Date: Sat, 01 Jun 1996 03:39:03 +0900 From: KATO Takenori <kato@eclogite.eps.nagoya-u.ac.jp> To: current@freebsd.org Subject: panic: vwakup: neg numoutput Message-ID: <199605311839.DAA01782@marble.eps.nagoya-u.ac.jp>
next in thread | raw e-mail | index | archive | help
I am having panic by SCSI CD-ROM access. I mount 4.4BSD-Lite2 CD-ROM,
and do:
cd /cdrom/4.4BSD-Lite/usr/src/lib/libc
egrep DTF */*
After disk access, kernel show the following message:
panic: vwakeup: neg numoutput
I changed into the kernel which was built before VM mega-commit, I got
same panic. The version 2.1.0 kernel doesn't panic, and egrep works.
The stack frame trace with kgdb show:
kato@marble[84]% kgdb
#0 boot (howto=256) (...)
#1 0xf0119207 in panic (...)
#2 0xf0130de3 in vwakeup (...)
#3 0xf012da6a in biodone (...)
#4 0xf01861eb in cd:cd_strategy (...)
#5 0xf018bd94 in scsi_strategy (...)
#6 0xf0185dc8 in cd:cdstrategy (...)
#7 0xf0138f1a in spec_strategy (...)
#8 0xf0108030 in cd9660_vnops:cd9660_strategy (...)
#9 0xf012eed3 in cluster_read (...)
#10 0xf0107665 in cd9660_vnops:cd9660_read (...)
#11 0xf0135b32 in vfs_vnops:vn_read (...)
#12 0xf011a84f in read (...)
#13 0xf01b823d in syscall (...)
Reading in symbols for ../../kern/vfs_bio.c...done.
#3 0xf012da6a in biodone (bp=(struct buf *) 0xf2c9ed14) (../../kern/vfs_bio.c line 1377)
1377 vwakeup(bp);
(kgdb) list
1372 return;
1373 }
1374 bp->b_flags |= B_DONE;
1375
1376 if ((bp->b_flags & B_READ) == 0) {
1377 vwakeup(bp);
1378 }
1379 #ifdef BOUNCE_BUFFERS
1380 if (bp->b_flags & B_BOUNCE)
1381 vm_bounce_free(bp);
(kgdb) x bp
0xf2c9ed14 <end+44643220>: 0xf2c8d52c
(kgdb) print bp->b_flags
$4 = 68112
#4 0xf01861eb in cd_strategy (bp=(struct buf *) 0xf2c9ed14, sc_link=(struct scsi_link *) 0xf0938700) (../../scsi/cd.c line 484)
li484 biodone(bp);
(kgdb) list
479
480 /*
481 * Correctly set the buf to indicate a completed xfer
482 */
483 bp->b_resid = bp->b_bcount;
484 biodone(bp);
485 return;
486 }
487
488 /*
#9 0xf012eed3 in cluster_read (vp=(struct vnode *) 0xf0d92400, filesize=0x1800, lblkno=0, size=2048, cred=(struct ucred *) 0x0, bpp=(struct buf **) 0xefbffecc) (./vnode_if.h line 1116)
1116 return (VCALL((bp)->b_vp, VOFFSET(vop_strategy), &a));
(kgdb) list
1111 {
1112 struct vop_strategy_args a;
1113
1114 a.a_desc = VDESC(vop_strategy);
1115 a.a_bp = bp;
1116 return (VCALL((bp)->b_vp, VOFFSET(vop_strategy), &a));
1117 }
1118
1119 struct vop_bwrite_args {
1120 struct vnodeop_desc *a_desc;
(kgdb) i line * 0xf012eed3
Line 1116 of "./vnode_if.h" starts at pc 0xf012ee06 and ends at 0xf012ee23.
(kgdb) disassemble 0xf012eed3 0xf012ee4c
Dump of assembler code from 0xf012eed3 to 0xf012ee4c:
End of assembler dump.
