From owner-freebsd-bugs@FreeBSD.ORG Sun Jul 24 13:40:24 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C155516A41F for ; Sun, 24 Jul 2005 13:40:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4370743D46 for ; Sun, 24 Jul 2005 13:40:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j6ODeOKX008675 for ; Sun, 24 Jul 2005 13:40:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j6ODeOUF008674; Sun, 24 Jul 2005 13:40:24 GMT (envelope-from gnats) Resent-Date: Sun, 24 Jul 2005 13:40:24 GMT Resent-Message-Id: <200507241340.j6ODeOUF008674@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Markus Wild Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2062A16A41F for ; Sun, 24 Jul 2005 13:39:23 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7BC443D4C for ; Sun, 24 Jul 2005 13:39:22 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j6ODdMFT078410 for ; Sun, 24 Jul 2005 13:39:22 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j6ODdMp0078409; Sun, 24 Jul 2005 13:39:22 GMT (envelope-from nobody) Message-Id: <200507241339.j6ODdMp0078409@www.freebsd.org> Date: Sun, 24 Jul 2005 13:39:22 GMT From: Markus Wild To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: kern/83999: [patch] panic in fw_bus_explore due to NULL reference X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jul 2005 13:40:24 -0000 >Number: 83999 >Category: kern >Synopsis: [patch] panic in fw_bus_explore due to NULL reference >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jul 24 13:40:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Markus Wild >Release: current amd64 >Organization: >Environment: FreeBSD amd64.dudes.ch 7.0-CURRENT FreeBSD 7.0-CURRENT #29: Sat Jul 16 18:30:24 CEST 2005 mw@amd64.dudes.ch:/usr/obj/usr/src/sys/AMD64 amd64 >Description: Machine panics at fw_bus_explore+0x3f: testb $0x40,0x(%rax) with %rax being NULL. The problem is the line (1339): if (!fw_find_self_id(fc, fc->ongonode)->p0.link_active) { fw_find_self_id() can return 0 if it doesn't find the node. This is not taken into account with the above test. >How-To-Repeat: On this machine it was sufficient to load the firewire module to trigger the panic. A canopus ADV module was plugged into the firewire port. >Fix: diff -u -r1.80 firewire.c --- firewire.c 6 Jan 2005 01:42:41 -0000 1.80 +++ firewire.c 24 Jul 2005 13:37:09 -0000 @@ -1324,6 +1324,7 @@ uint32_t addr; struct fw_xfer *xfer; struct fw_pkt *fp; + union fw_self_id *fwsid; if(fc->status != FWBUSEXPLORE) return; @@ -1336,7 +1337,8 @@ /* check link */ /* XXX we need to check phy_id first */ - if (!fw_find_self_id(fc, fc->ongonode)->p0.link_active) { + fwsid = fw_find_self_id(fc, fc->ongonode); + if (!fwsid || !fwsid->p0.link_active) { if (firewire_debug) printf("node%d: link down\n", fc->ongonode); fc->ongonode++; >Release-Note: >Audit-Trail: >Unformatted: