STREAMS/UX for the HP 9000 Reference Manual
211
Debugging STREAMS/UX Modules and Drivers
Debugging Examples
q->q_first. Checking the instructions between flushq+0x3C and
flushq+0x58 shows that sp - 0x34 has not been stored to by any of these
instructions, only loaded from. So at flushq+0x58, r20 is loaded with
q->q_first. At flushq+0x5C, r21 is loaded with some field of q->q_first.
Looking at the structure definition for struct msgb, also found in
/usr/include/sys/stream.h, we find that the sixth word of the msgb structure,
which would be found at memory location r20 + 5 words == r20 + 0x14, is
b_datap.
struct msgb {
struct msgb * b_next; /* next message on queue */
struct msgb * b_prev; /* previous message on queue */
struct msgb * b_cont; /* next message block of message */
unsigned char * b_rptr; /* first unread data byte in buffer
*/
unsigned char * b_wptr; /* first unwritten data byte */
struct datab * b_datap; /* data block */
unsigned char b_band; /* message priority */
unsigned char b_pad1;
unsigned short b_flag; /* message flags */
long b_pad2;
MSG_KERNEL_FIELDS
};
So our problem is that q->q_first->b_datap is NULL. We want to confirm
this, and to look at the rest of the q structure. To do that we need to find the
value of sp - 0x64 at the time of the panic. We may be able to extract this
information from the stack if we know the value of sp at time of the panic.
To get this information, we do a manual stack back-trace. See “Manual
Stack Back-Tracing” for details on how this is done. The resulting table is
shown below:
sp pcoqh Procedure Address Frame Size
0x2418c0
0x241890
0x2417d0
0x7ffe7750
0x7ffe7710
0x7ffe7650
0x7ffe7420
0x1c374
0xdfcd0
0xdf3a8
0x16db14
0xe5a68
0xd34cc
0x9ea14
doadump+0xec
panic_boot+0x354
boot+0x34
panic+0xd4
trap+0xadc
$call_trap
flushq+0x60
0x30
0xc0
0x80
0x40
0xc0
0x230
0x40