detaching ata8 and then immediately reainiting it results in panic the problem might not necessarily be in ata subsystem: if I understand anything correctly, the culprit ("_mtx_lock_sleep" at /usr/src/sys/kern/kern_mutex.c:337) can also be observed in another, ata-unrelated case ('http://lists.freebsd.org/pipermail/freebsd-current/2007-May/072838.html') From vmcore.0: -=-=-=-=-=-=-=-=-=-=-8<-=-=-=-=-=-=-=-=-=-=- <118>Mar 23 17:33:03 soralx kernel: pid 4857 (dd), uid 2 inumber 511182 on /: filesystem full subdisk16: detached ad16: detached Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x188 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05c4014 stack pointer = 0x28:0xe808bb44 frame pointer = 0x28:0xe808bb5c code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 5010 (atacontrol) trap number = 12 panic: page fault cpuid = 0 Uptime: 1d2h35m25s Physical memory: 2030 MB -=-=-=-=-=-=-=-=-=-=->8-=-=-=-=-=-=-=-=-=-=- From `kgdb /boot/kernel/kernel ./vmcore.0`: -=-=-=-=-=-=-=-=-=-=-8<-=-=-=-=-=-=-=-=-=-=- [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". There is no member named pathname. (kgdb) bt #0 doadump () at pcpu.h:195 #1 0xc05d0407 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc05d06c9 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:563 #3 0xc07e8c2c in trap_fatal (frame=0xe808bb04, eva=392) at /usr/src/sys/i386/i386/trap.c:899 #4 0xc07e8e90 in trap_pfault (frame=0xe808bb04, usermode=0, eva=392) at /usr/src/sys/i386/i386/trap.c:812 #5 0xc07e97e2 in trap (frame=0xe808bb04) at /usr/src/sys/i386/i386/trap.c:490 #6 0xc07d019b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc05c4014 in _mtx_lock_sleep (m=0xc5701d10, tid=3317152960, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:335 #8 0xc04a2bdb in ata_start (dev=0xc57e4a80) at /usr/src/sys/dev/ata/ata-queue.c:177 #9 0xc0488eff in ata_ioctl (dev=0xc55c4d00, cmd=2147770626, data=0xc64ee5c0 "\b", flag=3, td=0xc5b7bcc0) at /usr/src/sys/dev/ata/ata-all.c:375 #10 0xc059cf0a in giant_ioctl (dev=0xc55c4d00, cmd=2147770626, data=0xc64ee5c0 "\b", fflag=3, td=0xc5b7bcc0) at /usr/src/sys/kern/kern_conf.c:349 #11 0xc0567afb in devfs_ioctl_f (fp=0xc5811708, com=2147770626, data=0xc64ee5c0, cred=0xc606dc00, td=0xc5b7bcc0) at /usr/src/sys/fs/devfs/devfs_vnops.c:494 #12 0xc0604935 in kern_ioctl (td=0xc5b7bcc0, fd=3, com=2147770626, data=0xc64ee5c0 "\b") at file.h:266 #13 0xc0604a94 in ioctl (td=0xc5b7bcc0, uap=0xe808bcfc) at /usr/src/sys/kern/sys_generic.c:570 #14 0xc07e91c9 in syscall (frame=0xe808bd38) at /usr/src/sys/i386/i386/trap.c:1035 #15 0xc07d0200 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196 #16 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) list *0xc05c4014 0xc05c4014 is in _mtx_lock_sleep (/usr/src/sys/kern/kern_mutex.c:337). 332 */ 333 v = m->mtx_lock; 334 if (v != MTX_UNOWNED) { 335 owner = (struct thread *)(v & ~MTX_FLAGMASK); 336 #ifdef ADAPTIVE_GIANT 337 if (TD_IS_RUNNING(owner)) { 338 #else 339 if (m != &Giant && TD_IS_RUNNING(owner)) { 340 #endif 341 if (LOCK_LOG_TEST(&m->lock_object, 0)) -=-=-=-=-=-=-=-=-=-=->8-=-=-=-=-=-=-=-=-=-=- How-To-Repeat: `atacontrol detach ata8; sleep 4 && atacontrol reinit ata8`
State Changed From-To: open->feedback Submitter: please send us ouput of `mount'. I think you're detaching a disk which holds mounted filesystems, which is a really, really bad idea.
State Changed From-To: feedback->open feedback received by private mail, not a problem with mounted filesystem system panics without active mounts on the detached drive (clean umount before detach done).
This fix has been suggested by Andrey V. Elsukov on the bugs ML and confirmed by the submitter to fix the problem. Unfortunately this still hasn't been committed: Index: src/sys/dev/ata/ata-all.c =================================================================== RCS file: /ncvs/src/sys/dev/ata/ata-all.c,v retrieving revision 1.280 diff -u -b -p -r1.280 ata-all.c --- src/sys/dev/ata/ata-all.c 4 Oct 2007 19:17:15 -0000 1.280 +++ src/sys/dev/ata/ata-all.c 29 Mar 2008 17:41:53 -0000 @@ -372,7 +372,6 @@ ata_ioctl(struct cdev *dev, u_long cmd, !(device = devclass_get_device(ata_devclass, *value))) return ENXIO; error = ata_reinit(device); - ata_start(device); break; case IOCATAATTACH:
State Changed From-To: open->analyzed forgotten to set state analyzed
State Changed From-To: analyzed->patched attac/detach/reinit implementation was reworked on 8-CURRENT.
State Changed From-To: patched->closed fixed for 7-STABLE with c183475