Date: Wed, 3 May 1995 11:30:03 -0700 From: Heikki Suonsivu <hsu@clinet.fi> To: freebsd-bugs Subject: kern/378: vm_bounce_page_free called while no bounce bufgfers used Message-ID: <199505031830.LAA09210@freefall.cdrom.com> In-Reply-To: Your message of Wed, 3 May 1995 21:24:53 %2B0300 <199505031824.VAA04513@katiska.clinet.fi>
index | next in thread | previous in thread | raw e-mail
>Number: 378
>Category: kern
>Synopsis: (apparently) bounce buffer code gets used on 32bit bus
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs (FreeBSD bugs mailing list)
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 3 11:30:01 1995
>Originator: Heikki Suonsivu
>Organization:
Helsinki University of Technology, Finland
>Release: FreeBSD 2.1.0-Development i386
>Environment:
P60 as an nntp server in addition to normal work:
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = bio
panic: page fault
dumping to dev 401, offset 344064
dump 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Probing for devices on the ISA bus:
sc0 at 0x60-0x6f irq 1 on motherboard
sc0: VGA color <16 virtual consoles, flags=0x0>
ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
ed0: address 00:00:c0:7a:8d:2c, type WD8013EP (16 bit)
bpf: ed0 attached
lpt0 not found at 0x3bc
sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16450
sio1 not found at 0x2f8
sio2 not found at 0x3e8
sio3 not found at 0x2e8
pca0 on isa
pca0: PC speaker audio driver
bt0: Bt946C/ 0-PCI/EISA/VLB(32bit) bus
bt0: reading board settings, busmastering, int=11
bt0: version 4.23, sync, parity, 32 mbxs, 32 ccbs
bt0: targ 0 sync rate=10.00MB/s(100ns), offset=15
bt0: targ 1 sync rate=10.00MB/s(100ns), offset=15
bt0: targ 3 sync rate=10.00MB/s(100ns), offset=15
bt0: Enabling Round robin scheme
bt0 at 0x330 irq 11 on isa
bt0 waiting for scsi devices to settle
(bt0:0:0): "IBM 0662S12 !O 2 23" type 0 fixed SCSI 2
sd0(bt0:0:0): Direct-Access 1003MB (2055035 512 byte sectors)
(bt0:1:0): "SEAGATE ST32550N 0012" type 0 fixed SCSI 2
sd1(bt0:1:0): Direct-Access 2047MB (4194058 512 byte sectors)
(bt0:3:0): "SEAGATE ST31200N 9348" type 0 fixed SCSI 2
sd3(bt0:3:0): Direct-Access 1011MB (2072435 512 byte sectors)
aha0 not probed due to I/O address conflict with bt0 at 0x330
wdc0 not found at 0x1f0
wdc1 not found at 0x170
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 765
fd0: 1.44MB 3.5in
mcd0: timeout getting status
mcd0 not found at 0x300
le0: no board found at 0x300
le0 not found at 0x300
npx0 on motherboard
npx0: INT 16 interface
matcd0 not found at 0xffffffff
matcd1 not found at 0xffffffff
matcd2 not found at 0xffffffff
matcd3 not found at 0xffffffff
bio_imask c0000840 tty_imask c0030032 net_imask c0030032
Probing for devices on the pci0 bus:
configuration mode 2 allows 16 devices.
