From owner-freebsd-bugs@FreeBSD.ORG  Tue Dec 31 22:00:00 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A5228622
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Tue, 31 Dec 2013 22:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7F39C135B
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Tue, 31 Dec 2013 22:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rBVM00Ut082235
 for <freebsd-bugs@freefall.freebsd.org>; Tue, 31 Dec 2013 22:00:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rBVM00ac082234;
 Tue, 31 Dec 2013 22:00:00 GMT (envelope-from gnats)
Resent-Date: Tue, 31 Dec 2013 22:00:00 GMT
Resent-Message-Id: <201312312200.rBVM00ac082234@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 "R. Tyler Croy" <tyler@monkeypox.org>
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 56BAC61A
 for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:37 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org
 [IPv6:2001:1900:2254:206a::50:4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3526E1354
 for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:37 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
 by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rBVLxaLG038046
 for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:36 GMT
 (envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
 by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rBVLxa0B038038;
 Tue, 31 Dec 2013 21:59:36 GMT (envelope-from nobody)
Message-Id: <201312312159.rBVLxa0B038038@oldred.freebsd.org>
Date: Tue, 31 Dec 2013 21:59:36 GMT
From: "R. Tyler Croy" <tyler@monkeypox.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: kern/185374: Unmounting msdos filesystem in a bad state causes kernel
 panic
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 22:00:00 -0000


>Number:         185374
>Category:       kern
>Synopsis:       Unmounting msdos filesystem in a bad state causes kernel panic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 31 22:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     R. Tyler Croy
>Release:        10.0-PRERELEASE
>Organization:
n/a
>Environment:
FreeBSD kiwi 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #6 r259920: Thu Dec 26 12:14:47 PST 2013     root@kiwi:/usr/obj/usr/src/sys/KIWI  amd64
>Description:
I was attempting to unmount an msdosfs filesystem that I had attempted to fill up and card looks corrupted, see: g_vfs_done() errors below:

Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794335232, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794400768, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794466304, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794531840, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794597376, length=40960)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794703872, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794769408, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794834944, length=65536)]error = 5


The first time around, I attempted to umount(1) the SD card, and was giving a "resource unavailable" error (the exact string I cannot remember). Being a typical user, I added the -f (force) flag and that caused my machine to kernel panic with the following:

Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=792348672, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801994a5b10: tag msdosfs, type VREG
Dec 31 10:11:31 kiwi kernel: usecount 0, writecount 0, refcount 27537 mountedhere 0
Dec 31 10:11:31 kiwi kernel: flags (VI_DOOMED|VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80147804900 ref 0 pages 27535 cleanbuf 6752 dirtybuf 20783
Dec 31 10:11:31 kiwi kernel: lock type msdosfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: startcluster 187393, dircluster 3, diroffset 192, on dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: UNLOCKED
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:13:31 kiwi syslogd: kernel boot file is /boot/kernel/kernel
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: Fatal trap 9: general protection fault while in kernel mode
Dec 31 10:13:31 kiwi kernel: cpuid = 0; apic id = 00
Dec 31 10:13:31 kiwi kernel: instruction pointer        = 0x20:0xffffffff805a3d7d
Dec 31 10:13:31 kiwi kernel: stack pointer              = 0x28:0xfffffe0234150970
Dec 31 10:13:31 kiwi kernel: frame pointer              = 0x28:0xfffffe02341509b0
Dec 31 10:13:31 kiwi kernel: code segment               = base 0x0, limit 0xfffff, type 0x1b
Dec 31 10:13:31 kiwi kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
Dec 31 10:13:31 kiwi kernel: processor eflags   = interrupt enabled, resume, IOPL = 0
Dec 31 10:13:31 kiwi kernel: current process            = 19 (syncer)
Dec 31 10:13:31 kiwi kernel: trap number                = 9
Dec 31 10:13:31 kiwi kernel: panic: general protection fault
Dec 31 10:13:31 kiwi kernel: cpuid = 0
Dec 31 10:13:31 kiwi kernel: KDB: stack backtrace:
Dec 31 10:13:31 kiwi kernel: #0 0xffffffff8066c5e0 at kdb_backtrace+0x60
Dec 31 10:13:31 kiwi kernel: #1 0xffffffff80634035 at panic+0x155
Dec 31 10:13:31 kiwi kernel: #2 0xffffffff808cde22 at trap_fatal+0x3a2
Dec 31 10:13:31 kiwi kernel: #3 0xffffffff808cda5f at trap+0x7bf
Dec 31 10:13:31 kiwi kernel: #4 0xffffffff808b4b22 at calltrap+0x8
Dec 31 10:13:31 kiwi kernel: #5 0xffffffff806b4633 at bufwrite+0x143
Dec 31 10:13:31 kiwi kernel: #6 0xffffffff806c06ce at vop_stdfsync+0x22e
Dec 31 10:13:31 kiwi kernel: #7 0xffffffff8052fae6 at devfs_fsync+0x26
Dec 31 10:13:31 kiwi kernel: #8 0xffffffff80963698 at VOP_FSYNC_APV+0x98
Dec 31 10:13:31 kiwi kernel: #9 0xffffffff806d304a at sched_sync+0x3ca
Dec 31 10:13:31 kiwi kernel: #10 0xffffffff8060610a at fork_exit+0x9a
Dec 31 10:13:31 kiwi kernel: #11 0xffffffff808b505e at fork_trampoline+0xe
Dec 31 10:13:31 kiwi kernel: Uptime: 3d2h58m33s
Dec 31 10:13:31 kiwi kernel: Automatic reboot in 15 seconds - press a key on the console to abort
Dec 31 10:13:31 kiwi kernel: --> Press a key on the console to reboot,
Dec 31 10:13:31 kiwi kernel: --> or switch off the system now.
Dec 31 10:13:31 kiwi kernel: Rebooting...

>How-To-Repeat:
I was able to reproduce a crash, but without the same stack backtrace as above by:

1. Inserting SD card
2. Mounting
3. Writing a file to it that would exceed disk capacity (dd if=/dev/random of=/mnt/card/garbage.bin bs=1M count=1024)
4. Watch g_vfs_done() errors spew in /var/log/messages in a seeming infinite loop
5. Attempt to unmount the device
6. Crash
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: