Re: kern/56925: Amd64 server randomly panics

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joel.bertrand%systella.fr@localhost
Subject: Re: kern/56925: Amd64 server randomly panics
From: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Date: Thu, 14 Jul 2022 13:20:02 +0000 (UTC)

The following reply was made to PR kern/56925; it has been noted by GNATS.

From: =?UTF-8?Q?BERTRAND_Jo=c3=abl?= <joel.bertrand%systella.fr@localhost>
To: gnats-bugs%netbsd.org@localhost, kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
        netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/56925: Amd64 server randomly panics
Date: Thu, 14 Jul 2022 15:17:09 +0200

 Taylor R Campbell a Ã©critÂ :
 > The following reply was made to PR kern/56925; it has been noted by GNATS.
 > 
 > From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
 > To: joel.bertrand%systella.fr@localhost
 > Cc: gnats-bugs%NetBSD.org@localhost
 > Subject: Re: kern/56925: Amd64 server randomly panics
 > Date: Thu, 14 Jul 2022 11:24:36 +0000
 > 
 >  This is a null pointer dereference by the instruction at address
 >  0xffffffff8022800c.  I'm guessing it's in wake_ccb but I'm not sure.
 >  
 >  Can you try to obtain the following information from your kernel?
 >  
 >  1. The disassembly of the function where rip 0xffffffff8022800c lies,
 >     and, if possible, the line number of 0xffffffff8022800c.
 >  
 >  2. The disassembly of ccb_timeout, and, if possible, the line number
 >     of ccb_timeout+0xf0.
 >  
 >  If you have a netbsd.gdb file, you can get these with:
 >
 	I have ;-)
 