pci0:0: vendor=0x10b9, device=0x1451, class=bridge [not supported]
pci0:2: vendor=0x10b9, device=0x1449, class=old [not supported]
pci0:3: vendor=0x104b, device=0x1040, class=storage [not supported]
map(10): io(ffe4)
changing root device to sd0a
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
sd3s1: type 0xa5, start 0, end = 2072434, size 2072435 : OK
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
bpf: ds0 attached
bpf: lo0 attached
bpf: ppp0 attached
bpf: ppp1 attached
bpf: ppp2 attached
bpf: ppp3 attached
bpf: ppp4 attached
bpf: ppp5 attached
bpf: ppp6 attached
bpf: ppp7 attached
bpf: ppp8 attached
bpf: ppp9 attached
bpf: ppp10 attached
bpf: ppp11 attached
bpf: ppp12 attached
bpf: ppp13 attached
bpf: ppp14 attached
bpf: ppp15 attached
bpf: ppp16 attached
bpf: ppp17 attached
bpf: ppp18 attached
bpf: ppp19 attached
bpf: ppp20 attached
bpf: ppp21 attached
bpf: ppp22 attached
bpf: ppp23 attached
bpf: ppp24 attached
bpf: ppp25 attached
bpf: ppp26 attached
bpf: ppp27 attached
bpf: ppp28 attached
bpf: ppp29 attached
bpf: ppp30 attached
bpf: ppp31 attached
bpf: sl0 attached
bpf: sl1 attached
bpf: sl2 attached
bpf: sl3 attached
bpf: sl4 attached
bpf: sl5 attached
bpf: sl6 attached
bpf: sl7 attached
bpf: sl8 attached
bpf: sl9 attached
bpf: sl10 attached
bpf: sl11 attached
bpf: sl12 attached
bpf: sl13 attached
bpf: sl14 attached
bpf: sl15 attached
bpf: tun0 attached
sd0s1: type 0xa5, start 0, end = 2055034, size 2055035 : OK
WARNING: / was not properly dismounted
sd3s1: type 0xa5, start 0, end = 2072434, size 2072435 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
sd1s1: type 0xa5, start 0, end = 4194057, size 4194058 : OK
panic: vm_bounce_page_free: invalid bounce buffer
syncing disks...
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xa0
fault code = supervisor read, page not present
instruction pointer
Current directory is /var/crash/
Reading symbol data from /var/crash/kernel.15...done.
(kgdb) core vmcore.15
IdlePTD 246000
panic: vm_bounce_page_free: invalid bounce buffer
current pcb at 1f7520
Reading in symbols for ../../i386/i386/machdep.c...done.
(kgdb) directory /usr/src/compile/CLINETSERVER
/usr/src/compile/CLINETSERVER: No such file or directory.
(kgdb) directory /usr/src/sys/compile/CLINETSERVER
Source directories searched: /m/katiska/news/crash:/usr/src/sys/compile/CLINETSERVER
(kgdb) bt
#0 boot (arghowto=260) (../../i386/i386/machdep.c line 869)
#1 0xf01147c3 in panic (...)
#2 0xf01b939e in trap_fatal (...)
#3 0xf01b8f10 in trap_pfault (...)
#4 0xf01b8bd7 in trap (...)
#5 0xf01aeb81 in exception:calltrap (-227581896, 16, -267227880, 0)
#6 0xf0126d4f in biowait (...)
#7 0xf0125601 in bread (...)
#8 0xf018f16d in ffs_update (...)
#9 0xf019162a in ffs_sync (...)
#10 0xf012bbfe in sync (...)
#11 0xf01b10cc in boot (arghowto=256) (../../i386/i386/machdep.c line 828)
#12 0xf01147c3 in panic (...)
#13 0xf01ba964 in vm_bounce_page_free (...)
#14 0xf01baf00 in vm_bounce_free (...)
#15 0xf0126ee3 in biodone (...)
#16 0xf0185184 in scsi_done (...)
#17 0xf01bdedb in bt_done (...)
#18 0xf01bda54 in btintr (...)
#19 0xf01afaa7 in exception:Xresume11 ()
#20 0xf01b819c in cpu_switch ()
(kgdb) list
Reading in symbols for ../../kern/init_main.c...done.
121 /*
122 * System startup; initialize the world, create process 0, mount root
123 * filesystem, and fork to create init and pagedaemon. Most of the
124 * hard work is done in the lower-level initialization routines including
125 * startup(), which does memory initialization and autoconfiguration.
126 */
127 void
128 main(framep)
129 void *framep;
130 {
(kgdb) up
Reading in symbols for ../../kern/subr_prf.c...done.
