From owner-freebsd-bugs@FreeBSD.ORG Wed Nov 16 05:50:18 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 773BF16A41F for ; Wed, 16 Nov 2005 05:50:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AA5343D46 for ; Wed, 16 Nov 2005 05:50:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAG5oHqI099228 for ; Wed, 16 Nov 2005 05:50:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAG5oH1L099227; Wed, 16 Nov 2005 05:50:17 GMT (envelope-from gnats) Resent-Date: Wed, 16 Nov 2005 05:50:17 GMT Resent-Message-Id: <200511160550.jAG5oH1L099227@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Andrey V. Elsukov" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D29716A41F for ; Wed, 16 Nov 2005 05:48:38 +0000 (GMT) (envelope-from elsukov@rdu.kirov.ru) Received: from mail.rdu.kirov.ru (ns.rdu.kirov.ru [217.9.151.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C09943D46 for ; Wed, 16 Nov 2005 05:48:35 +0000 (GMT) (envelope-from elsukov@rdu.kirov.ru) Received: from rdu.kirov.ru (localhost [127.0.0.1]) by mail.rdu.kirov.ru (Postfix) with ESMTP id 8A798FE45 for ; Wed, 16 Nov 2005 08:48:33 +0300 (MSK) Received: (from elsukov@localhost) by rdu.kirov.ru (8.12.10/8.12.9/Submit) id jAG5mWeV068475; Wed, 16 Nov 2005 08:48:32 +0300 (MSK) Message-Id: <200511160548.jAG5mWeV068475@rdu.kirov.ru> Date: Wed, 16 Nov 2005 08:48:32 +0300 (MSK) From: "Andrey V. Elsukov" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/89102: [geom_vfs] panic when forced unmount FS from unplugged device X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2005 05:50:18 -0000 >Number: 89102 >Category: kern >Synopsis: [geom_vfs] panic when forced unmount FS from unplugged device >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 16 05:50:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Andrey V. Elsukov >Release: FreeBSD 7.0-CURRENT i386 >Organization: >Environment: 7.0-CURRENT >Description: System panic when i try forced unmount file system from an unplugged flash device. >How-To-Repeat: always. >Fix: --- umount_detached_device.txt begins here --- GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: g_vfs_done():da0s1[WRITE(offset=17408, length=4096)]error = 6 g_vfs_done():da0s1[WRITE(offset=17408, length=4096)]error = 6 fsync: giving up on dirty 0xc1815aa0: tag devfs, type VCHR usecount 1, writecount 0, refcount 126 mountedhere 0xc1802800 flags () v_object 0xc1813ce4 ref 0 pages 123 dev da0s1 (da0: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xdeadc0de fault code = supervisor read, page not present instruction pointer = 0x20:0xc069aef8 stack pointer = 0x28:0xccad1740 frame pointer = 0x28:0xccad1740 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 513 (umount) panic: from debugger cpuid = 0 Uptime: 2m44s Dumping 127 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 127MB (32512 pages) 112 96 80 64 48 32 16 #0 doadump () at pcpu.h:165 in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc06389c0 