Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 May 1995 11:30:03 -0700
From:      Heikki Suonsivu <hsu@clinet.fi>
To:        freebsd-bugs
Subject:   kern/378: vm_bounce_page_free called while no bounce bufgfers used
Message-ID:  <199505031830.LAA09210@freefall.cdrom.com>
In-Reply-To: Your message of Wed, 3 May 1995 21:24:53 %2B0300 <199505031824.VAA04513@katiska.clinet.fi>

next in thread | previous in thread | raw e-mail | index | archive | help

>Number:         378
>Category:       kern
>Synopsis:       (apparently) bounce buffer code gets used on 32bit bus
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May  3 11:30:01 1995
>Originator:     Heikki Suonsivu
>Organization:
Helsinki University of Technology, Finland
>Release:        FreeBSD 2.1.0-Development i386
>Environment:

	P60 as an nntp server in addition to normal work:

code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= Idle
interrupt mask		= bio 
panic: page fault

dumping to dev 401, offset 344064
dump 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 
Probing for devices on the ISA bus:
sc0 at 0x60-0x6f irq 1 on motherboard
sc0: VGA color <16 virtual consoles, flags=0x0>
ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
ed0: address 00:00:c0:7a:8d:2c, type WD8013EP (16 bit) 
bpf: ed0 attached
lpt0 not found at 0x3bc
sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16450
sio1 not found at 0x2f8
sio2 not found at 0x3e8
sio3 not found at 0x2e8
pca0 on isa
pca0: PC speaker audio driver
bt0: Bt946C/ 0-PCI/EISA/VLB(32bit) bus
bt0: reading board settings, busmastering, int=11
bt0: version 4.23, sync, parity, 32 mbxs, 32 ccbs
bt0: targ 0 sync rate=10.00MB/s(100ns), offset=15
bt0: targ 1 sync rate=10.00MB/s(100ns), offset=15
bt0: targ 3 sync rate=10.00MB/s(100ns), offset=15
bt0: Enabling Round robin scheme
bt0 at 0x330 irq 11 on isa
bt0 waiting for scsi devices to settle
(bt0:0:0): "IBM 0662S12       !O 2 23" type 0 fixed SCSI 2
sd0(bt0:0:0): Direct-Access 1003MB (2055035 512 byte sectors)
(bt0:1:0): "SEAGATE ST32550N 0012" type 0 fixed SCSI 2
sd1(bt0:1:0): Direct-Access 2047MB (4194058 512 byte sectors)
(bt0:3:0): "SEAGATE ST31200N 9348" type 0 fixed SCSI 2
sd3(bt0:3:0): Direct-Access 1011MB (2072435 512 byte sectors)
aha0 not probed due to I/O address conflict with bt0 at 0x330
wdc0 not found at 0x1f0
wdc1 not found at 0x170
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 765
fd0: 1.44MB 3.5in
mcd0: timeout getting status
mcd0 not found at 0x300
le0: no board found at 0x300
le0 not found at 0x300
npx0 on motherboard
npx0: INT 16 interface
matcd0 not found at 0xffffffff
matcd1 not found at 0xffffffff
matcd2 not found at 0xffffffff
matcd3 not found at 0xffffffff
bio_imask c0000840 tty_imask c0030032 net_imask c0030032
Probing for devices on the pci0 bus:
	configuration mode 2 allows 16 devices.
pci0:0: vendor=0x10b9, device=0x1451, class=bridge [not supported]
pci0:2: vendor=0x10b9, device=0x1449, class=old [not supported]
pci0:3: vendor=0x104b, device=0x1040, class=storage [not supported]
	map(10): io(ffe4)
changing root device to sd0a
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
sd3s1: type 0xa5, start 0, end = 2072434, size 2072435 : OK
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
bpf: ds0 attached
bpf: lo0 attached
bpf: ppp0 attached
bpf: ppp1 attached
bpf: ppp2 attached
bpf: ppp3 attached
bpf: ppp4 attached
bpf: ppp5 attached
bpf: ppp6 attached
bpf: ppp7 attached
bpf: ppp8 attached
bpf: ppp9 attached
bpf: ppp10 attached
bpf: ppp11 attached
bpf: ppp12 attached
bpf: ppp13 attached
bpf: ppp14 attached
bpf: ppp15 attached
bpf: ppp16 attached
bpf: ppp17 attached
bpf: ppp18 attached
bpf: ppp19 attached
bpf: ppp20 attached
bpf: ppp21 attached
bpf: ppp22 attached
bpf: ppp23 attached
bpf: ppp24 attached
bpf: ppp25 attached
bpf: ppp26 attached
bpf: ppp27 attached
bpf: ppp28 attached
bpf: ppp29 attached
bpf: ppp30 attached
bpf: ppp31 attached
bpf: sl0 attached
bpf: sl1 attached
bpf: sl2 attached
bpf: sl3 attached
bpf: sl4 attached
bpf: sl5 attached
bpf: sl6 attached
bpf: sl7 attached
bpf: sl8 attached
bpf: sl9 attached
bpf: sl10 attached
bpf: sl11 attached
bpf: sl12 attached
bpf: sl13 attached
bpf: sl14 attached
bpf: sl15 attached
bpf: tun0 attached
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
WARNING: / was not properly dismounted
sd3s1: type 0xa5, start 0, end = 2072434, size 2072435 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
panic: vm_bounce_page_free: invalid bounce buffer

syncing disks... 

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0xa0
fault code		= supervisor read, page not present
instruction pointer	

Current directory is /var/crash/
Reading symbol data from /var/crash/kernel.15...done.
(kgdb) core vmcore.15
IdlePTD 246000
panic: vm_bounce_page_free: invalid bounce buffer
current pcb at 1f7520
Reading in symbols for ../../i386/i386/machdep.c...done.
(kgdb) directory /usr/src/compile/CLINETSERVER
/usr/src/compile/CLINETSERVER: No such file or directory.
(kgdb) directory /usr/src/sys/compile/CLINETSERVER
Source directories searched: /m/katiska/news/crash:/usr/src/sys/compile/CLINETSERVER
(kgdb) bt
#0  boot (arghowto=260) (../../i386/i386/machdep.c line 869)
#1  0xf01147c3 in panic (...)
#2  0xf01b939e in trap_fatal (...)
#3  0xf01b8f10 in trap_pfault (...)
#4  0xf01b8bd7 in trap (...)
#5  0xf01aeb81 in exception:calltrap (-227581896, 16, -267227880, 0)
#6  0xf0126d4f in biowait (...)
#7  0xf0125601 in bread (...)
#8  0xf018f16d in ffs_update (...)
#9  0xf019162a in ffs_sync (...)
#10 0xf012bbfe in sync (...)
#11 0xf01b10cc in boot (arghowto=256) (../../i386/i386/machdep.c line 828)
#12 0xf01147c3 in panic (...)
#13 0xf01ba964 in vm_bounce_page_free (...)
#14 0xf01baf00 in vm_bounce_free (...)
#15 0xf0126ee3 in biodone (...)
#16 0xf0185184 in scsi_done (...)
#17 0xf01bdedb in bt_done (...)
#18 0xf01bda54 in btintr (...)
#19 0xf01afaa7 in exception:Xresume11 ()
#20 0xf01b819c in cpu_switch ()
(kgdb) list
Reading in symbols for ../../kern/init_main.c...done.
121     /*
122      * System startup; initialize the world, create process 0, mount root
123      * filesystem, and fork to create init and pagedaemon.  Most of the
124      * hard work is done in the lower-level initialization routines including
125      * startup(), which does memory initialization and autoconfiguration.
126      */
127     void
128     main(framep)
129             void *framep;
130     {
(kgdb) up
Reading in symbols for ../../kern/subr_prf.c...done.
#1  0xf01147c3 in panic (fmt=(char *) 0xf01b88de "page fault") (../../kern/subr_prf.c line 128)
(kgdb) list
123                      kdbpanic();
124     #endif
125     #ifdef DDB
126             Debugger ("panic");
127     #endif
128             boot(bootopt);
129     }
130     
131     /*
132      * Warn that a system table is full.
(kgdb) up
Reading in symbols for ../../i386/i386/trap.c...done.
#2  0xf01b939e in trap_fatal (frame=(struct trapframe *) 0xf01e1d5c) (../../i386/i386/trap.c line 688)
(kgdb) list
683      #ifdef DDB
684             if (kdb_trap (type, 0, frame))
685                     return;
686     #endif
687             if (type <= MAX_TRAP_MSG)
688                     panic(trap_msg[type]);
689             else
690                     panic("unknown/reserved trap");
691     }
692     
(kgdb) list
693      /*
694      * Compensate for 386 brain damage (missing URKR).
695      * This is a little simpler than the pagefault handler in trap() because
