Opened 16 years ago
Closed 16 years ago
#3347 closed bug (fixed)
PANIC: IORequest::_CopyData(): invalid range: (1837760000, 16320)
| Reported by: | idefix | Owned by: | axeld |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | System/Kernel | Version: | R1/pre-alpha1 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
Did a 'jam -sDEBUG=1 wacom' in Haiku pre-alpha hrev28911.
KDL'd after 'Link generated/objects/haiku_host/x86/debug_1/tools/mimeset'; looked a lot like bug #2595 so I followed the debugging steps from that ticket (although I don't really understand what they do ;) ):
PANIC: IORequest::_CopyData(): invalid range: (1837760000, 16320)
Welcome to Kernel Debugging Land...
Thread 27 "scsi scheduler" running on CPU 0
kdebug> sc
stack trace for thread 27 "scsi scheduler"
kernel stack: 0x80524000 to 0x80528000
frame caller <image>:function + offset
0 80527a98 (+ 48) 8005bd55 <kernel_x86>:invoke_debugger_command + 0x00f5
1 80527ac8 (+ 64) 8005bb45 <kernel_x86> invoke_pipe_segment(debugger_command_pipe*: [34m0x80122a60[0m, int32: [34m0[0m, [34m0x0[0m [31m"<NULL>"[0m) + 0x0079
2 80527b08 (+ 64) 8005becc <kernel_x86>:invoke_debugger_command_pipe + 0x009c
3 80527b48 (+ 48) 8005d454 <kernel_x86> ExpressionParser<[32m0x80527bfc[0m>::_ParseCommandPipe([34m0x80527bf8[0m) + 0x0234
4 80527b78 (+ 64) 8005c88e <kernel_x86> ExpressionParser<[32m0x80527bfc[0m>::EvaluateCommand([34m0x801128a0[0m [36m"sc"[0m, [34m0x80527bf8[0m) + 0x02ba
5 80527bb8 (+ 224) 8005e87c <kernel_x86>:evaluate_debug_command + 0x0088
6 80527c98 (+ 64) 80059c52 <kernel_x86> kernel_debugger_loop() + 0x01ae
7 80527cd8 (+ 32) 8005aad5 <kernel_x86>:kernel_debugger + 0x004d
8 80527cf8 (+ 192) 8005aa7d <kernel_x86>:panic + 0x0029
9 80527db8 (+ 64) 80074a13 <kernel_x86> IORequest<[32m0x80fcccc0[0m>::_CopyData([34m0x802e9040[0m, int64: [34m1837760000[0m, uint32: [34m0x3fc0[0m ([34m16320[0m), [34mfalse[0m) + 0x006b
10 80527df8 (+ 64) 800749a1 <kernel_x86> IORequest<[32m0x80fcccc0[0m>::CopyData([34m0x802e9040[0m, int64: [34m1837760000[0m, uint32: [34m0x3fc0[0m ([34m16320[0m)) + 0x0029
11 80527e38 (+ 112) 800731c6 <kernel_x86> IOOperation<[32m0x80fb1460[0m>::Finish([34m0x1[0m, [34m0x80527ef8[0m, [34m0x200246[0m, [34m0x80fb1460[0m) + 0x0242
12 80527ea8 (+ 64) 8006caad <kernel_x86> IOScheduler<[32m0x80f967f8[0m>::_Finisher([34m0x4000[0m, [34m0x80527fb8[0m, [34m0x8006e1c8[0m, [34m0x80f86758[0m, IORequest: [34m0x80fb1460[0m) + 0x0151
13 80527ee8 (+ 208) 8006e1d1 <kernel_x86> IOScheduler<[32m0x80f967f8[0m>::_Scheduler([34m0x811d9000[0m, [34m0x80051441[0m, [34m0x80112694[0m, [34m0x0[0m, [34m0x0[0m, [34m0x80527ff8[0m, [34m0x800514bb[0m, [34m0x80f967f8[0m, [34m0x0[0m, [34m0x0[0m, int32: [34m0[0m, [34m0x0[0m, [34m0x0[0m, int32: [34m-2147150760[0m,
[*** READ FAULT at 0x80528000, pc: 0x800c8010 ***]
kdebug> call 11 -1
thread 27, scsi scheduler
80527e38 800731c6 <kernel_x86>:Finish__11IOOperation(0x80fb1460)
kdebug> io_
io_buffer io_context io_operation io_request
io_request_owner io_scheduler
kdebug> io_operation _arg1
io_operation at 0x80fb1460
parent: 0x80fcccc0
status: No error
dma buffer: 0x82329000
offset: 1837760000 (original: 1837760064)
length: 16384 (original: 16320)
transferred: 16320
block size: 512
saved vec index: 52428
saved vec length: 52428
r/w: read
phase: do all
partial begin: yes
partial end: no
bounce buffer: yes
kdebug> io_request _parent
io_request at 0x80fcccc0
owner: 0x82424694
parent: 0x81d78bf0
status: No Error (1)
mutex: 0x80fcccdc
IOBuffer: 0x81002c60
offset: 1837760064
length: 57280
transfer size: 57280
relative offset: 0
pending children: 1
flags: 0x0
team: 358
thread: 358
r/w: read
partial transfer: no
finished cvar: 0x80fccd34
iteration:
vec index: 0
vec offset: 57280
remaining bytes: 0
callbacks:
finished 0x00000000, cookie 0x00000000
iteration 0x00000000, cookie 0x00000000
children:
0x80fb1460
kdebug> dma_buffer 0x82329000
DMABuffer at 0x82329000
bounce buffer: 0x802e9000 (physical 0x1f64000)
bounce buffer size: 16384
vecs: 1
[0] 0x01f64000, 16384
kdebug> io_buffer _buffer
IOBuffer at 0x81002c60
origin: user
kind: virtual
length: 57280
capacity: 1
vecs: 1
[0] 0x1825ea5f, 73728
kdebug> io_request _parent
io_request at 0x81d78bf0
owner: 0x00000000
parent: 0x00000000
status: No Error (1)
mutex: 0x81d78c0c
IOBuffer: 0x81002a20
offset: 8256
length: 73728
transfer size: 73728
relative offset: 0
pending children: 1
flags: 0x0
team: 358
thread: 358
r/w: read
partial transfer: no
finished cvar: 0x81d78c64
iteration:
vec index: 1
vec offset: 0
remaining bytes: 0
callbacks:
finished 0x8009f374, cookie 0x81116758
iteration 0x8009f0f4, cookie 0x81116758
children:
0x80fcccc0
0x80fccb28
kdebug> child1=0x80fb1460
kdebug> io_operation child1
io_operation at 0x80fb1460
parent: 0x80fcccc0
status: No error
dma buffer: 0x82329000
offset: 1837760000 (original: 1837760064)
length: 16384 (original: 16320)
transferred: 16320
block size: 512
saved vec index: 52428
saved vec length: 52428
r/w: read
phase: do all
partial begin: yes
partial end: no
bounce buffer: yes
kdebug> continue
Attachments (2)
Change History (10)
by , 16 years ago
| Attachment: | seriallog.txt added |
|---|
follow-up: 4 comment:1 by , 16 years ago
I just encountered this one as well while downloading email and trying to open audio files with media player simultaneously...info as follows:
stack trace for thread 38 "scsi scheduler"
kernel stack: 0x80970000 to 0x80974000
frame caller <image>:function + offset
0 80973a98 (+ 48) 8005bd8d <kernel_x86>:invoke_debugger_command + 0x00f5
1 80973ac8 (+ 64) 8005bb7d <kernel_x86> invoke_pipe_segment(debugger_command_pipe*: 0x80122c60, int32: 0, 0x0 "<NULL>") + 0x0079
2 80973b08 (+ 64) 8005bf04 <kernel_x86>:invoke_debugger_command_pipe + 0x009c
3 80973b48 (+ 48) 8005d48c <kernel_x86> ExpressionParser<0x80973bfc>::_ParseCommandPipe(0x80973bf8) + 0x0234
4 80973b78 (+ 64) 8005c8c6 <kernel_x86> ExpressionParser<0x80973bfc>::EvaluateCommand(0x80115ca0 "bt", 0x80973bf8) + 0x02ba
5 80973bb8 (+ 224) 8005e8b4 <kernel_x86>:evaluate_debug_command + 0x0088
6 80973c98 (+ 64) 80059c8a <kernel_x86> kernel_debugger_loop() + 0x01ae
7 80973cd8 (+ 32) 8005ab0d <kernel_x86>:kernel_debugger + 0x004d
8 80973cf8 (+ 192) 8005aab5 <kernel_x86>:panic + 0x0029
9 80973db8 (+ 64) 80074af7 <kernel_x86> IORequest<0xb49ed3fc>::_CopyData(0x80701093, int64: 48054072832, uint32: 0x3f6d (16237), false) + 0x006b
10 80973df8 (+ 64) 80074a85 <kernel_x86> IORequest<0xb49ed3fc>::CopyData(0x80701093, int64: 48054072832, uint32: 0x3f6d (16237)) + 0x0029
11 80973e38 (+ 112) 800732aa <kernel_x86> IOOperation<0x811c91e0>::Finish(0x1, 0x80973ef8, 0x246, 0x811c91e0) + 0x0242
12 80973ea8 (+ 64) 8006cb55 <kernel_x86> IOScheduler<0x811b4660>::_Finisher(0x4000, 0x80973fb8, 0x8006e270, 0x811a27a8, IORequest: 0x811c91e0) + 0x0151
13 80973ee8 (+ 208) 8006e279 <kernel_x86> IOScheduler<0x811b4660>::_Scheduler(0x819fe000, 0x8005145d, 0x80113694, 0x0, 0x0, 0x80973ff8, 0x800514d7, 0x811b4660, 0x0, 0x0, int32: 0, 0x0, 0x0, int32: -2147150732, int32: 12, int16: -29421) + 0x07c1
14 80973fb8 (+ 32) 8006e4fa <kernel_x86> IOScheduler<0x811b4660>::_SchedulerThread(NULL) + 0x0012
15 80973fd8 (+ 32) 800514d7 <kernel_x86> _create_kernel_thread_kentry() + 0x001b
16 80973ff8 (+2137571336) 80051474 <kernel_x86> thread_kthread_exit() + 0x0000
kdebug> io_operation 0x811b4660
io_operation at 0x811b4660
parent: 0x811b1e88
status: No error
dma buffer: 0x00000027
offset: -9143952488757220088 (original: 0)
length: 0 (original: 0)
transferred: 3435973836
block size: 2166048352
saved vec index: 1157
saved vec length: 32784
r/w: read
phase: read begin
partial begin: no
partial end: no
bounce buffer: no
Parent IOP:
io_operation at 0x811b1e88
parent: 0x80100fb3
status: No error
dma buffer: 0x00010000
offset: 2199023386112 (original: 33554432)
length: 512 (original: 1024)
transferred: 32
block size: 16384
saved vec index: 53248
saved vec length: 33212
r/w: read
phase: unknown
partial begin: yes
partial end: yes
bounce buffer: yes
io_request at 0xb49ed3fc
owner: 0x81f4b454
parent: 0xcea84bf0
status: No Error (1)
mutex: 0xb49ed418
IOBuffer: 0xa91612a0
offset: 48054072979
length: 62317
transfer size: 62317
relative offset: 0
pending children: 4
flags: 0x0
team: 4791
thread: 4799
r/w: read
partial transfer: no
finished cvar: 0xb49ed470
iteration:
vec index: 1
vec offset: 0
remaining bytes: 0
callbacks:
finished 0x00000000, cookie 0x00000000
iteration 0x00000000, cookie 0x00000000
children:
0x811c91e0
0x811cf960
0x811c92d0
0x811cfaa0
Child I/O requests:
io_request at 0x811c91e0
owner: 0x0000000b
parent: 0xb49ed3fc
status: No error
mutex: 0x811c91fc
IOBuffer: 0x00004000
offset: 69737384001389
length: 512
transfer size: 3435973836
relative offset: 16777474
pending children: 0
flags: 0x0
team: 0
thread: 0
r/w: write
partial transfer: yes
finished cvar: 0x811c9254
iteration:
vec index: 4096
vec offset: 512
remaining bytes: 3435973836
callbacks:
finished 0x811ca960, cookie 0x811d0000
iteration 0x81bd6240, cookie 0xed5e0a00
children:
io_request at 0x811cf960
owner: 0x0000000b
parent: 0xb49ed3fc
status: No Error (1)
mutex: 0x811cf97c
IOBuffer: 0x00004000
offset: 16384
length: 512
transfer size: 3435973836
relative offset: 16777218
pending children: 0
flags: 0x0
team: 0
thread: 0
r/w: write
partial transfer: yes
finished cvar: 0x811cf9d4
iteration:
vec index: 2048
vec offset: 512
remaining bytes: 3435973836
callbacks:
finished 0x811cd050, cookie 0x811cc230
iteration 0x81d4f480, cookie 0x8c7ce200
children:
io_request at 0x811c92d0
owner: 0x0000000b
parent: 0xb49ed3fc
status: No Error (1)
mutex: 0x811c92ec
IOBuffer: 0x00004000
offset: 16384
length: 512
transfer size: 3435973836
relative offset: 16777218
pending children: 0
flags: 0x0
team: 0
thread: 0
r/w: write
partial transfer: yes
finished cvar: 0x811c9344
iteration:
vec index: 2048
vec offset: 512
remaining bytes: 3435973836
callbacks:
finished 0x811cbb40, cookie 0x811d4460
iteration 0x81bd9900, cookie 0x2f479200
children:
io_request at 0x811cfaa0
owner: 0x0000000b
parent: 0xb49ed3fc
status: No Error (1)
mutex: 0x811cfabc
IOBuffer: 0x00003400
offset: 13312
length: 512
transfer size: 3435973836
relative offset: 16777218
pending children: 0
flags: 0x0
team: 0
thread: 0
r/w: write
partial transfer: yes
finished cvar: 0x811cfb14
iteration:
vec index: 2048
vec offset: 512
remaining bytes: 3435973836
callbacks:
finished 0x811d4460, cookie 0x811c0b90
iteration 0x81d53d80, cookie 0x2f478200
children:
IOBuffer at 0xa91612a0
origin: user
kind: virtual
length: 62317
capacity: 1
vecs: 1
[0] 0x180a6fd8, 62317
Hope this helps.
follow-up: 3 comment:2 by , 16 years ago
Another possibly interesting detail: I was able to continue out of the debugger afterwards without triggering another panic.
comment:3 by , 16 years ago
Replying to anevilyak:
Another possibly interesting detail: I was able to continue out of the debugger afterwards without triggering another panic.
Yes, I have also observed this: compiling went on happily after I continued out of the debugger (see seriallog.txt and 'terminal output.txt').
comment:4 by , 16 years ago
Replying to anevilyak:
I just encountered this one as well while downloading email and trying to open audio files with media player simultaneously...info as follows:
kdebug> io_operation 0x811b4660
This is the IOScheduler's address. The IOOperation's would have been 0x811c91e0.
Parent IOP: io_operation at 0x811b1e88
[...] }}}
An IOOperation's parent is an IORequest, so this command wouldn't really produce useful output.
comment:5 by , 16 years ago
I am seeing an aweful lot of this panic recently. It happens when linking during gnash compilation. Testing on vmware, hrev29472, 524 MiB guest RAM, hybrid.
comment:6 by , 16 years ago
When you say "hybrid" do you mean a GCC2 system with additional GCC4 userland libraries, or the other way around?
Note:
See TracTickets
for help on using tickets.
Full serial log of the session.