Description of problem: At any given moment there are typically over 100 processes running on my system, but pstree only shows a dozen or so. It makes no difference whether I am root or an ordinary user, or which options I give to pstree. Trying "pstree PID" gives no output at all if PID is one of those missed in the regular output of "pstree". Most importantly, I checked that vanilla psmisc 22.6 from psmisc.sourceforge.net works CORRECTLY, so the bug is Fedora specific. Version-Release number of selected component (if applicable): psmisc-22.6-2.fc8.i386.rpm How reproducible: always Steps to Reproduce: 1. type "pstree -n" in shell (-n only sorts the output for easier comparison, it does not affect the result otherwise) 2. 3. Actual results: init-+-udevd |-restorecond |-rpcbind |-rpc.statd |-rpc.idmapd |-pcscd |-rsyslogd---{rsyslogd} |-rklogd `-auditd---{auditd} Expected results: see attachment for example (obtained using vanilla psmisc) Additional info: I'm running kernel 2.6.24.3-50.fc8 on an Intel Core 2 Duo (T5450) machine.
Created attachment 302016 [details] expected output of pstree
Created attachment 302018 [details] output of "ps ax" matching the given pstree output listings
I've tried to reproduce the bug on several machines around but failed. There are no Fedora specific patches in pstree (there is one patch in psmisc but it just fixes an autoconf macro parameter). Did you compile the "vanilla" sources with --enable-selinux configure option? Albeit unlikely, didn't you get any AVC messages?
(In reply to comment #3) > There are no Fedora specific patches in pstree (there is one patch in psmisc but > it just fixes an autoconf macro parameter). Hmm, now that's weird. > Did you compile the "vanilla" > sources with --enable-selinux configure option? I tried both, with and without --enable-selinux. It made no difference. > Albeit unlikely, didn't you get > any AVC messages? Didn't notice anything unusual, but I'll have a look on the logs when I get home. I should mention that it runs SELinux in permissive mode.
SELinux is not directly involved. After a bit of experimenting, I think I understand the root of the problem, it's a sort of a buffer overflow. The observed difference in behaviour of Fedora's and vanilla pstree is simply due to CFLAGS, I can trigger the bug in the original package using ./configure --enable-selinux CFLAGS="-g -O2 -fstack-protector" The offending code which the stack protector breaks seems to be around lines 610-620 in pstree.c: fread(readbuf, BUFSIZ, 1, file) ; if (ferror(file) == 0) { memset(comm, '\0', COMM_LEN+1); tmpptr = strrchr(readbuf, ')'); /* find last ) */ /* We now have readbuf with pid and cmd, and tmpptr+2 * with the rest */ /*printf("readbuf: %s\n", readbuf);*/ if (sscanf(readbuf, "%*d (%15[^)]", comm) == 1) { /*printf("tmpptr: %s\n", tmpptr+2);*/ if (sscanf(tmpptr+2, "%*c %d", &ppid) == 1) { The catch is that fread() does not null-terminate the string in readbuf. Thus in unlucky circumstances, strrchr() may spill outside of the line just read (or even outside of readbuf), and find the "last )" in the adjacent garbage. As such a stray ) is not followed by the expected " status ppid", the second sscanf() will fail to set ppid, and the process will get ignored. In order to demonstrate the problem, I uncommented the two printf()s in the code above, the output is attached. As you can see, everything goes fine until "2217 (audispd)", when a ) somehow gets at the end of readbuf, making tmpptr+2 the empty string. The bug can be easily cured by clearing readbuf before fread(), patch attached. Should I report it upstream?
Created attachment 302258 [details] pstree output with debugging info
Created attachment 302259 [details] patch
This sounds reasonable and would explain the observed behaviour. If the attached patch solved your problem then I'd say it's beyond any dispute. And yes, this should be reported upstream -- please do so or let me know and I'll do it. I'll add your patch to the Fedora package and push to testing repository. Thank you very much.
psmisc-22.6-2.1.fc8 has been submitted as an update for Fedora 8
I've reported the problem and the patch as http://sourceforge.net/tracker/index.php?func=detail&aid=1942031&group_id=15273&atid=315273
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update psmisc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-3144
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.