From owner-freebsd-hackers  Fri Mar 24  0: 2:42 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87])
	by hub.freebsd.org (Postfix) with ESMTP
	id 84D4937B56D; Fri, 24 Mar 2000 00:02:34 -0800 (PST)
	(envelope-from dcs@newsguy.com)
Received: from daniel.sobral (root@p08-dn03kiryunisiki.gunma.ocn.ne.jp [210.232.224.137])
	by peach.ocn.ne.jp (8.9.1a/OCN) with ESMTP id RAA11290;
	Fri, 24 Mar 2000 17:02:30 +0900 (JST)
Received: (from dcs@localhost)
	by daniel.sobral (8.9.3/8.9.3) id RAA00373;
	Fri, 24 Mar 2000 17:01:00 +0900 (JST)
	(envelope-from dcs)
From: "Daniel C. Sobral" <dcs@newsguy.com>
Message-Id: <200003240801.RAA00373@daniel.sobral>
Subject: ATA problems with changer code
To: hackers@freebsd.org
Date: Fri, 24 Mar 2000 17:00:54 +0900 (JST)
Cc: sos@freebsd.org
Disclaimer: Klaatu Barada Nikto!
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

With the latest ata, I get instant panic whenever I call
/stand/sysinstall. It seems acdopen() is trying to read the contents of
cdp->changer_info, but that pointer is NULL.

(kgdb) bt

#0  boot (howto=260) at /home/src/sys/kern/kern_shutdown.c:304
#1  0xc0151fc9 in panic (fmt=0xc0214e94 "from debugger")
    at /home/src/sys/kern/kern_shutdown.c:554
#2  0xc0128ddd in db_panic (addr=-1071797232, have_addr=0, count=-1,
    modif=0xc6914bd8 "") at /home/src/sys/ddb/db_command.c:433
#3  0xc0128d7c in db_command (last_cmdp=0xc024225c,
cmd_table=0xc02420bc,
    aux_cmd_tablep=0xc0276850) at /home/src/sys/ddb/db_command.c:333
#4  0xc0128e42 in db_command_loop () at
/home/src/sys/ddb/db_command.c:455
#5  0xc012af9b in db_trap (type=12, code=0) at
/home/src/sys/ddb/db_trap.c:71
#6  0xc01ef5eb in kdb_trap (type=12, code=0, regs=0xc6914d3c)
    at /home/src/sys/i386/i386/db_interface.c:158
#7  0xc01fc41c in trap_fatal (frame=0xc6914d3c, eva=0)
    at /home/src/sys/i386/i386/trap.c:919
#8  0xc01fc105 in trap_pfault (frame=0xc6914d3c, usermode=0, eva=0)
    at /home/src/sys/i386/i386/trap.c:817
#9  0xc01fbcd3 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = 1,
      tf_esi = -1063859328, tf_ebp = -963555960, tf_isp = -963555992,
      tf_ebx = -1063852032, tf_edx = 1, tf_ecx = 64, tf_eax = 0,
      tf_trapno = 12, tf_err = 0, tf_eip = -1071797232, tf_cs = 8,
      tf_eflags = 66118, tf_esp = -956099232, tf_ss = -948398080})
    at /home/src/sys/i386/i386/trap.c:423
#10 0xc01dac10 in acdopen (dev=0xc096cb80, flags=1, fmt=8192,
p=0xc7031560)
    at /home/src/sys/dev/ata/atapi-cd.c:497
#11 0xc018b2ce in spec_open (ap=0xc6914e04)
    at /home/src/sys/miscfs/specfs/spec_vnops.c:191
#12 0xc018b1d5 in spec_vnoperate (ap=0xc6914e04)
    at /home/src/sys/miscfs/specfs/spec_vnops.c:117
#13 0xc01c4ee9 in ufs_vnoperatespec (ap=0xc6914e04)
    at /home/src/sys/ufs/ufs/ufs_vnops.c:2301
#14 0xc0185da0 in vn_open (ndp=0xc6914ed0, fmode=1, cmode=228)
    at vnode_if.h:189
#15 0xc0181d3d in open (p=0xc7031560, uap=0xc6914f80)
    at /home/src/sys/kern/vfs_syscalls.c:994
#16 0xc01fc666 in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
      tf_edi = -1077940188, tf_esi = 0, tf_ebp = -1077943580,
      tf_isp = -963555372, tf_ebx = -1077938884, tf_edx = 135059519,
      tf_ecx = 0, tf_eax = 5, tf_trapno = 7, tf_err = 2, tf_eip =
134872180,
      tf_cs = 31, tf_eflags = 659, tf_esp = -1077943720, tf_ss = 47})
    at /home/src/sys/i386/i386/trap.c:1073
#17 0xc01efee6 in Xint0x80_syscall ()
#18 0x804aea8 in ?? ()
#19 0x805705f in ?? ()
#20 0x80480f5 in ?? ()



