Date: Fri, 24 Mar 2000 17:00:54 +0900 (JST) From: "Daniel C. Sobral" <dcs@newsguy.com> To: hackers@freebsd.org Cc: sos@freebsd.org Subject: ATA problems with changer code Message-ID: <200003240801.RAA00373@daniel.sobral>
next in thread | raw e-mail | index | archive | help
With the latest ata, I get instant panic whenever I call
/stand/sysinstall. It seems acdopen() is trying to read the contents of
cdp->changer_info, but that pointer is NULL.
(kgdb) bt
#0 boot (howto=260) at /home/src/sys/kern/kern_shutdown.c:304
#1 0xc0151fc9 in panic (fmt=0xc0214e94 "from debugger")
at /home/src/sys/kern/kern_shutdown.c:554
#2 0xc0128ddd in db_panic (addr=-1071797232, have_addr=0, count=-1,
modif=0xc6914bd8 "") at /home/src/sys/ddb/db_command.c:433
#3 0xc0128d7c in db_command (last_cmdp=0xc024225c,
cmd_table=0xc02420bc,
aux_cmd_tablep=0xc0276850) at /home/src/sys/ddb/db_command.c:333
#4 0xc0128e42 in db_command_loop () at
/home/src/sys/ddb/db_command.c:455
#5 0xc012af9b in db_trap (type=12, code=0) at
/home/src/sys/ddb/db_trap.c:71
#6 0xc01ef5eb in kdb_trap (type=12, code=0, regs=0xc6914d3c)
at /home/src/sys/i386/i386/db_interface.c:158
#7 0xc01fc41c in trap_fatal (frame=0xc6914d3c, eva=0)
at /home/src/sys/i386/i386/trap.c:919
#8 0xc01fc105 in trap_pfault (frame=0xc6914d3c, usermode=0, eva=0)
at /home/src/sys/i386/i386/trap.c:817
#9 0xc01fbcd3 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = 1,
tf_esi = -1063859328, tf_ebp = -963555960, tf_isp = -963555992,
tf_ebx = -1063852032, tf_edx = 1, tf_ecx = 64, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1071797232, tf_cs = 8,
tf_eflags = 66118, tf_esp = -956099232, tf_ss = -948398080})
at /home/src/sys/i386/i386/trap.c:423
#10 0xc01dac10 in acdopen (dev=0xc096cb80, flags=1, fmt=8192,
p=0xc7031560)
at /home/src/sys/dev/ata/atapi-cd.c:497
#11 0xc018b2ce in spec_open (ap=0xc6914e04)
at /home/src/sys/miscfs/specfs/spec_vnops.c:191
#12 0xc018b1d5 in spec_vnoperate (ap=0xc6914e04)
at /home/src/sys/miscfs/specfs/spec_vnops.c:117
#13 0xc01c4ee9 in ufs_vnoperatespec (ap=0xc6914e04)
at /home/src/sys/ufs/ufs/ufs_vnops.c:2301
#14 0xc0185da0 in vn_open (ndp=0xc6914ed0, fmode=1, cmode=228)
at vnode_if.h:189
#15 0xc0181d3d in open (p=0xc7031560, uap=0xc6914f80)
at /home/src/sys/kern/vfs_syscalls.c:994
#16 0xc01fc666 in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = -1077940188, tf_esi = 0, tf_ebp = -1077943580,
tf_isp = -963555372, tf_ebx = -1077938884, tf_edx = 135059519,
tf_ecx = 0, tf_eax = 5, tf_trapno = 7, tf_err = 2, tf_eip =
134872180,
tf_cs = 31, tf_eflags = 659, tf_esp = -1077943720, tf_ss = 47})
at /home/src/sys/i386/i386/trap.c:1073
#17 0xc01efee6 in Xint0x80_syscall ()
#18 0x804aea8 in ?? ()
#19 0x805705f in ?? ()
#20 0x80480f5 in ?? ()
(kgdb) up 10
#10 0xc01dac10 in acdopen (dev=0xc096cb80, flags=1, fmt=8192,
p=0xc7031560)
at /home/src/sys/dev/ata/atapi-cd.c:497
497 if (cdp->slot != cdp->changer_info->current_slot) {
(kgdb) list acdopen
484 static int
485 acdopen(dev_t dev, int32_t flags, int32_t fmt, struct proc *p)
486 {
487 struct acd_softc *cdp = dev->si_drv1;
488
489 if (!cdp)
490 return ENXIO;
491
492 if (flags & FWRITE) {
493 if (count_dev(dev) > 1)
494 return EBUSY;
495 }
496 if (count_dev(dev) == 1) {
497 if (cdp->slot != cdp->changer_info->current_slot) {
498 acd_select_slot(cdp);
499 tsleep(&cdp->changer_info, PRIBIO, "acdopn", 0);
500 }
(kgdb) p dev->si_drv1
$4 = (void *) 0xc096e800
(kgdb) p cdp
$5 = (struct acd_softc *) 0x0
(???? -- this doesn't seem to be the problem, though)
(kgdb) print *(struct acd_softc*)dev->si_drv1
$6 = {atp = 0xc067c1e0, lun = 0, flags = 0, buf_queue = {queue = {
tqh_first = 0x0, tqh_last = 0xc096e80c}, last_pblkno = 0,
insert_point = 0x0, switch_point = 0x0}, toc = {hdr = {len = 0,
starting_track = 0 '\000', ending_track = 0 '\000'}, tab = {{0,
control = 0, addr_type = 0, track = 0 '\000', 0, addr = {msf = {
unused = 0 '\000', minute = 0 '\000', second = 0 '\000',
frame = 0 '\000'}, lba = 0,
addr = "\000\000\000"}} <repeats 100 times>}}, info = {volsize
= 0,
blksize = 0}, au = {data_length = 0, medium_type = 0 '\000',
dev_spec = 0 '\000', unused = "\000", blk_desc_len = 0,
page_code = 0 '\000', param_len = 0 '\000', flags = 0 '\000',
reserved3 = 0 '\000', reserved4 = 0 '\000', reserved5 = 0 '\000',
lb_per_sec = 0, port = {{channels = 0 '\000', volume = 0 '\000'}, {
channels = 0 '\000', volume = 0 '\000'}, {channels = 0 '\000',
volume = 0 '\000'}, {channels = 0 '\000', volume = 0 '\000'}}},
cap = {
data_length = 6656, medium_type = 3 '\003', dev_spec = 0 '\000',
unused = "\000", blk_desc_len = 0, page_code = 42 '*',
param_len = 18 '\022', read_cdr = 1 '\001', read_cdrw = 1 '\001',
read_packet = 0 '\000', read_dvdrom = 0 '\000', read_dvdr = 0
'\000',
read_dvdram = 0 '\000', reserved2_67 = 0 '\000', write_cdr = 0
'\000',
write_cdrw = 0 '\000', test_write = 0 '\000', reserved3_3 = 0
'\000',
write_dvdr = 0 '\000', write_dvdram = 0 '\000', reserved3_67 = 0
'\000',
audio_play = 1 '\001', composite = 0 '\000', dport1 = 0 '\000',
dport2 = 0 '\000', mode2_form1 = 1 '\001', mode2_form2 = 1 '\001',
multisession = 1 '\001', 0 '\000', cd_da = 1 '\001',
