Bug 185374

Summary: [msdosfs] [panic] Unmounting msdos filesystem in a bad state causes kernel panic
Product: Base System Reporter: R. Tyler Croy <tyler>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me Keywords: crash
Priority: Normal    
Version: 10.0-PRERELEASE   
Hardware: Any   
OS: Any   

Description R. Tyler Croy 2013-12-31 22:00:00 UTC 
I was attempting to unmount an msdosfs filesystem that I had attempted to fill up and card looks corrupted, see: g_vfs_done() errors below:

Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794335232, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794400768, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794466304, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794531840, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794597376, length=40960)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794703872, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794769408, length=65536)]error = 5
Dec 31 12:28:34 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=794834944, length=65536)]error = 5


The first time around, I attempted to umount(1) the SD card, and was giving a "resource unavailable" error (the exact string I cannot remember). Being a typical user, I added the -f (force) flag and that caused my machine to kernel panic with the following:

Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=792348672, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801994a5b10: tag msdosfs, type VREG
Dec 31 10:11:31 kiwi kernel: usecount 0, writecount 0, refcount 27537 mountedhere 0
Dec 31 10:11:31 kiwi kernel: flags (VI_DOOMED|VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80147804900 ref 0 pages 27535 cleanbuf 6752 dirtybuf 20783
Dec 31 10:11:31 kiwi kernel: lock type msdosfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: startcluster 187393, dircluster 3, diroffset 192, on dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: EXCL by thread 0xfffff801c572b920 (pid 65381, umount, tid 101016)
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769116160, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: g_vfs_done():da1s1[WRITE(offset=769120256, length=4096)]error = 5
Dec 31 10:11:31 kiwi kernel: fsync: giving up on dirty
Dec 31 10:11:31 kiwi kernel: 0xfffff801624c71d8: tag devfs, type VCHR
Dec 31 10:11:31 kiwi kernel: usecount 1, writecount 0, refcount 414 mountedhere 0xfffff801557f3600
Dec 31 10:11:31 kiwi kernel: flags (VI_ACTIVE)
Dec 31 10:11:31 kiwi kernel: v_object 0xfffff80133e68d00 ref 0 pages 446 cleanbuf 2 dirtybuf 410
Dec 31 10:11:31 kiwi kernel: lock type devfs: UNLOCKED
Dec 31 10:11:31 kiwi kernel: dev da1s1
Dec 31 10:13:31 kiwi syslogd: kernel boot file is /boot/kernel/kernel
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: 
Dec 31 10:13:31 kiwi kernel: Fatal trap 9: general protection fault while in kernel mode
Dec 31 10:13:31 kiwi kernel: cpuid = 0; apic id = 00
Dec 31 10:13:31 kiwi kernel: instruction pointer        = 0x20:0xffffffff805a3d7d
Dec 31 10:13:31 kiwi kernel: stack pointer              = 0x28:0xfffffe0234150970
Dec 31 10:13:31 kiwi kernel: frame pointer              = 0x28:0xfffffe02341509b0
Dec 31 10:13:31 kiwi kernel: code segment               = base rx0, limit 0xfffff, type 0x1b
Dec 31 10:13:31 kiwi kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
Dec 31 10:13:31 kiwi kernel: processor eflags   = interrupt enabled, resume, IOPL = 0
Dec 31 10:13:31 kiwi kernel: current process            = 19 (syncer)
Dec 31 10:13:31 kiwi kernel: trap number                = 9
Dec 31 10:13:31 kiwi kernel: panic: general protection fault
Dec 31 10:13:31 kiwi kernel: cpuid = 0
Dec 31 10:13:31 kiwi kernel: KDB: stack backtrace:
Dec 31 10:13:31 kiwi kernel: #0 0xffffffff8066c5e0 at kdb_backtrace+0x60
Dec 31 10:13:31 kiwi kernel: #1 0xffffffff80634035 at panic+0x155
Dec 31 10:13:31 kiwi kernel: #2 0xffffffff808cde22 at trap_fatal+0x3a2
Dec 31 10:13:31 kiwi kernel: #3 0xffffffff808cda5f at trap+0x7bf
Dec 31 10:13:31 kiwi kernel: #4 0xffffffff808b4b22 at calltrap+0x8
Dec 31 10:13:31 kiwi kernel: #5 0xffffffff806b4633 at bufwrite+0x143
Dec 31 10:13:31 kiwi kernel: #6 0xffffffff806c06ce at vop_stdfsync+0x22e
Dec 31 10:13:31 kiwi kernel: #7 0xffffffff8052fae6 at devfs_fsync+0x26
Dec 31 10:13:31 kiwi kernel: #8 0xffffffff80963698 at VOP_FSYNC_APV+0x98
Dec 31 10:13:31 kiwi kernel: #9 0xffffffff806d304a at sched_sync+0x3ca
Dec 31 10:13:31 kiwi kernel: #10 0xffffffff8060610a at fork_exit+0x9a
Dec 31 10:13:31 kiwi kernel: #11 0xffffffff808b505e at fork_trampoline+0xe
Dec 31 10:13:31 kiwi kernel: Uptime: 3d2h58m33s
Dec 31 10:13:31 kiwi kernel: Automatic reboot in 15 seconds - press a key on the console to abort
Dec 31 10:13:31 kiwi kernel: --> Press a key on the console to reboot,
Dec 31 10:13:31 kiwi kernel: --> or switch off the system now.
Dec 31 10:13:31 kiwi kernel: Rebooting...

How-To-Repeat: I was able to reproduce a crash, but without the same stack backtrace as above by:

1. Inserting SD card
2. Mounting
3. Writing a file to it that would exceed disk capacity (dd if=/dev/random of=/mnt/card/garbage.bin bs=1M count=1024)
4. Watch g_vfs_done() errors spew in /var/log/messages in a seeming infinite loop
5. Attempt to unmount the device
6. Crash
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-04-20 02:48:45 UTC 
State Changed
From-To: open->open

Over to maintainer(s).
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2014-04-20 02:48:45 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-fs
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:58:58 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2022-10-17 12:18:05 UTC 
Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>