From nobody@FreeBSD.org  Tue Apr 16 08:53:01 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id A2FA937B41A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 16 Apr 2002 08:52:59 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g3GFqxb45148;
	Tue, 16 Apr 2002 08:52:59 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200204161552.g3GFqxb45148@freefall.freebsd.org>
Date: Tue, 16 Apr 2002 08:52:59 -0700 (PDT)
From: "Richard S. Conto" <rsc@merit.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic: biodone: Zero vnode ref count ... shortly after boot from ata-disk.c
X-Send-Pr-Version: www-1.0

>Number:         37144
>Category:       kern
>Synopsis:       panic: biodone: Zero vnode ref count ... shortly after boot from ata-disk.c
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 16 09:00:06 PDT 2002
>Closed-Date:    Mon May 05 02:55:59 PDT 2003
>Last-Modified:  Mon May 05 02:55:59 PDT 2003
>Originator:     Richard S. Conto
>Release:        4.5-STABLE (April 15, ~10:00 AM EDT)
>Organization:
Merit Network, Inc.
>Environment:
Doesn't stay up long enough to get a uname -a out of it.     
>Description:
See also kern/36790

After building a kernel with the option VFS_BIO_DEBUG, I get a string
of messages like this:

getblk: vmioing file type 4???
and
getblk: vmioing file type 2???

eventually leading to:

panic: biodone: zero vnode ref count


I am unable to get a kernel core dump (savecore), even though I've
long had it enabled (and have successfully done so in the past.)
My laptop has to be powered off/on to re-boot, so any kernel core
in memory is lost. Also, this bug is corrupting my filesystems,
so even if I can reboot without power on/off, and the savecore runs,
the filesystem doesn't keep the data.

I've instrumented 'biodone()' and 'getblk()' the way I did in pr kern/36790
and discovered that the panic is coming from ata-disk.c line 694, which
is the same place as before, in `ad_interrupt()'.

The 'getblk()' calls are coming from vfs_bio.c line 508, wbich is at
the begining of 'bread()'.


dmesg (from an older, working kernel) reports:

Copyright (c) 1992-2002 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 4.5-STABLE #1: Tue Mar 19 12:27:41 EST 2002
    root@x25.family:/usr/src/sys/compile/INSPIRON3K
Timecounter "i8254"  frequency 1193182 Hz
CPU: Pentium/P55C (quarter-micron) (200.46-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x581  Stepping = 1
  Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
real memory  = 150994944 (147456K bytes)
avail memory = 142159872 (138828K bytes)
Preloaded elf kernel "kernel.old" at 0xc0476000.
Intel Pentium detected, installing workaround for F00F bug
netsmb_dev: loaded
md0: Malloc disk
Using $PIR table, 3 entries at 0xc00fdf90
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
isab0: <Intel 82371AB PCI to ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xfcf0-0xfcff at device 1.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> at device 1.2 on pci0
uhci0: Could not map ports
device_probe_and_attach: uhci0 attach returned 6
chip1: <Intel 82371AB Power management controller> port 0x2180-0x218f at device 
1.3 on pci0
pci0: <NeoMagic MagicGraph 128XD SVGA controller> at 2.0
pcic0: <TI PCI-1131 PCI-CardBus Bridge> at device 4.0 on pci0
pcic0: PCI Memory allocated: 0x44000000
pcic0: Polling mode
pcic0: TI113X PCI Config Reg: [speaker enable][CSC serial isa irq]
pccard0: <PC Card bus (classic)> on pcic0
pcic1: <TI PCI-1131 PCI-CardBus Bridge> at device 4.1 on pci0
pcic1: PCI Memory allocated: 0x44001000
pcic1: Polling mode
pcic1: TI113X PCI Config Reg: [speaker enable][CSC serial isa irq]
pccard1: <PC Card bus (classic)> on pcic1
orm0: <Option ROM> at iomem 0xc0000-0xcbfff on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1: configured irq 3 not in bitmap of probed irqs 0
ppc0: parallel port not found.
sb_reset_dsp failed
IPv6 packet filtering initialized, default to accept, logging limited to 100 pac
kets/entry
IP packet filtering initialized, divert disabled, rule-based forwarding enabled,
 default to accept, logging limited to 100 packets/entry by default
ad0: 6194MB <IBM-DBCA-206480> [13424/15/63] at ata0-master UDMA33
acd0: CDROM <TOSHIBA CD-ROM XM-1702BC> at ata1-master PIO4
Mounting root from ufs:/dev/ad0s2a
pccard: card inserted, slot 0
pccard: card inserted, slot 1
WARNING: / was not properly dismounted
dumpon: crash dumps to /dev/ad0s2b (116, 196609)
swapon: adding /dev/ad0s2b as swap device
Automatic boot in progress...
/dev/ad0s2a: 
LINK COUNT DIR
 I=2  OWNER=root MODE=40755
/dev/ad0s2a: SIZE=1024 MTIME=Apr 16 11:25 2002  COUNT 26 SHOULD BE 28
/dev/ad0s2a: 
LINK COUNT INCREASING

/dev/ad0s2a: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
Automatic file system check failed . . . help!
Enter full pathname of shell or RETURN for /bin/sh: 
#

>How-To-Repeat:

>Fix:
      
>Release-Note:
>Audit-Trail:

From: "Richard S. Conto" <rsc@merit.edu>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc: "Richard S. Conto" <rsc@merit.edu>, sos@freebsd.org,
	rsc@merit.edu
Subject: Re: kern/37144: panic: biodone: Zero vnode ref count ... shortly after boot from ata-disk.c 
Date: Wed, 17 Apr 2002 13:29:33 -0400

 In http://www.freebsd.org/cgi/query-pr.cgi?pr=37144 I reported
 a kernel panic, when I had enabled "option VFS_BIO_DEBUG" in my Kernel
 config.
 
 The panic occurs in code that is #ifdef guarded by VFS_BIO_DEBUG, and so
 when I removed that config from my kernel and rebuilt my kernel, things 
 worked OK.
 
 So, there seems to be a bug in the VFS_BIO_DEBUG code.  Perhaps the
 panic() could be replaced with a printf().
 
 
 
 
 

From: "KAREN THODE" <thode12@msn.com>
To: <freebsd-gnats-submit@FreeBSD.org>, <rsc@merit.edu>
Cc:  
Subject: Re: kern/37144: panic: biodone: Zero vnode ref count ... shortly after boot from
Date: Tue, 24 Dec 2002 14:26:16 -0600

 ------=_NextPart_001_0005_01C2AB58.6B4AA140
 Content-Type: text/plain; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 This panic message is saying that biodone is panicking while it loads, or=
  not loading at all.  It could also mean that the function was passed an =
 invalid argument.
 
 Lucas
 
 ------=_NextPart_001_0005_01C2AB58.6B4AA140
 Content-Type: text/html; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 <HTML><BODY STYLE=3D"font:10pt verdana; border:none;"><DIV>This panic mes=
 sage is saying that biodone is panicking&nbsp;while&nbsp;it loads, or not=
  loading at all.&nbsp; It could also mean that the function was passed an=
  invalid argument.</DIV> <DIV>&nbsp;</DIV> <DIV>Lucas<BR><BR></DIV></BODY=
 ></HTML>
 
 ------=_NextPart_001_0005_01C2AB58.6B4AA140--
State-Changed-From-To: open->closed 
State-Changed-By: sos 
State-Changed-When: Mon May 5 02:54:43 PDT 2003 
State-Changed-Why:  
Timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37144 
>Unformatted:
