Date: Sun, 29 Aug 1999 18:08:33 -0700 From: Parag Patel <parag@cgt.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Mike Smith <mike@smith.net.au>, Bernd Walter <ticso@cicely.de>, freebsd-current@FreeBSD.ORG, grog@lemis.com Subject: Re: 4.0-CURRENT SMP crash with vinum raid-5 and softupdates Message-ID: <78740.935975313@pinhead.parag.codegen.com> In-Reply-To: Message from Matthew Dillon <dillon@apollo.backplane.com> of "Sun, 29 Aug 1999 16:48:32 PDT." <199908292348.QAA07774@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Aug 1999 16:48:32 PDT, Matthew Dillon wrote:
> This looks like an indirect call through a NULL function pointer.
Wow - I'm impressed! You really know your kernel debugging! :) It is a
null-pointer dereference that's crashing it. Here's the gdb stack
back-trace:
(gdb) bt
#0 0x0 in ?? ()
#1 0xc017afc3 in biodone (bp=0xc1550c18) at ../../kern/vfs_bio.c:2580
#2 0xc0126c2a in dadone (periph=0xc13de980, done_ccb=0xc163a000)
at ../../cam/scsi/scsi_da.c:1295
#3 0xc01228e7 in camisr (queue=0xc02bd854) at ../../cam/cam_xpt.c:6223
#4 0xc01226f9 in swi_cambio () at ../../cam/cam_xpt.c:6130
The contents of the "bp" pointer are dumped below. Sure enough,
bp->b_iodone is indeed NULL, but I have no idea how or why. Perhaps it
is the flags that are incorrectly stating it is a B_CALL?
I can print out other structs and such - I'll leave the system as-is for
now. Thanks!
> The stack looks intact ... look at the sp verses the frame pointer.
> If the 'trace' command is resulting in a panic, perhaps it is because
> there is no new stack frame. Giving the trace command an argument
> will help.
Here's what "trace" using the "sp" value returns:
db>
SMP_prvspace(4,0,ff80db1c,ff80dab8,c02f4a0c) at SMP_prvspace+0xdadc
gd_curproc(0,ff80db1c,ff80dabc,c02f546c,ff80db5c) at 0x4
Doesn't look too useful.
(gdb) up
#1 0xc017afc3 in biodone (bp=0xc1550c18) at ../../kern/vfs_bio.c:2580
2580 (*bp->b_iodone) (bp);
(gdb) l
2575 }
2576
2577 /* call optional completion function if requested */
2578 if (bp->b_flags & B_CALL) {
2579 bp->b_flags &= ~B_CALL;
2580 (*bp->b_iodone) (bp);
2581 splx(s);
2582 return;
2583 }
2584 if (LIST_FIRST(&bp->b_dep) != NULL && bioops.io_complete)
(gdb) p bp
$6 = (struct buf *) 0xc1550c18
(gdb) p *bp
$7 = {b_hash = {le_next = 0x0, le_prev = 0x0}, b_vnbufs = {tqe_next = 0x0,
tqe_prev = 0x0}, b_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, b_act = {
tqe_next = 0x0, tqe_prev = 0xc13e4400}, b_flags = 134218244, b_qindex = 0,
b_unused1 = 0 '\000', b_xflags = 0 '\000', b_lock = {lk_interlock = {
lock_data = 0}, lk_flags = 1024, lk_sharecount = 0, lk_waitcount = 0,
lk_exclusivecount = 1, lk_prio = 20, lk_wmesg = 0x0, lk_timo = 0,
lk_lockholder = 5}, b_error = 0, b_bufsize = 8192, b_bcount = 8192,
b_resid = 0, b_dev = 0xc1434d00, b_data = 0xc1954000 "ķA\003",
b_kvabase = 0x0, b_kvasize = 0, b_lblkno = 0, b_blkno = 0, b_offset = 0,
b_iodone = 0, b_iodone_chain = 0x0, b_vp = 0xd5725980, b_dirtyoff = 0,
b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0x0, b_pblkno = 1389417,
b_saveaddr = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_caller1 = 0x0,
b_caller2 = 0x0, b_pager = {pg_spc = 0x0, pg_reqpage = 0}, b_cluster = {
cluster_head = {tqh_first = 0x0, tqh_last = 0x0}, cluster_entry = {
tqe_next = 0x0, tqe_prev = 0x0}}, b_pages = {0x0 <repeats 32 times>},
b_npages = 0, b_dep = {lh_first = 0x0}, b_chain = {parent = 0x0, count = 0}}
(gdb)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78740.935975313>