Date: Mon, 1 Jun 1998 10:14:52 +1000 From: Bruce Evans <bde@zeta.org.au> To: abial@nask.pl, julian@whistle.com Cc: brianfeldman@hotmail.com, freebsd-current@FreeBSD.ORG Subject: Re: fd crash (in isa_dmastart) Message-ID: <199806010014.KAA21095@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>On Sun, 31 May 1998, Julian Elischer wrote:
>
>> I'm not sure what causes this but it should be easy enough to reproduce..
>> I'll add it to my list of things to clean up...
>>
>> Interestingly enoungh the stack trace shows no softupdates related
>> functions.
>> I will guess however that the softupdate code may not fully appreciate the
>> subtlties of bounce buffers
>> as they are a FreeBSD oddity.
>> (I can actually think of a few things to check out.)
>> this may be a problem with aha1542 scsi systems too.
>
>As I wrote you some time ago, it's enough to try to mount msdos floppy
>under DEVFS/SLICE kernel - it immediately panics with the same message.
It's probably just the stale v_object bug. Here is a a sure kill:
[Put an msdosfs floppy in /dev/fd0.]
mount /dev/fd0 /mnt
mount -t msdos /dev/fd0 /mnt
msdosfs with a block size of 512 produces requests on the block device
that are misaligned relative to page boundaries (1 block at blkno
#0, 3 blocks at #1, 3 blocks at #4 and 3 blocks at #7, maybe more).
Normally these requests are handled sub-optimally using malloced buffers,
but the stale v_object makes getblk() think that a B_VMIO buffer will
work. This gives a bogus buffer for the (3 blocks #7 request):
#GDB is free software and you are welcome to distribute copies of it
# under certain conditions; type "show copying" to see the conditions.
#There is absolutely no warranty for GDB; type "show warranty" for details.
#GDB 4.16 (i386-unknown-freebsd),
#Copyright 1996 Free Software Foundation, Inc...
#IdlePTD 2c9000
#initial pcb at 239d1c
#panicstr: isa_dmacheck: no physical page present
#panic messages:
#---
#panic: isa_dmacheck: no physical page present
#
#syncing disks... 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 giving up
#1: dev:00010202, flags:20100010, blkno:7, lblkno:7
#2: dev:00000400, flags:21020034, blkno:89664, lblkno:0
#3: dev:00000400, flags:21020014, blkno:85422, lblkno:0
#4: dev:00000400, flags:21020034, blkno:70432, lblkno:0
#5: dev:00000400, flags:21020034, blkno:71054, lblkno:0
#6: dev:00000400, flags:21020014, blkno:71806, lblkno:0
#7: dev:00000400, flags:21020014, blkno:69070, lblkno:0
#8: dev:00000400, flags:21020014, blkno:71276, lblkno:0
#9: dev:00000400, flags:21020014, blkno:71070, lblkno:0
#10: dev:00000400, flags:21020014, blkno:70320, lblkno:0
#11: dev:00000400, flags:21020014, blkno:67312, lblkno:0
#12: dev:00000400, flags:21020034, blkno:65712, lblkno:65712
#13: dev:00000400, flags:21020034, blkno:65680, lblkno:65680
#14: dev:00000400, flags:21020034, blkno:65648, lblkno:65648
#15: dev:00000400, flags:21020034, blkno:65600, lblkno:65600
#
#dumping to dev 30001, offset 67520
#dump 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
#---
##0 boot (howto=256) at ./@/kern/kern_shutdown.c:281
#281 dumppcb.pcb_cr3 = rcr3();
#(kgdb) where
##0 boot (howto=256) at ./@/kern/kern_shutdown.c:281
##1 0xf0121293 in panic (
# fmt=0xf0209138 "isa_dmacheck: no physical page present")
# at ./@/kern/kern_shutdown.c:421
##2 0xf02091bd in isa_dmarangecheck (
# va=0xf14e3000 <Address 0xf14e3000 out of bounds>, length=512, chan=2)
# at ./@/i386/isa/isa.c:908
##3 0xf0208eca in isa_dmastart (flags=537919504,
# addr=0xf14e3000 <Address 0xf14e3000 out of bounds>, nbytes=512, chan=2)
# at ./@/i386/isa/isa.c:772
##4 0xf0203e46 in fdstate (fdcu=0, fdc=0xf0287028) at ./@/i386/isa/fd.c:1757
##5 0xf02038fc in fdintr (vfdc=0xf0287028) at ./@/i386/isa/fd.c:1560
#(kgdb) up 4
##4 0xf0203e46 in fdstate (fdcu=0, fdc=0xf0287028) at ./@/i386/isa/fd.c:1757
#1757 isa_dmastart(bp->b_flags, bp->b_data+fd->skip,
#(kgdb) p/x *bp
#$1 = {b_hash = {le_next = 0xf12cf6f8, le_prev = 0xf023bc30}, b_vnbufs = {
# le_next = 0xf12d0160, le_prev = 0xf948ea30}, b_freelist = {
# tqe_next = 0xf12d03b0, tqe_prev = 0xf022a244}, b_act = {tqe_next = 0x0,
# tqe_prev = 0xf0287070}, b_proc = 0x0, b_flags = 0x20100010,
# b_qindex = 0x0, b_usecount = 0x5, b_error = 0x0, b_bufsize = 0x600,
# b_bcount = 0x600, b_resid = 0x0, b_dev = 0x10202, b_data = 0xf14e2e00,
^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^
0x600 bytes required only 0x200 bytes here
# b_kvabase = 0xf14e2000, b_kvasize = 0x2000, b_lblkno = 0x7, b_blkno = 0x7,
# b_offset = 0x0000000000000e00, b_iodone = 0x0, b_iodone_chain = 0x0,
# b_vp = 0xf948ea00, b_dirtyoff = 0x0, b_dirtyend = 0x0, b_rcred = 0x0,
# b_wcred = 0x0, b_validoff = 0x0, b_validend = 0x0, b_pblkno = 0x7,
# b_saveaddr = 0x0, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0,
# b_spc = 0x0, b_cluster = {cluster_head = {tqh_first = 0x0, tqh_last = 0x0},
# cluster_entry = {tqe_next = 0x0, tqe_prev = 0x0}}, b_pages = {0xf0463508,
^^^^^^^^^^^^^^^^^^^^^
only one page mapped
# 0x0 <repeats 31 times>}, b_npages = 0x1, b_dep = {lh_first = 0x0}}
#(kgdb) q
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806010014.KAA21095>