Subject: Re: Crash to db> due to firewire, in NetBSD 4 BETA
To: Jonathan A. Kollasch <jakllsch@kollasch.net>
From: Rhialto <rhialto@falu.nl>
List: current-users
Date: 09/09/2006 14:53:55
I added some extra debug printfs to sd_get_parms_page4.
A screenshot is at http://www.falu.nl/~rhialto/pict2015.png.
The sense data that is read from the disk is apparently (transcribed by
hand)
0000000: 860b 0002 0000 1d1c 596f ff00 006f 2020 ........Yo...o
0000010: 5744 3235 3030 4a42 2d30 3052 4541 3020 WD2500JB-00REA0
0000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
printf("sd_get_parms_page4: big=%d\n", big);
if (big) {
poffset = sizeof scsipi_sense.header.big;
poffset += _2btol(scsipi_sense.header.big.blk_desc_len);
} else {
poffset = sizeof scsipi_sense.header.small;
poffset += scsipi_sense.header.small.blk_desc_len;
}
big = 1, sizeof scsipi_sense.header.big = 8, blk_desc_len points to the
"1d1c", so poffset becomes 0x1d1c + 8 = 0x1d24, which is apparently
ridiculously large.
pages = (void *)((u_long)&scsipi_sense + poffset);
printf("&scsipi_sense=%p, poffset=0x%x, pages=%p\n", &scsipi_sense, poffset, pages);
#if 1
{ int i; unsigned char *p;
printf("page 4 sense:"); for (i = sizeof(scsipi_sense), p = (void *)&scsipi_sense; i; i--, p++) printf(" %02x", *p); printf("\n");
printf("page 4 pg_code=%d sense=%p/%p\n", pages->rigid_geometry.pg_code, &scsipi_sense, pages);
}
#endif
The sense data is printed, but "page 4 pg_code=..." isn't, so the crash
must be while dereferencing ``pages''.
Now the question is, what is a reasonable value for poffset, and is the
wanted data actually present at that offset? (Given this data, it should
be between 8 and 16...)
-Olaf.
--
___ Olaf 'Rhialto' Seibert -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl -- Cetero censeo "authored" delendum esse.