NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/56925: Amd64 server randomly panics
Taylor R Campbell a écrit :
> The following reply was made to PR kern/56925; it has been noted by GNATS.
>
> From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
> To: joel.bertrand%systella.fr@localhost
> Cc: gnats-bugs%NetBSD.org@localhost
> Subject: Re: kern/56925: Amd64 server randomly panics
> Date: Thu, 14 Jul 2022 11:24:36 +0000
>
> This is a null pointer dereference by the instruction at address
> 0xffffffff8022800c. I'm guessing it's in wake_ccb but I'm not sure.
>
> Can you try to obtain the following information from your kernel?
>
> 1. The disassembly of the function where rip 0xffffffff8022800c lies,
> and, if possible, the line number of 0xffffffff8022800c.
>
> 2. The disassembly of ccb_timeout, and, if possible, the line number
> of ccb_timeout+0xf0.
>
> If you have a netbsd.gdb file, you can get these with:
>
I have ;-)
(gdb) info line *(0xffffffff8022800c)
No line number information available for address
0xffffffff8022800c <mutex_enter+12>
(gdb) disas 0xffffffff8022800c
Dump of assembler code for function mutex_enter:
0xffffffff80228000 <+0>: mov %gs:0x1d0,%rcx
0xffffffff80228009 <+9>: xor %rax,%rax
0xffffffff8022800c <+12>: lock cmpxchg %rcx,(%rdi)
0xffffffff80228011 <+17>: jne 0xffffffff80228017 <mutex_enter+23>
0xffffffff80228013 <+19>: retq
0xffffffff80228014 <+20>: nop
0xffffffff80228015 <+21>: nop
0xffffffff80228016 <+22>: retq
0xffffffff80228017 <+23>: jmpq 0xffffffff8096c7b4
<mutex_vector_enter>
End of assembler dump.
(gdb) info line *(ccb_timeout+0xf0)
Line 1674 of "/usr/src/netbsd-9/src/sys/dev/iscsi/iscsi_send.c"
starts at address 0xffffffff80a9b544 <ccb_timeout+240>
and ends at 0xffffffff80a9b551 <ccb_timeout+253>.
(gdb) disas ccb_timeout
Dump of assembler code for function ccb_timeout:
0xffffffff80a9b454 <+0>: push %rbp
0xffffffff80a9b455 <+1>: mov %rsp,%rbp
0xffffffff80a9b458 <+4>: push %r12
0xffffffff80a9b45a <+6>: push %rbx
0xffffffff80a9b45b <+7>: mov %rdi,%rbx
0xffffffff80a9b45e <+10>: mov 0x168(%rdi),%r12
0xffffffff80a9b465 <+17>: addl $0x1,0x80(%rdi)
0xffffffff80a9b46c <+24>: mov 0x9c8392(%rip),%edx #
0xffffffff81463804 <iscsi_debug_level>
0xffffffff80a9b472 <+30>: test %edx,%edx
0xffffffff80a9b474 <+32>: js 0xffffffff80a9b4c2 <ccb_timeout+110>
0xffffffff80a9b476 <+34>: test %r12,%r12
0xffffffff80a9b479 <+37>: je 0xffffffff80a9b55a <ccb_timeout+262>
0xffffffff80a9b47f <+43>: movzwl 0x128(%r12),%edx
0xffffffff80a9b488 <+52>: mov 0x140(%r12),%rax
0xffffffff80a9b490 <+60>: movzwl 0x224(%rax),%esi
0xffffffff80a9b497 <+67>: mov $0xffffffff811b8b59,%rdi
0xffffffff80a9b49e <+74>: xor %eax,%eax
0xffffffff80a9b4a0 <+76>: callq 0xffffffff809a88b7 <printf>
0xffffffff80a9b4a5 <+81>: mov 0x14(%rbx),%ecx
0xffffffff80a9b4a8 <+84>: mov 0x80(%rbx),%edx
0xffffffff80a9b4ae <+90>: mov 0x7c(%rbx),%eax
0xffffffff80a9b4b1 <+93>: lea 0x1(%rax),%esi
0xffffffff80a9b4b4 <+96>: mov $0xffffffff811ba8e0,%rdi
0xffffffff80a9b4bb <+103>: xor %eax,%eax
0xffffffff80a9b4bd <+105>: callq 0xffffffff809a88b7 <printf>
0xffffffff80a9b4c2 <+110>: mov 0x7c(%rbx),%eax
0xffffffff80a9b4c5 <+113>: add $0x1,%eax
0xffffffff80a9b4c8 <+116>: mov %eax,0x7c(%rbx)
0xffffffff80a9b4cb <+119>: cmp $0x3,%eax
0xffffffff80a9b4ce <+122>: jg 0xffffffff80a9b537 <ccb_timeout+227>
0xffffffff80a9b4d0 <+124>: cmpl $0x9,0x80(%rbx)
0xffffffff80a9b4d7 <+131>: jg 0xffffffff80a9b537 <ccb_timeout+227>
0xffffffff80a9b4d9 <+133>: cmpl $0x3,0x14(%rbx)
0xffffffff80a9b4dd <+137>: jbe 0xffffffff80a9b537 <ccb_timeout+227>
0xffffffff80a9b4df <+139>: mov 0x170(%rbx),%rax
0xffffffff80a9b4e6 <+146>: mov 0x234(%rax),%eax
0xffffffff80a9b4ec <+152>: test %eax,%eax
0xffffffff80a9b4ee <+154>: je 0xffffffff80a9b537 <ccb_timeout+227>
0xffffffff80a9b4f0 <+156>: xor %r8d,%r8d
0xffffffff80a9b4f3 <+159>: xor %ecx,%ecx
0xffffffff80a9b4f5 <+161>: cmpb $0x0,0x12a(%rbx)
0xffffffff80a9b4fc <+168>: je 0xffffffff80a9b50c <ccb_timeout+184>
0xffffffff80a9b4fe <+170>: mov 0x138(%rbx),%eax
0xffffffff80a9b504 <+176>: cmp %eax,0x13c(%rbx)
0xffffffff80a9b50a <+182>: jb 0xffffffff80a9b566 <ccb_timeout+274>
0xffffffff80a9b50c <+184>: mov $0x1,%edx
0xffffffff80a9b511 <+189>: xor %esi,%esi
0xffffffff80a9b513 <+191>: mov %r12,%rdi
0xffffffff80a9b516 <+194>: callq 0xffffffff80a9936c <snack_missing>
0xffffffff80a9b51b <+199>: mov 0x9bd2a3(%rip),%eax #
0xffffffff814587c4 <hz>
0xffffffff80a9b521 <+205>: mov %eax,%esi
0xffffffff80a9b523 <+207>: shl $0x4,%esi
0xffffffff80a9b526 <+210>: sub %eax,%esi
0xffffffff80a9b528 <+212>: shl $0x2,%esi
0xffffffff80a9b52b <+215>: mov %rbx,%rdi
0xffffffff80a9b52e <+218>: pop %rbx
0xffffffff80a9b52f <+219>: pop %r12
0xffffffff80a9b531 <+221>: pop %rbp
0xffffffff80a9b532 <+222>: jmpq 0xffffffff80a93e29
<ccb_timeout_start>
0xffffffff80a9b537 <+227>: mov $0x18,%esi
0xffffffff80a9b53c <+232>: mov %rbx,%rdi
0xffffffff80a9b53f <+235>: callq 0xffffffff80a9e21f <wake_ccb>
0xffffffff80a9b544 <+240>: mov $0x2,%edx
0xffffffff80a9b549 <+245>: mov $0x18,%esi
0xffffffff80a9b54e <+250>: mov %r12,%rdi
0xffffffff80a9b551 <+253>: pop %rbx
0xffffffff80a9b552 <+254>: pop %r12
0xffffffff80a9b554 <+256>: pop %rbp
0xffffffff80a9b555 <+257>: jmpq 0xffffffff80a93570
<handle_connection_error>
0xffffffff80a9b55a <+262>: mov $0xffffffff,%edx
0xffffffff80a9b55f <+267>: mov %edx,%esi
0xffffffff80a9b561 <+269>: jmpq 0xffffffff80a9b497 <ccb_timeout+67>
0xffffffff80a9b566 <+274>: xor %edx,%edx
0xffffffff80a9b568 <+276>: mov %rbx,%rsi
0xffffffff80a9b56b <+279>: mov %r12,%rdi
0xffffffff80a9b56e <+282>: callq 0xffffffff80a9936c <snack_missing>
0xffffffff80a9b573 <+287>: jmp 0xffffffff80a9b51b <ccb_timeout+199>
End of assembler dump.
Best regards,
JB
Home |
Main Index |
Thread Index |
Old Index