From owner-freebsd-scsi@FreeBSD.ORG Tue Oct 14 23:30:24 2003 Return-Path: Delivered-To: freebsd-scsi@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EBFF16A4B3 for ; Tue, 14 Oct 2003 23:30:24 -0700 (PDT) Received: from rootlabs.com (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id D3C9A43FBD for ; Tue, 14 Oct 2003 23:30:18 -0700 (PDT) (envelope-from nate@rootlabs.com) Received: (qmail 32988 invoked by uid 1000); 15 Oct 2003 06:30:21 -0000 Date: Tue, 14 Oct 2003 23:30:21 -0700 (PDT) From: Nate Lawson To: David Sze In-Reply-To: <6.0.0.22.2.20031014232154.03a0b990@mail.distrust.net> Message-ID: <20031014232543.S32978@root.org> References: <6.0.0.22.2.20031014232154.03a0b990@mail.distrust.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-scsi@freebsd.org Subject: Re: Dell PowerEdge 1750 and mpt X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 06:30:24 -0000 On Tue, 14 Oct 2003, David Sze wrote: > /usr/src/sys/compile/KERNEL># gdb -k kernel.debug -c /var/crash/vmcore.0 > > SMP 2 cpus > IdlePTD at phsyical address 0x00349000 > initial pcb at physical address 0x002bb7c0 > panicstr: page fault > panic messages: > --- > Fatal trap 12: page fault while in kernel mode > mp_lock = 01000002; cpuid = 1; lapic.id = 06000000 > fault virtual address = 0x8 > fault code = supervisor read, page not present > instruction pointer = 0x8:0x80171388 > stack pointer = 0x10:0xdb3ebc7c > frame pointer = 0x10:0xdb3ebc90 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 184 (sproxy) > interrupt mask = cam <- SMP: XXX > trap number = 12 > panic: page fault > mp_lock = 01000002; cpuid = 1; lapic.id = 06000000 > boot() called on cpu#1 > > syncing disks... 1023 502 68 3 3 3 3 3 3 3 21 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 > 3 3 3 3 3 > giving up on 3 buffers > Uptime: 1h31m19s > > dumping to dev #da/0x20009, offset 133248 > --- > #0 dumpsys () at ../../kern/kern_shutdown.c:487 > 487 if (dumping++) { > (kgdb) bt > #0 dumpsys () at ../../kern/kern_shutdown.c:487 > #1 0x8018c33b in boot (howto=256) at ../../kern/kern_shutdown.c:316 > #2 0x8018c794 in poweroff_wait (junk=0x8028bef9, howto=-2144814641) at > ../../kern/kern_shutdown.c:595 > #3 0x8024a63c in trap_fatal (frame=0xdb3ebc3c, eva=8) at > ../../i386/i386/trap.c:974 > #4 0x8024a2cd in trap_pfault (frame=0xdb3ebc3c, usermode=0, eva=8) at > ../../i386/i386/trap.c:867 > #5 0x80249e6f in trap (frame={tf_fs = 24, tf_es = -1834221552, tf_ds = > -1841823728, tf_edi = -1776680960, tf_esi = -1776680960, > tf_ebp = -616645488, tf_isp = -616645528, tf_ebx = 0, tf_edx = > 1811947648, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, > tf_err = 0, tf_eip = -2145971320, tf_cs = 8, tf_eflags = 66118, > tf_esp = -1841812480, tf_ss = -1841812480}) > at ../../i386/i386/trap.c:466 > #6 0x80171388 in mpt_read_cfg_page (mpt=0x92382c00, PageAddress=0, > hdr=0xdb3ebcc4) at ../../dev/mpt/mpt.c:576 The problem is at the above frame. > #7 0x80174507 in mpt_action (sim=0x923867c0, ccb=0x961a0000) at > ../../dev/mpt/mpt_freebsd.c:1311 > #8 0x801215ce in xpt_action (start_ccb=0x961a0000) at ../../cam/cam_xpt.c:2949 > #9 0x80125e35 in cam_periph_runccb (ccb=0x961a0000, error_routine=0, > camflags=CAM_FLAG_NONE, sense_flags=17, ds=0x92a92a80) > at ../../cam/cam_periph.c:822 > #10 0x80129cd0 in passsendccb (periph=0x92a90f00, ccb=0x961a0000, > inccb=0x93bb7400) at ../../cam/scsi/scsi_pass.c:797 > #11 0x80129bfc in passioctl (dev=0x92a90980, cmd=3261076482, > addr=0x93bb7400 "\001", flag=3, p=0xd244a400) > at ../../cam/scsi/scsi_pass.c:714 > #12 0x801c5b62 in spec_ioctl (ap=0xdb3ebde0) at > ../../miscfs/specfs/spec_vnops.c:306 > #13 0x801c588d in spec_vnoperate (ap=0xdb3ebde0) at > ../../miscfs/specfs/spec_vnops.c:119 > #14 0x80209349 in ufs_vnoperatespec (ap=0xdb3ebde0) at > ../../ufs/ufs/ufs_vnops.c:2394 > #15 0x801c2107 in vn_ioctl (fp=0x9633eb40, com=3261076482, data=0x93bb7400 > "\001", p=0xd244a400) at vnode_if.h:429 > #16 0x8019ba1e in ioctl (p=0xd244a400, uap=0xdb3ebf80) at ../../sys/file.h:178 > #17 0x8024a96d in syscall2 (frame={tf_fs = 135725103, tf_es = 47, tf_ds = > 2143223855, tf_edi = 136306688, tf_esi = 2143283856, > tf_ebp = 2143284464, tf_isp = -616644652, tf_ebx = 2143283952, > tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, > tf_err = 2, tf_eip = 135190204, tf_cs = 31, tf_eflags = 531, tf_esp > = 2143283780, tf_ss = 47}) at ../../i386/i386/trap.c:1175 > #18 0x8023805b in Xint0x80_syscall () > cannot read proc at 0 > (kgdb) This shows that an invalid CCB is being passed through the pass(4) driver. > pass3 at mpt0 bus 0 target 6 lun 0 > pass3: Fixed Processor SCSI-2 device > pass3: 3.300MB/s transfers This is the device you're trying to talk to. I'm really suspicious your program is sending a garbage pointer in the CCB to the pass(4) driver. On the above core, please send the output of "fr 7" and then "print *ccb". -Nate