Subject: bin/15307: panic in sys/dev/ic/wdc.c
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dive@endersgame.net>
List: netbsd-bugs
Date: 01/20/2002 04:38:40
>Number: 15307
>Category: bin
>Synopsis: A Null pointer problem causes a panic in the wdc driver in the netbsd-1-5 branch
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 19 20:39:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.5.3_ALPHA (netbsd-1-5 branch, as of 01/19/2002)
>Organization:
/~\ The ASCII Sean Davis
\ / Ribbon Campaign aka dive
X Against HTML
/ \ Email! http://eros.endersgame.net:8000/~dive
>Environment:
Pentium 75mhz, old wdc controller
Architecture: i386
Machine: i386
>Description:
I've just been told that this was just fixed in -current, and it's the same
problem. here's a traceback:
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com0: console
uvm_fault(0xc01e3ee0, 0x0, 0, 1) -> 1
kernel: page fault trap, code=0
Stopped in swapper at __wdcwait_reset+0x17: testb $0x20, 0x2d(%eax)
db> t
__wdcwait_reset(c0214b14,3,c0214ae0,c0107472,a) at __wdcwait_reset+0x17
wdcprobe(c0214b14,4,c0214b20,c01b1f7e,0) at wdcprobe+0x1f8
wdc_isa_probe(c02ebf00,c01c919c,c0214bc0,c01b0a10) at wdc_isa_probe+0x71
isasearch(c02ebf00,c01c919c,0,c01a153d,c01c9154) at isasearch+0x7b
mapply(c0214c4c,c01c919c,c0214c70,c01b0c94) at mapply+0x20
config_search(c01b0ad8,c02ebf00,0,c01b09f8,c01f3bc0) at config_search+0x70
isaattach(c02ebf40,c02ebf00,c0214d6c,c0121cb4,c02ebf00,c0214d6c,10,1f) at isaatt
ach+0x5c
config_attach(c02ebf40,c01c9244,c0214d6c,c01b095c,c02e2f90) at config_attach+0x3
08
config_found_sm(c02ebf40,c0214d6c,c01b095c,0,c02e7e80) at config_found_sm+0x2f
pcib_callback(c02ebf40,0,0,0,c01c927c,0,c02e7e80,c0121cc8,c02ebfc0,c02e7e80,c021
4e10,c0121cd9,c01e6488,c02e7e80,10,c01968e6,c01ad7c0,c0214e6c,c02ebfc0,c0121820,
c0214dfc,c01c91f0,c0214e0e,c0214e04,0,c02e2fc0,c0214e0c,2,3,c01d1704,c01c8eb0,c0
214e6c,c01c91f0,30,c0214e40,c01218ff,c02ebfc0,c01c91f0,c0214e6c,c01ad7c0,c02ebfc
0,0,c02ebfc0,f,0,c02ebfdc,c0214e90,c01ad748,c02ebfc0,c0214e6c,c01ad7c0,0,c01c927
c,0,c02ebfc0,c0124fd0,c01bac39,c01c4da6,0,1,c01d1d80,0) at pcib_callback+0x44
config_process_deferred(c01e6488,c02e7e80,10,c01968e6,c01ad7c0) at config_proces
s_deferred+0x4f
config_attach(c02ebfc0,c01c91f0,c0214e6c,c01ad7c0,c02ebfc0) at config_attach+0x3
19
config_found_sm(c02ebfc0,c0214e6c,c01ad7c0,0) at config_found_sm+0x2f
mainbus_attach(0,c02ebfc0,0,c0121cb4,c02ebfc0,0,10,c01c4cfe) at mainbus_attach+0
x68
config_attach(0,c01c91d4,0,0,c01e6478) at config_attach+0x308
config_rootfound(c01c1f49,0,c0214f50,c01a09fc) at config_rootfound+0x3f
cpu_configure(15e3000,c01e3fc0,c01e4188,c01f0190,0) at cpu_configure+0x1f
configure(c0212010,212000,219000,0,0) at configure+0x5d
main(0,0,0,0,0) at main+0x35c
>How-To-Repeat:
boot 1.5.3_ALPHA on an old pos?
>Fix:
Index: wdc.c
===================================================================
RCS file: /cvsroot/syssrc/sys/dev/ic/wdc.c,v
retrieving revision 1.91.2.2
diff -u -r1.91.2.2 wdc.c
--- wdc.c 2002/01/16 10:15:30 1.91.2.2
+++ wdc.c 2002/01/20 04:37:50
@@ -777,7 +777,7 @@
#endif
/* wait for BSY to deassert */
for (timeout = 0; timeout < WDCNDELAY_RST;timeout++) {
- if (chp->wdc->cap & WDC_CAPABILITY_SELECT)
+ if (chp->wdc && chp->wdc->cap & WDC_CAPABILITY_SELECT)
chp->wdc->select(chp,0);
bus_space_write_1(chp->cmd_iot, chp->cmd_ioh, wd_sdh,
WDSD_IBM); /* master */
>Release-Note:
>Audit-Trail:
>Unformatted: