|
Description
|
fmd raised SIGSEGV on an Intel prototype with many fault.cpu.intel.bus_interconnect events.
fdc51b74 fmd_case_set_lst+0x82(8965ee0, fdc51c24)
fdc51bbc fmd_asru_do_hash_apply+0x151(8245e80, 8545ee0, 80664ac, fdc51c24,
8351c00, 3c)
fdc51be8 fmd_asru_hash_apply_by_case+0x22(8245e80, 855ecc0, 80664ac, fdc51c24)
fdc51c54 fmd_case_mkevent+0x8c(89ba578, 89ba988, 89bad98, 89a31c8, 89a35d8,
89a39e8)
089d7d50 0x89ba168(89d7c10, 0, 0, 0, feedfabb, 1789)
00000000 1()
The top of stack is in line **, *entryp->fcl_countp is so big and caused array outbound access. It's surprising the same access didn't cause crash in line *.
if (state & FMD_ASRU_FAULTY)
* entryp->fcl_ba[*entryp->fcl_countp] |= FM_SUSPECT_FAULTY;
if (!(state & FMD_ASRU_PRESENT))
** entryp->fcl_ba[*entryp->fcl_countp] |= FM_SUSPECT_NOT_PRESENT;
Examining the content of fmd_case_lst_t in fdc51c24 finds some stack contents have been overwritten.
> fdc51c24::print fmd_case_lst_t
{
fcl_countp = 0x8a07800
fcl_ba = 0xfdc51c00
fcl_nva = 0xfdc51c10
fcl_msgp = 0xfdc51c48
}
fcl_countp should be set and point to stack by fmd_case_mkevent(), but 0x8a07800 apprarently is not a valid stack address.
Dumping stack shows a byte array contains many 01s.
> fdc51c24-40,40::dump
0 1 2 3 \/ 5 6 7 8 9 a b c d e f 0123v56789abcdef
fdc51be0: 0022c9fe 0022c9fe 541cc5fd d0660608 ."..."..T....f..
fdc51bf0: 805e2408 c0ec5508 ac640608 241cc5fd .^$...U..d..$...
fdc51c00: 01010101 0101c9fe 54010101 01010101 ........T.......
fdc51c10: 01010101 01010101 01010101 01010101 ................
fdc51c20: 01010101 0078a008 001cc5fd 101cc5fd .....x..........
The core file is being uploaded to /net/mdb/cores/cy152378/<bugid>.
|
