From owner-freebsd-bugs Mon May 20 11:50:36 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 085F937B412 for ; Mon, 20 May 2002 11:50:07 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4KIo7o56401; Mon, 20 May 2002 11:50:07 -0700 (PDT) (envelope-from gnats) Date: Mon, 20 May 2002 11:50:07 -0700 (PDT) Message-Id: <200205201850.g4KIo7o56401@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Matthias Andree Subject: Re: kern/37060 Reply-To: Matthias Andree Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR kern/37060; it has been noted by GNATS. From: Matthias Andree To: Andrew Gallatin Cc: matthias.andree@web.de, freebsd-gnats-submit@freebsd.org, sos@freebsd.org Subject: Re: kern/37060 Date: Mon, 20 May 2002 20:43:35 +0200 On Mon, 20 May 2002, Andrew Gallatin wrote: > >It would be helpful to know which pointer was null. There > >are many of them on line 710 of ata-disk.c Ok, it looks as though bad things happen when the non-existant primary slave is probed. I used boot -dg, set a breakpoint at ad_service and after successfully detecting the first drive, I got some info. The most important lines from below, consistent with the trap (ATA_DEV(ATA_SLAVE) == 1): (kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver)) $9 = (struct ad_softc *) 0x0 So the problem happens probably at line #713 when dereferencing ->flags. Here's an excerpt from a typescript remote gdb session: Remote debugging using /dev/cuaa1 ad_service (adp=0xc19ce400, change=1) at ../../dev/ata/ata-disk.c:706 706 if (adp->device->channel->flags & ATA_QUEUED && change) { (kgdb) print adp->device $1 = (struct ata_device *) 0xc190922c (kgdb) print *adp->device $2 = {channel = 0xc1909200, unit = 0, name = 0xc1949dc0 "ad1", param = 0xc19d8c00, driver = 0xc19ce400, flags = 0, mode = 68, cmd = 0, result = 0x0} (kgdb) print *adp->device->channel $3 = {dev = 0xc191cf00, unit = 1, r_io = 0xc191df80, r_altio = 0xc191df00, r_bmio = 0xc191de80, r_irq = 0xc191dfc0, ih = 0xc101b000, intr_func = 0xc0149a00 , chiptype = 91296006, alignment = 1, flags = 0, device = {{channel = 0xc1909200, unit = 0, name = 0xc1949dc0 "ad1", param = 0xc19d8c00, driver = 0xc19ce400, flags = 0, mode = 68, cmd = 0, result = 0x0}, {channel = 0xc1909200, unit = 16, name = 0x0, param = 0xc19d8e00, driver = 0x0, flags = 0, mode = 0, cmd = 0, result = 0x0}}, devices = 3, status = 80 'P', error = 0 '\000', active = 32, ata_queue = {tqh_first = 0x0, tqh_last = 0xc1909280}, atapi_queue = {tqh_first = 0x0, tqh_last = 0xc1909288}, running = 0xc19d7e00} (kgdb) print *adp->device->channel->devices $4 = 3 (kgdb) print adp->device->channel->device $5 = {channel = 0xc1909200, unit = 0, name = 0xc1949dc0 "ad1", param = 0xc19d8c00, driver = 0xc19ce400, flags = 0, mode = 68, cmd = 0, result = 0x0} (kgdb) print adp->device->channel->device[1] $6 = {channel = 0xc1909200, unit = 16, name = 0x0, param = 0xc19d8e00, driver = 0x0, flags = 0, mode = 0, cmd = 0, result = 0x0} (kgdb) print adp->device->channel->device[2] $7 = {channel = 0x3, unit = 80, name = 0x20
, param = 0x0, driver = 0xc1909280, flags = 0, mode = -1047489912, cmd = -1046643200, result = 0x0} (kgdb) print adp->device->channel->device[3] $8 = {channel = 0x0, unit = 0, name = 0x0, param = 0x0, driver = 0x0, flags = 0, mode = 0, cmd = 0, result = 0x0} (kgdb) l 701 702 int 703 ad_service(struct ad_softc *adp, int change) 704 { 705 /* do we have to check the other device on this channel ? */ 706 if (adp->device->channel->flags & ATA_QUEUED && change) { 707 int device = adp->device->unit; 708 709 if (adp->device->unit == ATA_MASTER) { 710 if (adp->device->channel->devices & ATA_ATA_SLAVE && (kgdb) l 711 ((struct ad_softc *) 712 (adp->device->channel-> 713 device[ATA_DEV(ATA_SLAVE)].driver))->flags&AD_F_TAG_ENABLED) 714 device = ATA_SLAVE; 715 } 716 else { 717 if (adp->device->channel->devices & ATA_ATA_MASTER && 718 ((struct ad_softc *) 719 (adp->device->channel-> 720 device[ATA_DEV(ATA_MASTER)].driver))->flags&AD_F_TAG_ENABLED) (kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver))->flags Cannot access memory at address 0x1c. (kgdb) print ((struct ad_softc *)(adp->device->channel->device[1].driver)) $9 = (struct ad_softc *) 0x0 (kgdb) l 721 device = ATA_MASTER; 722 } 723 if (device != adp->device->unit && 724 ((struct ad_softc *) 725 (adp->device->channel-> 726 device[ATA_DEV(device)].driver))->outstanding > 0) { 727 ATA_OUTB(adp->device->channel->r_io, ATA_DRIVE, ATA_D_IBM | device); 728 adp = adp->device->channel->device[ATA_DEV(device)].driver; 729 DELAY(1); 730 } (kgdb) print adp->device->unit $10 = 0 > Ack, this is a boot problem, so a crashdump is going to be hard. > Can you print out adp->device->channel->devices and > device[ATA_DEV(ATA_SLAVE)].drive and > ((struct ad_softc *)(adp->device->channel->device[ATA_DEV(ATA_SLAVE)].driver))->flags > in ad_service, prior to the line which causes the panic? So the driver for that drive is NULL. Find the rest above. -- Matthias Andree To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message