svn commit: r364946 - head/sys/kern
Ian Lepore
ian at freebsd.org
Sat Aug 29 17:04:58 UTC 2020
On Sat, 2020-08-29 at 05:02 -0600, Warner Losh wrote:
> >
> > sbuf_cpy() at _gone_in_dev+0x560
> > pc = 0xffff0000003c1ff0 lr = 0xffff0000003a9078
> > sp = 0xffff00006f21a510 fp = 0xffff00006f21a570
> >
> > _gone_in_dev() at sbuf_new_for_sysctl+0x170
> > pc = 0xffff0000003a9078 lr = 0xffff00000037c1a8
> > sp = 0xffff00006f21a580 fp = 0xffff00006f21a5a0
> >
> > sbuf_new_for_sysctl() at kernel_sysctl+0x36c
> > pc = 0xffff00000037c1a8 lr = 0xffff00000037b63c
> > sp = 0xffff00006f21a5b0 fp = 0xffff00006f21a630
> >
>
> This traceback is all kinds of crazy. sbuf_new_for_sysctl doesn't call
> _gone_in_dev(), which doesn't do sbuf stuff at all. And neither does it
> call sbuf_cpy(). Though I get a crash that looks like:
> Tracing pid 66442 tid 101464 td 0xfffffe02f47b7c00
> kdb_enter() at kdb_enter+0x37/frame 0xfffffe02f4ae3740
> vpanic() at vpanic+0x19e/frame 0xfffffe02f4ae3790
> panic() at panic+0x43/frame 0xfffffe02f4ae37f0
> sbuf_clear() at sbuf_clear+0xac/frame 0xfffffe02f4ae3800
> sbuf_cpy() at sbuf_cpy+0x5a/frame 0xfffffe02f4ae3820
> device_sysctl_handler() at device_sysctl_handler+0x133/frame
> 0xfffffe02f4ae38a0
> sysctl_root_handler_locked() at sysctl_root_handler_locked+0x9c/frame
> 0xfffffe02f4ae38f0
> sysctl_root() at sysctl_root+0x20a/frame 0xfffffe02f4ae3970
> userland_sysctl() at userland_sysctl+0x17d/frame 0xfffffe02f4ae3a20
> sys___sysctl() at sys___sysctl+0x5f/frame 0xfffffe02f4ae3ad0
> amd64_syscall() at amd64_syscall+0x140/frame 0xfffffe02f4ae3bf0
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe02f4ae3bf0
> --- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x80042d50a, rsp =
> 0x7fffffffd458, rbp = 0x7fffffffd490 ---
>
> on a sysctl -a which I think makes more sense... I'll see if I can track
> it down... I think it's because sbuf_cpy does an unconditional clear, which
> triggers this assert, which is likely bogus for this case. sbuf_cat doesn't
> seem to have this issue... I'll confirm and commit.
>
> Warner
This kind of crazy happens when the traceback just reports the name of
the nearest global symbol it can find because static or other local
symbols aren't available to it. The clue that that's what's going on
tends to be in things like:
sbuf_cpy() at _gone_in_dev+0x560
It's almost certain that _gone_in_dev() isn't a big enough function
that an offset of 0x560 is still in that function, so it's really in
some static function that got linked nearby but the symbols for statics
got stripped. Usually you can use addr2line on kernel.full to get the
real names for the pc and lr values.
-- Ian
More information about the svn-src-head
mailing list