kern/38179: sd detach deadbeaf dereference

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38179: sd detach deadbeaf dereference
From: yamt%mwd.biglobe.ne.jp@localhost
Date: Thu, 6 Mar 2008 05:20:00 +0000 (UTC)

>Number:         38179
>Category:       kern
>Synopsis:       sd detach deadbeaf dereference
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 06 05:20:00 +0000 2008
>Originator:     YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
>Release:        NetBSD 4.99.55
>Organization:
        
>Environment:
Architecture: i386
Machine: i386
>Description:
        see below.  it's with DIAGNOSTIC+DEBUG+LOCKDEBUG enabled.

umass0 at uhub5 port 4 configuration 1 interface 0
umass0: CASIO COMPUTER CASIO QV DIGITAL, rev 2.00/10.00, addr 4
umass0: using ATAPI over Bulk-Only
atapibus1 at umass0: 2 targets
sd1 at atapibus1 drive 0: <CASIO, DIGITAL_CAMERA, 1.00> disk removable
sd1: 1920 MB, 80 cyl, 2 head, 18 sec, 512 bytes/sect x 3932160 sectors
umass0: at uhub5 port 4 (addr 4) disconnected
sd1: detached
uvm_fault(0x80aed6a0, 0xdeadb000, 2) -> 0xe
kernel: supervisor trap page fault, code=0
Stopped in pid 0.24 (system) at netbsd:scsipi_remove_periph+0x28:       movl    
%
edx,0(%eax)
db{0}> t
scsipi_remove_periph(835a4f38,835a4d00,0,80a56420,835a0a00) at netbsd:scsipi_rem
ove_periph+0x28
atapibusdetach(835a4e00,1,834d3d80,806ebf7c,0) at netbsd:atapibusdetach+0x69
config_detach(835a4e00,1,0,80a79400,1) at netbsd:config_detach+0x169
umass_detach(835a0a00,1,0,0,8dc89c5c) at netbsd:umass_detach+0x9c
config_detach(835a0a00,1,834acd1c,80463fc7,80af1928) at netbsd:config_detach+0x1
69
usb_disconnect_port(8348656c,834acd00,10,806ec433,83381780) at netbsd:usb_discon
nect_port+0x71
uhub_explore(83486600,5,83385680,0,8d250220) at netbsd:uhub_explore+0x119
uhub_explore(83381780,83385900,8dc89d2c,806e9897,1770) at netbsd:uhub_explore+0x
65
usb_discover(1770,0,80a1fb00,1770,0) at netbsd:usb_discover+0x3b
usb_event_thread(83385900,0,801002bd,0,801002bd) at netbsd:usb_event_thread+0x57

db{0}> sh r
ds          0x10
es          0x10
fs          0x30
gs          0x10
edi         0
esi         0x835a4f38
ebp         0x8dc89bac
ebx         0x835a4d00
edx         0
ecx         0
eax         0xdeadbeef
eip         0x80528b78  scsipi_remove_periph+0x28
cs          0x8
eflags      0x10246
esp         0x8dc89ba4
ss          0x10
netbsd:scsipi_remove_periph+0x28:       movl    %edx,0(%eax)
db{0}> 

>How-To-Repeat:
>Fix:
        

>Unformatted:

Prev by Date: Re: kern/35275 (RCA Lyra flash device/music player will not mount as umass device)
Next by Date: Re: toolchain/35925 (maketars emits errors with build.sh -j 4)
Previous by Thread: Re: kern/35275 (RCA Lyra flash device/music player will not mount as umass device)
Next by Thread: Re: toolchain/35925 (maketars emits errors with build.sh -j 4)
Indexes:

Home | Main Index | Thread Index | Old Index