(kgdb) disassemble 0xf012eed3 0xf012ef40
Dump of assembler code from 0xf012eed3 to 0xf012ef1c:
0xf012eed3 <cluster_read+795>: addl $0x4,%esp
0xf012eed6 <cluster_read+798>: incl -266339692
0xf012eedc <cluster_read+804>: movl 52(%ebx),%eax
0xf012eedf <cluster_read+807>: cltd
0xf012eee0 <cluster_read+808>: idivl 24(%ebp),%eax
0xf012eee3 <cluster_read+811>: addl %eax,-266339688
0xf012eee9 <cluster_read+817>: movl -266415424,%edx
0xf012eeef <cluster_read+823>: movl 24(%edx),%edx
0xf012eef2 <cluster_read+826>: incl 44(%edx)
0xf012eef5 <cluster_read+829>: cmpl $0x0,-40(%ebp)
0xf012eef9 <cluster_read+833>: je 0xf012ef0c
0xf012eefb <cluster_read+835>: movl -40(%ebp),%edx
0xf012eefe <cluster_read+838>: testb $0x4,36(%edx)
0xf012ef02 <cluster_read+842>: jne 0xf012ef0c
0xf012ef04 <cluster_read+844>: pushl %edx
0xf012ef05 <cluster_read+845>: call 0xf012d830
0xf012ef0a <cluster_read+850>: jmp 0xf012ef0f
0xf012ef0c <cluster_read+852>: movl -48(%ebp),%eax
0xf012ef0f <cluster_read+855>: leal -76(%ebp),%esp
0xf012ef12 <cluster_read+858>: popl %ebx
0xf012ef13 <cluster_read+859>: popl %esi
0xf012ef14 <cluster_read+860>: popl %edi
0xf012ef15 <cluster_read+861>: leave
0xf012ef16 <cluster_read+862>: ret
0xf012ef17 <cluster_read+863>: addb %dl,-119(%ebp)
0xf012ef1a <vfs_cluster:cluster_rbuild+2>: inl $0x83,%eax
0xf012ef1c <vfs_cluster:cluster_rbuild+4>: inb (%dx),%al
End of assembler dump.
The bp->b_flags is set as:
B_MALLOC | B_DONE | B_ERROR | B_BUSY
B_DONE might be set in biodone(), and B_ERROR might be set in
cd_strategy(). The disassemble list show VOP_STRATEGY (vnode_if.h
line 1116) is second VOP_STRATEGY in cluster_read(). So, the buffer
may be the return value of cluster_rbuild().
The value of b_flags suggests following process.
1) first getblk() in cluster_rbuild() returns buffer with
B_MALLOC | B_BUSY.
2) VOP_STRATEGY in cluster_read() calls cd9660_strategy(),
spec_strategy(), ..., cd_strategy().
3) cd_strategy() set B_ERROR and jump to bad label, then it calls
biodone. (Now b_flags is B_MALLOC | B_BUSY | B_ERROR)
4) Because B_READ is not set, biodone call vwakeup().
5) Panic!
I compared vfs_cluster.c between 2.1.0-RELEASE version and revision
1.35 in current, and I found the change which could cause above
process.
In change of vfs_cluster.c from 1.34 to 1.35, in cluster_rbuild():
tbp = getblk(vp, lbn, size, 0, 0);
if (tbp->b_flags & B_CACHE)
return tbp;
was changed into
tbp = getblk(vp, lbn, size, 0, 0);
if (tbp->b_flags & (B_CACHE|B_MALLOC))
return tbp;
If getblk of both 2.1.0 and current returns the buffer with B_MALLOC,
B_ASYNC and B_READ are set in 2.1.0 but they aren't set in current.
Comment please.
----
KATO Takenori <kato@eclogite.eps.nagoya-u.ac.jp>
Dept. Earth Planet. Sci., Nagoya Univ., Nagoya, 464-01, Japan
Voice: +81-52-789-2529 Fax: +81-52-789-3033
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605311839.DAA01782>