in boot (howto=260) at /usr/home/butcher/freebsd/HEAD/src/sys/kern/kern_shutdown.c:399 #2 0xc0638cd5 in panic (fmt=0xc082fec8 "from debugger") at /usr/home/butcher/freebsd/HEAD/src/sys/kern/kern_shutdown.c:555 #3 0xc04697b1 in db_panic (addr=-1066815752, have_addr=0, count=-1, modif=0xccad1510 "") at /usr/home/butcher/freebsd/HEAD/src/sys/ddb/db_command.c:434 #4 0xc0469748 in db_command (last_cmdp=0xc09185e4, cmd_table=0x0, aux_cmd_tablep=0xc08942ac, aux_cmd_tablep_end=0xc08942c8) at /usr/home/butcher/freebsd/HEAD/src/sys/ddb/db_command.c:403 #5 0xc0469810 in db_command_loop () at /usr/home/butcher/freebsd/HEAD/src/sys/ddb/db_command.c:454 #6 0xc046b429 in db_trap (type=12, code=0) at /usr/home/butcher/freebsd/HEAD/src/sys/ddb/db_main.c:221 #7 0xc0651464 in kdb_trap (type=12, code=0, tf=0xccad1700) at /usr/home/butcher/freebsd/HEAD/src/sys/kern/subr_kdb.c:473 #8 0xc07fb768 in trap_fatal (frame=0xccad1700, eva=3735929054) at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/trap.c:846 #9 0xc07fb4af in trap_pfault (frame=0xccad1700, usermode=0, eva=3735929054) at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/trap.c:766 #10 0xc07fb0c9 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi = -1048655744, tf_ebp = -861071552, tf_isp = -861071572, tf_ebx = -1065181642, tf_edx = -559038242, tf_ecx = 0, tf_eax = -559038242, tf_trapno = 12, tf_err = 0, tf_eip = -1066815752, tf_cs = 32, tf_eflags = 66118, tf_esp = -861071352, tf_ss = -1067108740}) at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/trap.c:451 #11 0xc07e89da in calltrap () at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/exception.s:139 #12 0xc069aef8 in strlen (str=0xdeadc0de
) at /usr/home/butcher/freebsd/HEAD/src/sys/libkern/strlen.c:41 #13 0xc065367c in kvprintf (fmt=0xc0829e36 "%d:%d:", func=0xc0652e00 , arg=0xccad1824, radix=10, ap=0xccad1848 "ÞÀ­ÞÞÀ­Þ") at /usr/home/butcher/freebsd/HEAD/src/sys/kern/subr_prf.c:679 #14 0xc0652d7b in printf (fmt=0xc0829e34 "%s%d:%d:") at /usr/home/butcher/freebsd/HEAD/src/sys/kern/subr_prf.c:296 #15 0xc044fba6 in xpt_print_path (path=0xc14e7350) at /usr/home/butcher/freebsd/HEAD/src/sys/cam/cam_xpt.c:4208 #16 0xc045a43f in dacleanup (periph=0xc17ec880) at /usr/home/butcher/freebsd/HEAD/src/sys/cam/scsi/scsi_da.c:815 #17 0xc044b289 in camperiphfree (periph=0xc17ec880) at /usr/home/butcher/freebsd/HEAD/src/sys/cam/cam_periph.c:457 #18 0xc044afd7 in cam_periph_release (periph=0xdeadc0de) at /usr/home/butcher/freebsd/HEAD/src/sys/cam/cam_periph.c:294 #19 0xc045a054 in daclose (dp=0xdeadc0de) at /usr/home/butcher/freebsd/HEAD/src/sys/cam/scsi/scsi_da.c:568 #20 0xc060130c in g_disk_access (pp=0xc17ec180, r=0, w=0, e=0) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_disk.c:152 #21 0xc060722e in g_access (cp=0xc1818e00, dcr=-1, dcw=-1, dce=-2) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_subr.c:730 #22 0xc0605761 in