#1 0xf01147c3 in panic (fmt=(char *) 0xf01b88de "page fault") (../../kern/subr_prf.c line 128)
(kgdb) list
123 kdbpanic();
124 #endif
125 #ifdef DDB
126 Debugger ("panic");
127 #endif
128 boot(bootopt);
129 }
130
131 /*
132 * Warn that a system table is full.
(kgdb) up
Reading in symbols for ../../i386/i386/trap.c...done.
#2 0xf01b939e in trap_fatal (frame=(struct trapframe *) 0xf01e1d5c) (../../i386/i386/trap.c line 688)
(kgdb) list
683 #ifdef DDB
684 if (kdb_trap (type, 0, frame))
685 return;
686 #endif
687 if (type <= MAX_TRAP_MSG)
688 panic(trap_msg[type]);
689 else
690 panic("unknown/reserved trap");
691 }
692
(kgdb) list
693 /*
694 * Compensate for 386 brain damage (missing URKR).
695 * This is a little simpler than the pagefault handler in trap() because
696 * it the page tables have already been faulted in and high addresses
697 * are thrown out early for other reasons.
698 */
699 int trapwrite(addr)
700 unsigned addr;
701 {
702 struct proc *p;
(kgdb) up
#3 0xf01b8f10 in trap_pfault (frame=(struct trapframe *) 0xf01e1d5c, usermode=0) (../../i386/i386/trap.c line 610)
(kgdb) print usermode
$1 = 0
(kgdb) print frame
$2 = (struct trapframe *) 0xf01e1d5c
(kgdb) print *frame
$3 = {tf_es = 16, tf_ds = 16, tf_edi = -1, tf_esi = -227581896, tf_ebp = -266461784, tf_isp = -266461820, tf_ebx = 0, tf_edx = 1073739711, tf_ecx = 0, tf_eax = -2146435056, tf_trapno = 12, tf_err = 0, tf_eip = -267317170, tf_cs = 8, tf_eflags = 66118, tf_esp = -227581896, tf_ss = -1073739712}
(kgdb) print curpcb
$4 = -194781184
(kgdb) print *curpcb
$5 = 0
(kgdb) up
#4 0xf01b8bd7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1, tf_esi = -227581896, tf_ebp = -266461784, tf_isp = -266461820, tf_ebx = 0, tf_edx = 1073739711, tf_ecx = 0, tf_eax = -2146435056, tf_trapno = 12, tf_err = 0, tf_eip = -267317170, tf_cs = 8, tf_eflags = 66118, tf_esp = -227581896, tf_ss = -1073739712}) (../../i386/i386/trap.c line 290)
(kgdb) print type
$6 = 0
(kgdb) up
#5 0xf01aeb81 in exception:calltrap (-227581896, 16, -267227880, 0)
(kgdb) up
Reading in symbols for ../../kern/vfs_bio.c...done.
#6 0xf0126d4f in biowait (bp=(struct buf *) 0xf26f6038) (../../kern/vfs_bio.c line 1032)
(kgdb) print *bp
Cannot read memory: address 0x0 out of bounds.