696      * it the page tables have already been faulted in and high addresses
697      * are thrown out early for other reasons.
698      */
699     int trapwrite(addr)
700             unsigned addr;
701     {
702             struct proc *p;
(kgdb) up
#3  0xf01b8f10 in trap_pfault (frame=(struct trapframe *) 0xf01e1d5c, usermode=0) (../../i386/i386/trap.c line 610)
(kgdb) print usermode
$1 = 0
(kgdb) print frame
$2 = (struct trapframe *) 0xf01e1d5c
(kgdb) print *frame
$3 = {tf_es = 16, tf_ds = 16, tf_edi = -1, tf_esi = -227581896, tf_ebp = -266461784, tf_isp = -266461820, tf_ebx = 0, tf_edx = 1073739711, tf_ecx = 0, tf_eax = -2146435056, tf_trapno = 12, tf_err = 0, tf_eip = -267317170, tf_cs = 8, tf_eflags = 66118, tf_esp = -227581896, tf_ss = -1073739712}
(kgdb) print curpcb
$4 = -194781184
(kgdb) print *curpcb
$5 = 0
(kgdb) up
#4  0xf01b8bd7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1, tf_esi = -227581896, tf_ebp = -266461784, tf_isp = -266461820, tf_ebx = 0, tf_edx = 1073739711, tf_ecx = 0, tf_eax = -2146435056, tf_trapno = 12, tf_err = 0, tf_eip = -267317170, tf_cs = 8, tf_eflags = 66118, tf_esp = -227581896, tf_ss = -1073739712}) (../../i386/i386/trap.c line 290)
(kgdb) print type
$6 = 0
(kgdb) up
#5  0xf01aeb81 in exception:calltrap (-227581896, 16, -267227880, 0)
(kgdb) up
Reading in symbols for ../../kern/vfs_bio.c...done.
#6  0xf0126d4f in biowait (bp=(struct buf *) 0xf26f6038) (../../kern/vfs_bio.c line 1032)
(kgdb) print *bp
Cannot read memory: address 0x0 out of bounds.
(kgdb) list
1027     biowait(register struct buf * bp)
1028    {
1029            int s;
1030    
1031            s = splbio();
1032            while ((bp->b_flags & B_DONE) == 0)
1033                    tsleep((caddr_t) bp, PRIBIO, "biowait", 0);
1034            splx(s);
1035            if (bp->b_flags & B_EINTR) {
1036                    bp->b_flags &= ~B_EINTR;
(kgdb) frame
#6  0xf0126d4f in biowait (bp=(struct buf *) 0xf26f6038) (../../kern/vfs_bio.c line 1032)
(kgdb) print *(struct buf *) 0xf26f6038
$7 = {b_hash = {le_next = 0xf26e9e08, le_prev = 0xf0228c00}, b_vnbufs = {le_next = 0x0, le_prev = 0xf0a2902c}, b_freelist = {tqe_next = 0x0, tqe_prev = 0xf01f76a4}, b_actf = 0x0, b_actb = 0x0, b_proc = 0x0, b_flags = 1049104, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x00000400, b_un = {b_addr = 0xf2fd8000 "\200!\001"}, b_saveaddr = 0x0, b_lblkno = 24176, b_blkno = 24176, b_iodone = 0x0, b_iodone_chain = 0x0, b_vp = 0xf0a29000, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 24176, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02b049c, 0xf02b05a0, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
#7  0xf0125601 in bread (vp=(struct vnode *) 0xf0a29000, blkno=24176, size=8192, cred=(struct ucred *) 0xffffffff, bpp=(struct buf **) 0xf01e1e24) (../../kern/vfs_bio.c line 183)
(kgdb) print *bp
