Dell PowerEdge 1750 and mpt

Nate Lawson nate at root.org
Tue Oct 14 23:30:24 PDT 2003 

On Tue, 14 Oct 2003, David Sze wrote:
> /usr/src/sys/compile/KERNEL># gdb -k kernel.debug -c /var/crash/vmcore.0
>
> SMP 2 cpus
> IdlePTD at phsyical address 0x00349000
> initial pcb at physical address 0x002bb7c0
> panicstr: page fault
> panic messages:
> ---
> Fatal trap 12: page fault while in kernel mode
> mp_lock = 01000002; cpuid = 1; lapic.id = 06000000
> fault virtual address   = 0x8
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0x80171388
> stack pointer           = 0x10:0xdb3ebc7c
> frame pointer           = 0x10:0xdb3ebc90
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                          = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 184 (sproxy)
> interrupt mask          = cam  <- SMP: XXX
> trap number             = 12
> panic: page fault
> mp_lock = 01000002; cpuid = 1; lapic.id = 06000000
> boot() called on cpu#1
>
> syncing disks... 1023 502 68 3 3 3 3 3 3 3 21 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
> 3 3 3 3 3
> giving up on 3 buffers
> Uptime: 1h31m19s
>
> dumping to dev #da/0x20009, offset 133248
> ---
> #0  dumpsys () at ../../kern/kern_shutdown.c:487
> 487             if (dumping++) {
> (kgdb) bt
> #0  dumpsys () at ../../kern/kern_shutdown.c:487
> #1  0x8018c33b in boot (howto=256) at ../../kern/kern_shutdown.c:316
> #2  0x8018c794 in poweroff_wait (junk=0x8028bef9, howto=-2144814641) at
> ../../kern/kern_shutdown.c:595
> #3  0x8024a63c in trap_fatal (frame=0xdb3ebc3c, eva=8) at
> ../../i386/i386/trap.c:974
> #4  0x8024a2cd in trap_pfault (frame=0xdb3ebc3c, usermode=0, eva=8) at
> ../../i386/i386/trap.c:867
> #5  0x80249e6f in trap (frame={tf_fs = 24, tf_es = -1834221552, tf_ds =
> -1841823728, tf_edi = -1776680960, tf_esi = -1776680960,
>        tf_ebp = -616645488, tf_isp = -616645528, tf_ebx = 0, tf_edx =
> 1811947648, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
>        tf_err = 0, tf_eip = -2145971320, tf_cs = 8, tf_eflags = 66118,
> tf_esp = -1841812480, tf_ss = -1841812480})
>      at ../../i386/i386/trap.c:466
> #6  0x80171388 in mpt_read_cfg_page (mpt=0x92382c00, PageAddress=0,
> hdr=0xdb3ebcc4) at ../../dev/mpt/mpt.c:576

The problem is at the above frame.

> #7  0x80174507 in mpt_action (sim=0x923867c0, ccb=0x961a0000) at
> ../../dev/mpt/mpt_freebsd.c:1311
> #8  0x801215ce in xpt_action (start_ccb=0x961a0000) at ../../cam/cam_xpt.c:2949
> #9  0x80125e35 in cam_periph_runccb (ccb=0x961a0000, error_routine=0,
> camflags=CAM_FLAG_NONE, sense_flags=17, ds=0x92a92a80)
>      at ../../cam/cam_periph.c:822
> #10 0x80129cd0 in passsendccb (periph=0x92a90f00, ccb=0x961a0000,
> inccb=0x93bb7400) at ../../cam/scsi/scsi_pass.c:797
> #11 0x80129bfc in passioctl (dev=0x92a90980, cmd=3261076482,
> addr=0x93bb7400 "\001", flag=3, p=0xd244a400)
>      at ../../cam/scsi/scsi_pass.c:714
> #12 0x801c5b62 in spec_ioctl (ap=0xdb3ebde0) at
> ../../miscfs/specfs/spec_vnops.c:306
> #13 0x801c588d in spec_vnoperate (ap=0xdb3ebde0) at
> ../../miscfs/specfs/spec_vnops.c:119
> #14 0x80209349 in ufs_vnoperatespec (ap=0xdb3ebde0) at
> ../../ufs/ufs/ufs_vnops.c:2394
> #15 0x801c2107 in vn_ioctl (fp=0x9633eb40, com=3261076482, data=0x93bb7400
> "\001", p=0xd244a400) at vnode_if.h:429
> #16 0x8019ba1e in ioctl (p=0xd244a400, uap=0xdb3ebf80) at ../../sys/file.h:178
> #17 0x8024a96d in syscall2 (frame={tf_fs = 135725103, tf_es = 47, tf_ds =
> 2143223855, tf_edi = 136306688, tf_esi = 2143283856,
>        tf_ebp = 2143284464, tf_isp = -616644652, tf_ebx = 2143283952,
> tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12,
>        tf_err = 2, tf_eip = 135190204, tf_cs = 31, tf_eflags = 531, tf_esp
> = 2143283780, tf_ss = 47}) at ../../i386/i386/trap.c:1175
> #18 0x8023805b in Xint0x80_syscall ()
> cannot read proc at 0
> (kgdb)

This shows that an invalid CCB is being passed through the pass(4) driver.

> pass3 at mpt0 bus 0 target 6 lun 0
> pass3: <PE/PV 1x3 SCSI BP 1.1> Fixed Processor SCSI-2 device
> pass3: 3.300MB/s transfers

This is the device you're trying to talk to.  I'm really suspicious your
program is sending a garbage pointer in the CCB to the pass(4) driver.  On
the above core, please send the output of "fr 7" and then "print *ccb".

-Nate

More information about the freebsd-scsi mailing list