Date: Fri, 15 Sep 2006 19:00:43 GMT From: clemens fischer <ino-news@spotteswoode.dnsalias.org> To: freebsd-geom@FreeBSD.org Subject: Re: kern/89102:[geom_vfs] [panic] panic when forced unmount FS from unplugged device Message-ID: <200609151900.k8FJ0hNX089765@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/89102; it has been noted by GNATS.
From: clemens fischer <ino-news@spotteswoode.dnsalias.org>
To: bug-followup@FreeBSD.org, bu7cher@yandex.ru
Cc:
Subject: Re: kern/89102:[geom_vfs] [panic] panic when forced unmount FS from unplugged device
Date: Fri, 15 Sep 2006 20:53:59 +0200
i had a crash related to this topic, but at another location. it
happened after using umount(8) on a card-reader, but this time _without_
using the `-f' flag. the messages "(CTRL-C to abort)" were not shown on
the screen, instead the machine just rebooted. here's the backtrace:
--- start of dump ---
/usr/obj/usr/src/sys/spott
0 # kgdb kernel.debug /var/crash/vmcore.2
kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: vinvalbuf: dirty bufs
Uptime: 1h12m4s
(da0:dead_sim0:0:0:0): Synchronize cache failed, status == 0x8, scsi status == 0x0
Dumping 383 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 383MB (98048 pages) 368 352 336 320 304 288 272 (CTRL-C to abort) 256 (CTRL-C to abort) 240 (CTRL-C to abort) 224 208 192 176 160 144 128 112 96 80 64 48 32 (CTRL-C to abort) 16 (CTRL-C to abort)
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc052d27c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc052d589 in panic (fmt=0xc06cc79b "vinvalbuf: dirty bufs") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc2b8bd80
bootopt = 260
newpanic = 0
ap = 0xc2b8bd80 "\f\022@�\200�x�"
buf = "vinvalbuf: dirty bufs", '\0' <repeats 234 times>
#3 0xc05984a0 in bufobj_invalbuf (bo=0xc3213e90, flags=1, td=0x0, slpflag=0, slptimeo=0)
at /usr/src/sys/kern/vfs_subr.c:1015
error = 0
#4 0xc0598802 in vinvalbuf (vp=0xc3213dd0, flags=0, td=0x0, slpflag=0, slptimeo=0)
at /usr/src/sys/kern/vfs_subr.c:1082
No locals.
#5 0xc059baf4 in vgonel (vp=0xc3213dd0) at /usr/src/sys/kern/vfs_subr.c:2436
td = (struct thread *) 0xc2b8bd80
oweinact = 0
active = 1
mp = (struct mount *) 0xc270f400
#6 0xc059b9c8 in vgone (vp=0xc3213dd0) at /usr/src/sys/kern/vfs_subr.c:2391
No locals.
#7 0xc04da8b6 in devfs_delete (dm=0xc27a4880, de=0xc32afb80) at /usr/src/sys/fs/devfs/devfs_devs.c:244
No locals.
#8 0xc04dab2a in devfs_populate_loop (dm=0xc27a4880, cleanup=0) at /usr/src/sys/fs/devfs/devfs_devs.c:352
cdp = (struct cdev_priv *) 0xc2b8e600
de = (struct devfs_dirent *) 0xc32afb80
dd = (struct devfs_dirent *) 0x0
pdev = (struct cdev *) 0xc27aa000
j = 0
q = 0x0
s = 0xc27aa000 "\002"
#9 0xc04dadd5 in devfs_populate (dm=0xc27a4880) at /usr/src/sys/fs/devfs/devfs_devs.c:448
No locals.
