 who      RET   mprotect 0
 16759 who      CALL  munmap(0x1d98aa7a1000,0x1000)
 16759 who      RET   munmap 0
 16759 who      CALL  exit(0)


This ktrace showed a process that exit(0). This process wasn't killed
by pledge(2).


~$ dmesg
OpenBSD 5.8-current (GENERIC.MP) #1456: Sat Oct 10 21:51:05 MDT 2015

    
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP


Could you try to rebuild who(1) ? You will need to add `abort' in all
pledge calls in order to generate a coredump, and obtain a
fullbacktrace.

$ grep -FRn 'pledge(' /usr/src/usr.bin/who/

/usr/src/usr.bin/who/who.c:77:  if (pledge("stdio rpath getpw tty", 
NULL) == -1)

/usr/src/usr.bin/who/who.c:293:         if (pledge("stdio rpath
getpw", NULL) == -1)

/usr/src/usr.bin/who/who.c:296:         if (pledge("stdio getpw", NULL) 
== -1)



For example, line 77: if (pledge("stdio rpath getpw tty abort", NULL) 
== -1)


When you get a who.core, you can use gdb to extract the backtrace:
$ gdb who who.core
(gdb) bt

Thanks.


I rebuild who(1) with DEBUG and add 'abort' in all pledge calls.

Also I changed kern.nosuidcoredump=3 and made /var/crash/who but I can't 
find who.core.
Meanwhile I got syscall 54 every 5 min. Is it possible another 
process/daemon to generate this errors?

How can I find it?

~$ tail /var/log/messages
Oct 11 19:54:37 ns /bsd: who(5929): syscall 54
Oct 11 19:59:37 ns /bsd: who(6769): syscall 54
Oct 11 20:04:37 ns /bsd: who(13907): syscall 54
Oct 11 20:09:37 ns /bsd: who(27822): syscall 54
Oct 11 20:14:37 ns /bsd: who(25574): syscall 54
Oct 11 20:19:37 ns /bsd: who(8480): syscall 54
Oct 11 20:24:37 ns /bsd: who(28849): syscall 54
Oct 11 20:29:37 ns /bsd: who(11423): syscall 54
Oct 11 20:34:37 ns /bsd: who(20946): syscall 54























					Reply via email to