cd_da_stream = 1 '\001', rw = 1 '\001', rw_corr = 0 '\000', c2 = 1
'\001',
isrc = 1 '\001', upc = 1 '\001', 0 '\000', lock = 1 '\001',
locked = 0 '\000', prevent = 0 '\000', eject = 1 '\001', 0 '\000',
mech = 1 '\001', sep_vol = 1 '\001', sep_mute = 1 '\001', 0 '\000',
max_read_speed = 3528, max_vol_levels = 255, buf_size = 128,
cur_read_speed = 3528, reserved3 = 0 '\000', bckf = 0 '\000',
rch = 0 '\000', lsbf = 0 '\000', dlen = 0 '\000', 0 '\000',
max_write_speed = 0, cur_write_speed = 0}, aumask = {data_length =
0,
medium_type = 0 '\000', dev_spec = 0 '\000', unused = "\000",
blk_desc_len = 0, page_code = 0 '\000', param_len = 0 '\000',
flags = 0 '\000', reserved3 = 0 '\000', reserved4 = 0 '\000',
reserved5 = 0 '\000', lb_per_sec = 0, port = {{channels = 0 '\000',
volume = 0 '\000'}, {channels = 0 '\000', volume = 0 '\000'}, {
channels = 0 '\000', volume = 0 '\000'}, {channels = 0 '\000',
volume = 0 '\000'}}}, subchan = {void0 = 0 '\000',
audio_status = 0 '\000', data_length = 0, data_format = 0 '\000',
control = 0 '\000', track = 0 '\000', indx = 0 '\000', abslba = 0,
rellba = 0}, changer_info = 0x0, driver = 0x0, slot = -1, timestamp
= 0,
block_size = 2048, disklabel = {d_magic = 0, d_type = 0, d_subtype =
0,
d_typename = '\000' <repeats 15 times>, d_un = {
un_d_packname = '\000' <repeats 15 times>, un_b = {un_d_boot0 =
0x0,
un_d_boot1 = 0x0}}, d_secsize = 0, d_nsectors = 0, d_ntracks =
0,
d_ncylinders = 0, d_secpercyl = 0, d_secperunit = 0,
d_sparespertrack = 0,
d_sparespercyl = 0, d_acylinders = 0, d_rpm = 0, d_interleave = 0,
d_trackskew = 0, d_cylskew = 0, d_headswitch = 0, d_trkseek = 0,
d_flags = 0, d_drivedata = {0, 0, 0, 0, 0}, d_spare = {0, 0, 0, 0,
0},
d_magic2 = 0, d_checksum = 0, d_npartitions = 0, d_bbsize = 0,
d_sbsize = 0, d_partitions = {{p_size = 0, p_offset = 0, p_fsize =
0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
sgs = 0}}}}, stats = 0xc095ab00, dev1 = 0xc096cc00,
dev2 = 0xc096cb80}
(kgdb) disassemble acdopen
Dump of assembler code for function acdopen:
0xc01dabbc <acdopen>: pushl %ebp
0xc01dabbd <acdopen+1>: movl %esp,%ebp
0xc01dabbf <acdopen+3>: pushl %edi
0xc01dabc0 <acdopen+4>: pushl %esi
0xc01dabc1 <acdopen+5>: pushl %ebx
0xc01dabc2 <acdopen+6>: movl 0x8(%ebp),%esi
0xc01dabc5 <acdopen+9>: movl 0xc(%ebp),%edi
0xc01dabc8 <acdopen+12>: movl 0x24(%esi),%ebx
0xc01dabcb <acdopen+15>: testl %ebx,%ebx
0xc01dabcd <acdopen+17>: jne 0xc01dabdc <acdopen+32>
0xc01dabcf <acdopen+19>: movl $0x6,%eax
0xc01dabd4 <acdopen+24>: jmp 0xc01dac6e <acdopen+178>
0xc01dabd9 <acdopen+29>: leal 0x0(%esi),%esi
0xc01dabdc <acdopen+32>: testl $0x2,%edi
