port-sparc64/57784: iscsi-initiator crashes on sparc64

To: port-sparc64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-sparc64/57784: iscsi-initiator crashes on sparc64
From: 2857%gmx.de@localhost
Date: Tue, 19 Dec 2023 02:05:01 +0000 (UTC)

>Number:         57784
>Category:       port-sparc64
>Synopsis:       iscsi-initiator crashes on sparc64
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-sparc64-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 19 02:05:00 +0000 2023
>Originator:     zip100
>Release:        9.3
>Organization:
>Environment:
NetBSD tango 9.3 NetBSD 9.3 (GENERIC) #0: Thu Aug  4 15:30:37 UTC 2022  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/sparc64/compile/GENERIC sparc64
>Description:
# gdb iscsi-initiator
GNU gdb (GDB) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "sparc64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from iscsi-initiator...
Reading symbols from /usr/libdata/debug//usr/sbin/iscsi-initiator.debug...
(gdb) core iscsi-initiator.core 
[New process 4]
[New process 3]
[New process 2]
[New process 1]
Core was generated by `iscsi-initiator'.
Program terminated with signal SIGBUS, Bus error.
#0  iscsi_logout_rsp_decap (header=header@entry=0x41e2fe28 "&\200", 
    rsp=rsp@entry=0x41e2fe58)
    at /usr/src/external/bsd/iscsi/lib/../dist/src/lib/protocol.c:924
924     /usr/src/external/bsd/iscsi/lib/../dist/src/lib/protocol.c: No such file or directory.
[Current thread is 1 (process 4)]
(gdb) bt full
#0  iscsi_logout_rsp_decap (header=header@entry=0x41e2fe28 "&\200", 
    rsp=rsp@entry=0x41e2fe58)
    at /usr/src/external/bsd/iscsi/lib/../dist/src/lib/protocol.c:924
        errmsg = <optimized out>
        zeros = '\000' <repeats 15 times>
#1  0x0000000040713c60 in logout_response_i (header=0x41e2fe28 "&\200", cmd=0x402d4000, 
    sess=0x40240000) at /usr/src/external/bsd/iscsi/lib/../dist/src/lib/initiator.c:2426
        logout_cmd = 0x402f4ca0
        logout_rsp = {response = 0 '\000', length = 0, tag = 11256102, StatSN = 2632582066, 
          ExpCmdSN = 2, MaxCmdSN = 2, Time2Wait = 171, Time2Retain = 49445}
        logout_cmd = <optimized out>
        logout_rsp = <optimized out>
#2  rx_worker_proc_i (arg=0x40240000)
    at /usr/src/external/bsd/iscsi/lib/../dist/src/lib/initiator.c:1748
        sess = 0x40240000
        me = 0x40240128
        header = "&\200", '\000' <repeats 15 times>, "?\301&\000\000\000\000?\352\003\262\000\000\000\002\000\000\000\002", '\000' <repeats 11 times>
        prev = <optimized out>
        ptr = <optimized out>
        tag = <optimized out>
        sess = <optimized out>
        me = <optimized out>
        arg = 0x40240000
        header = <optimized out>
        cmd = <optimized out>
        prev = <optimized out>
        ptr = <optimized out>
        tag = <optimized out>
        header = <optimized out>
        sess = 0x40240000
        me = 0x40240128
        prev = <optimized out>
        ptr = <optimized out>
        tag = <optimized out>
#3  0x0000000040b0eea8 in pthread__create_tramp (cookie=0x402ae000)
--Type <RET> for more, q to quit, c to continue without paging--c
    at /usr/src/lib/libpthread/pthread.c:592
        self = 0x402ae000
        retval = <optimized out>
        __func__ = <optimized out>
#4  0x0000000040d52f50 in _lwp_kill () from /usr/lib/libc.so.12
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) 
>How-To-Repeat:
# iscsi-initiator -h server.name
Bus error (core dumped)
>Fix:
from the IRC discussion:

<@Riastradh>    923          rsp->Time2Wait = ISCSI_NTOHS(*((uint32_t *) (void *) (header + 40)));   /* Time2Wait */
<@Riastradh>    924          rsp->Time2Retain = ISCSI_NTOHS(*((uint32_t *) (void *) (header + 42))); /* Time2Retain */
<@Riastradh> Only one of those can possibly be aligned!
<@Riastradh> Wonder if that was supposed to be uint16_t, or header + 44 instead of header + 42.
<@Riastradh> https://www.rfc-editor.org/rfc/rfc7143#section-11.15
<@Riastradh> Looks like Time2Wait and Time2Retain are both supposed to be uint16_t.
<@Riastradh> ISCSI_NTOHS vs ISCSI_NTOHL is a hint here too
<@Riastradh> as is the matching logic in iscsi_logout_rsp_encap

Prev by Date: PR/55415 CVS commit: src/sys/arch/vax/include
Next by Date: port-sparc64/57785: unable to use iscsi kernel initiator on sparc64
Previous by Thread: PR/57784 CVS commit: src/external/bsd/iscsi/dist/src/lib
Next by Thread: port-sparc64/57785: unable to use iscsi kernel initiator on sparc64
Indexes:

Home | Main Index | Thread Index | Old Index