Date: Mon, 20 May 2002 11:50:07 -0700 (PDT) From: Matthias Andree <matthias.andree@stud.uni-dortmund.de> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/37060 Message-ID: <200205201850.g4KIo7o56401@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/37060; it has been noted by GNATS.
From: Matthias Andree <matthias.andree@stud.uni-dortmund.de>
To: Andrew Gallatin <gallatin@cs.duke.edu>
Cc: matthias.andree@web.de, freebsd-gnats-submit@freebsd.org,
sos@freebsd.org
Subject: Re: kern/37060
Date: Mon, 20 May 2002 20:43:35 +0200
On Mon, 20 May 2002, Andrew Gallatin wrote:
> >It would be helpful to know which pointer was null. There
> >are many of them on line 710 of ata-disk.c
Ok, it looks as though bad things happen when the non-existant primary
slave is probed. I used boot -dg, set a breakpoint at ad_service and
after successfully detecting the first drive, I got some info.
The most important lines from below, consistent with the trap
(ATA_DEV(ATA_SLAVE) == 1):
(kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver))
$9 = (struct ad_softc *) 0x0
So the problem happens probably at line #713 when dereferencing
->flags.
Here's an excerpt from a typescript remote gdb session:
Remote debugging using /dev/cuaa1
ad_service (adp=0xc19ce400, change=1) at ../../dev/ata/ata-disk.c:706
706 if (adp->device->channel->flags & ATA_QUEUED && change) {
(kgdb) print adp->device
$1 = (struct ata_device *) 0xc190922c
(kgdb) print *adp->device
$2 = {channel = 0xc1909200, unit = 0, name = 0xc1949dc0 "ad1",
param = 0xc19d8c00, driver = 0xc19ce400, flags = 0, mode = 68, cmd = 0,
result = 0x0}
(kgdb) print *adp->device->channel
$3 = {dev = 0xc191cf00, unit = 1, r_io = 0xc191df80, r_altio = 0xc191df00,
r_bmio = 0xc191de80, r_irq = 0xc191dfc0, ih = 0xc101b000,
intr_func = 0xc0149a00 <ata_pci_intr>, chiptype = 91296006, alignment = 1,
flags = 0, device = {{channel = 0xc1909200, unit = 0,
name = 0xc1949dc0 "ad1", param = 0xc19d8c00, driver = 0xc19ce400,
flags = 0, mode = 68, cmd = 0, result = 0x0}, {channel = 0xc1909200,
unit = 16, name = 0x0, param = 0xc19d8e00, driver = 0x0, flags = 0,
mode = 0, cmd = 0, result = 0x0}}, devices = 3, status = 80 'P',
error = 0 '\000', active = 32, ata_queue = {tqh_first = 0x0,
tqh_last = 0xc1909280}, atapi_queue = {tqh_first = 0x0,
tqh_last = 0xc1909288}, running = 0xc19d7e00}
(kgdb) print *adp->device->channel->devices
$4 = 3
(kgdb) print adp->device->channel->device
$5 = {channel = 0xc1909200, unit = 0, name = 0xc1949dc0 "ad1",
param = 0xc19d8c00, driver = 0xc19ce400, flags = 0, mode = 68, cmd = 0,
result = 0x0}
(kgdb) print adp->device->channel->device[1]
$6 = {channel = 0xc1909200, unit = 16, name = 0x0, param = 0xc19d8e00,
driver = 0x0, flags = 0, mode = 0, cmd = 0, result = 0x0}
(kgdb) print adp->device->channel->device[2]
$7 = {channel = 0x3, unit = 80, name = 0x20 <Address 0x20 out of bounds>,
param = 0x0, driver = 0xc1909280, flags = 0, mode = -1047489912,
cmd = -1046643200, result = 0x0}
(kgdb) print adp->device->channel->device[3]
$8 = {channel = 0x0, unit = 0, name = 0x0, param = 0x0, driver = 0x0,
flags = 0, mode = 0, cmd = 0, result = 0x0}
(kgdb) l
701
702 int
703 ad_service(struct ad_softc *adp, int change)
704 {
705 /* do we have to check the other device on this channel ? */
706 if (adp->device->channel->flags & ATA_QUEUED && change) {
707 int device = adp->device->unit;
708
709 if (adp->device->unit == ATA_MASTER) {
710 if (adp->device->channel->devices & ATA_ATA_SLAVE &&
(kgdb) l
711 ((struct ad_softc *)
712 (adp->device->channel->
713 device[ATA_DEV(ATA_SLAVE)].driver))->flags&AD_F_TAG_ENABLED)
714 device = ATA_SLAVE;
715 }
716 else {
717 if (adp->device->channel->devices & ATA_ATA_MASTER &&
718 ((struct ad_softc *)
719 (adp->device->channel->
720 device[ATA_DEV(ATA_MASTER)].driver))->flags&AD_F_TAG_ENABLED)
(kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver))->flags
Cannot access memory at address 0x1c.
(kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver))
$9 = (struct ad_softc *) 0x0
(kgdb) l
721 device = ATA_MASTER;
722 }
723 if (device != adp->device->unit &&
724 ((struct ad_softc *)
725 (adp->device->channel->
726 device[ATA_DEV(device)].driver))->outstanding > 0) {
727 ATA_OUTB(adp->device->channel->r_io, ATA_DRIVE, ATA_D_IBM | device);
728 adp = adp->device->channel->device[ATA_DEV(device)].driver;
729 DELAY(1);
730 }
(kgdb) print adp->device->unit
$10 = 0
> Ack, this is a boot problem, so a crashdump is going to be hard.
> Can you print out adp->device->channel->devices and
> device[ATA_DEV(ATA_SLAVE)].drive and
> ((struct ad_softc *)(adp->device->channel->device[ATA_DEV(ATA_SLAVE)].driver))->flags
> in ad_service, prior to the line which causes the panic?
So the driver for that drive is NULL. Find the rest above.
--
Matthias Andree
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205201850.g4KIo7o56401>