Menu

#495 SOL session is getting disconnected with Segmentation fault message

version-1.8.18
open
nobody
None
2
2017-11-20
2017-10-18
Rahul Maheshwari
No

SOL session is getting disconnected with "Segmentation fault" message (see below) when we try to power on the system. This is seen with latest IPMI version 1.8.18 and SOL was connected using usesolkeepalive opetion. There is no particular point where SOL disconnects during boot. Below is one instance where it got disconnected.

Core dump for the failure is attached below.

rahulmah@rackspace:~/ipmitool/ipmitool-1.8.18/src$ ./ipmitool -V
ipmitool version 1.8.18
rahulmah@rackspace:~/ipmitool/ipmitool-1.8.18/src$ ./ipmitool -I lanplus -C 3 -P 0penBmc -H wsbmc014 sol activate usesolkeepalive
...
...
...
...
[ 12.890274] ast 0002:02:00.0: enabling device (0140 -> 0142)
[ 12.890526] [drm] platform has no IO space, trying MMIO
[ 12.890605] [drm] VGA not enabled on entry, requesting chip POST
[ 12.890722] [drm] Using P2A bridge for configuration
[ 12.890811] [drm] AST 2500 detected
[ 12.890878] [drm] Analog VGA only
[ 12.890980] [drm] dram MCLK=800 Mhz type=7 bus_width=16 size=01000000
[ 12.891155] [TTM] Zone kernel: Available graphics memory: 133959008 kiB
[ 12.891251] [TTM] Zone dma32: Available graphics memory: 2097152 kiB
[ 12.891360] [TTM] Initializing pool allocator
[ 12.895389] tg3 0005:01:00.1 enP5p1s0f1: renamed from eth1
[ 12.897798] scsi 0:0:0:0: Attached scsi generic sg0 type 0
[ 12.897937] scsi 1:0:0:0: Attached scsi generic sg1 type 0

Petitboot (v1.6.0-p6f77d54) 8335-GTW 1318ECA
──────────────────────────────────────────────────────────────────────────────
[Disk: sda2 / 94aca35a-9a13-4c55-b6e9-c5ad6ee29a86]
Ubuntu, with Linux 4.10.0-32-generic (recovery mode)
Ubuntu, with Linux 4.10.0-32-generic
Ubuntu, with Linux 4.10.0-33-generic (recovery mode)
Ubuntu, with Linux 4.10.0-33-generic
Ubuntu, with Linux 4.10.0-35-generic (recovery mode)
Ubuntu, with Linux 4.10.0-35-generic
Ubuntu, with Linux 4.10.0-37-generic (recovery mode)
Ubuntu, with Linux 4.10.0-37-generic
Ubuntu

System information
System configuration
System status log
Language
Rescan devices
Retrieve config from URL
Plugins (0)
Exit to shell
──────────────────────────────────────────────────────────────────────────────
Enter=accept, e=edit, n=new, x=exit, l=language, g=log, h=help
Performing kexec loadSegmentation fault* (core dumped)
rahulmah@rackspace:~/ipmitool/ipmitool-1.8.18/src$

1 Attachments
core.16594

Discussion

  • Rahul Maheshwari

    Rahul Maheshwari - 2017-11-20

    Can anyone please lookup this issue? Its in open state from quite a long time.

     

    • Alexander Amelkin

      Alexander Amelkin - 2018-05-28

      Sorry, the core file is not enough. Please also attach the unstripped src/ipmitool binary that you got that core on. Otherwise it is impossible to correctly map the core to actual symbols.

       

    • Alexander Amelkin

      Alexander Amelkin - 2018-05-28

      Ok, I've reproduced it. It's because of this ingenious piece of code:

      (gdb) bt
#0  __memmove_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:357
#1  0x000000000048f3c3 in ipmi_lan_poll_single (intf=0x7680c0 <ipmi_lanplus_intf>) at lanplus.c:878
#2  0x000000000048f434 in ipmi_lan_poll_recv (intf=0x7680c0 <ipmi_lanplus_intf>) at lanplus.c:913
#3  0x000000000049251d in ipmi_lanplus_recv_sol (intf=0x7680c0 <ipmi_lanplus_intf>) at lanplus.c:2693
#4  0x000000000041d3bb in ipmi_sol_red_pill (intf=0x7680c0 <ipmi_lanplus_intf>, instance=1) at ipmi_sol.c:1650
#5  0x000000000041d992 in ipmi_sol_activate (intf=0x7680c0 <ipmi_lanplus_intf>, looptest=0, interval=0, instance=1) at ipmi_sol.c:1860
#6  0x000000000041e093 in ipmi_sol_main (intf=0x7680c0 <ipmi_lanplus_intf>, argc=2, argv=0x7ffd2623e308) at ipmi_sol.c:2012
#7  0x00000000004534ef in ipmi_cmd_run (intf=0x7680c0 <ipmi_lanplus_intf>, name=0x7ffd2623ed7f "sol", argc=2, argv=0x7ffd2623e308) at ipmi_main.c:219
#8  0x00000000004553e1 in ipmi_main (argc=12, argv=0x7ffd2623e2b8, cmdlist=0x7470a0 <ipmitool_cmd_list>, intflist=0x0) at ipmi_main.c:1003
#9  0x000000000040357d in main (argc=12, argv=0x7ffd2623e2b8) at ipmitool.c:135
(gdb) frame 1
#1  0x000000000048f3c3 in ipmi_lan_poll_single (intf=0x7680c0 <ipmi_lanplus_intf>) at lanplus.c:878
878                             memmove(rsp->data, rsp->data + offset, extra_data_length);
(gdb) p extra_data_length 
$1 = -4
(gdb) list
873                     }
874                     read_sol_packet(rsp, &offset);
875                     extra_data_length = payload_size - (offset - payload_start);
876                     if (rsp && extra_data_length) {
877                             rsp->data_len = extra_data_length;
878                             memmove(rsp->data, rsp->data + offset, extra_data_length);
879                     } else {
880                             rsp->data_len = 0;
881                     }
882             /*
(gdb) p payload_size 
$2 = 0
(gdb) p offset 
$3 = 20
(gdb) p payload_start 
$4 = 16
(gdb)

      It's quite expected that trying to memmove() minus 4 bytes crashes.

       

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.