(kgdb) up 10

#10 0xc01dac10 in acdopen (dev=0xc096cb80, flags=1, fmt=8192,
p=0xc7031560)
    at /home/src/sys/dev/ata/atapi-cd.c:497
497             if (cdp->slot != cdp->changer_info->current_slot) {



(kgdb) list acdopen

484     static int
485     acdopen(dev_t dev, int32_t flags, int32_t fmt, struct proc *p)
486     {
487         struct acd_softc *cdp = dev->si_drv1;
488
489         if (!cdp)
490             return ENXIO;
491
492         if (flags & FWRITE) {
493             if (count_dev(dev) > 1)
494                 return EBUSY;
495         }
496         if (count_dev(dev) == 1) {
497             if (cdp->slot != cdp->changer_info->current_slot) {
498                 acd_select_slot(cdp);
499                 tsleep(&cdp->changer_info, PRIBIO, "acdopn", 0);
500             }



(kgdb) p dev->si_drv1
$4 = (void *) 0xc096e800
 


(kgdb) p cdp
$5 = (struct acd_softc *) 0x0

(???? -- this doesn't seem to be the problem, though)

(kgdb) print *(struct acd_softc*)dev->si_drv1

$6 = {atp = 0xc067c1e0, lun = 0, flags = 0, buf_queue = {queue = {
      tqh_first = 0x0, tqh_last = 0xc096e80c}, last_pblkno = 0,
    insert_point = 0x0, switch_point = 0x0}, toc = {hdr = {len = 0,
      starting_track = 0 '\000', ending_track = 0 '\000'}, tab = {{0,
        control = 0, addr_type = 0, track = 0 '\000', 0, addr = {msf = {
            unused = 0 '\000', minute = 0 '\000', second = 0 '\000',
            frame = 0 '\000'}, lba = 0,
          addr = "\000\000\000"}} <repeats 100 times>}}, info = {volsize
= 0,
    blksize = 0}, au = {data_length = 0, medium_type = 0 '\000',
    dev_spec = 0 '\000', unused = "\000", blk_desc_len = 0,
    page_code = 0 '\000', param_len = 0 '\000', flags = 0 '\000',
    reserved3 = 0 '\000', reserved4 = 0 '\000', reserved5 = 0 '\000',
    lb_per_sec = 0, port = {{channels = 0 '\000', volume = 0 '\000'}, {
        channels = 0 '\000', volume = 0 '\000'}, {channels = 0 '\000',
        volume = 0 '\000'}, {channels = 0 '\000', volume = 0 '\000'}}},
cap = {
    data_length = 6656, medium_type = 3 '\003', dev_spec = 0 '\000',
    unused = "\000", blk_desc_len = 0, page_code = 42 '*',
    param_len = 18 '\022', read_cdr = 1 '\001', read_cdrw = 1 '\001',
    read_packet = 0 '\000', read_dvdrom = 0 '\000', read_dvdr = 0
'\000',
    read_dvdram = 0 '\000', reserved2_67 = 0 '\000', write_cdr = 0
'\000',
    write_cdrw = 0 '\000', test_write = 0 '\000', reserved3_3 = 0
'\000',