g_slice_access (pp=0xc17ebc80, dr=-1, dw=-1, de=-2) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_slice.c:130 #23 0xc060722e in g_access (cp=0xc1818780, dcr=-1, dcw=-1, dce=-1) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_subr.c:730 #24 0xc0606868 in g_wither_geom_close (gp=0xc17eb880, error=6) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_subr.c:333 #25 0xc06077df in g_vfs_close (cp=0xdeadc0de, td=0xc17fd320) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_vfs.c:172 #26 0xc05f83c8 in msdosfs_unmount (mp=0xc146f800, mntflags=134742016, td=0xc17fd320) at /usr/home/butcher/freebsd/HEAD/src/sys/fs/msdosfs/msdosfs_vfsops.c:789 #27 0xc06898ec in dounmount (mp=0xc146f800, flags=134742016, td=0xc17fd320) at /usr/home/butcher/freebsd/HEAD/src/sys/kern/vfs_mount.c:963 #28 0xc06896c2 in unmount (td=0xc17fd320, uap=0xccad1d04) at /usr/home/butcher/freebsd/HEAD/src/sys/kern/vfs_mount.c:895 #29 0xc07fbaa6 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134521957, tf_esi = 134535761, tf_ebp = -1077942936, tf_isp = -861069980, tf_ebx = -1077943024, tf_edx = 10, tf_ecx = 0, tf_eax = 22, tf_trapno = 12, tf_err = 2, tf_eip = 671838363, tf_cs = 51, tf_eflags = 518, tf_esp = -1077943108, tf_ss = 59}) at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/trap.c:1001 #30 0xc07e8a2f in Xint0x80_syscall () at /usr/home/butcher/freebsd/HEAD/src/sys/i386/i386/exception.s:200 #31 0x00000033 in ?? () (kgdb) f 26 #26 0xc05f83c8 in msdosfs_unmount (mp=0xc146f800, mntflags=134742016, td=0xc17fd320) at /usr/home/butcher/freebsd/HEAD/src/sys/fs/msdosfs/msdosfs_vfsops.c:789 789 g_vfs_close(pmp->pm_cp, td); (kgdb) l 784 VI_UNLOCK(vp); 785 } 786 #endif 787 DROP_GIANT(); 788 g_topology_lock(); 789 g_vfs_close(pmp->pm_cp, td); 790 g_topology_unlock(); 791 PICKUP_GIANT(); 792 vrele(pmp->pm_devvp); 793 free(pmp->pm_inusemap, M_MSDOSFSFAT); (kgdb) set output-radix 16 Output radix now set to decimal 16, hex 10, octal 20. (kgdb) p mntflags $1 = 0x8080000 (kgdb) p *mp $2 = {mnt_list = {tqe_next = 0x0, tqe_prev = 0xc15a2800}, mnt_op = 0xc08c76e0, mnt_vfc = 0xc08c7720, mnt_vnodecovered = 0xc1815990, mnt_syncer = 0x0, mnt_nvnodelist = {tqh_first = 0x0, tqh_last = 0xc146f818}, mnt_lock = {lk_interlock = 0xc09313ec, lk_flags = 0x140000, lk_sharecount = 0x0, lk_waitcount = 0x0, lk_exclusivecount = 0x1, lk_prio = 0x50, lk_wmesg = 0xc0870059 "vfslock", lk_timo = 0x0, lk_lockholder = 0xc17fd320, lk_newlock = 0x0}, mnt_mtx = { mtx_object = {lo_class = 0xc08ce424, lo_name = 0xc0870048 "struct mount mtx", lo_type = 0xc0870048 "struct mount mtx", lo_flags = 0x30000, lo_list = { tqe_next = 0xc1788aa8, tqe_prev = 0xc18157fc}, lo_witness = 0xc0940f80}, mtx_lock = 0x4, mtx_recurse = 0x0}, mnt_writeopcount = 0x1, mnt_flag = 0x1000, mnt_opt = 0xc1435a50, mnt_optnew = 0x0, mnt_kern_flag = 0x1000001, mnt_maxsymlinklen = 0x0, mnt_stat = {f_version = 0x20030518, f_type = 0x2, f_flags = 0x1000, f_bsize = 0x1000, f_iosize = 0x1000, f_blocks = 0x1e55a, f_bfree = 0x2fdf, f_bavail = 0x2fdf, f_files = 0x0, f_ffree = 0x0, f_syncwrites = 0x0, f_asyncwrites = 0x0, f_syncreads = 0x0, f_asyncreads = 0x0, f_spare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, f_namemax = 0xff, f_owner = 0x0, f_fsid = {val = {0x73, 0x2}}, f_charspare = '\0' , f_fstypename = "msdosfs\000\000\000\000\000\000\000\000", f_mntfromname = "/dev/da0s1", '\0' , f_mntonname = "/mnt", '\0' }, mnt_cred = 0xc17ebc00, mnt_data = 0xc1802300, mnt_time = 0x0, mnt_iosize_max = 0x10000, mnt_export = 0x0, mnt_mntlabel = 0x0, mnt_fslabel = 0x0, mnt_nvnodelistsize = 0x0, mnt_hashseed = 0x205ad3} (kgdb) p *pmp $3 = {pm_mountp = 0xc146f800, pm_cp = 0xc1818780, pm_bo = 0xc1815b60, pm_uid = 0x0, pm_gid = 0x0, pm_mask = 0x1ed, pm_dirmask = 0x1ed, pm_devvp = 0xc1815aa0, pm_bpb = {bpbBytesPerSec = 0x200, bpbSecPerClust = 0x0, bpbResSectors = 0x22, bpbFATs = 0x2, bpbRootDirEnts = 0x0, bpbSectors = 0x0, bpbMedia = 0xf8, bpbFATsecs = 0x0, bpbSecPerTrack = 0x3f, bpbHeads = 0xff, bpbHiddenSecs = 0x3f, bpbHugeSectors = 0xf327f}, pm_BlkPerSec = 0x1, pm_FATsecs = 0x3cb, pm_fatblk = 0x22, pm_rootdirblk = 0x2, pm_rootdirsize = 0x0, pm_firstcluster = 0x7b8, pm_maxcluster = 0x1e559, pm_freeclustercount = 0x2fdf, pm_cnshift = 0xc, pm_crbomask = 0xfff, pm_bnshift = 0x9, pm_bpcluster = 0x1000, pm_fmod = 0x1, pm_fatblocksize = 0x1000, pm_fatblocksec = 0x8, pm_fatsize = 0x79600, pm_fatmask = 0xfffffff, pm_fsinfo = 0x1, pm_nxtfree = 0x19b, pm_fatmult = 0x4, pm_fatdiv = 0x1, pm_curfat = 0x0, pm_inusemap = 0xc181c000, pm_flags = 0x20000002, pm_u2w = 0x0, pm_w2u = 0x0, pm_u2d = 0x0, pm_d2u = 0x0, pm_nfileno = 0x0, pm_filenos = { rbh_root = 0x0}} (kgdb) p *pmp->pm_cp $4 = {geom = 0xc17eb880, consumer = {le_next = 0x0, le_prev = 0xc17eb890}, provider = 0xc17ebc80, consumers = {le_next = 0xc1818c00, le_prev = 0xc17ebc90}, acr = 0x1, acw = 0x1, ace = 0x1, spoiled = 0x0, stat = 0xc1561b40, nstart = 0x80, nend = 0x80, private = 0x0, index = 0x0} (kgdb) p *pmp->pm_cp->geom $5 = {name = 0xc1587320 "msdos.da0s1", class = 0xc08c8620, geom = { le_next = 0xc15f1480, le_prev = 0xc08c8660}, consumer = { lh_first = 0xc1818780}, provider = {lh_first = 0x0}, geoms = { tqe_next = 0x0, tqe_prev = 0xc17eb918}, rank = 0x3, start = 0, spoiled = 0, dumpconf = 0, access = 0, orphan = 0xc06076c4 , ioctl = 0, softc = 0xc1815b60, flags = 0x0} (kgdb) f 25 #25 0xc06077df in g_vfs_close (cp=0xdeadc0de, td=0xc17fd320) at /usr/home/butcher/freebsd/HEAD/src/sys/geom/geom_vfs.c:172 172 g_wither_geom_close(gp, ENXIO); (kgdb) p l 167 g_topology_assert(); 168 169 gp = cp->geom; 170 bo = gp->softc; 171 bufobj_invalbuf(bo, V_SAVE, td, 0, 0); 172 g_wither_geom_close(gp, ENXIO); 173 } (kgdb) p gp $6 = (struct g_geom *) 0xc17eb880 (kgdb) p cp $7 = (struct g_consumer *) 0xdeadc0de (kgdb) --- umount_detached_device.txt ends here --- >Release-Note: >Audit-Trail: >Unformatted: