From andre.albsmeier@mchp.siemens.de  Sun Mar  1 07:25:34 1998
Received: from david.siemens.de (david.siemens.de [192.35.17.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA21806
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 1 Mar 1998 07:25:33 -0800 (PST)
          (envelope-from andre.albsmeier@mchp.siemens.de)
Received: from salomon.mchp.siemens.de (salomon.siemens.de [139.23.33.13])
	by david.siemens.de (8.8.8/8.8.8) with ESMTP id QAA29769
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 1 Mar 1998 16:25:09 +0100 (MET)
Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23])
	by salomon.mchp.siemens.de (8.8.8/8.8.5) with ESMTP id QAA06702
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 1 Mar 1998 16:25:11 +0100 (CET)
Received: (from daemon@localhost)
	by curry.mchp.siemens.de (8.8.8/8.8.8) id QAA11568
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 1 Mar 1998 16:25:12 +0100 (CET)
Message-Id: <199803011525.QAA25028@intern>
Date: Sun, 1 Mar 1998 16:25:09 +0100 (CET)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: FreeBSD-gnats-submit@freebsd.org
Subject: 2.2-STABLE crashes when unmounting a busy ufs fs
X-Send-Pr-Version: 3.2

>Number:         5886
>Category:       kern
>Synopsis:       2.2-STABLE crashes when unmounting a busy ufs fs
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar  1 07:30:01 PST 1998
>Closed-Date:    Tue Mar 16 06:47:35 PST 1999
>Last-Modified:  Tue Mar 16 06:47:57 PST 1999
>Originator:     Andre Albsmeier
>Release:        FreeBSD 2.2.5-STABLE i386
>Organization:
>Environment:

		FreeBSD 2.2.5-STABLE, recent build

>Description:

let's assume the following (done as root):

	mount /dev/sd3c /mnt
	tar cf /mnt/bla.tar some_big_directory

While the tar is running we do the following in another shell:

	umount /mnt

If we see a "Device busy" error we just repeat the umount again and again.
Suddenly the system freezes for about 10 seconds and reboots. During the
bootstrap the following message appears:

	bali daemon.alert savecore: reboot after panic: vinvalbuf: dirty bufs

All that happens on a FreeBSD 2.2.5-STABLE system.

Here is a mail that I received after posting the problem to the mailinglists:

----------------------- snip --------------------------------------

Return-Path: <j@bug.fe.up.pt>
Date: Fri, 27 Feb 1998 20:21:09 +0000 (WET)
From: freebsd@bug.fe.up.pt
X-Sender: jmg@slug.EUnet.pt
cc: freebsd-questions@FreeBSD.ORG, hackers@FreeBSD.ORG, jkh@time.cdrom.com
Subject: Re: 2.2.5-STABLE: is this a bug in umount?
In-Reply-To: <199802271717.SAA00672@intern>
Message-ID: <Pine.BSF.3.96.980227201611.251A-200000@slug.EUnet.pt>
MIME-Version: 1.0

Hi!

I did a kernel debug on it and here is the log of the debug (I've 
included an attachment with the full log):

(kgdb) down
#9  0xf01318fc in unmount (p=0xf1509800, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/vfs_syscalls.c:280
280		return (dounmount(mp, uap->flags, p));
(kgdb) list
275		 * Don't allow unmount of the root filesystem
276		 */
277		if (mp->mnt_flag & MNT_ROOTFS)
278			return (EINVAL);
279	
280		return (dounmount(mp, uap->flags, p));
281	}
282	
283	/*
284	 * Do the actual file system unmount.
(kgdb) exit

The solution is to add an if before the return checking if there is 
activity in that partition. The way to do that I'll leave to the 
core team or someone with commit priviliges.

				Jorge

---------- and the log ------------------------------------

Script started on Fri Feb 27 20:03:53 1998
slug# cd /sys/compile/SLUG
slug# gdb -k
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc.
(kgdb) symbol-file kernel.debug
Reading symbols from kernel.debug...done.
(kgdb) exec-file /var/crash/kernel.1
(kgdb) core-file /var/crash/vmcore.1
IdlePTD 1de000
current pcb at 1c2718
panic: vinvalbuf: dirty bufs
#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
266					dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
#1  0xf0111f32 in panic (fmt=0xf012feb9 "vinvalbuf: dirty bufs")
    at ../../kern/kern_shutdown.c:390
#2  0xf012ff64 in vinvalbuf (vp=0xf15a1880, flags=1, cred=0x0, p=0x0, 
    slpflag=0, slptimeo=0) at ../../kern/vfs_subr.c:481
#3  0xf016f89d in vm_object_terminate (object=0xf15f3f00)
    at ../../vm/vm_object.c:397
#4  0xf016f74b in vm_object_deallocate (object=0xf15f3f00)
    at ../../vm/vm_object.c:353
#5  0xf0130889 in vflush (mp=0xf152bc00, skipvp=0x0, flags=0)
    at ../../kern/vfs_subr.c:989
#6  0xf015f4dc in ffs_flushfiles (mp=0xf152bc00, flags=0, p=0xf1509800)
    at ../../ufs/ffs/ffs_vfsops.c:725
#7  0xf015f3aa in ffs_unmount (mp=0xf152bc00, mntflags=0, p=0xf1509800)
    at ../../ufs/ffs/ffs_vfsops.c:664
#8  0xf01319ca in dounmount (mp=0xf152bc00, flags=0, p=0xf1509800)
    at ../../kern/vfs_syscalls.c:312
#9  0xf01318fc in unmount (p=0xf1509800, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/vfs_syscalls.c:280
#10 0xf0181933 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272640576, 
      tf_esi = 168358, tf_ebp = -272639440, tf_isp = -272629788, tf_ebx = 0, 
      tf_edx = 1, tf_ecx = 58, tf_eax = 22, tf_trapno = 7, tf_err = 7, 
      tf_eip = 11541, tf_cs = 31, tf_eflags = 582, tf_esp = -272640628, 
      tf_ss = 39}) at ../../i386/i386/trap.c:914
---Type <return> to continue, or q <return> to quit---
#11 0x2d15 in ?? ()
#12 0x12d3 in ?? ()
#13 0x107e in ?? ()
(kgdb) down 10
#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
266					dumppcb.pcb_cr3 = rcr3();
(kgdb) up 10
#10 0xf0181933 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272640576, 
      tf_esi = 168358, tf_ebp = -272639440, tf_isp = -272629788, tf_ebx = 0, 
      tf_edx = 1, tf_ecx = 58, tf_eax = 22, tf_trapno = 7, tf_err = 7, 
      tf_eip = 11541, tf_cs = 31, tf_eflags = 582, tf_esp = -272640628, 
      tf_ss = 39}) at ../../i386/i386/trap.c:914
914		error = (*callp->sy_call)(p, args, rval);
(kgdb) up
#11 0x2d15 in ?? ()
(kgdb) down
#10 0xf0181933 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272640576, 
      tf_esi = 168358, tf_ebp = -272639440, tf_isp = -272629788, tf_ebx = 0, 
      tf_edx = 1, tf_ecx = 58, tf_eax = 22, tf_trapno = 7, tf_err = 7, 
      tf_eip = 11541, tf_cs = 31, tf_eflags = 582, tf_esp = -272640628, 
      tf_ss = 39}) at ../../i386/i386/trap.c:914
914		error = (*callp->sy_call)(p, args, rval);
(kgdb) down
#9  0xf01318fc in unmount (p=0xf1509800, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/vfs_syscalls.c:280
280		return (dounmount(mp, uap->flags, p));
(kgdb) list
275		 * Don't allow unmount of the root filesystem
276		 */
277		if (mp->mnt_flag & MNT_ROOTFS)
278			return (EINVAL);
279	
280		return (dounmount(mp, uap->flags, p));
281	}
282	
283	/*
284	 * Do the actual file system unmount.
(kgdb) exit
slug#
Script done on Fri Feb 27 20:13:59 1998

>How-To-Repeat:

	mount a ufs drive (in my case a jaz drive)
        do something on it (here a tar which writes a big archive)
        unmount it while it's busy (maybe have to try multiple times)

>Fix:
	
	Maybe the stuff above helps
>Release-Note:
>Audit-Trail:

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/5886: 2.2-STABLE crashes when unmounting a busy ufs fs
Date: Mon, 15 Mar 1999 13:53:45 +0100

 I think we should close this one as well since the
 problem doesn't appear in 3.x anymore.
 
 	-Andre
 
State-Changed-From-To: open->closed 
State-Changed-By: dcs 
State-Changed-When: Tue Mar 16 06:47:35 PST 1999 
State-Changed-Why:  
Closed at originator's request. 
>Unformatted:
