Tracking down null pointer reference via kgdb
Farhan Khan
khanzf at gmail.com
Sat Nov 18 05:29:19 UTC 2017
Hi all,
I am working on a driver and getting a kernel panic in an unexpected
place. A quick kgdb shows me that the panic occurs at line #9, called by
rtwn_fw_loadpage. Looking up rtwn_fw_load shows a function pointer calle
that is essentially sc->sc_fw_write_block.
While this is where the bug triggers, I see that in line
r92ce_iq_calib_chain the sc pointer becomes 0x0. However, I have not
been able to trace down what caused this. Moreover, I traced the code,
but cannot even find a connection from r92ce_iq_calib_run (the calling
function) to r92ce_iq_calib_chain, where the sc variable appears to
become corrupted.
My printf debugging clearly shows that it is set at one point, but then
later becomes 0x0.
Is there a way to track this down, either in kgdb or ddb?
Thanks,
Farhan
-------------------
(kgdb) where
#0 __curthread () at ./machine/pcpu.h:232
#1 doadump (textdump=1) at /usr/src/sys/kern/kern_shutdown.c:318
#2 0xffffffff80a64d15 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:386
#3 0xffffffff80a65306 in vpanic (fmt=<optimized out>,
ap=0xfffffe0119c49480)
at /usr/src/sys/kern/kern_shutdown.c:779
#4 0xffffffff80a65353 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:710
#5 0xffffffff80ef0add in trap_fatal (frame=0xfffffe0119c49720, eva=0)
at /usr/src/sys/amd64/amd64/trap.c:799
#6 0xffffffff80ef0b52 in trap_pfault (frame=0xfffffe0119c49720,
usermode=0) at /usr/src/sys/amd64/amd64/trap.c:653
#7 0xffffffff80ef0315 in trap (frame=0xfffffe0119c49720) at
/usr/src/sys/amd64/amd64/trap.c:420
#8 <signal handler called>
#9 0x0000000000000000 in ?? ()
#10 0xffffffff82c23004 in rtwn_fw_loadpage (sc=0x0, buf=<optimized out>,
len=0, page=<optimized out>)
at /usr/src/sys/dev/rtwn/if_rtwn_fw.c:66
#11 rtwn_load_firmware (sc=<optimized out>) at
/usr/src/sys/dev/rtwn/if_rtwn_fw.c:182
#12 0xffffffff82c47c91 in r92ce_iq_calib_write_results (sc=0x0, tx=0x0,
rx=0xfffffe00092d9000,
chain=<optimized out>) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:325
#13 0xffffffff82c474a3 in r92ce_iq_calib_chain (sc=0x0,
tx=0xfffffe0100c49a60, rx=0xfffffe01191fe000,
chain=<optimized out>) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:117
#14 r92ce_iq_calib_run (sc=<optimized out>, n=<optimized out>,
tx=<optimized out>, rx=<optimized out>,
vals=<optimized out>) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:225
#15 r92ce_iq_calib (sc=<optimized out>) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:368
#16 0xffffffff82c47329 in r92ce_iq_calib_run (sc=<optimized out>,
n=<optimized out>, tx=<optimized out>,
rx=<optimized out>, vals=<optimized out>) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:218
#17 r92ce_iq_calib (sc=0x219c49afc) at
/usr/src/sys/dev/rtwn/rtl8192c/pci/r92ce_calib.c:368
#18 0xffffffff80a29af9 in intr_event_execute_handlers (p=<optimized
out>, ie=0xfffff80004cce000)
at /usr/src/sys/kern/kern_intr.c:1336
#19 0xffffffff80a2a1e6 in ithread_execute_handlers (ie=<optimized out>,
p=<optimized out>)
at /usr/src/sys/kern/kern_intr.c:1349
#20 ithread_loop (arg=0xfffff80004cb7040) at
/usr/src/sys/kern/kern_intr.c:1430
#21 0xffffffff80a26ef4 in fork_exit (callout=0xffffffff80a2a130
<ithread_loop>, arg=0xfffff80004cb7040,
frame=0xfffffe0119c49c00) at /usr/src/sys/kern/kern_fork.c:1044
#22 <signal handler called>
-------------------
More information about the freebsd-hackers
mailing list