(kgdb) list
1027 biowait(register struct buf * bp)
1028 {
1029 int s;
1030
1031 s = splbio();
1032 while ((bp->b_flags & B_DONE) == 0)
1033 tsleep((caddr_t) bp, PRIBIO, "biowait", 0);
1034 splx(s);
1035 if (bp->b_flags & B_EINTR) {
1036 bp->b_flags &= ~B_EINTR;
(kgdb) frame
#6 0xf0126d4f in biowait (bp=(struct buf *) 0xf26f6038) (../../kern/vfs_bio.c line 1032)
(kgdb) print *(struct buf *) 0xf26f6038
$7 = {b_hash = {le_next = 0xf26e9e08, le_prev = 0xf0228c00}, b_vnbufs = {le_next = 0x0, le_prev = 0xf0a2902c}, b_freelist = {tqe_next = 0x0, tqe_prev = 0xf01f76a4}, b_actf = 0x0, b_actb = 0x0, b_proc = 0x0, b_flags = 1049104, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x00000400, b_un = {b_addr = 0xf2fd8000 "\200!\001"}, b_saveaddr = 0x0, b_lblkno = 24176, b_blkno = 24176, b_iodone = 0x0, b_iodone_chain = 0x0, b_vp = 0xf0a29000, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 24176, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02b049c, 0xf02b05a0, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
#7 0xf0125601 in bread (vp=(struct vnode *) 0xf0a29000, blkno=24176, size=8192, cred=(struct ucred *) 0xffffffff, bpp=(struct buf **) 0xf01e1e24) (../../kern/vfs_bio.c line 183)
(kgdb) print *bp
$8 = {b_hash = {le_next = 0xf26e9e08, le_prev = 0xf0228c00}, b_vnbufs = {le_next = 0x0, le_prev = 0xf0a2902c}, b_freelist = {tqe_next = 0x0, tqe_prev = 0xf01f76a4}, b_actf = 0x0, b_actb = 0x0, b_proc = 0x0, b_flags = 1049104, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x00000400, b_un = {b_addr = 0xf2fd8000 "\200!\001"}, b_saveaddr = 0x0, b_lblkno = 24176, b_blkno = 24176, b_iodone = 0x0, b_iodone_chain = 0x0, b_vp = 0xf0a29000, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 24176, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02b049c, 0xf02b05a0, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../ufs/ffs/ffs_inode.c...done.
#8 0xf018f16d in ffs_update (ap=(struct vop_update_args *) 0xf01e1e50) (../../ufs/ffs/ffs_inode.c line 133)
(kgdb) list
128 */
129 if (fs->fs_inodefmt < FS_44INODEFMT) { /* XXX */
130 ip->i_din.di_ouid = ip->i_uid; /* XXX */
131 ip->i_din.di_ogid = ip->i_gid; /* XXX */
132 } /* XXX */
133 error = bread(ip->i_devvp, fsbtodb(fs, ino_to_fsba(fs, ip->i_number)),
134 (int)fs->fs_bsize, NOCRED, &bp);
135 if (error) {
136 brelse(bp);
137 return (error);
(kgdb) print ip
$9 = (struct inode *) 0xf0aa1a00
(kgdb) print *ip
$10 = {i_next = 0x0, i_prev = 0xf0a1bed4, i_vnode = 0xf0aa0980, i_devvp = 0xf0a29000, i_flag = 0x00000000, i_dev = 0x00000400, i_number = 0x00000bb5, inode_u = {fs = 0xf0a2b800, lfs = 0xf0a2b800}, i_dquot = {0x0, 0x0}, i_modrev = 0x33303f80, i_lockf = 0x0, i_lockholder = 0, i_lockwaiter = 0, i_count = 0, i_endoff = 0, i_diroff = 0, i_offset = 0, i_ino = 0x00000000, i_reclen = 0x00000000, i_lockcount = 0, i_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, i_din = {di_mode = 0x21a0, di_nlink = 1, di_u = {oldids = {0x0000, 0x0000}, inumber = 0x00000000}, di_size = 0x0, di_atime = {ts_sec = 799517567, ts_nsec = 0}, di_mtime = {ts_sec = 789934118, ts_nsec = 0}, di_ctime = {ts_sec = 791069396, ts_nsec = 0}, di_db = {3329, 0 <repeats 11 times>}, di_ib = {0, 0, 0}, di_flags = 0x00000000, di_blocks = 0, di_gen = 791069637, di_uid = 0x00000000, di_gid = 0x00000005, di_spare = {0, 0}}}
(kgdb) print fs
$11 = (struct fs *) 0xf0a2b800
(kgdb) print *fs
$12 = {fs_link = 0x0, fs_rlink = 0x0, fs_sblkno = 16, fs_cblkno = 24, fs_iblkno = 32, fs_dblkno = 152, fs_cgoffset = 56, fs_cgmask = -8, fs_time = 799517538, fs_size = 61440, fs_dsize = 59247, fs_ncg = 16, fs_bsize = 8192, fs_fsize = 1024, fs_frag = 8, fs_minfree = 5, fs_rotdelay = 0, fs_rps = 60, fs_bmask = -8192, fs_fmask = -1024, fs_bshift = 13, fs_fshift = 10, fs_maxcontig = 1, fs_maxbpg = 2048, fs_fragshift = 3, fs_fsbtodb = 1, fs_sbsize = 2048, fs_csmask = -512, fs_csshift = 9, fs_nindir = 2048, fs_inopb = 64, fs_nspf = 2, fs_optim = 0, fs_npsect = 99, fs_interleave = 1, fs_trackskew = 0, fs_headswitch = 0, fs_trkseek = 0, fs_csaddr = 152, fs_cssize = 1024, fs_cgsize = 1024, fs_ntrak = 5, fs_nsect = 99, fs_spc = 495, fs_ncyl = 249, fs_cpg = 16, fs_ipg = 960, fs_fpg = 3960, fs_cstotal = {cs_ndir = 103, cs_nbfree = 2816, cs_nifree = 13356, cs_nffree = 500}, fs_fmod = 0, fs_clean = 0, fs_ronly = 0, fs_flags = 0, fs_fsmnt = {"/", '\000' <repeats 511 times>}, fs_cgrotor = 7!
