From nobody@FreeBSD.org  Thu Jul  7 21:12:16 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B29A106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  7 Jul 2011 21:12:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 2B8588FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  7 Jul 2011 21:12:16 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p67LCFqI006018
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 7 Jul 2011 21:12:15 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p67LCFjf006017;
	Thu, 7 Jul 2011 21:12:15 GMT
	(envelope-from nobody)
Message-Id: <201107072112.p67LCFjf006017@red.freebsd.org>
Date: Thu, 7 Jul 2011 21:12:15 GMT
From: Oskar Nordquist <oskar.nordquist@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic in ffs_blkfree and ffs_valloc
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         158711
>Category:       kern
>Synopsis:       [usb] [panic] panic in ffs_blkfree and ffs_valloc
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-usb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 07 21:20:01 UTC 2011
>Closed-Date:    Fri Feb 10 23:48:29 UTC 2012
>Last-Modified:  Fri Feb 10 23:48:29 UTC 2012
>Originator:     Oskar Nordquist
>Release:        8.2-RELEASE
>Organization:
>Environment:
FreeBSD dvalin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
I have a VIA chipset server, with two (2) Western Digital MyBook USB SATA external hard-drives; 1TB and 2TB.

Just before panic I get these errors:

 _vfs_done():da1s1a[WRITE(offset=1632295927808, length=16384)]error = 5
 _vfs_done():da1s1a[WRITE(offset=1632488620032, length=16384)]error = 5
 _vfs_done():da1s1a[WRITE(offset=1632665665536, length=131072)]error = 5

and then the panics are either
  panic: ffs_blkfree: freeing free block
or:
  panic: ffs_valloc: dup alloc

I should note that I got the ffs_blkfree panic in 8.2-RC3, and then ffs_valloc in 8.2-RELEASE. But I suspect both panics can happen in 8.2-RELEASE as well.

Also I have on several occasions had the "AutoSense failed" error, which may be related.

>How-To-Repeat:
Simultaneously read/write to/from multiple USB SATA-disks at once.

Have never seen the problem when only writing or reading once at a time in a single shell. Happens very often when I copy files from one USB disk to another in one shell, while simultaneously reading/writing to the first drive in another shell.

This could possibly be due to bad sectors on the drives, as I get several messages with fsck that some sectors could not be read.

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jul 7 23:38:28 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158711 
Responsible-Changed-From-To: freebsd-fs->freebsd-bugs 
Responsible-Changed-By: mckusick 
Responsible-Changed-When: Fri Feb 10 20:06:52 UTC 2012 
Responsible-Changed-Why:  
While looking through old bugs classified to the filesystem 
maintainers I came across this one. The panic's experienced here 
came about because of failed updates to the filesystem metadata 
that apparently were not reported back as errors to the filesystem. 
In any event, the bug lies in the USB subsystem and not in the 
filesystem, so this bug should be redirected to the USB maintainers. 
It may well have been fixed by now, but if not should be investigated 
by them. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=158711 
Responsible-Changed-From-To: freebsd-bugs->freebsd-usb 
Responsible-Changed-By: remko 
Responsible-Changed-When: Fri Feb 10 20:49:18 UTC 2012 
Responsible-Changed-Why:  
Make the transition to -usb complete. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158711 
State-Changed-From-To: open->closed 
State-Changed-By: mckusick 
State-Changed-When: Fri Feb 10 23:47:23 UTC 2012 
State-Changed-Why:  
This response from one of the USB maintainers: 

> From: Hans Petter Selasky <hans.petter.selasky@bitfrost.no> 
> To: Kirk McKusick <mckusick@mckusick.com> 
> Subject: Re: USB Bug in kern/158711? 
> Date: Fri, 10 Feb 2012 21:44:08 +0100 
> 
> Hi Kirk, 
> 
> USB SCSI commands can fail. Probably that's what is happening. 
> I'm not sure what we can do about it when SWAP or UFS metadata 
> is lost :-) 
> 
> The author could try to set: 
> 
> hw.usb.ehci.lostintrbug=1 
> 
> In /boot/loader.conf 
> 
> Maybe that helps, if his chipset is broken. 
> 
> Else make sure USB HDD's are properly powered. 
> 
> Anyway, is it right to panic on such a failure? What if this 
> data is written at the moment a device is unplugged? 
> 
> --HPS 

The key is that the filesystem has to get an error back if a 
write fails or was unable to be completed. It can then take 
evasive action to avoid doing something that would cause an 
inconsistent filesystem (which triggers the panic). Admittedly 
the usual action is to refuse to do any further writes to the 
filesystem until its integrity is checked, but that is better 
than a panic. So, I am guessing that somehow an I/O error 
happened that was not reflected back to the filesystem. 
Apparently this lack of error reporting is possible in the 
presence of a broken chipset or when a device is unplugged. 
While there have been many later improvements to the USB 
subsystem since this report was filed, lack of error reporting 
is still possible in which case filesystem corruption and panic 
will happen. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=158711 
>Unformatted:
