System panic when i try forced unmount file system from an unplugged flash device. How-To-Repeat: always.
Responsible Changed From-To: freebsd-bugs->freebsd-geom Over to maintainer(s).
i had a crash related to this topic, but at another location. it happened after using umount(8) on a card-reader, but this time _without_ using the `-f' flag. the messages "(CTRL-C to abort)" were not shown on the screen, instead the machine just rebooted. here's the backtrace: --- start of dump --- /usr/obj/usr/src/sys/spott 0 # kgdb kernel.debug /var/crash/vmcore.2 kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: vinvalbuf: dirty bufs Uptime: 1h12m4s (da0:dead_sim0:0:0:0): Synchronize cache failed, status == 0x8, scsi status == 0x0 Dumping 383 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 383MB (98048 pages) 368 352 336 320 304 288 272 (CTRL-C to abort) 256 (CTRL-C to abort) 240 (CTRL-C to abort) 224 208 192 176 160 144 128 112 96 80 64 48 32 (CTRL-C to abort) 16 (CTRL-C to abort) #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc052d27c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc052d589 in panic (fmt=0xc06cc79b "vinvalbuf: dirty bufs") at /usr/src/sys/kern/kern_shutdown.c:565 td = (struct thread *) 0xc2b8bd80 bootopt = 260 newpanic = 0 ap = 0xc2b8bd80 "\f\022@�\200�x�" buf = "vinvalbuf: dirty bufs", '\0' <repeats 234 times> #3 0xc05984a0 in bufobj_invalbuf (bo=0xc3213e90, flags=1, td=0x0, slpflag=0, slptimeo=0) at /usr/src/sys/kern/vfs_subr.c:1015 error = 0 #4 0xc0598802 in vinvalbuf (vp=0xc3213dd0, flags=0, td=0x0, slpflag=0, slptimeo=0) at /usr/src/sys/kern/vfs_subr.c:1082 No locals. #5 0xc059baf4 in vgonel (vp=0xc3213dd0) at /usr/src/sys/kern/vfs_subr.c:2436 td = (struct thread *) 0xc2b8bd80 oweinact = 0 active = 1 mp = (struct mount *) 0xc270f400 #6 0xc059b9c8 in vgone (vp=0xc3213dd0) at /usr/src/sys/kern/vfs_subr.c:2391 No locals. #7 0xc04da8b6 in devfs_delete (dm=0xc27a4880, de=0xc32afb80) at /usr/src/sys/fs/devfs/devfs_devs.c:244 No locals. #8 0xc04dab2a in devfs_populate_loop (dm=0xc27a4880, cleanup=0) at /usr/src/sys/fs/devfs/devfs_devs.c:352 cdp = (struct cdev_priv *) 0xc2b8e600 de = (struct devfs_dirent *) 0xc32afb80 dd = (struct devfs_dirent *) 0x0 pdev = (struct cdev *) 0xc27aa000 j = 0 q = 0x0 s = 0xc27aa000 "\002" #9 0xc04dadd5 in devfs_populate (dm=0xc27a4880) at /usr/src/sys/fs/devfs/devfs_devs.c:448 No locals. #10 0xc04dd02f in devfs_lookupx (ap=0x0) at /usr/src/sys/fs/devfs/devfs_vnops.c:512 cnp = (struct componentname *) 0xd5d19be8 dvp = (struct vnode *) 0xc27aa000 vpp = (struct vnode **) 0xd5d19bd4 td = (struct thread *) 0xc2b8bd80 de = (struct devfs_dirent *) 0x2002 dd = (struct devfs_dirent *) 0xc27a4600 dde = (struct devfs_dirent **) 0x0 dmp = (struct devfs_mount *) 0xc27a4880 cdev = (struct cdev *) 0xc05ab1ac error = -1032173424 flags = 18923588 nameiop = 0 specname = "$\231��\000\000\000\000�\230��\"�X�\b\234z�\006\000\000\000,\234z�\200����\230�հ\233z��\230��إY�\233z°\233z�@\231��\016�Y�" pname = 0xc27ab805 "tty" #11 0xc04dd1ce in devfs_lookup (ap=0xd5d19998) at /usr/src/sys/fs/devfs/devfs_vnops.c:576 j = -707683944 dmp = (struct devfs_mount *) 0xc27a4890 #12 0xc06a7194 in VOP_LOOKUP_APV (vop=0xc06efbe0, a=0xd5d19998) at vnode_if.c:99 rc = -1066468384 #13 0xc05911fb in lookup (ndp=0xd5d19bc0) at vnode_if.h:56 cp = 0xc27ab808 "" dp = (struct vnode *) 0xc27aa000 tdp = (struct vnode *) 0xc27aa000 mp = (struct mount *) 0x0 docache = 32 wantparent = 0 rdonly = 0 trailing_slash = 0 error = 0 dpunlocked = 0 cnp = (struct componentname *) 0xd5d19be8 td = (struct thread *) 0xc2b8bd80 vfslocked = 0 dvfslocked = 0 tvfslocked = 0 #14 0xc0590968 in namei (ndp=0xd5d19bc0) at /usr/src/sys/kern/vfs_lookup.c:203 fdp = (struct filedesc *) 0xc32b1500 cp = 0xc32b1500 "" dp = (struct vnode *) 0xc27a9bb0 aiov = {iov_base = 0x0, iov_len = 0} auio = {uio_iov = 0xc01e0, uio_iovcnt = 0, uio_offset = 16384, uio_resid = 0, uio_segflg = 3273065636, uio_rw = UIO_READ, uio_td = 0x0} error = -1032152144 linklen = -1032152144 cnp = (struct componentname *) 0xd5d19be8 td = (struct thread *) 0xc2b8bd80 p = (struct proc *) 0x0 vfslocked = 0 #15 0xc05a9cd7 in vn_open_cred (ndp=0xd5d19bc0, flagp=0xd5d19cc0, cmode=2504, cred=0xc2bad780, fdidx=3) at /usr/src/sys/kern/vfs_vnops.c:182 vp = (struct vnode *) 0x0 mp = (struct mount *) 0x2 td = (struct thread *) 0xc2b8bd80 vat = {va_type = 3266887040, va_mode = 0, va_nlink = 0, va_uid = 3587283628, va_gid = 3226451657, va_fsid = 4294967280, va_fileid = 0, va_size = 15407266001175183363, va_blocksize = -1068515300, va_atime = { tv_sec = -1020586752, tv_nsec = 3}, va_mtime = {tv_sec = 256, tv_nsec = 3}, va_ctime = { tv_sec = -1020586752, tv_nsec = -1019211252}, va_birthtime = {tv_sec = -707683592, tv_nsec = -1068500313}, va_gen = 3274380544, va_flags = 3, va_rdev = 256, va_bytes = 3587283724, va_filerev = 17179874663, va_vaflags = 3275756044, va_spare = -1029671664} mode = -707683720 fmode = 1 error = -707683068 vfslocked = 0 #16 0xc05a99b3 in vn_open (ndp=0x0, flagp=0x0, cmode=0, fdidx=0) at /usr/src/sys/kern/vfs_vnops.c:91 td = (struct thread *) 0x0 #17 0xc05a05e8 in kern_open (td=0xc2b8bd80, path=0x0, pathseg=UIO_USERSPACE, flags=1, mode=-1077945896) at /usr/src/sys/kern/vfs_syscalls.c:1002 p = (struct proc *) 0x0 fdp = (struct filedesc *) 0xc32b1500 fp = (struct file *) 0xc2a07510 vp = (struct vnode *) 0xc2713800 vat = {va_type = 3275756044, va_mode = 40008, va_nlink = -10799, va_uid = 3226741305, va_gid = 3228675648, va_fsid = 3261295572, va_fileid = 0, va_size = 13858750082021694556, va_blocksize = 0, va_atime = {tv_sec = 0, tv_nsec = -1028080256}, va_mtime = {tv_sec = 6, tv_nsec = -1068226384}, va_ctime = { tv_sec = -1028080256, tv_nsec = -1033672064}, va_birthtime = {tv_sec = -1066434944, tv_nsec = 60211073}, va_gen = 3275756212, va_flags = 3275756044, va_rdev = 3587284176, va_bytes = 14031172999752930889, va_filerev = 8589934592, va_vaflags = 3119171692, va_spare = -134132641} mp = (struct mount *) 0xc31a9aa0 cmode = 0 nfp = (struct file *) 0xc2a07510 type = 0 indx = 3 error = -707683068 lf = {l_start = -4415571073916420396, l_len = -3039476491986403325, l_pid = -1068226135, l_type = -17024, l_whence = -15688} nd = {ni_dirp = 0x806120a <Address 0x806120a out of bounds>, ni_segflg = UIO_USERSPACE, ni_startdir = 0x0, ni_rootdir = 0xc27a9bb0, ni_topdir = 0x0, ni_vp = 0x0, ni_dvp = 0xc27aa000, ni_pathlen = 1, ni_next = 0xc27ab808 "", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 18923588, cn_thread = 0xc2b8bd80, cn_cred = 0xc2bad780, cn_lkflags = 2, cn_pnbuf = 0xc27ab800 "/dev/tty", cn_nameptr = 0xc27ab805 "tty", cn_namelen = 3, cn_consume = 0}} vfslocked = -1028080256 #18 0xc05a04d6 in open (td=0x0, uap=0xd5d19d04) at /usr/src/sys/kern/vfs_syscalls.c:968 error = -1028080256 #19 0xc0692c30 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134599286, tf_esi = 134668416, tf_ebp = -1077945944, tf_isp = -707682972, tf_ebx = -1077945836, tf_edx = 53, tf_ecx = 134668416, tf_eax = 5, tf_trapno = 0, tf_err = 2, tf_eip = 672773295, tf_cs = 51, tf_eflags = 646, tf_esp = -1077945956, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:981 params = 0xbfbfd9a0 <Address 0xbfbfd9a0 out of bounds> callp = (struct sysent *) 0xc06f1b9c td = (struct thread *) 0xc2b8bd80 p = (struct proc *) 0xc340120c orig_tf_eflags = 646 sticks = 1 error = 0 narg = 3 args = {134615562, 0, -1077945896, -707683028, -1066837953, -1066330208, -707683020, 134629856} code = 5 #20 0xc067e03f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 No locals. #21 0x00000033 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) (kgdb) l layout list load (kgdb) l 200 call syscall 201 MEXITCOUNT 202 jmp doreti 203 204 ENTRY(fork_trampoline) 205 pushl %esp /* trapframe pointer */ 206 pushl %ebx /* arg1 */ 207 pushl %esi /* function */ 208 call fork_exit 209 addl $12,%esp --- end of dump --- i have two questions regarding this backtrace: [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] what does this mean? also: #20 0xc067e03f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 No locals. #21 0x00000033 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) you guys always post such beautiful kgdb usages with complete backtraces, why do i have a funny frame 21 (IP = 0x33)? regards, clemens
State Changed From-To: open->suspended This is a well-known error: there are underlying structures in the kernel that haven't been made to understand that drives can go away. This assumption has been false for years. However, the work required is going to be quite detailed; no quick workarounds are available (they've been discussed and rejected). So, mark this one as suspended for now.
Responsible Changed From-To: freebsd-geom->trasz I'll take it.
State Changed From-To: suspended->feedback Andrey, can you still reproduce it with FreeBSD 7.2? It should already be fixed.
State Changed From-To: feedback->closed Seems to be fixed.