, fs_csp = {0xf0a24400, 0x0 <repeats 31 times>}, fs_cpc = 16, fs_opostbl = {{0, 0, 0, 0, 0, 0, 0, 0} <repeats 16 times>}, fs_sparecon = {0 <repeats 50 times>}, fs_contigsumsize = 0, fs_maxsymlinklen = 60, fs_inodefmt = 2, fs_maxfilesize = 0x0, fs_qbmask = 8191, fs_qfmask = 1023, fs_state = 0, fs_postblformat = 1, fs_nrpos = 1, fs_postbloff = 1376, fs_rotbloff = 1408, fs_magic = 72020, fs_space = {"\000"}}
(kgdb) print fd->fs_bsiz
No symbol "fd" in current context.
(kgdb) print fd->fs_bsize
No symbol "fd" in current context.
(kgdb) print fs->fs_bsize
$13 = 8192
(kgdb) up
Reading in symbols for ../../ufs/ffs/ffs_vfsops.c...done.
#9 0xf019162a in ffs_sync (mp=(struct mount *) 0xf0a2ac00, waitfor=2, cred=(struct ucred *) 0xf0901780, p=(struct proc *) 0xf022afb0) (./vnode_if.h line 850)
850 (./vnode_if.h)
(kgdb) list
./vnode_if.h: No such file or directory.
(kgdb) up
Reading in symbols for ../../kern/vfs_syscalls.c...done.
#10 0xf012bbfe in sync (p=(struct proc *) 0xf022afb0, uap=(struct sync_args *) 0x0, retval=(int *) 0x0) (../../kern/vfs_syscalls.c line 335)
(kgdb) print mp
$14 = (struct mount *) 0xf0a2ac00
(kgdb) print *mp
$15 = {mnt_list = {tqe_next = 0xf0a05400, tqe_prev = 0xf02285ec}, mnt_op = 0xf01e8d90, mnt_vnodecovered = 0x0, mnt_vnodelist = {lh_first = 0xf0aaae00}, mnt_flag = 4214784, mnt_maxsymlinklen = 60, mnt_stat = {f_type = 1, f_flags = 20480, f_bsize = 1024, f_iosize = 8192, f_blocks = 59247, f_bfree = 23028, f_bavail = 20065, f_files = 15358, f_ffree = 13356, f_fsid = {val = {1024, 1}}, f_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0}, f_mntonname = {"/", '\000' <repeats 89 times>}, f_mntfromname = {"/dev/sd0a", '\000' <repeats 81 times>}}, mnt_data = 0xf0a2a600, mnt_vfc = 0x0}
(kgdb) list
330 */
331 if ((mp->mnt_flag & (MNT_MLOCK|MNT_RDONLY|MNT_MPBUSY)) == 0 &&
332 !vfs_busy(mp)) {
333 asyncflag = mp->mnt_flag & MNT_ASYNC;
334 mp->mnt_flag &= ~MNT_ASYNC;
335 VFS_SYNC(mp, MNT_NOWAIT, p != NULL ? p->p_ucred : NOCRED, p);
336 if (asyncflag)
337 mp->mnt_flag |= MNT_ASYNC;
338 vfs_unbusy(mp);
339 }
(kgdb) up
#11 0xf01b10cc in boot (arghowto=256) (../../i386/i386/machdep.c line 828)
(kgdb) print proc
No symbol "proc" in current context.
