Date: Sat, 02 Sep 2006 15:34:30 +0200 From: Niclas Zeising <lothrandil@n00b.apagnu.se> To: current@freebsd.org Subject: panic while unmounting fat32 filesystem Message-ID: <44F98866.5070301@n00b.apagnu.se>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------010409060906050802030806 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi! I got a panic while trying to forcefully unmount a msdosfs partition when I couldn't unmount it regularly. The panic is 100% reproducible. The steps to get the panic is: copy something to a msdosfs partition. #mount -ur /path/to/fat32/partition (Try to get it to read only, which fails) #umount /path/to/fat32/partition (Failes) #umount -f /path/to/fat32/partition And then everything blows up. I attach the traceback i got with kgdb. The sources are from todays (sep 02) current, around noon CEST. Let me know if I can provide more information. The output from the backtrace is attached. Regards! //Niclas --------------010409060906050802030806 Content-Type: text/plain; name="crash.out" Content-Transfer-Encoding: 8bit Content-Disposition: inline; filename="crash.out" aeris# kgdb kernel.debug /var/crash/vmcore.0 kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: g_vfs_done():ad0s3[WRITE(offset=16384, length=4096)]error = 1 g_vfs_done():ad0s3[WRITE(offset=16384, length=4096)]error = 1 fsync: giving up on dirty 0xc3810d34: tag devfs, type VCHR usecount 1, writecount 0, refcount 1032 mountedhere 0xc379d400 flags () v_object 0xc102b960 ref 0 pages 1036 lock type devfs: EXCL (count 1) by thread 0xc363b910 (pid 626) dev ad0s3 g_vfs_done():ad0s3[WRITE(offset=16384, length=4096)]error = 1 g_vfs_done():ad0s3[WRITE(offset=16384, length=4096)]error = 1 fsync: giving up on dirty 0xc3810d34: tag devfs, type VCHR usecount 1, writecount 0, refcount 1032 mountedhere 0xc379d400 flags () v_object 0xc102b960 ref 0 pages 1036 dev ad0s3 Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc04e684f stack pointer = 0x28:0xe3a4dba8 frame pointer = 0x28:0xe3a4dbf8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 626 (umount) Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc04e684f stack pointer = 0x28:0xe3a4dba8 frame pointer = 0x28:0xe3a4dbf8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = trace trap, interrupt enabled, resume, IOPL = 0 current process = 626 (umount) Physical memory: 1015 MB Dumping 47 MB: 32 16 #0 doadump () at pcpu.h:166 166 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:166 #1 0xc0448d77 in db_fncall (dummy1=0, dummy2=0, dummy3=1999, dummy4=0xe3a4d968 " _vÀ\f") at /usr/src/sys/ddb/db_command.c:481 #2 0xc0448b46 in db_command (last_cmdp=0xc0765624, cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:396 #3 0xc0448c0d in db_command_loop () at /usr/src/sys/ddb/db_command.c:448 #4 0xc044ab25 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 #5 0xc0555a48 in kdb_trap (type=0, code=0, tf=0x0) at /usr/src/sys/kern/subr_kdb.c:502 #6 0xc06c4e6c in trap_fatal (frame=0xe3a4db68, eva=0) at /usr/src/sys/i386/i386/trap.c:858 #7 0xc06c4b86 in trap_pfault (frame=0xe3a4db68, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:776 #8 0xc06c4746 in trap (frame= {tf_fs = -1065943032, tf_es = -475791320, tf_ds = -1068367832, tf_edi = 134742016, tf_esi = 0, tf_ebp = -475735048, tf_isp = -475735148, tf_ebx = 1, tf_edx = 0, tf_ecx = -1066156416, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1068603313, tf_cs = 32, tf_eflags = 66178, tf_esp = 582, tf_ss = -1066349489}) at /usr/src/sys/i386/i386/trap.c:461 #9 0xc06b44ca in calltrap () at /usr/src/sys/i386/i386/exception.s:138 #10 0xc04e684f in deget (pmp=0x0, dirclust=0, diroffset=536870911, depp=0xe3a4dc10) at /usr/src/sys/fs/msdosfs/msdosfs_denode.c:104 #11 0xc04ec1a2 in msdosfs_root (mp=0x0, flags=2, vpp=0x0, td=0xc363b910) at /usr/src/sys/fs/msdosfs/msdosfs_vfsops.c:819 ---Type <return> to continue, or q <return> to quit--- #12 0xc05a058f in dounmount (mp=0xc37cd510, flags=134742016, td=0xc363b910) at /usr/src/sys/kern/vfs_mount.c:1201 #13 0xc05a0208 in unmount (td=0xc363b910, uap=0xe3a4dd04) at /usr/src/sys/kern/vfs_mount.c:1122 #14 0xc06c51d4 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134522405, tf_esi = 136321145, tf_ebp = -1077942696, tf_isp = -475734684, tf_ebx = -1077942784, tf_edx = 10, tf_ecx = -1077943248, tf_eax = 22, tf_trapno = 12, tf_err = 2, tf_eip = 671898955, tf_cs = 51, tf_eflags = 518, tf_esp = -1077942884, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:1006 #15 0xc06b451f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:191 #16 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) q --------------010409060906050802030806--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44F98866.5070301>