Panic with swap-backed md devices

From: Giorgos Keramidas <keramida_at_ceid.upatras.gr>
Date: Thu, 15 May 2003 02:24:28 +0300
Trying to create and destroy a swap-backed md device results in panics
with today's CURRENT.  I was trying to make a new -t swap md disk to
test the problem described in a PR.  Using the following small shell
script I noticed that it always causes a panic when mdconfig -d is run:

	mdconfig -a -t swap -s 100m -u 10
	disklabel -r -w md10 auto
	newfs -O 1 -b 8192 -s 1024 md10
	mount /dev/md10 /mnt
	mount
	umount /mnt
	mount
	mdconfig -d -u 10

The backtrace, in case anyone can understand from it why the kernel
panics is:

# gdb -k /usr/obj/usr/src/sys/CELERON/kernel.debug vmcore.10
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: from debugger
panic messages:
---
panic: mutex vm object not owned at /usr/src/sys/vm/vm_pager.c:267
Stack backtrace:
panic: from debugger
Uptime: 58m16s
Dumping 511 MB
ata0: resetting devices ..
done
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
Reading symbols from /usr/obj/usr/src/sys/CELERON/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/CELERON/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /boot/kernel/star_saver.ko...done.
Loaded symbols for /boot/kernel/star_saver.ko
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:238
238		dumping++;
(kgdb) bt/x
A syntax error in expression, near `x'.
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:238
#1  0xc01da79d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:370
#2  0xc01daa2f in panic () at /usr/src/sys/kern/kern_shutdown.c:543
#3  0xc0138669 in db_panic () at /usr/src/sys/ddb/db_command.c:448
#4  0xc013860c in db_command (last_cmdp=0xc03263c0, cmd_table=0x0, aux_cmd_tablep=0xc0322028,
    aux_cmd_tablep_end=0xc032202c) at /usr/src/sys/ddb/db_command.c:346
#5  0xc01386d7 in db_command_loop () at /usr/src/sys/ddb/db_command.c:470
#6  0xc013ac3a in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
#7  0xc02c8224 in kdb_trap (type=3, code=0, regs=0xdce06a5c) at /usr/src/sys/i386/i386/db_interface.c:170
#8  0xc02d721c in trap (frame=
      {tf_fs = -1070858216, tf_es = 16, tf_ds = 16, tf_edi = 256, tf_esi = -1003533952, tf_ebp = -589272416, tf_isp = -589272440, tf_ebx = 0, tf_edx = 0, tf_ecx = -1070041760, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070824307, tf_cs = 8, tf_eflags = 646, tf_esp = -1070554621, tf_ss = -589272388}) at /usr/src/sys/i386/i386/trap.c:593
#9  0xc02c9748 in calltrap () at {standard input}:96
#10 0xc01da9e7 in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:527
#11 0xc01d3aac in _mtx_assert (m=0xc43bc000, what=0, file=0xc03195a2 "/usr/src/sys/vm/vm_pager.c", line=267)
    at /usr/src/sys/kern/kern_mutex.c:840
#12 0xc02a8b8d in vm_pager_deallocate (object=0xc43bc000) at /usr/src/sys/vm/vm_pager.c:267
#13 0xc015440b in mddestroy (sc=0xc4448700, td=0xc42f4980) at /usr/src/sys/dev/md/md.c:935
#14 0xc01545d7 in mddetach (unit=10, td=0xc42f4980) at /usr/src/sys/dev/md/md.c:1025
#15 0xc01546cc in mdctlioctl (dev=0xc037c420, cmd=3249564929, addr=0xc5e5ca00 "", flags=3, td=0xc42f4980)
    at /usr/src/sys/dev/md/md.c:1072
#16 0xc01ae3d2 in spec_ioctl (ap=0xdce06b88) at /usr/src/sys/fs/specfs/spec_vnops.c:347
#17 0xc01add67 in spec_vnoperate (ap=0x0) at /usr/src/sys/fs/specfs/spec_vnops.c:123
#18 0xc0228047 in vn_ioctl (fp=0xc41e1dd4, com=3249564929, data=0xc5e5ca00, active_cred=0xc1511280, td=0xc42f4980)
    at vnode_if.h:488
#19 0xc01f68ac in ioctl (td=0xc42f4980, uap=0xdce06d14) at file.h:251
#20 0xc02d797d in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134561322, tf_esi = -1077936632, tf_ebp = -1077936888, tf_isp = -589271692, tf_ebx = 3, tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 134516183, tf_cs = 31, tf_eflags = 658, tf_esp = -1077936932, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1021
#21 0xc02c979d in Xint0x80_syscall () at {standard input}:138
---Can't read userspace from dump, or kernel process---

(kgdb) up 12
#12 0xc02a8b8d in vm_pager_deallocate (object=0xc43bc000) at /usr/src/sys/vm/vm_pager.c:267
267		VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
(kgdb) list
262	void
263	vm_pager_deallocate(object)
264		vm_object_t object;
265	{
266
267		VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
268		(*pagertab[object->type]->pgo_dealloc) (object);
269	}
270
271	/*
(kgdb) up
#13 0xc015440b in mddestroy (sc=0xc4448700, td=0xc42f4980) at /usr/src/sys/dev/md/md.c:935
935			vm_pager_deallocate(sc->object);
(kgdb) list
930			(void)vn_close(sc->vnode, sc->flags & MD_READONLY ?
931			    FREAD : (FREAD|FWRITE), sc->cred, td);
932		if (sc->cred != NULL)
933			crfree(sc->cred);
934		if (sc->object != NULL) {
935			vm_pager_deallocate(sc->object);
936		}
937		if (sc->indir)
938			destroy_indir(sc, sc->indir);
939		if (sc->uma)
(kgdb) quit
Received on Wed May 14 2003 - 14:24:34 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:08 UTC