(kgdb) print proc0
$16 = {p_forw = 0x0, p_back = 0x0, p_next = 0x0, p_prev = 0xf0a17108, p_cred = 0xf0231ccc, p_fd = 0xf01f5890, p_stats = 0xf0247288, p_limit = 0xf022fd5c, p_vmspace = 0xf01f8cac, p_sigacts = 0xf024715c, p_flag = 516, p_stat = 3, p_pad1 = {"\000\000\000"}, p_pid = 0, p_hash = 0x0, p_pgrpnxt = 0xf0a69b00, p_pptr = 0x0, p_osptr = 0x0, p_ysptr = 0x0, p_cptr = 0xf0a69b00, p_oppid = 0, p_dupfd = 0, p_estcpu = 0x00000000, p_cpticks = 0, p_pctcpu = 0x00000000, p_wchan = 0xf022afb0, p_wmesg = 0xf01a41d2 "sched", p_swtime = 0x000000f2, p_slptime = 0x00000009, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {tv_sec = 0, tv_usec = 0}}, p_rtime = {tv_sec = 0, tv_usec = 10510}, p_uticks = 0x0, p_sticks = 0x2e, p_iticks = 0x9, p_traceflag = 0, p_tracep = 0x0, p_siglist = 0, p_textvp = 0x0, p_lock = 0, p_pad2 = {"\000\000\000"}, p_spare = {0, 0}, p_sigmask = 0x00000000, p_sigignore = 0x18488000, p_sigcatch = 0x00000000, p_priority = 0x04, p_usrpri = 0x32, p_nice = 0, p_com!
m = {"swapper\000\000\000\000\000\000\000\000\000\000"}, p_pgrp = 0xf022cc20, p_sysent = 0xf01e3620, p_rtprio = {type = 0x0001, prio = 0x0000}, p_thread = 0, p_addr = 0xf0247000, p_md = {md_flags = 0, md_regs = 0x0}, p_xstat = 0x0000, p_acflag = 0x0000, p_ru = 0x0}
(kgdb) print panicstr
$17 = (char *) 0xf01ba8e6 "vm_bounce_page_free: invalid bounce buffer"
(kgdb) list
823 /*
824 * Release inodes held by texts before update.
825 */
826 if (panicstr == 0)
827 vnode_pager_umount(NULL);
828 sync(&proc0, NULL, NULL);
829
830 for (iter = 0; iter < 20; iter++) {
831 nbusy = 0;
832 for (bp = &buf[nbuf]; --bp >= buf; ) {
(kgdb) up
#12 0xf01147c3 in panic (fmt=(char *) 0xf01ba8e6 "vm_bounce_page_free: invalid bounce buffer") (../../kern/subr_prf.c line 128)
(kgdb) list
123 kdbpanic();
124 #endif
125 #ifdef DDB
126 Debugger ("panic");
127 #endif
128 boot(bootopt);
129 }
130
131 /*
132 * Warn that a system table is full.
(kgdb) up
Reading in symbols for ../../i386/i386/vm_machdep.c...done.
#13 0xf01ba964 in vm_bounce_page_free (pa=0x00fd8000, count=1) (../../i386/i386/vm_machdep.c line 169)
(kgdb) list
164 if( pa == bouncepa[index])
165 break;
166 }
167
168 if( index == bouncepages)
169 panic("vm_bounce_page_free: invalid bounce buffer");
170
171 allocindex = index / BITS_IN_UNSIGNED;
172 bit = index % BITS_IN_UNSIGNED;
173
(kgdb) print index
$18 = 0
(kgdb) print bouncepages
$19 = 128
(kgdb) print count
$20 = 1
(kgdb) up
#14 0xf01baf00 in vm_bounce_free (bp=(struct buf *) 0xf26e6e18) (../../i386/i386/vm_machdep.c line 452)
(kgdb) list
447 */
448
449 /*
450 printf("(kva: %x, pa: %x)", bouncekva, mybouncepa);
451 */
452 vm_bounce_page_free(mybouncepa, 1);
453 }
454
455 origkva += copycount;
456 bouncekva += copycount;
(kgdb) print mynouncepa
No symbol "mynouncepa" in current context.
