Bug 205515

Summary: panic: devfs_fsync: vop_stdfsync failed.
Product: Base System Reporter: Fabian Keil <fk>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Fabian Keil 2015-12-22 15:39:35 UTC 
As previously reported on freebsd-current@, I got the following panic
by impatiently unplugging a USB disk while a msdosfs partition on it was
in the process of getting unmounted:

Unread portion of the kernel message buffer:
[368] Device IPOD went missing before all of the data could be written to it; expect data loss.
[368] fsync: giving up on dirty
[368] 0xfffff80011b24760: tag devfs, type VCHR
[368]     usecount 1, writecount 0, refcount 4770 mountedhere 0xfffff800061eb200
[368]     flags (VI_DOOMED|VI_ACTIVE)
[368]     v_object 0xfffff80011a4c500 ref 0 pages 4782 cleanbuf 4766 dirtybuf 1
[368]     lock type devfs: EXCL by thread 0xfffff80010c424d0 (pid 40394, sudo, tid 101528)
[368] 	dev msdosfs/IPOD
[368] panic: devfs_fsync: vop_stdfsync failed.
[...]
(kgdb) where
#0  doadump (textdump=0) at pcpu.h:221
#1  0xffffffff80316e5b in db_dump (dummy=<value optimized out>, dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533
#2  0xffffffff80316c4e in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440
#3  0xffffffff803169e4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493
#4  0xffffffff803194eb in db_trap (type=<value optimized out>, code=0) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff805e2923 in kdb_trap (type=3, code=0, tf=<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff8087cb27 in trap (frame=0xfffffe009464a0b0) at /usr/src/sys/amd64/amd64/trap.c:549
#7  0xffffffff80861ad7 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:234
#8  0xffffffff805e200b in kdb_enter (why=0xffffffff8096fb7b "panic", msg=0x32 <Address 0x32 out of bounds>) at cpufunc.h:63
#9  0xffffffff8059e5af in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:750
#10 0xffffffff8059e403 in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:688
#11 0xffffffff80459e1f in devfs_fsync (ap=<value optimized out>) at /usr/src/sys/fs/devfs/devfs_vnops.c:688
#12 0xffffffff80902206 in VOP_FSYNC_APV (vop=<value optimized out>, a=<value optimized out>) at vnode_if.c:1328
#13 0xffffffff8063dba5 in bufsync (bo=<value optimized out>, waitfor=<value optimized out>) at vnode_if.h:549
#14 0xffffffff8065bc3c in bufobj_invalbuf (bo=0xfffff80011b24830, flags=1, slpflag=0, slptimeo=0) at /usr/src/sys/kern/vfs_subr.c:1517
#15 0xffffffff8065f23e in vgonel (vp=<value optimized out>) at /usr/src/sys/kern/vfs_subr.c:1595
#16 0xffffffff8065f8e7 in vgone (vp=0xfffff80011b24760) at /usr/src/sys/kern/vfs_subr.c:3006
#17 0xffffffff80453152 in devfs_delete (dm=0xfffff80002428080, de=0xfffff800062d2d00, flags=0) at /usr/src/sys/fs/devfs/devfs_devs.c:390
#18 0xffffffff80453663 in devfs_populate_loop (dm=0xfffff80002428080, cleanup=<value optimized out>) at /usr/src/sys/fs/devfs/devfs_devs.c:528
#19 0xffffffff8045344a in devfs_populate (dm=0xfffff80002428080) at /usr/src/sys/fs/devfs/devfs_devs.c:655
#20 0xffffffff8045914e in devfs_populate_vp (vp=0xfffff80006130588) at /usr/src/sys/fs/devfs/devfs_vnops.c:239
#21 0xffffffff80456c4c in devfs_lookup (ap=0xfffffe009464a6d8) at /usr/src/sys/fs/devfs/devfs_vnops.c:1042
#22 0xffffffff80900e90 in VOP_LOOKUP_APV (vop=<value optimized out>, a=<value optimized out>) at vnode_if.c:127
#23 0xffffffff8065131e in lookup (ndp=0xfffffe009464a9b0) at vnode_if.h:54
#24 0xffffffff806509f1 in namei (ndp=<value optimized out>) at /usr/src/sys/kern/vfs_lookup.c:306
#25 0xffffffff8066ed7c in vn_open_cred (ndp=0xfffffe009464a9b0, flagp=0xfffffe009464aa8c, cmode=0, vn_open_flags=0, cred=0xfffff80010467400, fp=0xfffff8000633c780) at /usr/src/sys/kern/vfs_vnops.c:277
#26 0xffffffff80667eef in kern_openat (td=0xfffff80010c424d0, fd=-100, path=0x41527f <Address 0x41527f out of bounds>, pathseg=UIO_USERSPACE, flags=Cannot access memory at address 0x32
) at /usr/src/sys/kern/vfs_syscalls.c:1005
#27 0xffffffff8087db2b in amd64_syscall (td=0xfffff80010c424d0, traced=0) at subr_syscall.c:140
#28 0xffffffff80861dbb in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:394
#29 0x0000000800f4d7aa in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal
(kgdb) f 11
#11 0xffffffff80459e1f in devfs_fsync (ap=<value optimized out>) at /usr/src/sys/fs/devfs/devfs_vnops.c:688
688					panic("devfs_fsync: vop_stdfsync failed.");
(kgdb) l -
678		if (!vn_isdisk(ap->a_vp, &error)) {
679			bo = &ap->a_vp->v_bufobj;
680			de = ap->a_vp->v_data;
681			if (error == ENXIO && bo->bo_dirty.bv_cnt > 0) {
682				printf("Device %s went missing before all of the data "
683				    "could be written to it; expect data loss.\n",
684				    de->de_dirent->d_name);
685	
686				error = vop_stdfsync(ap);
687				if (bo->bo_dirty.bv_cnt != 0 || error != 0)
(kgdb) l
688					panic("devfs_fsync: vop_stdfsync failed.");


It seems strange to me that vop_stdfsync() apparently is expected
to succeed even though the device is known to be missing.

The kernel was based on r291864 but the printf+panic code was added years
ago in r186911 and the commit message suggests that it prevents a different
panic:

commit d72b8ba20f3993d4517a73171cb5e4a269b103a6
Author: trasz <trasz@FreeBSD.org>
Date:   Thu Jan 8 19:13:34 2009 +0000

    Don't panic with "vinvalbuf: dirty bufs" when the mounted device that was
    being written to goes away.
Comment 1 Fabian Keil 2017-02-15 18:32:58 UTC 
This should be fixed by r313775.