Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Feb 2003 03:31:04 GMT
From:      Ollie Cook <ollie@uk.clara.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        ollie@uk.clara.net
Subject:   kern/48129: panic when attaching firewire device (CDRW/DVD)
Message-ID:  <200302100331.h1A3V4gM001301@laptop.home.olliecook.net>
next in thread | raw e-mail | index | archive | help 

>Number:         48129
>Category:       kern
>Synopsis:       panic when attaching firewire device (CDRW/DVD)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 09 19:40:03 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Ollie Cook
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD laptop.home.olliecook.net 4.7-STABLE FreeBSD 4.7-STABLE #6: Mon Feb 10 02:21:40 GMT 2003 root@laptop.olliecook.net:/usr/src/sys/compile/LAPTOP i386


	
>Description:
	
	Laptop (Dell X200 Latitude) running RELENG-4 panics during boot if CDRW/DVD device is attached to firewire bus. If device is attached after a successful boot, the laptop also panics. The instruction pointer on crash is in the sbp_get_text_leaf function. A backtrace from a kernel coredump is:

(kgdb) bt
#0  dumpsys () at ../../kern/kern_shutdown.c:487
#1  0xc01875a7 in boot (howto=260) at ../../kern/kern_shutdown.c:316
#2  0xc01879e5 in panic (fmt=0xc02df484 "from debugger")
    at ../../kern/kern_shutdown.c:595
#3  0xc0139afd in db_panic (addr=-1072303954, have_addr=0, count=-1, 
    modif=0xc031c0dc "") at ../../ddb/db_command.c:435
#4  0xc0139a9d in db_command (last_cmdp=0xc031f884, cmd_table=0xc031f6c4, 
    aux_cmd_tablep=0xc0358ad4) at ../../ddb/db_command.c:333
#5  0xc0139b62 in db_command_loop () at ../../ddb/db_command.c:457
#6  0xc013bc9f in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#7  0xc02b972e in kdb_trap (type=12, code=0, regs=0xc031c230)
    at ../../i386/i386/db_interface.c:158
#8  0xc02c8b28 in trap_fatal (frame=0xc031c230, eva=3252625180)
    at ../../i386/i386/trap.c:969
#9  0xc02c8801 in trap_pfault (frame=0xc031c230, usermode=0, eva=3252625180)
    at ../../i386/i386/trap.c:867
#10 0xc02c83a7 in trap (frame={tf_fs = -1043988464, tf_es = -1070530544, 
      tf_ds = -1072365552, tf_edi = 3, tf_esi = 0, tf_ebp = -1070480772, 
      tf_isp = -1070480804, tf_ebx = -1042342116, tf_edx = 8, 
      tf_ecx = -1043972056, tf_eax = 407485, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1072303954, tf_cs = 8, tf_eflags = 66054, 
      tf_esp = -1043972096, tf_ss = -1043962460}) at ../../i386/i386/trap.c:466
#11 0xc015f0ae in sbp_get_text_leaf (fwdev=0xc1c64000, key=3, 
    buf=0xc1c665a4 "", len=32) at ../../dev/firewire/sbp.c:530
#12 0xc015f134 in sbp_probe_lun (sdev=0xc1c66580)
    at ../../dev/firewire/sbp.c:550
#13 0xc015f226 in sbp_probe_target (target=0xc199b414, alive=1)
    at ../../dev/firewire/sbp.c:588
#14 0xc015f47f in sbp_post_explore (arg=0xc199b400)
    at ../../dev/firewire/sbp.c:718
#15 0xc01573ad in fw_attach_dev (fc=0xc19b7000)
    at ../../dev/firewire/firewire.c:1560
#16 0xc0156d57 in fw_bus_explore (fc=0xc19b7000)
    at ../../dev/firewire/firewire.c:1252
#17 0xc015716d in fw_bus_explore_callback (xfer=0xc1c66580)
    at ../../dev/firewire/firewire.c:1453
#18 0xc0156258 in fw_xfer_done (xfer=0xc1c66580)
    at ../../dev/firewire/firewire.c:842
#19 0xc015764d in fw_rcv (fc=0xc19b7000, buf=0xc1c0e000 "", len=16, sub=0, 
    off=0, spd=0) at ../../dev/firewire/firewire.c:1683
#20 0xc015e47b in fwohci_arcv (sc=0xc19b7000, dbch=0xc19bb56c, count=-1)
    at ../../dev/firewire/fwohci.c:2757
#21 0xc015ce91 in fwohci_intr_body (sc=0xc19b7000, stat=32, count=-1)
    at ../../dev/firewire/fwohci.c:1849
#22 0xc015d1c0 in fwohci_intr (arg=0xc19b7000)
    at ../../dev/firewire/fwohci.c:1962
#23 0xc02d0e7d in intr_mux (arg=0xc105e1e0)
    at ../../i386/isa/intr_machdep.c:582
#24 0xc02bfdbe in cpu_idle () at ../../i386/i386/machdep.c:1022
(kgdb) fr 11
#11 0xc015f0ae in sbp_get_text_leaf (fwdev=0xc1c64000, key=3, 
    buf=0xc1c665a4 "", len=32) at ../../dev/firewire/sbp.c:530
530		src = (u_int32_t *) creg + creg->val;
(kgdb) p *fwdev
cannot read proc at 0
(kgdb) p fwdev
$1 = (struct fw_device *) 0x671c02
(kgdb) p creg->val
cannot read proc at 0
(kgdb) quit

which suggests derefencing a null pointer.

>How-To-Repeat:
	Attach CDRW/DVD to the firewire bus.
>Fix:
	None known at this time.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302100331.h1A3V4gM001301>