From owner-freebsd-bugs Mon Apr 7 08:54:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA19636 for bugs-outgoing; Mon, 7 Apr 1997 08:54:44 -0700 (PDT) Received: from pat.idt.unit.no (0@pat.idt.unit.no [129.241.103.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA19628 for ; Mon, 7 Apr 1997 08:54:40 -0700 (PDT) Received: from idt.unit.no (26850@kamelia.idt.unit.no [129.241.111.27]) by pat.idt.unit.no (8.8.5/8.8.5) with ESMTP id RAA23471; Mon, 7 Apr 1997 17:53:53 +0200 (MET DST) Message-Id: <199704071553.RAA23471@pat.idt.unit.no> To: lampa@fee.vutbr.cz Cc: freebsd-bugs@freefall.freebsd.org Subject: Re: i386/3195: ahc panic In-Reply-To: Your message of "Mon, 7 Apr 1997 00:20:02 -0700 (PDT)" References: <199704070720.AAA27745@freefall.freebsd.org> X-Mailer: Mew version 1.06 on Emacs 19.34.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 07 Apr 1997 17:53:51 +0200 From: Tor Egge Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Still the same problems, after some time error: > > ahc1:A:1: no active SCB for reconnecting target - issuing ABORT > SAVED_TCL == 0x10 > ahc1:A:1: Target did not send an IDENTIFY message > LASTPHAS = 0x0, SAVED_TCL = 0x10 > > and systems loops in ahc driver, everytime I hit kernel debugger, stack is: > > ahc_scsi_cmd > scsi_scsi_cmd > sdstart > free_xs > scsi_done > ahc_done > ahc_run_done_queue > ahc_reset_channel > I see the same problem with FreeBSD 3.0-current. (kgdb) where #0 boot (howto=260) at ../../kern/kern_shutdown.c:244 #1 0xe0118a53 in panic (fmt=0xe0101479 "from debugger") at ../../kern/kern_shutdown.c:368 #2 0xe0101495 in db_panic (dummy1=-535016711, dummy2=0, dummy3=-1, dummy4=0xe0202c74 "") at ../../ddb/db_command.c:440 #3 0xe0101385 in db_command (last_cmdp=0xe0203bb4, cmd_table=0xe0203a04, aux_cmd_tablep=0xe022cbcc) at ../../ddb/db_command.c:337 #4 0xe0101502 in db_command_loop () at ../../ddb/db_command.c:462 #5 0xe0103c93 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:75 #6 0xe01c48f1 in kdb_trap (type=3, code=0, regs=0xe0202d60) at ../../i386/i386/db_interface.c:140 #7 0xe01cee84 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 2, tf_esi = 134, tf_ebp = -534762076, tf_isp = -534762104, tf_ebx = 6, tf_edx = -535016767, tf_ecx = -1073490214, tf_eax = 38, tf_trapno = 3, tf_err = 0, tf_eip = -535016711, tf_cs = 8, tf_eflags = 598, tf_esp = -535016783, tf_ss = -534846881}) at ../../i386/i386/trap.c:403 #8 0xe01c4af9 in Debugger (msg=0xe01ee25f "manual escape to debugger") at ../../i386/i386/db_interface.c:269 #9 0xe01eef7e in scgetc (flags=2) at ../../i386/isa/syscons.c:3001 #10 0xe01ea50f in scintr (unit=0) at ../../i386/isa/syscons.c:657 #11 0xe01d047b in getit () at ../../i386/isa/clock.c:353 #12 0xe01d0525 in DELAY (n=1000) at ../../i386/isa/clock.c:422 #13 0xe019de02 in sc_err1 (xs=0xf007f380) at ../../scsi/scsi_base.c:762 #14 0xe019da75 in scsi_scsi_cmd (sc_link=0xef49da00, scsi_cmd=0xe0202eb4, cmdlen=10, data_addr=0xf5521000 "\204\027E\013\013s7?7", datalen=32768, retries=4, timeout=10000, bp=0xf0f6dd00, flags=2049) at ../../scsi/scsi_base.c:584 #15 0xe01a26ed in sdstart (unit=6, flags=1) at ../../scsi/sd.c:628 #16 0xe019d24e in free_xs (xs=0xf007f380, sc_link=0xef49da00, flags=1) at ../../scsi/scsi_base.c:128 #17 0xe019d75a in scsi_done (xs=0xf007f380) at ../../scsi/scsi_base.c:449 #18 0xe01f9008 in ahc_done (ahc=0xefea3000, scb=0xefea4ec0) at ../../i386/scsi/aic7xxx.c:1951 #19 0xe01fc7b1 in ahc_run_done_queue (ahc=0xefea3000) at ../../i386/scsi/aic7xxx.c:3796 #20 0xe01fc77a in ahc_reset_channel (ahc=0xefea3000, channel=65 'A', xs_error=3, initiate_reset=1) at ../../i386/scsi/aic7xxx.c:3782 #21 0xe01fae7b in ahc_timeout (arg=0xf0110380) at ../../i386/scsi/aic7xxx.c:3031 #22 0xe010f21c in softclock () at ../../kern/kern_clock.c:717 (kgdb) When scsi_scsi_cmd calls ahc_scsi_cmd, ahc_scsi_cmd detects that ahc->in_reset is nonzero, and returns COMPLETE; with xs->error set to XS_BUSY scsi_scsi_cmd then calls sc_err1. sc_err1 performs a DELAY(1000), before returning SCSIRET_DO_RETRY. This causes scsi_scsi_cmd to go to the retry label, causing an infinite loop. Due to this infinite loop being initiated from a timeout, further timeouts are blocked, and ahc->in_reset is never cleared. Perhaps free_xs should know when to NOT queue a new request onto the device ? - Tor Egge