Subject: port-hp300/10750: hp300 kernel panics if any key is pressed on HP382
To: None <gnats-bugs@gnats.netbsd.org>
From: None <tsutsui@ceres.dti.ne.jp>
List: netbsd-bugs
Date: 08/03/2000 23:47:14
>Number: 10750
>Category: port-hp300
>Synopsis: hp300 kernel panics if any key is pressed on HP382
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: port-hp300-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Aug 03 23:48:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Izumi Tsutsui
>Release: NetBSD 1.5_ALPHA 20000802
>Organization:
Izumi Tsutsui Himeji City, Japan
>Environment:
NetBSD/hp300 1.5_ALPHA on HP 9000/382 with HIL Japanese keyboard
>Description:
hp300 kernel panics if any key is pressed on HP382.
The panic message is:
---
trap: bad kernel read access at 0x4
trap type 8, code = 0x505, v = 0x4
kernel program counter = 0xf9220
kernel: MMU fault trap
pid = 11047, pc = 000F9220, ps = 2100, sfc = 1, dfc = 1
Registers:
0 1 2 3 4 5 6 7
dreg: 00000018 FFFFFF47 000000B9 0000000B 00000038 00139D96 001396FC 00171012
areg: 00000000 0013F69C 0013F69C 0000019E 0003E830 00139D96 00671FB0 FFEFF8B4
Kernel stack (00671ECC):
671ECC: 00110436 00671F1C 00000080 000000B9 0000000B 00000038 00139D96 001396FC
671EEC: 00171012 0013F69C 0000019E 0003E830 00139D96 00000000 00000000 00671FB0
671F0C: 00001900 00000008 00000505 00000004 00000018 FFFFFF47 000000B9 0000000B
671F2C: 00000038 00139D96 001396FC 00171012 00000000 0013F69C 0013F69C 0000019E
671F4C: 0003E830 00139D96 00671FB0 FFEFF8B4 00000000 2100000F 92207008 00671FAC
671F6C: 05050005 00050005 00000004 00671F9C 00000047 001C5FE8 00000001 00000FE8
671F8C: 00000000 00000001 0000011E 001396FC 00000047 0000000B 0013F69C 0000019E
671FAC: 0003E830 00671FCC 00108938 FFFFFFB9 00000047 0000044E 0000033C 000002BE
671FCC: 00671FE0 001088E6 0013F69C 000000B9 00000047 FFEFF8E8 00001C7C 0000057C
671FEC: 0000002C 0000002C 001C50A2 00040002 3A780064
panic: MMU fault
Stopped in cc1 at _cpu_Debugger+0x6: unlk a6
db> trace
_cpu_Debugger(2104,671f1c,8,2ea66,671f08) + 6
_panic(110008,b9,b,38,139d96) + 60
_trap(8,505,4) + 234
_itefilter(ffffffb9,47,44e,33c,2be) + 16
_hil_process_int(13f69c,b9,47,ffeff8e8,1c7c) + 48
_hilint(57c,2c,2c,1c50a2,40002) + 22
_lev1intr() + 4
db>
---
The code around 0xf9220 is:
---
00000000000f920a <_itefilter>:
f920a: 4e56 0000 linkw %fp,#0
f920e: 48e7 3038 moveml %d2-%d3/%a2-%a4,%sp@-
f9212: 142e 000b moveb %fp@(11),%d2
f9216: 122e 000f moveb %fp@(15),%d1
f921a: 2079 0012 7dc8 moveal 127dc8 <_kbd_ite>,%a0
f9220: 2668 0004 moveal %a0@(4),%a3
f9224: 4a8b tstl %a3
---
I think NULL pointer "kbd_ite" causes this panic.
>How-To-Repeat:
Boot NetBSD/hp300 kernel on HP382 and press any key.
>Fix:
NetBSD/hp300 does not support the framebuffer on HP382 so
no ite device is attached. In this case, kbd_ite is not
initialized but refered in sys/arch/hp300/dev/ite.c:itefilter().
It would cause the panic.
Index: arch/hp300/dev/ite.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/arch/hp300/dev/ite.c,v
retrieving revision 1.43
diff -u -r1.43 ite.c
--- ite.c 2000/03/23 06:37:23 1.43
+++ ite.c 2000/08/04 06:41:33
@@ -526,10 +526,12 @@
static int capsmode = 0;
static int metamode = 0;
char code, *str;
- struct tty *kbd_tty = kbd_ite->tty;
+ struct tty *kbd_tty;
- if (kbd_tty == NULL)
+ if (kbd_ite == NULL || kbd_ite->tty == NULL)
return;
+
+ kbd_tty = kbd_ite->tty;
switch (c & 0xFF) {
case KBD_CAPSLOCK:
>Release-Note:
>Audit-Trail:
>Unformatted: