cd taste crash followup

From: Doug White <dwhite_at_gumbysoft.com>
Date: Mon, 22 Dec 2003 17:22:30 -0800 (PST)
I was able to get a crashdump after all. Here's the details:

#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc0470545 in db_fncall (dummy1=0, dummy2=0, dummy3=1999,
    dummy4=0xdfceca78 "") at ../../../ddb/db_command.c:548
#2  0xc0470292 in db_command (last_cmdp=0xc07477a0, cmd_table=0x0,
    aux_cmd_tablep=0xc0710358, aux_cmd_tablep_end=0xc071035c)
    at ../../../ddb/db_command.c:346
#3  0xc04703d5 in db_command_loop () at ../../../ddb/db_command.c:472
#4  0xc04733d5 in db_trap (type=12, code=0) at ../../../ddb/db_trap.c:73
#5  0xc069e56c in kdb_trap (type=12, code=0, regs=0xdfcecc44)
    at ../../../i386/i386/db_interface.c:171
#6  0xc06b3656 in trap_fatal (frame=0xdfcecc44, eva=0)
    at ../../../i386/i386/trap.c:816
#7  0xc06b3302 in trap_pfault (frame=0xdfcecc44, usermode=0, eva=28)
    at ../../../i386/i386/trap.c:735
#8  0xc06b2eed in trap (frame=
      {tf_fs = -1068302312, tf_es = -1066270704, tf_ds = 16, tf_edi = 0,
tf_esi = -969007360, tf_ebp = -540095336, tf_isp = -540095376, tf_ebx =
-968496560, tf_edx = 0, tf_ecx = -1066058940, tf_eax = 1, tf_trapno = 12,
tf_err = 0, tf_eip = -1068092797, tf_cs = 8, tf_eflags = 66051, tf_esp =
-1066058976, tf_ss = 0})
    at ../../../i386/i386/trap.c:420
#9  0xc069ffb8 in calltrap () at {standard input}:94
#10 0xc0518f18 in g_destroy_provider (pp=0xc645ea50)
    at ../../../geom/geom_subr.c:428
#11 0xc0516105 in g_orphan_register (pp=0xc63e1f00)
    at ../../../geom/geom_event.c:147
#12 0xc05161e0 in one_event () at ../../../geom/geom_event.c:173
#13 0xc05163a5 in g_run_events () at ../../../geom/geom_event.c:206
#14 0xc0517285 in g_event_procbody () at ../../../geom/geom_kern.c:134
#15 0xc053666e in fork_exit (callout=0xc0517260 <g_event_procbody>,
arg=0x0,
    frame=0x0) at ../../../kern/kern_fork.c:793

In frame 10,

(kgdb) print pp
$1 = (struct g_provider *) 0xc645ea50
(kgdb) print *pp
$2 = {name = 0x0, provider = {le_next = 0x0, le_prev = 0x0}, geom = 0x0,
  consumers = {lh_first = 0x0}, acr = 0, acw = 0, ace = 0, error = 0,
  orphan = {tqe_next = 0x0, tqe_prev = 0x0}, index = 0, mediasize = 0,
  sectorsize = 0, stripesize = 0, stripeoffset = 0, stat = 0x0, nstart =
0,
  nend = 0, flags = 0}

So the pointer points to a zeroed struct.

It looks like there some sort of corruption going on in frame 11.  pp
there is half-filled with crap.

More exploration is needed...

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite_at_gumbysoft.com          |  www.FreeBSD.org
Received on Mon Dec 22 2003 - 16:22:32 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:35 UTC