Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Aug 2004 12:53:54 -0700
From:      Nate Lawson <nate@root.org>
To:        Radek Kozlowski <radek@raadradd.com>
Cc:        current@freebsd.org
Subject:   Re: Panic on boot with today's CURRENT, ata related
Message-ID:  <411D1C52.7050501@root.org>
In-Reply-To: <20040812225838.GB10869@werd>
References:  <4113EB2A.7060401@root.org> <20040812225838.GB10869@werd>

next in thread | previous in thread | raw e-mail | index | archive | help
Radek Kozlowski wrote:
> On Fri, Aug 06, 2004 at 01:33:46PM -0700, Nate Lawson wrote:
> 
>>I took a quick look at this ATA panic.  The exact same one occurs for 
>>Ceri.  A quick dissassemble shows that the testb is the check for the 
>>DMA flag at the very end of ata_generic_transaction().  The bug appears 
>>to be that this may be a PIO request (since the DMA check is outside the 
>>switch() statement).  The fix is to make sure it's a DMA request before 
>>dereferencing an element of the DMA struct.  Try the attached patch.
> 
> 
> Another panic on boot with fresh -CURRENT, however this time ad0 is in
> UDMA100 mode:
> 
> <snip>
> ad0: 38154MB <IC25N040ATMR04-0/M020AD0A> [77520/16/63] at ata0-master UDMA100
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x24
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8 :0xc0544896
> stack pointer           = 0x10 :0xd302db70
> frame pointer           = 0x10 :0xd302db70
> code segment            = base 0x0, limit 0xffffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 4 (g_down)
> [thread 100033]
> Stopped at      rman_get_bustag+0x6:    movl    0x24(%eax),%eax
> db> trace
> rman_get_bustag(0,d302db84,0,c1a33000,c8000000) at rman_get_bustag+0x6
> ata_pci_dmastart(c1854200,c8,0,0,1) at ata_pci_dmastart+0x17
> ata_generic_transaction(c1b3ea8c,c1b3ea8c,1f4,c0537399,0) at ata_generic_transaction+0x2e3
> ata_start(c1854200,0,c1b3ea8c,c1854200,c1b42dec) at ata_start+0x279
> ata_queue_request(c1b3ea8c,0,101,0,d302dc44,d302dc58,0,0,0,efd88083,2be897c,c1b42dec,c1aadd80) at ata_queue_request+0x1fc
> ad_start(c18542a8,c053e221,c1aaddc8,c1b42dec,c1aadd80) at ad_start+0x398
> ata_start(c1854200,c1b42dec,0,0,c1b42dec) at ata_start+0xc8
> adstrategy(c1b42dec,0,200,0,200) at adstrategy+0xce
> g_disk_start(c1b42e70,c0736028,24c,c06deea3,a) at g_disk_start+0x1b6
> g_io_schedule_down(c188f000,c189e534,d302dd34,c0508650,0) at g_io_schedule_down+0x150
> g_down_procbody(0,d302dd48,0,0,0) at g_down_procbody+0x1e
> fork_exit(c04e4f80,0,d302dd48) at fork_exit+0x80
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0x1, eip = 0, esp = 0xd302dd7c, ebp = 0 ---
> 
> -Radek

ctlr->r_res1 is NULL but a DMA transaction is being started. This 
results in a NULL pointer being passed to rman_get_bustag(). 
ata_pci_attach() should not be setting the dmainit routine to 
ata_pci_dmainit() if it can't enable busmastering.  There are a myriad 
of places to address this so I'm not sure where Soeren will want to fix 
this.

I'm still working with you privately on why r_res1 can't be allocated.

-Nate



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411D1C52.7050501>