$8 = {b_hash = {le_next = 0xf26e9e08, le_prev = 0xf0228c00}, b_vnbufs = {le_next = 0x0, le_prev = 0xf0a2902c}, b_freelist = {tqe_next = 0x0, tqe_prev = 0xf01f76a4}, b_actf = 0x0, b_actb = 0x0, b_proc = 0x0, b_flags = 1049104, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x00000400, b_un = {b_addr = 0xf2fd8000 "\200!\001"}, b_saveaddr = 0x0, b_lblkno = 24176, b_blkno = 24176, b_iodone = 0x0, b_iodone_chain = 0x0, b_vp = 0xf0a29000, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 24176, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02b049c, 0xf02b05a0, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../ufs/ffs/ffs_inode.c...done.
#8  0xf018f16d in ffs_update (ap=(struct vop_update_args *) 0xf01e1e50) (../../ufs/ffs/ffs_inode.c line 133)
(kgdb) list
128               */
129             if (fs->fs_inodefmt < FS_44INODEFMT) {          /* XXX */
130                     ip->i_din.di_ouid = ip->i_uid;          /* XXX */
131                     ip->i_din.di_ogid = ip->i_gid;          /* XXX */
132             }                                               /* XXX */
133             error = bread(ip->i_devvp, fsbtodb(fs, ino_to_fsba(fs, ip->i_number)),
134                     (int)fs->fs_bsize, NOCRED, &bp);
135             if (error) {
136                     brelse(bp);
137                     return (error);
(kgdb) print ip
$9 = (struct inode *) 0xf0aa1a00
(kgdb) print *ip
$10 = {i_next = 0x0, i_prev = 0xf0a1bed4, i_vnode = 0xf0aa0980, i_devvp = 0xf0a29000, i_flag = 0x00000000, i_dev = 0x00000400, i_number = 0x00000bb5, inode_u = {fs = 0xf0a2b800, lfs = 0xf0a2b800}, i_dquot = {0x0, 0x0}, i_modrev = 0x33303f80, i_lockf = 0x0, i_lockholder = 0, i_lockwaiter = 0, i_count = 0, i_endoff = 0, i_diroff = 0, i_offset = 0, i_ino = 0x00000000, i_reclen = 0x00000000, i_lockcount = 0, i_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, i_din = {di_mode = 0x21a0, di_nlink = 1, di_u = {oldids = {0x0000, 0x0000}, inumber = 0x00000000}, di_size = 0x0, di_atime = {ts_sec = 799517567, ts_nsec = 0}, di_mtime = {ts_sec = 789934118, ts_nsec = 0}, di_ctime = {ts_sec = 791069396, ts_nsec = 0}, di_db = {3329, 0 <repeats 11 times>}, di_ib = {0, 0, 0}, di_flags = 0x00000000, di_blocks = 0, di_gen = 791069637, di_uid = 0x00000000, di_gid = 0x00000005, di_spare = {0, 0}}}
(kgdb) print fs
$11 = (struct fs *) 0xf0a2b800
(kgdb) print *fs
$12 = {fs_link = 0x0, fs_rlink = 0x0, fs_sblkno = 16, fs_cblkno = 24, fs_iblkno = 32, fs_dblkno = 152, fs_cgoffset = 56, fs_cgmask = -8, fs_time = 799517538, fs_size = 61440, fs_dsize = 59247, fs_ncg = 16, fs_bsize = 8192, fs_fsize = 1024, fs_frag = 8, fs_minfree = 5, fs_rotdelay = 0, fs_rps = 60, fs_bmask = -8192, fs_fmask = -1024, fs_bshift = 13, fs_fshift = 10, fs_maxcontig = 1, fs_maxbpg = 2048, fs_fragshift = 3, fs_fsbtodb = 1, fs_sbsize = 2048, fs_csmask = -512, fs_csshift = 9, fs_nindir = 2048, fs_inopb = 64, fs_nspf = 2, fs_optim = 0, fs_npsect = 99, fs_interleave = 1, fs_trackskew = 0, fs_headswitch = 0, fs_trkseek = 0, fs_csaddr = 152, fs_cssize = 1024, fs_cgsize = 1024, fs_ntrak = 5, fs_nsect = 99, fs_spc = 495, fs_ncyl = 249, fs_cpg = 16, fs_ipg = 960, fs_fpg = 3960, fs_cstotal = {cs_ndir = 103, cs_nbfree = 2816, cs_nifree = 13356, cs_nffree = 500}, fs_fmod = 0, fs_clean = 0, fs_ronly = 0, fs_flags = 0, fs_fsmnt = {"/", '\000' <repeats 511 times>}, fs_cgrotor = 7!
 , fs_csp = {0xf0a24400, 0x0 <repeats 31 times>}, fs_cpc = 16, fs_opostbl = {{0, 0, 0, 0, 0, 0, 0, 0} <repeats 16 times>}, fs_sparecon = {0 <repeats 50 times>}, fs_contigsumsize = 0, fs_maxsymlinklen = 60, fs_inodefmt = 2, fs_maxfilesize = 0x0, fs_qbmask = 8191, fs_qfmask = 1023, fs_state = 0, fs_postblformat = 1, fs_nrpos = 1, fs_postbloff = 1376, fs_rotbloff = 1408, fs_magic = 72020, fs_space = {"\000"}}
(kgdb) print fd->fs_bsiz
No symbol "fd" in current context.
(kgdb) print fd->fs_bsize
No symbol "fd" in current context.
(kgdb) print fs->fs_bsize
$13 = 8192
(kgdb) up
Reading in symbols for ../../ufs/ffs/ffs_vfsops.c...done.
#9  0xf019162a in ffs_sync (mp=(struct mount *) 0xf0a2ac00, waitfor=2, cred=(struct ucred *) 0xf0901780, p=(struct proc *) 0xf022afb0) (./vnode_if.h line 850)
850     (./vnode_if.h)
(kgdb) list
./vnode_if.h: No such file or directory.
(kgdb) up
Reading in symbols for ../../kern/vfs_syscalls.c...done.
#10 0xf012bbfe in sync (p=(struct proc *) 0xf022afb0, uap=(struct sync_args *) 0x0, retval=(int *) 0x0) (../../kern/vfs_syscalls.c line 335)
(kgdb) print mp
$14 = (struct mount *) 0xf0a2ac00
(kgdb) print *mp
$15 = {mnt_list = {tqe_next = 0xf0a05400, tqe_prev = 0xf02285ec}, mnt_op = 0xf01e8d90, mnt_vnodecovered = 0x0, mnt_vnodelist = {lh_first = 0xf0aaae00}, mnt_flag = 4214784, mnt_maxsymlinklen = 60, mnt_stat = {f_type = 1, f_flags = 20480, f_bsize = 1024, f_iosize = 8192, f_blocks = 59247, f_bfree = 23028, f_bavail = 20065, f_files = 15358, f_ffree = 13356, f_fsid = {val = {1024, 1}}, f_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0}, f_mntonname = {"/", '\000' <repeats 89 times>}, f_mntfromname = {"/dev/sd0a", '\000' <repeats 81 times>}}, mnt_data = 0xf0a2a600, mnt_vfc = 0x0}
(kgdb) list
330                       */
331                     if ((mp->mnt_flag & (MNT_MLOCK|MNT_RDONLY|MNT_MPBUSY)) == 0 &&
332                         !vfs_busy(mp)) {
333                             asyncflag = mp->mnt_flag & MNT_ASYNC;
334                             mp->mnt_flag &= ~MNT_ASYNC;
335                             VFS_SYNC(mp, MNT_NOWAIT, p != NULL ? p->p_ucred : NOCRED, p);
336                             if (asyncflag)
337                                     mp->mnt_flag |= MNT_ASYNC;
338                             vfs_unbusy(mp);
339                     }
(kgdb) up
#11 0xf01b10cc in boot (arghowto=256) (../../i386/i386/machdep.c line 828)
(kgdb) print proc
No symbol "proc" in current context.
(kgdb) print proc0