 (gdb) info line *(0xffffffff8022800c)
 No line number information available for address
   0xffffffff8022800c <mutex_enter+12>
 (gdb) disas 0xffffffff8022800c
 Dump of assembler code for function mutex_enter:
    0xffffffff80228000 <+0>:     mov    %gs:0x1d0,%rcx
    0xffffffff80228009 <+9>:     xor    %rax,%rax
    0xffffffff8022800c <+12>:    lock cmpxchg %rcx,(%rdi)
    0xffffffff80228011 <+17>:    jne    0xffffffff80228017 <mutex_enter+23>
    0xffffffff80228013 <+19>:    retq
    0xffffffff80228014 <+20>:    nop
    0xffffffff80228015 <+21>:    nop
    0xffffffff80228016 <+22>:    retq
    0xffffffff80228017 <+23>:    jmpq   0xffffffff8096c7b4
 <mutex_vector_enter>
 End of assembler dump.
 (gdb) info line *(ccb_timeout+0xf0)
 Line 1674 of "/usr/src/netbsd-9/src/sys/dev/iscsi/iscsi_send.c"
    starts at address 0xffffffff80a9b544 <ccb_timeout+240>
    and ends at 0xffffffff80a9b551 <ccb_timeout+253>.
 (gdb) disas ccb_timeout
 Dump of assembler code for function ccb_timeout:
    0xffffffff80a9b454 <+0>:     push   %rbp
    0xffffffff80a9b455 <+1>:     mov    %rsp,%rbp
    0xffffffff80a9b458 <+4>:     push   %r12
    0xffffffff80a9b45a <+6>:     push   %rbx
    0xffffffff80a9b45b <+7>:     mov    %rdi,%rbx
    0xffffffff80a9b45e <+10>:    mov    0x168(%rdi),%r12
    0xffffffff80a9b465 <+17>:    addl   $0x1,0x80(%rdi)
    0xffffffff80a9b46c <+24>:    mov    0x9c8392(%rip),%edx        #
 0xffffffff81463804 <iscsi_debug_level>
    0xffffffff80a9b472 <+30>:    test   %edx,%edx
    0xffffffff80a9b474 <+32>:    js     0xffffffff80a9b4c2 <ccb_timeout+110>
    0xffffffff80a9b476 <+34>:    test   %r12,%r12
    0xffffffff80a9b479 <+37>:    je     0xffffffff80a9b55a <ccb_timeout+262>
    0xffffffff80a9b47f <+43>:    movzwl 0x128(%r12),%edx
    0xffffffff80a9b488 <+52>:    mov    0x140(%r12),%rax
    0xffffffff80a9b490 <+60>:    movzwl 0x224(%rax),%esi
    0xffffffff80a9b497 <+67>:    mov    $0xffffffff811b8b59,%rdi
    0xffffffff80a9b49e <+74>:    xor    %eax,%eax
    0xffffffff80a9b4a0 <+76>:    callq  0xffffffff809a88b7 <printf>
    0xffffffff80a9b4a5 <+81>:    mov    0x14(%rbx),%ecx
    0xffffffff80a9b4a8 <+84>:    mov    0x80(%rbx),%edx
    0xffffffff80a9b4ae <+90>:    mov    0x7c(%rbx),%eax
    0xffffffff80a9b4b1 <+93>:    lea    0x1(%rax),%esi
    0xffffffff80a9b4b4 <+96>:    mov    $0xffffffff811ba8e0,%rdi
    0xffffffff80a9b4bb <+103>:   xor    %eax,%eax
    0xffffffff80a9b4bd <+105>:   callq  0xffffffff809a88b7 <printf>
    0xffffffff80a9b4c2 <+110>:   mov    0x7c(%rbx),%eax
    0xffffffff80a9b4c5 <+113>:   add    $0x1,%eax
    0xffffffff80a9b4c8 <+116>:   mov    %eax,0x7c(%rbx)
    0xffffffff80a9b4cb <+119>:   cmp    $0x3,%eax
    0xffffffff80a9b4ce <+122>:   jg     0xffffffff80a9b537 <ccb_timeout+227>
    0xffffffff80a9b4d0 <+124>:   cmpl   $0x9,0x80(%rbx)
    0xffffffff80a9b4d7 <+131>:   jg     0xffffffff80a9b537 <ccb_timeout+227>
    0xffffffff80a9b4d9 <+133>:   cmpl   $0x3,0x14(%rbx)
    0xffffffff80a9b4dd <+137>:   jbe    0xffffffff80a9b537 <ccb_timeout+227>
    0xffffffff80a9b4df <+139>:   mov    0x170(%rbx),%rax
    0xffffffff80a9b4e6 <+146>:   mov    0x234(%rax),%eax
    0xffffffff80a9b4ec <+152>:   test   %eax,%eax
    0xffffffff80a9b4ee <+154>:   je     0xffffffff80a9b537 <ccb_timeout+227>
    0xffffffff80a9b4f0 <+156>:   xor    %r8d,%r8d
    0xffffffff80a9b4f3 <+159>:   xor    %ecx,%ecx
    0xffffffff80a9b4f5 <+161>:   cmpb   $0x0,0x12a(%rbx)
    0xffffffff80a9b4fc <+168>:   je     0xffffffff80a9b50c <ccb_timeout+184>
    0xffffffff80a9b4fe <+170>:   mov    0x138(%rbx),%eax
    0xffffffff80a9b504 <+176>:   cmp    %eax,0x13c(%rbx)
    0xffffffff80a9b50a <+182>:   jb     0xffffffff80a9b566 <ccb_timeout+274>
    0xffffffff80a9b50c <+184>:   mov    $0x1,%edx
    0xffffffff80a9b511 <+189>:   xor    %esi,%esi
    0xffffffff80a9b513 <+191>:   mov    %r12,%rdi
    0xffffffff80a9b516 <+194>:   callq  0xffffffff80a9936c <snack_missing>
    0xffffffff80a9b51b <+199>:   mov    0x9bd2a3(%rip),%eax        #
 0xffffffff814587c4 <hz>
    0xffffffff80a9b521 <+205>:   mov    %eax,%esi
    0xffffffff80a9b523 <+207>:   shl    $0x4,%esi
    0xffffffff80a9b526 <+210>:   sub    %eax,%esi
    0xffffffff80a9b528 <+212>:   shl    $0x2,%esi
    0xffffffff80a9b52b <+215>:   mov    %rbx,%rdi
    0xffffffff80a9b52e <+218>:   pop    %rbx
    0xffffffff80a9b52f <+219>:   pop    %r12
    0xffffffff80a9b531 <+221>:   pop    %rbp
    0xffffffff80a9b532 <+222>:   jmpq   0xffffffff80a93e29
 <ccb_timeout_start>
    0xffffffff80a9b537 <+227>:   mov    $0x18,%esi
    0xffffffff80a9b53c <+232>:   mov    %rbx,%rdi
    0xffffffff80a9b53f <+235>:   callq  0xffffffff80a9e21f <wake_ccb>
    0xffffffff80a9b544 <+240>:   mov    $0x2,%edx
    0xffffffff80a9b549 <+245>:   mov    $0x18,%esi
    0xffffffff80a9b54e <+250>:   mov    %r12,%rdi
    0xffffffff80a9b551 <+253>:   pop    %rbx
    0xffffffff80a9b552 <+254>:   pop    %r12
    0xffffffff80a9b554 <+256>:   pop    %rbp
    0xffffffff80a9b555 <+257>:   jmpq   0xffffffff80a93570
 <handle_connection_error>
    0xffffffff80a9b55a <+262>:   mov    $0xffffffff,%edx
    0xffffffff80a9b55f <+267>:   mov    %edx,%esi
    0xffffffff80a9b561 <+269>:   jmpq   0xffffffff80a9b497 <ccb_timeout+67>
    0xffffffff80a9b566 <+274>:   xor    %edx,%edx
    0xffffffff80a9b568 <+276>:   mov    %rbx,%rsi
    0xffffffff80a9b56b <+279>:   mov    %r12,%rdi
    0xffffffff80a9b56e <+282>:   callq  0xffffffff80a9936c <snack_missing>
    0xffffffff80a9b573 <+287>:   jmp    0xffffffff80a9b51b <ccb_timeout+199>
 End of assembler dump.
 
 	Best regards,
 
 	JB

Prev by Date: Re: kern/56925: Amd64 server randomly panics
Next by Date: Re: install/56923 (installer fails)
Previous by Thread: Re: kern/56925: Amd64 server randomly panics
Next by Thread: Re: kern/56925: Amd64 server randomly panics
Indexes:

Home | Main Index | Thread Index | Old Index