From owner-freebsd-scsi Wed Dec 4 7:26:23 2002 Delivered-To: freebsd-scsi@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD18737B401 for ; Wed, 4 Dec 2002 07:26:21 -0800 (PST) Received: from msgbas2x.cos.agilent.com (msgbas2x.cos.agilent.com [192.25.240.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8F5143E4A for ; Wed, 4 Dec 2002 07:26:20 -0800 (PST) (envelope-from ctuffli@rose.agilent.com) Received: from relcos2.cos.agilent.com (relcos2.cos.agilent.com [130.29.152.237]) by msgbas2x.cos.agilent.com (Postfix) with ESMTP id A1211159D for ; Wed, 4 Dec 2002 08:26:14 -0700 (MST) Received: from rtl.rose.agilent.com (rtl.rose.agilent.com [130.30.179.189]) by relcos2.cos.agilent.com (Postfix) with ESMTP id AE7E1471 for ; Wed, 4 Dec 2002 08:26:12 -0700 (MST) Received: from mail.rose.agilent.com (mailsrv@bellhop [130.30.179.19]) by rtl.rose.agilent.com (8.9.3 (PHNE_18979)/8.9.3 SMKit7.1.0) with ESMTP id HAA03512 for ; Wed, 4 Dec 2002 07:26:08 -0800 (PST) Received: from cre85086tuf ([130.30.174.150]) by mail.rose.agilent.com (Netscape Messaging Server 3.6) with ESMTP id AAA2B06; Wed, 4 Dec 2002 07:25:52 -0800 Received: by cre85086tuf (Postfix, from userid 1001) id 859A119DE95; Mon, 2 Dec 2002 17:00:52 -0800 (PST) Date: Mon, 2 Dec 2002 17:00:52 -0800 From: Chuck Tuffli To: freebsd-scsi@FreeBSD.ORG Subject: decoding a double fault Message-ID: <20021203010051.GA96898@cre85086tuf.rose.agilent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-scsi@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm working on a CAM driver for 4.7-RELEASE and am looking for some pointers on figuring out how I caused a double fault. The driver is a KLD and had already been loaded. The command I was executing just before the panic was a camcontrol rescan of the individual devices. Before running rescan, the driver did sucessfully detect 4 devices (This problem doesn't show up if I run rescan manually for each device). smallrocks# while 1 while? smallrocks# foreach d (0 1 2 3) foreach? camcontrol rescan 0:$d\:0 foreach? end Re-scan of 0:0:0 was successful Re-scan of 0:1:0 was successful The info on the terminal after the panic is Fatal double fault: eip = 0xc0371e68 esp = 0xc60aea50 ebp = 0xc612ea7c where 0xc0371e68 is in bus_dmamap_load at line 437 ... vaddr = (vm_offset_t)buf; sg = &dm_segments[0]; seg = 1; sg->ds_len = 0; /* !!! line 437 */ nextpaddr = 0; do { ... The backtrace just shows the fault (kgdb) bt #0 Debugger (msg=0xc03ce15b "panic") at ../../i386/i386/db_interface.c:319 #1 0xc021158c in panic (fmt=0xc03fc7c3 "double fault") at ../../kern/kern_shutdown.c:593 #2 0xc0382f13 in dblfault_handler () at ../../i386/i386/trap.c:1004 In frame #2, the contents of common_tss are (kgdb) p/x common_tss $4 = {tss_link = 0x0, tss_esp0 = 0xc612eff0, tss_ss0 = 0x10, tss_esp1 = 0x0, tss_ss1 = 0x0, tss_esp2 = 0x0, tss_ss2 = 0x0, tss_cr3 = 0x0, tss_eip = 0xc0371e68, tss_eflags = 0x10246, tss_eax = 0xc0d86284, tss_ecx = 0x0, tss_edx = 0xc60aea50, tss_ebx = 0xc0ecc220, tss_esp = 0xc60aea50, tss_ebp = 0xc612ea7c, tss_esi = 0xc0ed0800, tss_edi = 0xc0ed0800, tss_es = 0x10, tss_cs = 0x8, tss_ss = 0x10, tss_ds = 0x10, tss_fs = 0x10, tss_gs = 0x2f, tss_ldt = 0x0, tss_ioopt = 0x680000} Is there enough information from the above to figure out what code was calling bus_dmamap_load, is the fault from a stack overflow or other bad address, etc.? Any comments, including RTFM, are welcomed as long as you mention which manual to read :) -- Chuck Tuffli Agilent Technologies, Storage and Networking To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-scsi" in the body of the message