#10 0xc04dd02f in devfs_lookupx (ap=0x0) at /usr/src/sys/fs/devfs/devfs_vnops.c:512
cnp = (struct componentname *) 0xd5d19be8
dvp = (struct vnode *) 0xc27aa000
vpp = (struct vnode **) 0xd5d19bd4
td = (struct thread *) 0xc2b8bd80
de = (struct devfs_dirent *) 0x2002
dd = (struct devfs_dirent *) 0xc27a4600
dde = (struct devfs_dirent **) 0x0
dmp = (struct devfs_mount *) 0xc27a4880
cdev = (struct cdev *) 0xc05ab1ac
error = -1032173424
flags = 18923588
nameiop = 0
specname = "$\231��\000\000\000\000�\230��\"�X�\b\234z�\006\000\000\000,\234z�\200����\230�հ\233z��\230��إY�\233z°\233z�@\231��\016�Y�"
pname = 0xc27ab805 "tty"
#11 0xc04dd1ce in devfs_lookup (ap=0xd5d19998) at /usr/src/sys/fs/devfs/devfs_vnops.c:576
j = -707683944
dmp = (struct devfs_mount *) 0xc27a4890
#12 0xc06a7194 in VOP_LOOKUP_APV (vop=0xc06efbe0, a=0xd5d19998) at vnode_if.c:99
rc = -1066468384
#13 0xc05911fb in lookup (ndp=0xd5d19bc0) at vnode_if.h:56
cp = 0xc27ab808 ""
dp = (struct vnode *) 0xc27aa000
tdp = (struct vnode *) 0xc27aa000
mp = (struct mount *) 0x0
docache = 32
wantparent = 0
rdonly = 0
trailing_slash = 0
error = 0
dpunlocked = 0
cnp = (struct componentname *) 0xd5d19be8
td = (struct thread *) 0xc2b8bd80
vfslocked = 0
dvfslocked = 0
tvfslocked = 0
#14 0xc0590968 in namei (ndp=0xd5d19bc0) at /usr/src/sys/kern/vfs_lookup.c:203
fdp = (struct filedesc *) 0xc32b1500
cp = 0xc32b1500 ""
dp = (struct vnode *) 0xc27a9bb0
aiov = {iov_base = 0x0, iov_len = 0}
auio = {uio_iov = 0xc01e0, uio_iovcnt = 0, uio_offset = 16384, uio_resid = 0, uio_segflg = 3273065636,
uio_rw = UIO_READ, uio_td = 0x0}
error = -1032152144
linklen = -1032152144
cnp = (struct componentname *) 0xd5d19be8
td = (struct thread *) 0xc2b8bd80
p = (struct proc *) 0x0
vfslocked = 0
#15 0xc05a9cd7 in vn_open_cred (ndp=0xd5d19bc0, flagp=0xd5d19cc0, cmode=2504, cred=0xc2bad780, fdidx=3)
at /usr/src/sys/kern/vfs_vnops.c:182
vp = (struct vnode *) 0x0
mp = (struct mount *) 0x2
td = (struct thread *) 0xc2b8bd80
vat = {va_type = 3266887040, va_mode = 0, va_nlink = 0, va_uid = 3587283628, va_gid = 3226451657,
va_fsid = 4294967280, va_fileid = 0, va_size = 15407266001175183363, va_blocksize = -1068515300, va_atime = {
tv_sec = -1020586752, tv_nsec = 3}, va_mtime = {tv_sec = 256, tv_nsec = 3}, va_ctime = {
tv_sec = -1020586752, tv_nsec = -1019211252}, va_birthtime = {tv_sec = -707683592, tv_nsec = -1068500313},
va_gen = 3274380544, va_flags = 3, va_rdev = 256, va_bytes = 3587283724, va_filerev = 17179874663,
va_vaflags = 3275756044, va_spare = -1029671664}
mode = -707683720
fmode = 1
error = -707683068
vfslocked = 0
#16 0xc05a99b3 in vn_open (ndp=0x0, flagp=0x0, cmode=0, fdidx=0) at /usr/src/sys/kern/vfs_vnops.c:91
td = (struct thread *) 0x0
#17 0xc05a05e8 in kern_open (td=0xc2b8bd80, path=0x0, pathseg=UIO_USERSPACE, flags=1, mode=-1077945896)
at /usr/src/sys/kern/vfs_syscalls.c:1002
p = (struct proc *) 0x0
fdp = (struct filedesc *) 0xc32b1500
fp = (struct file *) 0xc2a07510
vp = (struct vnode *) 0xc2713800
vat = {va_type = 3275756044, va_mode = 40008, va_nlink = -10799, va_uid = 3226741305,
va_gid = 3228675648, va_fsid = 3261295572, va_fileid = 0, va_size = 13858750082021694556, va_blocksize = 0,
va_atime = {tv_sec = 0, tv_nsec = -1028080256}, va_mtime = {tv_sec = 6, tv_nsec = -1068226384}, va_ctime = {
tv_sec = -1028080256, tv_nsec = -1033672064}, va_birthtime = {tv_sec = -1066434944, tv_nsec = 60211073},
va_gen = 3275756212, va_flags = 3275756044, va_rdev = 3587284176, va_bytes = 14031172999752930889,
va_filerev = 8589934592, va_vaflags = 3119171692, va_spare = -134132641}
mp = (struct mount *) 0xc31a9aa0
cmode = 0
nfp = (struct file *) 0xc2a07510
type = 0
indx = 3
error = -707683068
lf = {l_start = -4415571073916420396, l_len = -3039476491986403325, l_pid = -1068226135,
l_type = -17024, l_whence = -15688}
nd = {ni_dirp = 0x806120a <Address 0x806120a out of bounds>, ni_segflg = UIO_USERSPACE,
ni_startdir = 0x0, ni_rootdir = 0xc27a9bb0, ni_topdir = 0x0, ni_vp = 0x0, ni_dvp = 0xc27aa000,
ni_pathlen = 1, ni_next = 0xc27ab808 "", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 18923588,
cn_thread = 0xc2b8bd80, cn_cred = 0xc2bad780, cn_lkflags = 2, cn_pnbuf = 0xc27ab800 "/dev/tty",
cn_nameptr = 0xc27ab805 "tty", cn_namelen = 3, cn_consume = 0}}
vfslocked = -1028080256
#18 0xc05a04d6 in open (td=0x0, uap=0xd5d19d04) at /usr/src/sys/kern/vfs_syscalls.c:968
error = -1028080256
#19 0xc0692c30 in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134599286, tf_esi = 134668416, tf_ebp = -1077945944, tf_isp = -707682972, tf_ebx = -1077945836, tf_edx = 53, tf_ecx = 134668416, tf_eax = 5, tf_trapno = 0, tf_err = 2, tf_eip = 672773295, tf_cs = 51, tf_eflags = 646, tf_esp = -1077945956, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:981
params = 0xbfbfd9a0 <Address 0xbfbfd9a0 out of bounds>
callp = (struct sysent *) 0xc06f1b9c
td = (struct thread *) 0xc2b8bd80
p = (struct proc *) 0xc340120c
orig_tf_eflags = 646
sticks = 1
error = 0
narg = 3
args = {134615562, 0, -1077945896, -707683028, -1066837953, -1066330208, -707683020, 134629856}
code = 5
#20 0xc067e03f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#21 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
(kgdb) l
layout list load
(kgdb) l
200 call syscall
201 MEXITCOUNT
202 jmp doreti
203
204 ENTRY(fork_trampoline)
205 pushl %esp /* trapframe pointer */
206 pushl %ebx /* arg1 */
207 pushl %esi /* function */
208 call fork_exit
209 addl $12,%esp
--- end of dump ---
i have two questions regarding this backtrace:
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
what does this mean?
also:
#20 0xc067e03f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#21 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
you guys always post such beautiful kgdb usages with complete
backtraces, why do i have a funny frame 21 (IP = 0x33)?
regards, clemens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609151900.k8FJ0hNX089765>