From rlenk@widget.xmission.com  Wed Nov  8 19:15:34 1995
Received: from widget.xmission.com (root@widget.xmission.com [198.60.22.228])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA08802
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 Nov 1995 19:15:29 -0800
Received: (from rlenk@localhost) by widget.xmission.com (8.6.12/8.6.12) id UAA00442; Wed, 8 Nov 1995 20:15:20 -0700
Message-Id: <199511090315.UAA00442@widget.xmission.com>
Date: Wed, 8 Nov 1995 20:15:20 -0700
From: rlenk@widget.xmission.com
Reply-To: rlenk@widget.xmission.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: Certain SCSI operations cause panic with ahc driver
X-Send-Pr-Version: 3.2

>Number:         812
>Category:       kern
>Synopsis:       Certain SCSI operations cause panic with ahc driver
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov  8 19:20:06 PST 1995
>Closed-Date:    Sat Nov 11 09:33:03 PST 1995
>Last-Modified:  Sat Nov 11 09:33:53 PST 1995
>Originator:     Ron Lenk
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Widget Networking
>Environment:

( FreeBSD-STABLE, supped on Oct 29 )

Output from 'dmesg':

FreeBSD 2.1-STABLE #0: Sun Oct 29 11:03:08 MST 1995
    rlenk@widget.xmission.com:/usr/src/sys/compile/WIDGET
CPU: 60-MHz Pentium 510\\60 (Pentium-class CPU)
  Origin = "GenuineIntel"  Id = 0x517  Stepping=7
  Features=0x1bf<FPU,VME,PSE,MCE,CX8,APIC>
real memory  = 33554432 (32768K bytes)
avail memory = 30711808 (29992K bytes)
Probing for devices on the ISA bus:
sc0 at 0x60-0x6f irq 1 on motherboard
sc0: VGA color <16 virtual consoles, flags=0x0>
ed0 at 0x280-0x28f irq 9 maddr 0xd8000 msize 8192 on isa
ed0: address 02:60:8c:3f:30:b8, type 3c503 (8 bit) 
sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16550A
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
lpt0 at 0x378-0x37f irq 7 on isa
lpt0: Interrupt-driven port
lp0: TCP/IP capable interface
mse0 at 0x23c irq 5 on isa
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 72065B
fd0: 1.44MB 3.5in
fd1: 1.2MB 5.25in
ahc0: 284x Single Channel, SCSI Id=7, aic7770 <= Rev C, 4 SCBs
ahc0 at 0x1000-0x10ff irq 11 on eisa slot 1
ahc0 waiting for scsi devices to settle
ahc0: target 0 Tagged Queuing Device
(ahc0:0:0): "MICROP 2210-09MQ1001901 HQ30" type 0 fixed SCSI 2
sd0(ahc0:0:0): Direct-Access 1008MB (2065250 512 byte sectors)
(ahc0:1:0): "SyQuest SQ3270S 2_04" type 0 removable SCSI 2
sd1(ahc0:1:0): Direct-Access 256MB (524288 512 byte sectors)
(ahc0:2:0): "TEXEL CD-ROM DM-XX28 3.05" type 5 removable SCSI 2
cd0(ahc0:2:0): CD-ROM cd present.[94975 x 2048 byte records]
npx0 on motherboard
npx0: INT 16 interface
pas0 at 0x388 irq 10 drq 6 on isa
pas0: <Pro AudioSpectrum 16D rev 127>

>Description:

There are two separate occasions when this occurs, they are as follows:

1) Issuing a 'reset' command in 'cdplay', causes the machine to panic
with the follwing output on the console:

ahc0: target 2, lun 0 (cd0) timed out.
ahc0: target 0, lun 0 (sd0) timed out.
sd0(ahc0:0:0): BUS DEVICE RESET message queued.
panic: biodone: buffer not busy

syncing disks: 27 27 27 27 27 ... ( etc. etc. ) ... giving up

(the light on the SCSI controller is solid)

2) Attempting to format a SyQuest cartridge using the scsi(8) util
causes a similar panic, with the following on the console:
( command was 'scsi -f /dev/rsd1c -c "4 0 0 0 0 0"', as shown in the
scsi(8) man page )

sd1(ahc0:1:0): UNIT ATTENTION asc:29,0
sd1(ahc0:1:0): Power on, reset, or bus device reset occurred
Debugger( "sdopen: no slices" ) called.
ahc0: target 1, lun 0 (sd1) timed out.
sd1(ahc0:1:0): BUS DEVICE RESET message queued.
panic: biodone: buffer not busy

syncing disks... 3 3 3 3 3 ... ( etc. etc. ) ... giving up

(The UNIT ATTENTION message is normal after changing media in the drive)
(The LED on the SCSI controller is _not_ on in this case.)

>How-To-Repeat:

See above.

>Fix:
	
Unknown.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: davidg 
State-Changed-When: Sat Nov 11 09:33:03 PST 1995 
State-Changed-Why:  
The bug was caused by the buffer flags not being initialized properly 
when doing certain ioctl functions. Fixed in rev 1.17 of scsi_ioctl.c. 
>Unformatted:
