STREAMS/UX for the HP 9000 Reference Manual
209
Debugging STREAMS/UX Modules and Drivers
Debugging Examples
hpstreams_close+58: stw ret0,-40(sp)
call_open_close+448: or ret0,r0,r3
closed+138: or ret0,r0,r5
ufs_close+11C: movb,tr r0,ret0,ufs_close+15C
vn_close+24: ldw -54(sp),rp
vno_close+50: addil -59800,dp
closef+0xE8: ldw 18(r3),arg0
exit+2B4: bl uffree,rp
rexit+20: ldw -54(sp),rp
syscall+2A4: ldhs 0(r9),r19
The address where the illegal data access occurred is flushq+0x60. The
isr.ior in the panic message indicates that the data address that caused the
panic is 0.d, and the instruction at flushq+0x60 is ldbs 0xD(r21),r22, so r21
must have been 0 at the time of the panic. So we are probably dereferencing
a null pointer. Our first task is to find out which pointer this is. To do this we
need to know which variable r21 was supposed to contain. We do not have
source code for flushq(), because it is a STREAMS/UX internal procedure,
but we do know from its man page what arguments it takes, and we do have
the assembly version of the code. Here is the relevant portion of the
assembly. The instruction where the panic occurred is marked with an “*”.
flushq,20?ia
flushq:
flushq: stw rp,-14(sp)
flushq+4: ldo 40(sp),sp
flushq+8: stw arg0,-64(sp)
flushq+0xC: stw arg1,-68(sp)
flushq+10: ldw -68(sp),r20
flushq+14: zdepi 1,10,1,r21
flushq+18: and r20,r21,r22
flushq+1C: stw r22,-3C(sp)
flushq+20: ldw -68(sp),r31
flushq+24: addil -8000,r0
flushq+28: ldo -1(r1),r19
flushq+2C: and r31,r19,r20
flushq+30: stw r20,-68(sp)
flushq+34: ldw -64(sp),r21
flushq+38: ldws 4(r21),r22
flushq+3C: stw r22,-34(sp)
flushq+40: ldw -34(sp),r1
flushq+44: comibt,=,n 0,r1,flushq+120
flushq+48: or r0,r0,r0
flushq+4C: ldw -34(sp),r31
flushq+50: ldws 0(r31),r19
flushq+54: stw r19,-38(sp)
flushq+58: ldw -34(sp),r20
flushq+5C: ldw 14(r20),r21
* flushq+60: ldbs 0xD(r21),r22
flushq+64: stw r22,-40(sp)
flushq+68: ldw -68(sp),r1