Subject: kern/36690: KASSERT(delta > 0) in kern_physio
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <permezel@mac.com>
List: netbsd-bugs
Date: 07/25/2007 07:10:01
>Number: 36690
>Category: kern
>Synopsis: KASSERT(delta > 0) in kern_physio
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 25 07:10:01 +0000 2007
>Originator: Damon Permezel
>Release: 4.0 beta 2 from June 26
>Organization:
>Environment:
NetBSD zardoz.damon.com 4.0_BETA2 NetBSD 4.0_BETA2 (ZARDOZ) #0: Tue Jun 26 15:37:57 EST 2007 dap@zardoz.damon.com:/home/dap/proj/3.1/obj/sys/arch/i386/compile/ZARDOZ i386
>Description:
running: dd bs=32k </dev/nrst0 >0
After panic/reboot, I did: mt rew; dd bs=32k </dev/nrst0 >0 count=1
and she immediately wedged tight requiring fresh electrons.
I have found in the past that tape support was somewhat touch and go. If I try and use the same tape drive to erase a tape (dd </dev/zero bs=128k >/dev/nrst0), quite likely I will get errors on end of media and never be able to recover the tape drive unless I reboot with fresh electrons. Just reboot with the same old electrons and she's still hosed, which might have something to do with the hand-after-panic I report in second paragraph, which is why I am rambling on so.
No locals.
#1 0xc0292941 in panic (fmt=0x0)
at /home/dap/proj/3.1/src/sys/kern/subr_prf.c:246
bootopt = 256
ap = 0xcba629d8 "\224-<¿c\202>¿ÿ\201>¿?\001"
intrace = 0
#2 0xc038abac in __assert (t=0xc03c2d94 "diagnostic ",
f=0xc03e81d8 "/home/dap/proj/3.1/src/sys/kern/kern_physio.c", l=441,
e=0xc03e8263 "delta > 0")
at /home/dap/proj/3.1/src/sys/lib/libkern/__assert.c:45
No locals.
#3 0xc0274b7e in physio (strategy=0xc030b49b <ststrategy>, obp=0x0, dev=3585,
flags=1048576, min_phys=0xc018e47f <ahc_minphys>, uio=0xcba62b90)
at /home/dap/proj/3.1/src/sys/kern/kern_physio.c:445
iovp = (struct iovec *) 0xcba62bb4
l = (struct lwp *) 0xcd2bc010
p = (struct proc *) 0xcd4df034
i = 1
s = <value optimized out>
error = 0
error2 = <value optimized out>
bp = (struct buf *) 0x0
mbp = (struct buf *) 0xc21bd70c
concurrency = 15
#4 0xc030a59c in stread (dev=3585, uio=0xcba62b90, iomode=0)
at /home/dap/proj/3.1/src/sys/dev/scsipi/st.c:1375
No locals.
#5 0xc02c6aeb in spec_read (v=0xcba62b08)
at /home/dap/proj/3.1/src/sys/miscfs/specfs/spec_vnops.c:294
vp = (struct vnode *) 0xcff482d0
uio = (struct uio *) 0xcba62b90
l = (struct lwp *) 0xcd2bc010
bp = <value optimized out>
bdev = <value optimized out>
cdev = (const struct cdevsw *) 0x0
bsize = <value optimized out>
bscale = <value optimized out>
dpart = {disklab = 0xc03f0689, part = 0x135}
n = <value optimized out>
on = <value optimized out>
error = <value optimized out>
#6 0xc02c0c03 in VOP_READ (vp=0xcff482d0, uio=0xcba62b90, ioflag=0,
cred=0xcd1abc24) at /home/dap/proj/3.1/src/sys/kern/vnode_if.c:424
a = {a_desc = 0xc03a3d60, a_vp = 0xcff482d0, a_uio = 0xcba62b90,
a_ioflag = 0, a_cred = 0xcd1abc24}
#7 0xc02bec14 in vn_read (fp=0xcd1f6114, offset=0xcd1f6140, uio=0xcba62b90,
cred=0xcd1abc24, flags=1)
at /home/dap/proj/3.1/src/sys/kern/vfs_vnops.c:448
vp = (struct vnode *) 0xcff482d0
error = <value optimized out>
ioflag = 0
#8 0xc0297198 in dofileread (l=0xcd2bc010, fd=0, fp=0xcd1f6114,
buf=0x804f000, nbyte=32768, offset=0xcd1f6140, flags=1, retval=0xcba62c68)
at /home/dap/proj/3.1/src/sys/kern/sys_generic.c:153
aiov = {iov_base = 0x8057000, iov_len = 0}
auio = {uio_iov = 0xcba62bb4, uio_iovcnt = 1, uio_offset = 32768,
uio_resid = 0, uio_rw = UIO_READ, uio_vmspace = 0xcd8f6150}
p = (struct proc *) 0xcd4df034
vm = (struct vmspace *) 0xcd8f6150
cnt = <value optimized out>
error = 0
ktriov = {iov_base = 0x0, iov_len = 0}
#9 0xc02972fe in sys_read (l=0xcd2bc010, v=0xcba62c48, retval=0xcba62c68)
at /home/dap/proj/3.1/src/sys/kern/sys_generic.c:103
fd = 0
fp = (struct file *) 0xcd1f6114
p = <value optimized out>
(gdb) print *mbp
$2 = {b_u = {u_actq = {tqe_next = 0xdeadbeef, tqe_prev = 0xc21bdc40},
u_work = {wk_entry = {sqe_next = 0xdeadbeef}}}, b_interlock = {
lock_data = 0x0,
lock_file = 0xc03e9d07 "/home/dap/proj/3.1/src/sys/kern/kern_synch.c",
unlock_file = 0xc03e81d8 "/home/dap/proj/3.1/src/sys/kern/kern_physio.c",
lock_line = 0x27f, unlock_line = 0x1b3, list = {tqe_next = 0x0,
tqe_prev = 0x0}, lock_holder = 0xffffffff}, b_flags = 0x810,
b_error = 0x5, b_prio = 0x1, b_bufsize = 0xdeadbeef, b_bcount = 0xdeadbeef,
b_resid = 0xdeadbeef, b_dev = 0xffffffff, b_un = {
b_addr = 0xdeadbeef <Address 0xdeadbeef out of bounds>},
b_blkno = 0xdeadbeefdeadbeef, b_rawblkno = 0xdeadbeefdeadbeef,
b_iodone = 0xdeadbeef, b_proc = 0xdeadbeef, b_vp = 0xdeadbeef, b_dep = {
lh_first = 0x0}, b_saveaddr = 0xdeadbeef, b_fspriv = {
bf_private = 0xdeadbeef, bf_dcookie = 0xdeadbeefdeadbeef}, b_hash = {
le_next = 0xdeadbeef, le_prev = 0xdeadbeef}, b_vnbufs = {
le_next = 0xdeadbeef, le_prev = 0xdeadbeef}, b_freelist = {
tqe_next = 0xdeadbeef, tqe_prev = 0xdeadbeef}, b_lblkno = 0x10000,
b_freelistindex = 0x0}
(gdb) print *uio
$3 = {uio_iov = 0xcba62bb4, uio_iovcnt = 0x1, uio_offset = 0x8000,
uio_resid = 0x0, uio_rw = UIO_READ, uio_vmspace = 0xcd8f6150}
(gdb) p *iovp
$4 = {iov_base = 0x8057000, iov_len = 0x0}
So uio_offset = 0x8000 and b_endoffset == b_lblkno == 0x10000
delta = uio->uio_offset - mbp->b_endoffset;
KASSERT(delta > 0);
delta = 8000 - 10000.
>How-To-Repeat:
dd detape.
>Fix:
Don't use tapes?