From nobody@FreeBSD.org  Tue Dec 31 21:59:37 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 56BAC61A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:37 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 3526E1354
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:37 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rBVLxaLG038046
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 Dec 2013 21:59:36 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rBVLxa0B038038;
	Tue, 31 Dec 2013 21:59:36 GMT
	(envelope-from nobody)
Message-Id: <201312312159.rBVLxa0B038038@oldred.freebsd.org>
Date: Tue, 31 Dec 2013 21:59:36 GMT
From: "R. Tyler Croy" <tyler@monkeypox.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Unmounting msdos filesystem in a bad state causes kernel panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         185374
>Category:       kern
>Synopsis:       [msdosfs] [panic] Unmounting msdos filesystem in a bad state causes kernel panic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-fs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 31 22:00:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun Apr 20 02:18:56 UTC 2014
>Originator:     R. Tyler Croy
>Release:        10.0-PRERELEASE
>Organization:
n/a
>Environment:
FreeBSD kiwi 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #6 r259920: Thu Dec 26 12:14:47 PST 2013     root@kiwi:/usr/obj/usr/src/sys/KIWI  amd64
>Description:
I was attempting to unmount an msdosfs filesystem that I had attempted to fill up and card looks corrupted, see: g_vfs_done() errors below:

Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794335232, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794400768, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794466304, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794531840, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794597376, length=40960)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794703872, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794769408, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794834944, length=65536)]error = 5


The first time around, I attempted to umount(1) the SD card, and was giving a "resource unavailable" error (the exact string I cannot remember). Being a typical user, I added the -f (force) flag and that caused my machine to kernel panic with the following:

Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=792348672, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801994a5b10: tag msdosfs, type VREG
Dec 31 10:11:31 kiwi kernel: usecount 0, writecount 0, refcount 27537 mountedhere 0
Dec 31 10:11:31 kiwi kernel: flags (VI_DOOMED|VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80147804900 ref 0 pages 27535 cleanbuf 6752 dirtybuf 20783
Dec 31 10:11:31 kiwi kernel: lock type msdosfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: startcluster 187393, dircluster 3, diroffset 192, on dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: UNLOCKED
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:13:31 kiwi syslogd: kernel boot file is /boot/kernel/kernel
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: Fatal trap 9: general protection fault while in kernel mode
Dec 31 10:13:31 kiwi kernel: cpuid = 0; apic id = 00
Dec 31 10:13:31 kiwi kernel: instruction pointer        = 0x20:0xffffffff805a3d7d
Dec 31 10:13:31 kiwi kernel: stack pointer              = 0x28:0xfffffe0234150970
Dec 31 10:13:31 kiwi kernel: frame pointer              = 0x28:0xfffffe02341509b0
Dec 31 10:13:31 kiwi kernel: code segment               = base 0x0, limit 0xfffff, type 0x1b
Dec 31 10:13:31 kiwi kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
Dec 31 10:13:31 kiwi kernel: processor eflags   = interrupt enabled, resume, IOPL = 0
Dec 31 10:13:31 kiwi kernel: current process            = 19 (syncer)
Dec 31 10:13:31 kiwi kernel: trap number                = 9
Dec 31 10:13:31 kiwi kernel: panic: general protection fault
Dec 31 10:13:31 kiwi kernel: cpuid = 0
Dec 31 10:13:31 kiwi kernel: KDB: stack backtrace:
Dec 31 10:13:31 kiwi kernel: #0 0xffffffff8066c5e0 at kdb_backtrace+0x60
Dec 31 10:13:31 kiwi kernel: #1 0xffffffff80634035 at panic+0x155
Dec 31 10:13:31 kiwi kernel: #2 0xffffffff808cde22 at trap_fatal+0x3a2
Dec 31 10:13:31 kiwi kernel: #3 0xffffffff808cda5f at trap+0x7bf
Dec 31 10:13:31 kiwi kernel: #4 0xffffffff808b4b22 at calltrap+0x8
Dec 31 10:13:31 kiwi kernel: #5 0xffffffff806b4633 at bufwrite+0x143
Dec 31 10:13:31 kiwi kernel: #6 0xffffffff806c06ce at vop_stdfsync+0x22e
Dec 31 10:13:31 kiwi kernel: #7 0xffffffff8052fae6 at devfs_fsync+0x26
Dec 31 10:13:31 kiwi kernel: #8 0xffffffff80963698 at VOP_FSYNC_APV+0x98
Dec 31 10:13:31 kiwi kernel: #9 0xffffffff806d304a at sched_sync+0x3ca
Dec 31 10:13:31 kiwi kernel: #10 0xffffffff8060610a at fork_exit+0x9a
Dec 31 10:13:31 kiwi kernel: #11 0xffffffff808b505e at fork_trampoline+0xe
Dec 31 10:13:31 kiwi kernel: Uptime: 3d2h58m33s
Dec 31 10:13:31 kiwi kernel: Automatic reboot in 15 seconds - press a key on the console to abort
Dec 31 10:13:31 kiwi kernel: --> Press a key on the console to reboot,
Dec 31 10:13:31 kiwi kernel: --> or switch off the system now.
Dec 31 10:13:31 kiwi kernel: Rebooting...

>How-To-Repeat:
I was able to reproduce a crash, but without the same stack backtrace as above by:

1. Inserting SD card
2. Mounting
3. Writing a file to it that would exceed disk capacity (dd if=/dev/random of=/mnt/card/garbage.bin bs=1M count=1024)
4. Watch g_vfs_done() errors spew in /var/log/messages in a seeming infinite loop
5. Attempt to unmount the device
6. Crash
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->open 
State-Changed-By: linimon 
State-Changed-When: Sun Apr 20 01:48:45 UTC 2014 
State-Changed-Why:  
Over to maintainer(s). 


Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Apr 20 01:48:45 UTC 2014 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=185374 
>Unformatted:
