Date: Sat, 7 Oct 2006 02:24:07 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/104079: kldunload fdc.ko leads to panic: mutex Giant owned Message-ID: <200610062324.k96NO77v001382@homelynx.homenet> Resent-Message-ID: <200610062330.k96NURPw068580@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 104079
>Category: kern
>Synopsis: kldunload fdc.ko leads to panic: mutex Giant owned
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 06 23:30:26 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Dmitry Pryanishnikov
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
Atlantis ISP
>Environment:
System: FreeBSD homelynx.homenet 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Fri Oct 6 23:51:35 EEST 2006 root@homelynx.homenet:/usr/obj/usr/RELENG_6/src/sys/lynx i386
>Description:
When fdc.ko loaded via loader and then unloaded by 'kldunload fdc.ko',
the following panic happens using INVARIANTS-enabled kernel:
panic: mutex Giant owned at
/usr/RELENG_6/src/sys/modules/fdc/../../dev/fdc/fdc.c:1984
Here is the relevant part of the backtrace:
#11 0xc04999d3 in panic (fmt=0xc05eda72 "mutex %s owned at %s:%d")
at /usr/RELENG_6/src/sys/kern/kern_shutdown.c:549
td = (struct thread *) 0xc36aea80
bootopt = 256
newpanic = 1
ap = 0xe56abbdc "7Û^ÀËs}ÀÀ\a"
buf = "mutex Giant owned at
/usr/RELENG_6/src/sys/modules/fdc/../../dev/fdc/fdc.c:1984",
'\0' <repeats 176 times>
#12 0xc0491ed8 in _mtx_assert (m=0xc063f7c0, what=-1056878592,
file=0xc07d73cb "/usr/RELENG_6/src/sys/modules/fdc/../../dev/fdc/fdc.c",
line=1984) at /usr/RELENG_6/src/sys/kern/kern_mutex.c:781
No locals.
#13 0xc07d65c2 in fd_detach (dev=0xc36d1200)
at /usr/RELENG_6/src/sys/modules/fdc/../../dev/fdc/fdc.c:1984
fd = (struct fd_data *) 0xc36e0300
#14 0xc04adddc in device_detach (dev=0xc36d1200) at device_if.h:211
No locals.
#15 0xc04acb18 in devclass_delete_driver (busclass=0xc3634400,
driver=0xc07d8030) at /usr/RELENG_6/src/sys/kern/subr_bus.c:927
dc = 0xc36343c0
dl = 0xc360f840
dev = 0xc36d1200
i = 0
error = 18
#16 0xc04af6a1 in driver_module_handler (mod=0xc328a780, what=1,
arg=0xc07d801c) at /usr/RELENG_6/src/sys/kern/subr_bus.c:3743
error = -1016904704
dmd = (struct driver_module_data *) 0xc07d801c
bus_devclass = 0xc3634400
driver = 0x1
#17 0xc0491437 in module_unload (mod=0xc328a780, flags=0)
at /usr/RELENG_6/src/sys/kern/kern_module.c:240
error = 18
#18 0xc048bfb6 in linker_file_unload (file=0xc35a0700, flags=0)
at /usr/RELENG_6/src/sys/kern/kern_linker.c:512
mod = 0xc328a780
next = 0xc328a740
ml = 0xc1015000
nextml = 0xc328a780
cp = (struct common_symbol *) 0xc1015000
error = 0
i = -1020745856
#19 0xc048c748 in kern_kldunload (td=0xc35a0700, fileid=26, flags=0)
at /usr/RELENG_6/src/sys/kern/kern_linker.c:828
lf = 0xc35a0700
error = 2
#20 0xc048c7a6 in kldunloadf (td=0xc36aea80, uap=0x0)
at /usr/RELENG_6/src/sys/kern/kern_linker.c:858
No locals.
#21 0xc05c3feb in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 26, tf_esi = -1077940458, tf
_ebp = -1077940696, tf_isp = -445989532, tf_ebx = 1, tf_edx = 0, tf_ecx = 1, tf_
eax = 444, tf_trapno = 12, tf_err = 2, tf_eip = -2012504617, tf_cs = 51, tf_efla
gs = 658, tf_esp = -1077941828, tf_ss = 59})
at /usr/RELENG_6/src/sys/i386/i386/trap.c:983
params = 0xbfbfe9c0 <Address 0xbfbfe9c0 out of bounds>
callp = (struct sysent *) 0xc061a7b0
td = (struct thread *) 0xc36aea80
>How-To-Repeat:
Build the kernel w/o fdc and with INVARIANTS, add
fdc_load="YES"
into the /boot/loader.conf, reboot into single-user mode (just to prevent
possible FS corruptions), configure crash dump device with
dumpon -v /dev/_your_swap_partition_
and just do
kldunload fdc.ko
>Fix:
Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610062324.k96NO77v001382>