Re: [osol-code] A puzzle about the NULL Dereference

Wed, 22 Aug 2007 05:21:01 -0700 

Hi,

On 08/22/07 09:58, liujun wrote:


! 2641                !                  
"mppLnx_remove_proxyRequest_from_list() MPPLNX_QUEUE_QUEUED_LIS
! 2641                >T LockAddress:%p\n", 
&mppLnx_queuedProxyRequestQ.queueLock));
! 2642                !            OSP_LockKmutexSaveIrq ( 
&mppLnx_queuedProxyRequestQ.queueLock, flags)
! 2642                >;

/* 0x0220       2642 */         sethi   %h44(mppLnx_queuedProxyRequestQ),%l1
/* 0x0224       2640 */         call    cmn_err ! params =  %o0 %o1 %o2 %o3 %o4 
! Result =
/* 0x0228            */         or      %g0,2641,%o4
/* 0x022c            */         sllx    %l6,12,%l5
/* 0x0230       2642 */         or      %l1,%m44(mppLnx_queuedProxyRequestQ),%l0
/* 0x0234       2640 */         sllx    %l3,12,%l2
/* 0x0238            */         add     %l5,%l44(.L3398),%o1
/* 0x023c            */         add     %l2,%l44(mppLnx_queuedProxyRequestQ),%o2
/* 0x0240            */         call    cmn_err ! params =  %o0 %o1 %o2 ! 
Result =
/* 0x0244            */         or      %g0,1,%o0
/* 0x0248       2642 */         sllx    %l0,12,%o7
/* 0x024c            */         add     %o7,%l44(mppLnx_queuedProxyRequestQ),%o0
[b]/* 0x0250            */         call    mutex_enter     ! params =  %o0 ! 
Result =[/b]
/* 0x0254            */         nop
/* 0x0258        104 */         ldx     [%i0+64],%o5
! FILE mppLnx26_vhbalib.c

! 2643                !            OSP_RmvListEntry( &(pre->queued_list));
! 2644                !            pre->queued_list.prev = NULL;
! 2645                !            pre->queued_list.next = NULL;
! 2647                !            OSP_UnlockKmutexStoreIrq ( 
&mppLnx_queuedProxyRequestQ.queueLock, fla
! 2647                >gs);

/* 0x025c       2647 */         sethi   %h44(mppLnx_queuedProxyRequestQ),%o2
/* 0x0260        104 */         ldx     [%i0+72],%i1
[b]/* 0x0264            */         stx     %o5,[%i1][/b]
/* 0x0268        105 */         ldx     [%i0+72],%o4
/* 0x026c            */         ldx     [%i0+64],%o3
/* 0x0270            */         stx     %o4,[%o3+8]
/* 0x0274       2644 */         stx     %g0,[%i0+64]
/* 0x0278       2645 */         stx     %g0,[%i0+72]
/* 0x027c       2647 */         or      %o2,%m44(mppLnx_queuedProxyRequestQ),%i0
/* 0x0280            */         sllx    %i0,12,%o1
/* 0x0284            */         call    mutex_exit      ! params =  %o0 ! 
Result =
/* 0x0288            */         add     %o1,%l44(mppLnx_queuedProxyRequestQ),%o0

[b]the %i1 = 0x0000000000000000 is NULL[/b]



So the panic pc aligns with offset 0x0264 above?  I'd be suspicios
that pre->queued_list was NULL - I think that was what was loaded
from %i0 + 64.  Dump the structure at %i0 and sanity-check it.

Gavin

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code

Reply via email to