$16 = {p_forw = 0x0, p_back = 0x0, p_next = 0x0, p_prev = 0xf0a17108, p_cred = 0xf0231ccc, p_fd = 0xf01f5890, p_stats = 0xf0247288, p_limit = 0xf022fd5c, p_vmspace = 0xf01f8cac, p_sigacts = 0xf024715c, p_flag = 516, p_stat = 3, p_pad1 = {"\000\000\000"}, p_pid = 0, p_hash = 0x0, p_pgrpnxt = 0xf0a69b00, p_pptr = 0x0, p_osptr = 0x0, p_ysptr = 0x0, p_cptr = 0xf0a69b00, p_oppid = 0, p_dupfd = 0, p_estcpu = 0x00000000, p_cpticks = 0, p_pctcpu = 0x00000000, p_wchan = 0xf022afb0, p_wmesg = 0xf01a41d2 "sched", p_swtime = 0x000000f2, p_slptime = 0x00000009, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {tv_sec = 0, tv_usec = 0}}, p_rtime = {tv_sec = 0, tv_usec = 10510}, p_uticks = 0x0, p_sticks = 0x2e, p_iticks = 0x9, p_traceflag = 0, p_tracep = 0x0, p_siglist = 0, p_textvp = 0x0, p_lock = 0, p_pad2 = {"\000\000\000"}, p_spare = {0, 0}, p_sigmask = 0x00000000, p_sigignore = 0x18488000, p_sigcatch = 0x00000000, p_priority = 0x04, p_usrpri = 0x32, p_nice = 0, p_com!
 m = {"swapper\000\000\000\000\000\000\000\000\000\000"}, p_pgrp = 0xf022cc20, p_sysent = 0xf01e3620, p_rtprio = {type = 0x0001, prio = 0x0000}, p_thread = 0, p_addr = 0xf0247000, p_md = {md_flags = 0, md_regs = 0x0}, p_xstat = 0x0000, p_acflag = 0x0000, p_ru = 0x0}
(kgdb) print panicstr
$17 = (char *) 0xf01ba8e6 "vm_bounce_page_free: invalid bounce buffer"
(kgdb) list
823                      /*
824                      * Release inodes held by texts before update.
825                      */
826                     if (panicstr == 0)
827                             vnode_pager_umount(NULL);
828                     sync(&proc0, NULL, NULL);
829     
830                     for (iter = 0; iter < 20; iter++) {
831                             nbusy = 0;
832                             for (bp = &buf[nbuf]; --bp >= buf; ) {
(kgdb) up
#12 0xf01147c3 in panic (fmt=(char *) 0xf01ba8e6 "vm_bounce_page_free: invalid bounce buffer") (../../kern/subr_prf.c line 128)
(kgdb) list
123                      kdbpanic();
124     #endif
125     #ifdef DDB
126             Debugger ("panic");
127     #endif
128             boot(bootopt);
129     }
130     
131     /*
132      * Warn that a system table is full.
(kgdb) up
Reading in symbols for ../../i386/i386/vm_machdep.c...done.
#13 0xf01ba964 in vm_bounce_page_free (pa=0x00fd8000, count=1) (../../i386/i386/vm_machdep.c line 169)
(kgdb) list
164                      if( pa == bouncepa[index])
165                             break;
166             }
167     
168             if( index == bouncepages)
169                     panic("vm_bounce_page_free: invalid bounce buffer");
170     
171             allocindex = index / BITS_IN_UNSIGNED;
172             bit = index % BITS_IN_UNSIGNED;
173     
(kgdb) print index
$18 = 0
(kgdb) print bouncepages
$19 = 128
(kgdb) print count
$20 = 1
(kgdb) up
#14 0xf01baf00 in vm_bounce_free (bp=(struct buf *) 0xf26e6e18) (../../i386/i386/vm_machdep.c line 452)
(kgdb) list
447       */
448                             
449     /*
450                             printf("(kva: %x, pa: %x)", bouncekva, mybouncepa);
451     */
452                             vm_bounce_page_free(mybouncepa, 1);
453                     }
454     
455                     origkva += copycount;
456                     bouncekva += copycount;
(kgdb) print mynouncepa
No symbol "mynouncepa" in current context.
(kgdb) print mybouncepa
$21 = 0x00fd8000
(kgdb) print *mybouncepa
Cannot read memory: address 0xfd8000 out of bounds.
(kgdb) up
#15 0xf0126ee3 in biodone (bp=(struct buf *) 0xf26e6e18) (../../kern/vfs_bio.c line 1069)
(kgdb) print bp->b_flags
$22 = -536870316
(kgdb) print *bp
$23 = {b_hash = {le_next = 0x0, le_prev = 0x0}, b_vnbufs = {le_next = 0x87654321, le_prev = 0x0}, b_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, b_actf = 0xf26e6938, b_actb = 0x0, b_proc = 0x0, b_flags = -536870316, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x0000040e, b_un = {b_addr = 0xf2789000 }, b_saveaddr = 0xf0a81120, b_lblkno = 4838, b_blkno = 2292656, b_iodone = 0xf0128440, b_iodone_chain = 0x0, b_vp = 0xf0aaa380, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 2292656, b_savekva = 0xf3bd4000 , b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02ac7ac, 0xf02b0260, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../scsi/scsi_base.c...done.
#16 0xf0185184 in scsi_done (xs=(struct scsi_xfer *) 0xf0a83e00) (../../scsi/scsi_base.c line 429)
(kgdb) print bp
$24 = (struct buf *) 0xf26e6e18
(kgdb) print *bp
$25 = {b_hash = {le_next = 0x0, le_prev = 0x0}, b_vnbufs = {le_next = 0x87654321, le_prev = 0x0}, b_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, b_actf = 0xf26e6938, b_actb = 0x0, b_proc = 0x0, b_flags = -536870316, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x0000040e, b_un = {b_addr = 0xf2789000 }, b_saveaddr = 0xf0a81120, b_lblkno = 4838, b_blkno = 2292656, b_iodone = 0xf0128440, b_iodone_chain = 0x0, b_vp = 0xf0aaa380, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 2292656, b_savekva = 0xf3bd4000 , b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02ac7ac, 0xf02b0260, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../i386/isa/bt742a.c...done.
#17 0xf01bdedb in bt_done (unit=0, ccb=(struct bt_ccb *) 0xf0a05000) (../../i386/isa/bt742a.c line 1087)
(kgdb) print xs
$26 = (struct scsi_xfer *) 0xf0a83e00
(kgdb) print *xs
$27 = {next = 0xf0a83d00, flags = 0x00000831, sc_link = 0xf0901a00, retries = 0x04, spare = {"\300\255\336"}, timeout = 10000, cmd = 0xf0a83e58, cmdlen = 10, data = 0xf27a0000 , datalen = 4096, resid = 0, error = 0, bp = 0xf26f5e98, sense = {error_code = 0xde, ext = {unextended = {blockhi = 0xc0, blockmed = 0xad, blocklow = 0xde}, extended = {segment = 0xc0, flags = 0xad, info = {"\336\336\300\255"}, extra_len = 0xde, extra_bytes = {"\336\300\255\336\336\300\255\336", '\000' <repeats 16 times>}}}}, req_sense_length = 0, status = 0, cmdstore = {opcode = 0x2a, bytes = {"\000\000\"\267\220\000\000\b\000\000\000"}}}
(kgdb) up
#18 0xf01bda54 in btintr (unit=0) (../../i386/isa/bt742a.c line 832)
(kgdb) print unit
$28 = 0
(kgdb) print ccb
$29 = (struct bt_ccb *) 0xf0a05000
(kgdb) print *ccb