0xc01dabe2 <acdopen+38>: je 0xc01dabfc <acdopen+64>
0xc01dabe4 <acdopen+40>: pushl %esi
0xc01dabe5 <acdopen+41>: call 0xc017fc00 <count_dev>
0xc01dabea <acdopen+46>: addl $0x4,%esp
0xc01dabed <acdopen+49>: cmpl $0x1,%eax
0xc01dabf0 <acdopen+52>: jle 0xc01dabfc <acdopen+64>
0xc01dabf2 <acdopen+54>: movl $0x10,%eax
0xc01dabf7 <acdopen+59>: jmp 0xc01dac6e <acdopen+178>
0xc01dabf9 <acdopen+61>: leal 0x0(%esi),%esi
0xc01dabfc <acdopen+64>: pushl %esi
0xc01dabfd <acdopen+65>: call 0xc017fc00 <count_dev>
0xc01dac02 <acdopen+70>: addl $0x4,%esp
0xc01dac05 <acdopen+73>: cmpl $0x1,%eax
0xc01dac08 <acdopen+76>: jne 0xc01dac66 <acdopen+170>
0xc01dac0a <acdopen+78>: movl 0x3ac(%ebx),%eax
0xc01dac10 <acdopen+84>: movb (%eax),%al
0xc01dac12 <acdopen+86>: andb $0x1f,%al
0xc01dac14 <acdopen+88>: movzbl %al,%eax
0xc01dac17 <acdopen+91>: cmpl %eax,0x3b4(%ebx)
0xc01dac1d <acdopen+97>: je 0xc01dac3d <acdopen+129>
0xc01dac1f <acdopen+99>: pushl %ebx
0xc01dac20 <acdopen+100>: call 0xc01dc500 <acd_select_slot>
0xc01dac25 <acdopen+105>: pushl $0x0
0xc01dac27 <acdopen+107>: pushl $0xc022fee8
0xc01dac2c <acdopen+112>: pushl $0x10
0xc01dac2e <acdopen+114>: leal 0x3ac(%ebx),%eax
0xc01dac34 <acdopen+120>: pushl %eax
0xc01dac35 <acdopen+121>: call 0xc0154888 <tsleep>
0xc01dac3a <acdopen+126>: addl $0x14,%esp
0xc01dac3d <acdopen+129>: pushl $0x1
0xc01dac3f <acdopen+131>: pushl %ebx
0xc01dac40 <acdopen+132>: call 0xc01dcdf4 <acd_prevent_allow>
0xc01dac45 <acdopen+137>: orb $0x1,0x8(%ebx)
0xc01dac49 <acdopen+141>: addl $0x8,%esp
0xc01dac4c <acdopen+144>: testl $0x6,%edi
0xc01dac52 <acdopen+150>: jne 0xc01dac5c <acdopen+160>
0xc01dac54 <acdopen+152>: pushl %ebx
0xc01dac55 <acdopen+153>: call 0xc01dc108 <acd_read_toc>
0xc01dac5a <acdopen+158>: jmp 0xc01dac63 <acdopen+167>
0xc01dac5c <acdopen+160>: pushl (%ebx)
0xc01dac5e <acdopen+162>: call 0xc01d983c <atapi_test_ready>
0xc01dac63 <acdopen+167>: addl $0x4,%esp
0xc01dac66 <acdopen+170>: pushl %ebx
0xc01dac67 <acdopen+171>: call 0xc01dc254 <acd_construct_label>
0xc01dac6c <acdopen+176>: xorl %eax,%eax
0xc01dac6e <acdopen+178>: leal 0xfffffff4(%ebp),%esp
0xc01dac71 <acdopen+181>: popl %ebx
0xc01dac72 <acdopen+182>: popl %esi
0xc01dac73 <acdopen+183>: popl %edi
0xc01dac74 <acdopen+184>: leave
0xc01dac75 <acdopen+185>: ret
End of assembler dump.
--
Daniel C. Sobral (8-DCS)
dcs@newsguy.com
dcs@freebsd.org
capo@there.is.no.bsdconspiracy.net
[He] took me into his library and showed me his books, of which he had
a complete set.
-- Ring Lardner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003240801.RAA00373>