From owner-freebsd-current@FreeBSD.ORG Fri May 23 10:37:40 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A72837B404 for ; Fri, 23 May 2003 10:37:40 -0700 (PDT) Received: from mail.speakeasy.net (mail16.speakeasy.net [216.254.0.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23EF843FAF for ; Fri, 23 May 2003 10:37:37 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Received: (qmail 27567 invoked from network); 23 May 2003 17:37:36 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender )encrypted SMTP for ; 23 May 2003 17:37:36 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.12.8/8.12.8) with ESMTP id h4NHbYp0064806; Fri, 23 May 2003 13:37:34 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <7mfzn5k9sx.wl@black.imgsrc.co.jp> Date: Fri, 23 May 2003 13:37:15 -0400 (EDT) From: John Baldwin To: Jun Kuriyama cc: Current cc: sos@FreeBSD.org Subject: Re: Panic in _mtx_lock_flags+0x40 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2003 17:37:40 -0000 On 23-May-2003 Jun Kuriyama wrote: > At Thu, 22 May 2003 16:35:33 +0000 (UTC), > John Baldwin wrote: >> > db> trace >> > _mtx_lock_flags(0,0,c0401b81,11d,e11edb18) at _mtx_lock_flags+0x40 >> >> Trying to lock a NULL pointer is definitely going to panic, yes. >> I'm curious what vm_fault() line you are at. >> >> > vm_fault(c082f000,deadc000,1,0,c3affab0) at vm_fault+0x2cc >> > trap_pfault(e11edc10,0,deadc0de,cf74d400,deadc0de) at trap_pfault+0x161 >> > trap(c0410018,10,c03e0010,c7a73c9c,c7e8f600) at trap+0x3ad >> > calltrap() at calltrap+0x5 >> > --- trap 0xc, eip = 0xc015c580, esp = 0xe11edc50, ebp = 0xe11edc68 --- >> > ad_detach(c7a73c9c,ffffffff,c03d5de3,0,1) at ad_detach+0x40 >> >> The real bug is probably here, probably a NULL pointer dereference. >> I would use gdb to figure out what this file:line is and send the >> report to Søren. >> >> > ata_reinit(c7a73c00,cacf5100,c03d1747,0,0) at ata_reinit+0x9b >> > ad_timeout(cacf5100,0,c03ec2fe,bf,4feaef) at ad_timeout+0x136 >> > softclock(0,0,c03e9271,233,c3afe780) at softclock+0x19c >> > ithread_loop(c3afd200,e11edd48,c03e9122,2f8,0) at ithread_loop+0x182 >> > fork_exit(c021bab0,c3afd200,e11edd48) at fork_exit+0xc0 >> > fork_trampoline() at fork_trampoline+0x1a >> > --- trap 0x1, eip = 0, esp = 0xe11edd7c, ebp = 0 --- > > Is this help you? > > (kgdb) l *ad_detach+0x40 > 0xc015c580 is in ad_detach (../../../dev/ata/ata-disk.c:218). > 213 > 214 atadev->flags |= ATA_D_DETACHING; > 215 ata_prtdev(atadev, "removed from configuration\n"); > 216 ad_invalidatequeue(adp, NULL); > 217 TAILQ_FOREACH(request, &atadev->channel->ata_queue, chain) { > 218 if (request->softc != adp) > 219 continue; Likely 'request' is NULL here. That seems odd though. > 220 TAILQ_REMOVE(&atadev->channel->ata_queue, request, chain); > 221 biofinish(request->bp, NULL, ENXIO); > 222 ad_free(request); -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/