$30 = {opcode = 0x02,  = 0x00, data_in = 0x00, data_out = 0x00,  = 0x00, scsi_cmd_length = 0x0a, req_sense_length = 0x20, data_length = 0x00000008, data_addr = 0x0032a048, dummy = {"\000\000"}, host_stat = 0x00, target_stat = 0x00, target = 0x00, lun = 0x00, scsi_cmd = {"*\000\000\a9P\000\000\b\000\000\000"}, dummy2 = {"\000"}, link_id = 0x00, link_addr = 0x00000000, sense_ptr = 0x0032a028, scsi_sense = {error_code = 0x70, ext = {unextended = {blockhi = 0x00, blockmed = 0x05, blocklow = 0x00}, extended = {segment = 0x00, flags = 0x05, info = {"\000\000\000\000"}, extra_len = 0x18, extra_bytes = {"\000\000\000\000 \000\000\000\000\000\000\000\0010\000\000\000\000\000\000\000\000\000\000"}}}}, scat_gath = {{seg_len = 0x00001000, seg_addr = 0x0032a000}, {seg_len = 0x00001000, seg_addr = 0x00fdd000}, {seg_len = 0x00005000, seg_addr = 0x00064000}, {seg_len = 0x00001000, seg_addr = 0x00087000}, {seg_len = 0x00001000, seg_addr = 0x00fe3000}, {seg_len = 0x00002000, seg_addr = 0x0006!
 5000}, {seg_len = 0x00002000, seg_addr = 0x00b67000}, {seg_len = 0x00001000, seg_addr = 0x00067000}, {seg_len = 0x00001000, seg_addr = 0x00605000}, {seg_len = 0x00001000, seg_addr = 0x00f49000}, {seg_len = 0x00001000, seg_addr = 0x00f3a000}, {seg_len = 0x00001000, seg_addr = 0x00f3f000}, {seg_len = 0x000005b0, seg_addr = 0x00e67000}, {seg_len = 0x000005b0, seg_addr = 0x00f35000}, {seg_len = 0x00000000, seg_addr = 0x00000000} <repeats 19 times>}, next = 0xf0a05c00, xfer = 0xf01f0078, mbx = 0xf090387c, flags = 1, nexthash = 0x0, hashkey = 0x0032a000}
(kgdb) list
827      #endif  
828                     }
829                     wmbi->stat = BT_MBI_FREE;
830                     if (ccb) {
831                             untimeout(bt_timeout, (caddr_t)ccb);
832                             bt_done(unit, ccb);
833                     }
834                     /* Set the IN mail Box pointer for next */ bt_nextmbx(wmbi, wmbx, mbi);
835             }
836             if (!found) {
(kgdb) up
#19 0xf01afaa7 in exception:Xresume11 ()
(kgdb) up
#20 0xf01b819c in cpu_switch ()
(kgdb) down
#19 0xf01afaa7 in exception:Xresume11 ()
(kgdb) list
837                      for (i = 0; i < BT_MBX_SIZE; i++) {
838                             if (wmbi->stat != BT_MBI_FREE) {
839                                     found++;
840                                     break;
841                             }
842                             bt_nextmbx(wmbi, wmbx, mbi);
843                     }
844                     if (!found) {
845     #ifdef DEBUG
846                             printf("bt%d: mbi at 0x%08x should be found, stat=%02x..resync\n",
(kgdb) up
#20 0xf01b819c in cpu_switch ()
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb) 

>Description:

	Above panic, with 32 bit bus?

>How-To-Repeat:

	Once this far.

>Fix:
	Workaround might be disabling bounce buffers altogether (I
would like to limit the number of different kernels in use to few as
we have lots of identically configured machines).

	bounce buffer code shouldn't be called in this machine,
doesn't it say "enabling bounce buffer code" in boot on those which
need it?



>Audit-Trail:
>Unformatted:





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505031830.LAA09210>