(kgdb) print mybouncepa
$21 = 0x00fd8000
(kgdb) print *mybouncepa
Cannot read memory: address 0xfd8000 out of bounds.
(kgdb) up
#15 0xf0126ee3 in biodone (bp=(struct buf *) 0xf26e6e18) (../../kern/vfs_bio.c line 1069)
(kgdb) print bp->b_flags
$22 = -536870316
(kgdb) print *bp
$23 = {b_hash = {le_next = 0x0, le_prev = 0x0}, b_vnbufs = {le_next = 0x87654321, le_prev = 0x0}, b_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, b_actf = 0xf26e6938, b_actb = 0x0, b_proc = 0x0, b_flags = -536870316, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x0000040e, b_un = {b_addr = 0xf2789000 }, b_saveaddr = 0xf0a81120, b_lblkno = 4838, b_blkno = 2292656, b_iodone = 0xf0128440, b_iodone_chain = 0x0, b_vp = 0xf0aaa380, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 2292656, b_savekva = 0xf3bd4000 , b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02ac7ac, 0xf02b0260, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../scsi/scsi_base.c...done.
#16 0xf0185184 in scsi_done (xs=(struct scsi_xfer *) 0xf0a83e00) (../../scsi/scsi_base.c line 429)
(kgdb) print bp
$24 = (struct buf *) 0xf26e6e18
(kgdb) print *bp
$25 = {b_hash = {le_next = 0x0, le_prev = 0x0}, b_vnbufs = {le_next = 0x87654321, le_prev = 0x0}, b_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, b_actf = 0xf26e6938, b_actb = 0x0, b_proc = 0x0, b_flags = -536870316, b_qindex = 0, b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 0x0000040e, b_un = {b_addr = 0xf2789000 }, b_saveaddr = 0xf0a81120, b_lblkno = 4838, b_blkno = 2292656, b_iodone = 0xf0128440, b_iodone_chain = 0x0, b_vp = 0xf0aaa380, b_pfcent = 0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0xffffffff, b_wcred = 0xffffffff, b_validoff = 0, b_validend = 0, b_pblkno = 2292656, b_savekva = 0xf3bd4000 , b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_pages = {0xf02ac7ac, 0xf02b0260, 0x0 <repeats 14 times>}, b_npages = 2}
(kgdb) up
Reading in symbols for ../../i386/isa/bt742a.c...done.
