From owner-freebsd-hackers  Tue Apr  8 04:50:50 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id EAA04911
          for hackers-outgoing; Tue, 8 Apr 1997 04:50:50 -0700 (PDT)
Received: from dg-rtp.dg.com (dg-rtp.rtp.dg.com [128.222.1.2])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id EAA04906
          for <freebsd-hackers@freefall.FreeBSD.org>; Tue, 8 Apr 1997 04:50:44 -0700 (PDT)
Received: by dg-rtp.dg.com (5.4R3.10/dg-rtp-v02)
	id AA02580; Tue, 8 Apr 1997 07:50:02 -0400
Received: from ponds by dg-rtp.dg.com.rtp.dg.com; Tue,  8 Apr 1997 07:50 EDT
Received: from lakes.water.net (lakes [10.0.0.3]) by ponds.water.net (8.8.3/8.7.3) with ESMTP id GAA15041; Tue, 8 Apr 1997 06:32:25 -0400 (EDT)
Received: (from rivers@localhost) by lakes.water.net (8.8.3/8.6.9) id GAA06263; Tue, 8 Apr 1997 06:38:32 -0400 (EDT)
Date: Tue, 8 Apr 1997 06:38:32 -0400 (EDT)
From: Thomas David Rivers <ponds!rivers@dg-rtp.dg.com>
Message-Id: <199704081038.GAA06263@lakes.water.net>
To: ponds!root.com!dg, ponds!freefall.cdrom.com!freebsd-hackers,
        ponds!lakes.water.net!rivers
Subject: Re: Some insight on "dup alloc" problems.....
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


 Here's today's installment :-)

 See what you think about this.

 I've added a global variable and sprinkled checks for it in the
kernel... this is from aha1542.c:

    in_region=1;
    
            scsi_uto3b(0, ccb->link_addr);
            /*
             * Put the scsi command in the ccb and start it
             */
            if (!(flags & SCSI_ESCAPE))
                    bcopy(xs->cmd, &ccb->scsi_cmd, ccb->scsi_cmd_length);
            if (!(flags & SCSI_NOMASK)) {
    if(debug) break_tdr4();
                    s = splbio();   /* stop instant timeouts */
                    timeout(aha_timeout, (caddr_t)ccb, (xs->timeout * hz) / 1000);
                    aha_startmbx(ccb->mbx);
                    /*
                     * Usually return SUCCESSFULLY QUEUED
                     */
                    splx(s);
                    SC_DEBUG(xs->sc_link, SDEV_DB3, ("sent\n"));
    in_region=0;
    if(debug) break_tdr3();
    debug = 0;
                    return (SUCCESSFULLY_QUEUED);
            }
    in_region=0;
            aha_startmbx(ccb->mbx);

[Recall that a break at _break_tdr4 masks the problem; while one at 
_break_tdr3 does not.]
    
    
note the variable "in_region".

I added checks that looked like:

    if(in_region) { 
    printf("XXXX while in_region!!!\n");
    }

to:
 aha_free_ccb(), aha_get_ccb(), aha_done(), aha_scsi_cmd(), aha_timeout(),
 get_xs(), and free_xs().

My thought was that if; somehow, the timeout got run (aha_timeout), 
it would call scsi_done which would eventually call aha_done; mucking
around with the ccb free list and causing my problem.

But - none of this happened... (no wonderfully diagnosing printf() got
hit...)

Does anyone have any other potential functions to check into (that is,
what could be run in my small region that could cause the problem.)
[I note that aha_intr() isn't in the list above - I assumed that since
we were at splbio(); I wouldn't need to check on that.]

	- Dave Rivers -