    write_dvdr = 0 '\000', write_dvdram = 0 '\000', reserved3_67 = 0
'\000',
    audio_play = 1 '\001', composite = 0 '\000', dport1 = 0 '\000',
    dport2 = 0 '\000', mode2_form1 = 1 '\001', mode2_form2 = 1 '\001',
    multisession = 1 '\001', 0 '\000', cd_da = 1 '\001',
    cd_da_stream = 1 '\001', rw = 1 '\001', rw_corr = 0 '\000', c2 = 1
'\001',
    isrc = 1 '\001', upc = 1 '\001', 0 '\000', lock = 1 '\001',
    locked = 0 '\000', prevent = 0 '\000', eject = 1 '\001', 0 '\000',
    mech = 1 '\001', sep_vol = 1 '\001', sep_mute = 1 '\001', 0 '\000',
    max_read_speed = 3528, max_vol_levels = 255, buf_size = 128,
    cur_read_speed = 3528, reserved3 = 0 '\000', bckf = 0 '\000',
    rch = 0 '\000', lsbf = 0 '\000', dlen = 0 '\000', 0 '\000',
    max_write_speed = 0, cur_write_speed = 0}, aumask = {data_length =
0,
    medium_type = 0 '\000', dev_spec = 0 '\000', unused = "\000",
    blk_desc_len = 0, page_code = 0 '\000', param_len = 0 '\000',
    flags = 0 '\000', reserved3 = 0 '\000', reserved4 = 0 '\000',
    reserved5 = 0 '\000', lb_per_sec = 0, port = {{channels = 0 '\000',
        volume = 0 '\000'}, {channels = 0 '\000', volume = 0 '\000'}, {
        channels = 0 '\000', volume = 0 '\000'}, {channels = 0 '\000',
        volume = 0 '\000'}}}, subchan = {void0 = 0 '\000',
    audio_status = 0 '\000', data_length = 0, data_format = 0 '\000',
    control = 0 '\000', track = 0 '\000', indx = 0 '\000', abslba = 0,
    rellba = 0}, changer_info = 0x0, driver = 0x0, slot = -1, timestamp
= 0,
  block_size = 2048, disklabel = {d_magic = 0, d_type = 0, d_subtype =
0,
    d_typename = '\000' <repeats 15 times>, d_un = {
      un_d_packname = '\000' <repeats 15 times>, un_b = {un_d_boot0 =
0x0,
        un_d_boot1 = 0x0}}, d_secsize = 0, d_nsectors = 0, d_ntracks =
0,
    d_ncylinders = 0, d_secpercyl = 0, d_secperunit = 0,
d_sparespertrack = 0,
    d_sparespercyl = 0, d_acylinders = 0, d_rpm = 0, d_interleave = 0,
    d_trackskew = 0, d_cylskew = 0, d_headswitch = 0, d_trkseek = 0,
    d_flags = 0, d_drivedata = {0, 0, 0, 0, 0}, d_spare = {0, 0, 0, 0,
0},
    d_magic2 = 0, d_checksum = 0, d_npartitions = 0, d_bbsize = 0,
    d_sbsize = 0, d_partitions = {{p_size = 0, p_offset = 0, p_fsize =
0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}, {p_size = 0, p_offset = 0, p_fsize = 0,
        p_fstype = 0 '\000', p_frag = 0 '\000', __partition_u1 = {cpg =
0,
          sgs = 0}}}}, stats = 0xc095ab00, dev1 = 0xc096cc00,
  dev2 = 0xc096cb80}



(kgdb) disassemble acdopen
Dump of assembler code for function acdopen:
0xc01dabbc <acdopen>:   pushl  %ebp
0xc01dabbd <acdopen+1>: movl   %esp,%ebp
0xc01dabbf <acdopen+3>: pushl  %edi
0xc01dabc0 <acdopen+4>: pushl  %esi
0xc01dabc1 <acdopen+5>: pushl  %ebx
0xc01dabc2 <acdopen+6>: movl   0x8(%ebp),%esi
0xc01dabc5 <acdopen+9>: movl   0xc(%ebp),%edi
0xc01dabc8 <acdopen+12>:        movl   0x24(%esi),%ebx
0xc01dabcb <acdopen+15>:        testl  %ebx,%ebx
0xc01dabcd <acdopen+17>:        jne    0xc01dabdc <acdopen+32>
0xc01dabcf <acdopen+19>:        movl   $0x6,%eax
0xc01dabd4 <acdopen+24>:        jmp    0xc01dac6e <acdopen+178>
0xc01dabd9 <acdopen+29>:        leal   0x0(%esi),%esi
0xc01dabdc <acdopen+32>:        testl  $0x2,%edi
0xc01dabe2 <acdopen+38>:        je     0xc01dabfc <acdopen+64>
0xc01dabe4 <acdopen+40>:        pushl  %esi
0xc01dabe5 <acdopen+41>:        call   0xc017fc00 <count_dev>
0xc01dabea <acdopen+46>:        addl   $0x4,%esp
0xc01dabed <acdopen+49>:        cmpl   $0x1,%eax
0xc01dabf0 <acdopen+52>:        jle    0xc01dabfc <acdopen+64>
0xc01dabf2 <acdopen+54>:        movl   $0x10,%eax
0xc01dabf7 <acdopen+59>:        jmp    0xc01dac6e <acdopen+178>
0xc01dabf9 <acdopen+61>:        leal   0x0(%esi),%esi
0xc01dabfc <acdopen+64>:        pushl  %esi
0xc01dabfd <acdopen+65>:        call   0xc017fc00 <count_dev>
0xc01dac02 <acdopen+70>:        addl   $0x4,%esp
0xc01dac05 <acdopen+73>:        cmpl   $0x1,%eax
0xc01dac08 <acdopen+76>:        jne    0xc01dac66 <acdopen+170>
0xc01dac0a <acdopen+78>:        movl   0x3ac(%ebx),%eax
0xc01dac10 <acdopen+84>:        movb   (%eax),%al
0xc01dac12 <acdopen+86>:        andb   $0x1f,%al
0xc01dac14 <acdopen+88>:        movzbl %al,%eax
0xc01dac17 <acdopen+91>:        cmpl   %eax,0x3b4(%ebx)
0xc01dac1d <acdopen+97>:        je     0xc01dac3d <acdopen+129>
0xc01dac1f <acdopen+99>:        pushl  %ebx
0xc01dac20 <acdopen+100>:       call   0xc01dc500 <acd_select_slot>
0xc01dac25 <acdopen+105>:       pushl  $0x0
0xc01dac27 <acdopen+107>:       pushl  $0xc022fee8
0xc01dac2c <acdopen+112>:       pushl  $0x10
0xc01dac2e <acdopen+114>:       leal   0x3ac(%ebx),%eax
0xc01dac34 <acdopen+120>:       pushl  %eax
0xc01dac35 <acdopen+121>:       call   0xc0154888 <tsleep>
0xc01dac3a <acdopen+126>:       addl   $0x14,%esp
0xc01dac3d <acdopen+129>:       pushl  $0x1
0xc01dac3f <acdopen+131>:       pushl  %ebx
0xc01dac40 <acdopen+132>:       call   0xc01dcdf4 <acd_prevent_allow>
0xc01dac45 <acdopen+137>:       orb    $0x1,0x8(%ebx)
0xc01dac49 <acdopen+141>:       addl   $0x8,%esp
0xc01dac4c <acdopen+144>:       testl  $0x6,%edi
0xc01dac52 <acdopen+150>:       jne    0xc01dac5c <acdopen+160>
0xc01dac54 <acdopen+152>:       pushl  %ebx
0xc01dac55 <acdopen+153>:       call   0xc01dc108 <acd_read_toc>
0xc01dac5a <acdopen+158>:       jmp    0xc01dac63 <acdopen+167>
0xc01dac5c <acdopen+160>:       pushl  (%ebx)
0xc01dac5e <acdopen+162>:       call   0xc01d983c <atapi_test_ready>
0xc01dac63 <acdopen+167>:       addl   $0x4,%esp
0xc01dac66 <acdopen+170>:       pushl  %ebx
0xc01dac67 <acdopen+171>:       call   0xc01dc254 <acd_construct_label>
0xc01dac6c <acdopen+176>:       xorl   %eax,%eax
0xc01dac6e <acdopen+178>:       leal   0xfffffff4(%ebp),%esp
0xc01dac71 <acdopen+181>:       popl   %ebx
0xc01dac72 <acdopen+182>:       popl   %esi
0xc01dac73 <acdopen+183>:       popl   %edi
0xc01dac74 <acdopen+184>:       leave
0xc01dac75 <acdopen+185>:       ret
End of assembler dump.

-- 
Daniel C. Sobral		  (8-DCS)
dcs@newsguy.com
dcs@freebsd.org
capo@there.is.no.bsdconspiracy.net

[He] took me into his library and showed me his books, of which he had
a complete set.
		-- Ring Lardner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message