Re: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach

To: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
From: Frank Kardel <kardel%netbsd.org@localhost>
Date: Sun, 2 Feb 2020 14:12:13 +0100

Turns out, that this card and main board (bios) have issues. The pcidump gives:


    Base address register at 0x14
      type: 64-bit nonprefetchable memory
      base: 0x40000000f7080000
      size: 0x0000000000080000

the Bit 62 is set and exceeds the iomem range,

On the previous board the value was:

    Base address register at 0x14
      type: 64-bit nonprefetchable memory
      base: 0x00000000fe180000

which is much more sensible.

Upgrading the BIOS made the BIOS start very slow and the card was notrecognized any more

except for delaying the startup from normally ~30 seconds to severalminutes.


Will close this bug.

The Mainboard is an ASUS Prime X570-PRO with BIOS 1405

Frank


On 01/27/20 08:40, kardel%netbsd.org@localhost wrote:

Number:         54899
Category:       kern
Synopsis:       crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
Confidential:   no
Severity:       critical
Priority:       high
Responsible:    kern-bug-people
State:          open
Class:          sw-bug
Submitter-Id:   net
Arrival-Date:   Mon Jan 27 07:40:01 +0000 2020
Originator:     Frank Kardel
Release:        NetBSD 9.99.42
Organization:

Environment:

	
	
System: NetBSD pip.kardel.name 9.99.42 NetBSD 9.99.42 (PIPGEN) #0: Sat Jan 25 16:40:30 CET 2020 kardel@...:/src/NetBSD/act/src/obj.amd64/sys/arch/amd64/compile/PIPGEN amd64
Architecture: x86_64
Machine: amd64

Description:

	When added a SCSI interface for the ahd driver The system crashes while attaching in extent_alloc_region.
/*
  * Allocate a specific region in an extent map.
  */
int
extent_alloc_region(struct extent *ex, u_long start, u_long size, int flags)
{
         struct extent_region *rp, *last, *myrp;
         u_long end = start + (size - 1);
         int error;

#ifdef DIAGNOSTIC
         /* Check arguments. */
         if (ex == NULL)
                 panic("extent_alloc_region: NULL extent");
         if (size < 1) {
                 printf("extent_alloc_region: extent `%s', size 0x%lx\n",
                     ex->ex_name, size);
                 panic("extent_alloc_region: bad size");
         }
         if (end < start) {
                 printf(
                  "extent_alloc_region: extent `%s', start 0x%lx, size 0x%lx\n",
#### -> crash     ex->ex_name, start, size);   #### <--- crash
                 panic("extent_alloc_region: overflow");
         }
#endif

ex->ex_name is not correctly initialized/passed.
Also there seems to be an issue with the start and size paramters as
end < start is true. I try to gather the actual values of start and size
this evening.

Stack (manual partial copy from photo)
extent_alloc_region()
bus_space_reserve()
bus_space_map()
pci_mapreg_submap()
pci_mapreg_map()
ahd_pci_attach()
...

How-To-Repeat:

	Use a ASUS PRIME X570-PRO motherboard with a Ryzen 9 CPU and a AIC-7901X
	based SCSI controller.

Fix:

Unformatted:

Follow-Ups:
- Re: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
  - From: Frank Kardel

References:
- kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
  - From: kardel

Prev by Date: kern/54917: pad(4) has a memory leak
Next by Date: port-macppc/54920: 9.0_RC1 macppc GENERIC kernel locks up
Previous by Thread: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
Next by Thread: Re: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
Indexes:

Home | Main Index | Thread Index | Old Index