From owner-freebsd-current Fri May 31 11:39:16 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA28283 for current-outgoing; Fri, 31 May 1996 11:39:16 -0700 (PDT) Received: from marble.eps.nagoya-u.ac.jp (marble.eps.nagoya-u.ac.jp [133.6.57.68]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA28278 for ; Fri, 31 May 1996 11:39:11 -0700 (PDT) Received: from marble.eps.nagoya-u.ac.jp (localhost [127.0.0.1]) by marble.eps.nagoya-u.ac.jp (8.7.4+2.6Wbeta6/3.3W9) with ESMTP id DAA01782 for ; Sat, 1 Jun 1996 03:39:05 +0900 (JST) Message-Id: <199605311839.DAA01782@marble.eps.nagoya-u.ac.jp> To: current@freebsd.org Subject: panic: vwakup: neg numoutput X-Mailer: Mew version 1.05+ on Emacs 19.28.1, Mule 2.3 X-PGP-Fingerprint: CA 87 00 60 BB BA 0C 81 A8 FB AA 6A 3A B0 38 9E Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sat, 01 Jun 1996 03:39:03 +0900 From: KATO Takenori Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I am having panic by SCSI CD-ROM access. I mount 4.4BSD-Lite2 CD-ROM, and do: cd /cdrom/4.4BSD-Lite/usr/src/lib/libc egrep DTF */* After disk access, kernel show the following message: panic: vwakeup: neg numoutput I changed into the kernel which was built before VM mega-commit, I got same panic. The version 2.1.0 kernel doesn't panic, and egrep works. The stack frame trace with kgdb show: kato@marble[84]% kgdb #0 boot (howto=256) (...) #1 0xf0119207 in panic (...) #2 0xf0130de3 in vwakeup (...) #3 0xf012da6a in biodone (...) #4 0xf01861eb in cd:cd_strategy (...) #5 0xf018bd94 in scsi_strategy (...) #6 0xf0185dc8 in cd:cdstrategy (...) #7 0xf0138f1a in spec_strategy (...) #8 0xf0108030 in cd9660_vnops:cd9660_strategy (...) #9 0xf012eed3 in cluster_read (...) #10 0xf0107665 in cd9660_vnops:cd9660_read (...) #11 0xf0135b32 in vfs_vnops:vn_read (...) #12 0xf011a84f in read (...) #13 0xf01b823d in syscall (...) Reading in symbols for ../../kern/vfs_bio.c...done. #3 0xf012da6a in biodone (bp=(struct buf *) 0xf2c9ed14) (../../kern/vfs_bio.c line 1377) 1377 vwakeup(bp); (kgdb) list 1372 return; 1373 } 1374 bp->b_flags |= B_DONE; 1375 1376 if ((bp->b_flags & B_READ) == 0) { 1377 vwakeup(bp); 1378 } 1379 #ifdef BOUNCE_BUFFERS 1380 if (bp->b_flags & B_BOUNCE) 1381 vm_bounce_free(bp); (kgdb) x bp 0xf2c9ed14 : 0xf2c8d52c (kgdb) print bp->b_flags $4 = 68112 #4 0xf01861eb in cd_strategy (bp=(struct buf *) 0xf2c9ed14, sc_link=(struct scsi_link *) 0xf0938700) (../../scsi/cd.c line 484) li484 biodone(bp); (kgdb) list 479 480 /* 481 * Correctly set the buf to indicate a completed xfer 482 */ 483 bp->b_resid = bp->b_bcount; 484 biodone(bp); 485 return; 486 } 487 488 /* #9 0xf012eed3 in cluster_read (vp=(struct vnode *) 0xf0d92400, filesize=0x1800, lblkno=0, size=2048, cred=(struct ucred *) 0x0, bpp=(struct buf **) 0xefbffecc) (./vnode_if.h line 1116) 1116 return (VCALL((bp)->b_vp, VOFFSET(vop_strategy), &a)); (kgdb) list 1111 { 1112 struct vop_strategy_args a; 1113 1114 a.a_desc = VDESC(vop_strategy); 1115 a.a_bp = bp; 1116 return (VCALL((bp)->b_vp, VOFFSET(vop_strategy), &a)); 1117 } 1118 1119 struct vop_bwrite_args { 1120 struct vnodeop_desc *a_desc; (kgdb) i line * 0xf012eed3 Line 1116 of "./vnode_if.h" starts at pc 0xf012ee06 and ends at 0xf012ee23. (kgdb) disassemble 0xf012eed3 0xf012ee4c Dump of assembler code from 0xf012eed3 to 0xf012ee4c: End of assembler dump. (kgdb) disassemble 0xf012eed3 0xf012ef40 Dump of assembler code from 0xf012eed3 to 0xf012ef1c: 0xf012eed3 : addl $0x4,%esp 0xf012eed6 : incl -266339692 0xf012eedc : movl 52(%ebx),%eax 0xf012eedf : cltd 0xf012eee0 : idivl 24(%ebp),%eax 0xf012eee3 : addl %eax,-266339688 0xf012eee9 : movl -266415424,%edx 0xf012eeef : movl 24(%edx),%edx 0xf012eef2 : incl 44(%edx) 0xf012eef5 : cmpl $0x0,-40(%ebp) 0xf012eef9 : je 0xf012ef0c 0xf012eefb : movl -40(%ebp),%edx 0xf012eefe : testb $0x4,36(%edx) 0xf012ef02 : jne 0xf012ef0c 0xf012ef04 : pushl %edx 0xf012ef05 : call 0xf012d830 0xf012ef0a : jmp 0xf012ef0f 0xf012ef0c : movl -48(%ebp),%eax 0xf012ef0f : leal -76(%ebp),%esp 0xf012ef12 : popl %ebx 0xf012ef13 : popl %esi 0xf012ef14 : popl %edi 0xf012ef15 : leave 0xf012ef16 : ret 0xf012ef17 : addb %dl,-119(%ebp) 0xf012ef1a : inl $0x83,%eax 0xf012ef1c : inb (%dx),%al End of assembler dump. The bp->b_flags is set as: B_MALLOC | B_DONE | B_ERROR | B_BUSY B_DONE might be set in biodone(), and B_ERROR might be set in cd_strategy(). The disassemble list show VOP_STRATEGY (vnode_if.h line 1116) is second VOP_STRATEGY in cluster_read(). So, the buffer may be the return value of cluster_rbuild(). The value of b_flags suggests following process. 1) first getblk() in cluster_rbuild() returns buffer with B_MALLOC | B_BUSY. 2) VOP_STRATEGY in cluster_read() calls cd9660_strategy(), spec_strategy(), ..., cd_strategy(). 3) cd_strategy() set B_ERROR and jump to bad label, then it calls biodone. (Now b_flags is B_MALLOC | B_BUSY | B_ERROR) 4) Because B_READ is not set, biodone call vwakeup(). 5) Panic! I compared vfs_cluster.c between 2.1.0-RELEASE version and revision 1.35 in current, and I found the change which could cause above process. In change of vfs_cluster.c from 1.34 to 1.35, in cluster_rbuild(): tbp = getblk(vp, lbn, size, 0, 0); if (tbp->b_flags & B_CACHE) return tbp; was changed into tbp = getblk(vp, lbn, size, 0, 0); if (tbp->b_flags & (B_CACHE|B_MALLOC)) return tbp; If getblk of both 2.1.0 and current returns the buffer with B_MALLOC, B_ASYNC and B_READ are set in 2.1.0 but they aren't set in current. Comment please. ---- KATO Takenori Dept. Earth Planet. Sci., Nagoya Univ., Nagoya, 464-01, Japan Voice: +81-52-789-2529 Fax: +81-52-789-3033