kern/41977: kernel diagnostic assertion "rw_lock_held(&wl->wl_rwlock)" failed

>Number:         41977
>Category:       kern
>Synopsis:       kernel diagnostic assertion "rw_lock_held(&wl->wl_rwlock)" 
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 02 12:05:00 +0000 2009
>Originator:     Nicolas Joly
>Release:        NetBSD 5.99.15
        Institut Pasteur
System: NetBSD 5.99.15 NetBSD 5.99.15 (NICODEME) #1: 
Tue Sep 1 12:04:53 CEST 2009
Architecture: x86_64
Machine: amd64
Useing dd(1) to extract data from a cd-rom generate a diagnostic kernel panic
when exiting.

panic: kernel diagnostic assertion "rw_lock_held(&wl->wl_rwlock)" failed: file 
"/local/src/NetBSD/src/sys/kern/vfs_wapbl.c", line 1539

The problem is hit when the cd-rom device is present on a ffs+log filesystem,
but not on tmpfs.

njoly@nicodeme [~]> df -G /dev       
         / (/dev/wd0a   ):   16384 block size        16384 frag size
   5161119 total blocks    4986101 free blocks     4728046 available
   1293803 total files     1297406 free files            0 filesys id
       ffs fstype        0x2005000 flag                255 filename length
         0 owner                 0 syncwrites          291 asyncwrites
njoly@nicodeme [~]> mount -v | grep wd0a
/dev/wd0a on / type ffs (log, local, root file system, fsid: 0x0/0x78b, reads: 
sync 6616 async 0, writes: sync 0 async 303)

It is highly reproductible with the following commands :

njoly@nicodeme [~]> dd if=/dev/cd0d of=/dev/null count=10
10+0 records in
10+0 records out
5120 bytes transferred in 2.826 secs (1811 bytes/sec)

njoly@nicodeme [~]> dd if=/dev/cd0d of=/dev/null
^C20988+0 records in
20988+0 records out
10745856 bytes transferred in 5.246 secs (2048390 bytes/sec)

root@nicodeme [/var/crash]# gdb netbsd.9.gdb
GNU gdb 6.5
(gdb) target kvm netbsd.9.core
#0  0xffffffff804be0e8 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at /local/src/NetBSD/src/sys/arch/amd64/amd64/machdep.c:698
698                     dumpsys();
(gdb) bt
#0  0xffffffff804be0e8 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at /local/src/NetBSD/src/sys/arch/amd64/amd64/machdep.c:698
#1  0xffffffff80660294 in panic (
    fmt=0xffffffff80af6778 <Address 0xffffffff80af6778 out of bounds>)
    at /local/src/NetBSD/src/sys/kern/subr_prf.c:296
#2  0xffffffff8079d801 in __kernassert (t=0x0, f=0x0, l=0, e=0x0)
    at /local/src/NetBSD/src/sys/lib/libkern/__assert.c:50
#3  0xffffffff80747af8 in wapbl_add_buf (wl=0xffff800007de9400, 
    at /local/src/NetBSD/src/sys/kern/vfs_wapbl.c:848
#4  0xffffffff80733059 in bdwrite (bp=0xffff800007dc8e60)
    at /local/src/NetBSD/src/sys/kern/vfs_bio.c:917
#5  0xffffffff802a9c11 in ffs_update (vp=<value optimized out>,
    acc=<value optimized out>, mod=<value optimized out>, updflags=5)
    at /local/src/NetBSD/src/sys/ufs/ffs/ffs_inode.c:193
#6  0xffffffff802b320e in ffs_full_fsync (vp=0xffff80004e249ad8, flags=5)
    at /local/src/NetBSD/src/sys/ufs/ffs/ffs_vnops.c:559
#7  0xffffffff802b32e4 in ffs_fsync (v=<value optimized out>)
    at /local/src/NetBSD/src/sys/ufs/ffs/ffs_vnops.c:293
#8  0xffffffff80754e49 in VOP_FSYNC (vp=0xffff80004e249ad8, cred=0x0, flags=0, 
    offhi=0) at /local/src/NetBSD/src/sys/kern/vnode_if.c:803
#9  0xffffffff8073d494 in vinvalbuf (vp=0xffff80004e249ad8, flags=<value 
optimized out>,
    cred=0xffff80004e943540, l=<value optimized out>, catch=false, slptimeo=0)
    at /local/src/NetBSD/src/sys/kern/vfs_subr.c:899
#10 0xffffffff80645997 in spec_close (v=<value optimized out>)
    at /local/src/NetBSD/src/sys/miscfs/specfs/spec_vnops.c:970
#11 0xffffffff8075537f in VOP_CLOSE (vp=0xffff80004e249ad8, fflag=0, cred=0x0)
    at /local/src/NetBSD/src/sys/kern/vnode_if.c:313
#12 0xffffffff80746845 in vn_close (vp=0xffff80004e249ad8, flags=1,
    cred=0xffff80004e943540) at /local/src/NetBSD/src/sys/kern/vfs_vnops.c:348
#13 0xffffffff804471f6 in closef (fp=0xffff80004e6e68c0)
    at /local/src/NetBSD/src/sys/kern/kern_descrip.c:784
#14 0xffffffff80447e34 in fd_free ()
    at /local/src/NetBSD/src/sys/kern/kern_descrip.c:1516
#15 0xffffffff8044f0c7 in exit1 (l=0xffff80004e88e000, rv=2)
    at /local/src/NetBSD/src/sys/kern/kern_exit.c:276
#16 0xffffffff80467880 in sigexit (l=0xffff80004e88e000, signo=2)
    at /local/src/NetBSD/src/sys/kern/kern_sig.c:2155
#17 0xffffffff80467af9 in postsig (signo=2)
    at /local/src/NetBSD/src/sys/kern/kern_sig.c:1952
#18 0xffffffff804569c5 in lwp_userret (l=0xffff80004e88e000)
    at /local/src/NetBSD/src/sys/kern/kern_lwp.c:1291
#19 0xffffffff80676a14 in syscall (frame=0xffff80004eaacc80)
    at /local/src/NetBSD/src/sys/sys/userret.h:90
#20 0xffffffff80100608 in Xsyscall ()

Run dd(1) on a cdrom device with a DIAGNOTIC kernel.

