From owner-freebsd-scsi@FreeBSD.ORG Sun May 8 11:33:37 2011 Return-Path: Delivered-To: freebsd-scsi@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C3CD106564A for ; Sun, 8 May 2011 11:33:37 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 0F2618FC08 for ; Sun, 8 May 2011 11:33:36 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id p48BXWqU058432 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 May 2011 14:33:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id p48BXW6A068447; Sun, 8 May 2011 14:33:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id p48BXWI5068446; Sun, 8 May 2011 14:33:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 8 May 2011 14:33:32 +0300 From: Kostik Belousov To: Joerg Wunsch Message-ID: <20110508113332.GX48734@deviant.kiev.zoral.com.ua> References: <20110508085314.GA5364@uriah.heep.sax.de> <20110508094509.GT48734@deviant.kiev.zoral.com.ua> <20110508104543.GB5364@uriah.heep.sax.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7Bm0M7I+ZJ5WKh7s" Content-Disposition: inline In-Reply-To: <20110508104543.GB5364@uriah.heep.sax.de> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-3.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DNS_FROM_OPENWHOIS autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-scsi@freebsd.org Subject: Re: Panic when removing a SCSI device entry X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2011 11:33:37 -0000 --7Bm0M7I+ZJ5WKh7s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 08, 2011 at 12:45:43PM +0200, Joerg Wunsch wrote: > As Kostik Belousov wrote: >=20 >=20 > > > and it's the indirection of *(dev)->si_siblings.le_prev that hits a > > > NULL pointer. Obviously, LIST_REMOVE doesn't anticipate that >=20 > > Is it NULL pointer dereference ? See below. >=20 > Yes, the fault address in the page fault is 0. >=20 > > Please provide the full printout from the panic. Also, it would > > be useful to get the dump and do "p *dev" from the frame of > > destroy_devl(). I might need further information after the requested > > data is provided. >=20 > Unfortunately, I somehow cannot get the system to provide a coredump. >=20 > The dmesg printout from the panic is: >=20 > sa0 at sym0 bus 0 scbus1 target 0 lun 0 > sa0: Removable Sequential Access SCSI-2 device=20 > sa0: 20.000MB/s transfers (10.000MHz, offset 15, 16bit) > (sa0:sym0:0:0:0): removing device entry >=20 >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > fault virtual address =3D 0x0 > fault code =3D supervisor write, page not present > instruction pointer =3D 0x20:0xc052f346 > stack pointer =3D 0x28:0xe98504a0 > frame pointer =3D 0x28:0xe98504c4 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 52518 (mt) > trap number =3D 12 > panic: page fault > cpuid =3D 0 > Uptime: 1d4h55m31s >=20 > (This includes the sa0 device arrival/removal messages.) >=20 > The disassembly of the respective part of destroy_devl() is: >=20 > 0xc052f32e : test $0x10,%dl > 0xc052f331 : je 0xc052f34c > 0xc052f333 : mov 0x4c(%esi),%edx > 0xc052f336 : test %edx,%edx > 0xc052f338 : je 0xc052f340 > 0xc052f33a : mov 0x50(%esi),%eax > 0xc052f33d : mov %eax,0x50(%edx) > 0xc052f340 : mov 0x50(%esi),%edx > 0xc052f343 : mov 0x4c(%esi),%eax > 0xc052f346 : mov %eax,(%edx) > 0xc052f348 : andl $0xffffffef,0x4(%esi) >=20 > I could perhaps setup a serial console, so to get at least DDB > functioning if you'd like to see more details. A remote GDB might > also be possible, but will require more work (setting up the > respective environment on a second machine). Serial console is fine, I do want to see a backtrace. There is also "show cdev" command in ddb, that might provide some useful information. INVARIANTS may be also useful, since the kernel might catch the corruption earlier. >=20 > > Thing you may try meantime is the following patch. >=20 > OK, I'll do that tonight, so let's see how the subsequent nightly > backups proceed. >=20 > --=20 > cheers, J"org .-.-. --... ...-- -.. . DL8DTL >=20 > http://www.sax.de/~joerg/ NIC: JW11-RIPE > Never trust an operating system you don't have sources for. ;-) --7Bm0M7I+ZJ5WKh7s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk3Gf4sACgkQC3+MBN1Mb4intgCgppBkcG2Leky4+wqfmBG+AkJx VEwAoMvEdaHj7IqKiJRNoJ+iYKZsQo1D =dAeT -----END PGP SIGNATURE----- --7Bm0M7I+ZJ5WKh7s--