#17 0xf01bdedb in bt_done (unit=0, ccb=(struct bt_ccb *) 0xf0a05000) (../../i386/isa/bt742a.c line 1087)
(kgdb) print xs
$26 = (struct scsi_xfer *) 0xf0a83e00
(kgdb) print *xs
$27 = {next = 0xf0a83d00, flags = 0x00000831, sc_link = 0xf0901a00, retries = 0x04, spare = {"\300\255\336"}, timeout = 10000, cmd = 0xf0a83e58, cmdlen = 10, data = 0xf27a0000 , datalen = 4096, resid = 0, error = 0, bp = 0xf26f5e98, sense = {error_code = 0xde, ext = {unextended = {blockhi = 0xc0, blockmed = 0xad, blocklow = 0xde}, extended = {segment = 0xc0, flags = 0xad, info = {"\336\336\300\255"}, extra_len = 0xde, extra_bytes = {"\336\300\255\336\336\300\255\336", '\000' <repeats 16 times>}}}}, req_sense_length = 0, status = 0, cmdstore = {opcode = 0x2a, bytes = {"\000\000\"\267\220\000\000\b\000\000\000"}}}
(kgdb) up
#18 0xf01bda54 in btintr (unit=0) (../../i386/isa/bt742a.c line 832)
(kgdb) print unit
$28 = 0
(kgdb) print ccb
$29 = (struct bt_ccb *) 0xf0a05000
(kgdb) print *ccb
$30 = {opcode = 0x02, = 0x00, data_in = 0x00, data_out = 0x00, = 0x00, scsi_cmd_length = 0x0a, req_sense_length = 0x20, data_length = 0x00000008, data_addr = 0x0032a048, dummy = {"\000\000"}, host_stat = 0x00, target_stat = 0x00, target = 0x00, lun = 0x00, scsi_cmd = {"*\000\000\a9P\000\000\b\000\000\000"}, dummy2 = {"\000"}, link_id = 0x00, link_addr = 0x00000000, sense_ptr = 0x0032a028, scsi_sense = {error_code = 0x70, ext = {unextended = {blockhi = 0x00, blockmed = 0x05, blocklow = 0x00}, extended = {segment = 0x00, flags = 0x05, info = {"\000\000\000\000"}, extra_len = 0x18, extra_bytes = {"\000\000\000\000 \000\000\000\000\000\000\000\0010\000\000\000\000\000\000\000\000\000\000"}}}}, scat_gath = {{seg_len = 0x00001000, seg_addr = 0x0032a000}, {seg_len = 0x00001000, seg_addr = 0x00fdd000}, {seg_len = 0x00005000, seg_addr = 0x00064000}, {seg_len = 0x00001000, seg_addr = 0x00087000}, {seg_len = 0x00001000, seg_addr = 0x00fe3000}, {seg_len = 0x00002000, seg_addr = 0x0006!
5000}, {seg_len = 0x00002000, seg_addr = 0x00b67000}, {seg_len = 0x00001000, seg_addr = 0x00067000}, {seg_len = 0x00001000, seg_addr = 0x00605000}, {seg_len = 0x00001000, seg_addr = 0x00f49000}, {seg_len = 0x00001000, seg_addr = 0x00f3a000}, {seg_len = 0x00001000, seg_addr = 0x00f3f000}, {seg_len = 0x000005b0, seg_addr = 0x00e67000}, {seg_len = 0x000005b0, seg_addr = 0x00f35000}, {seg_len = 0x00000000, seg_addr = 0x00000000} <repeats 19 times>}, next = 0xf0a05c00, xfer = 0xf01f0078, mbx = 0xf090387c, flags = 1, nexthash = 0x0, hashkey = 0x0032a000}
(kgdb) list
827 #endif
828 }
829 wmbi->stat = BT_MBI_FREE;
830 if (ccb) {
831 untimeout(bt_timeout, (caddr_t)ccb);
832 bt_done(unit, ccb);
833 }
834 /* Set the IN mail Box pointer for next */ bt_nextmbx(wmbi, wmbx, mbi);
835 }
836 if (!found) {
(kgdb) up
#19 0xf01afaa7 in exception:Xresume11 ()
(kgdb) up
#20 0xf01b819c in cpu_switch ()
(kgdb) down
#19 0xf01afaa7 in exception:Xresume11 ()
(kgdb) list
837 for (i = 0; i < BT_MBX_SIZE; i++) {
838 if (wmbi->stat != BT_MBI_FREE) {
839 found++;
840 break;
841 }
842 bt_nextmbx(wmbi, wmbx, mbi);
843 }
844 if (!found) {
845 #ifdef DEBUG
846 printf("bt%d: mbi at 0x%08x should be found, stat=%02x..resync\n",
(kgdb) up
#20 0xf01b819c in cpu_switch ()
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb)
>Description:
Above panic, with 32 bit bus?
>How-To-Repeat:
Once this far.
>Fix:
Workaround might be disabling bounce buffers altogether (I
would like to limit the number of different kernels in use to few as
we have lots of identically configured machines).
bounce buffer code shouldn't be called in this machine,
doesn't it say "enabling bounce buffer code" in boot on those which
need it?
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505031830.LAA09210>