Subject: kern/36958: union mounts fails to mark fs with in-use vnodes as busy
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <bad@bsd.de>
List: netbsd-bugs
Date: 09/09/2007 19:45:00
>Number: 36958
>Category: kern
>Synopsis: the system panics when an active union mount is unmounted
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Sep 09 19:45:00 +0000 2007
>Originator: Christoph Badura
>Release: NetBSD 3.1_STABLE
>Organization:
>Environment:
System: NetBSD just-passing-through 3.1_STABLE NetBSD 3.1_STABLE (pe1400-dom0) #3: Mon Aug 27 00:44:13 MEST 2007 root@nervous-energy:/m/obj/m/src/sys/arch/i386/compile/pe1400-dom0 i386
Architecture: i386
Machine: i386
Sources as of 2007-08-26
>Description:
When a union mount is unmounted but there are vnodes from the union mount
still active, the system panics instead of refusing to unmount because
the file system is busy.
>How-To-Repeat:
Execute the following commands after booting to single-user bode:
# mount -t mfs -o -s=5M swap /tmp
# cd /tmp
# mkdir a b
# mount -t union /tmp/a /tmp/b
# mount
root_device on / type ffs (read-only, local)
mfs:12 on /tmp type mfs (synchronous, local)
<above>:/tmp/a on /tmp/b type union (local)
# cd b
# umount /tmp/b
panic: unmount: dangling vnode
Stopped in pid 17.1 (umount) at netbsd:cpu_Debugger+0x4: popl %ebp
cpu_Debugger(c03fcf80,c6383e88,c6383e7c,c01ef34e,c066dc60) at netbsd:cpu_Debugge
r+0x4
panic(c03f99f2,0,c5a82b28,c5a82b28,11) at netbsd:panic+0x135
dounmount(c0720000,0,c5a82b28,c5a881c0,bdbb3000) at netbsd:dounmount+0x3f2
sys_unmount(c5a8b39c,c6383f64,c6383f5c,c5a82b28,1) at netbsd:sys_unmount+0xf9
syscall_plain() at netbsd:syscall_plain+0x19b
--- syscall (number 22) ---
0xbdb47287:
ds 0x11
es 0x11
fs 0x31
gs 0x11
edi 0xc03f99f2 copyright+0xdab2
esi 0x100
ebp 0xc6383e4c
ebx 0xc6383e88
edx 0
ecx 0xfffffffe
eax 0x1
eip 0xc037bbf4 cpu_Debugger+0x4
cs 0x9
eflags 0x202
esp 0xc6383e4c
ss 0x11
netbsd:cpu_Debugger+0x4: popl %ebp
Stopped in pid 17.1 (umount) at netbsd:cpu_Debugger+0x4: popl %ebp
db> reboot 808
syncing disks... done
# mount -t mfs -o -s=5M swap /tmp
# cd /tmp
# mkdir a b
# touch a/foo
# mount -t union /tmp/a /tmp/b
# ls /tmp/b b
foo
# mount
root_device on / type ffs (read-only, local)
mfs:12 on /tmp type mfs (synchronous, local)
<above>:/tmp/a on /tmp/b type union (local)
# sleep 300 < /tmp/b/foo &
# umount /tmp/b
panic: unmount: dangling vnode
Stopped in pid 20.1 (umount) at netbsd:cpu_Debugger+0x4: popl %ebp
cpu_Debugger(c03fcf80,c635fe88,c635fe7c,c01ef34e,c066d920) at netbsd:cpu_Debugge
r+0x4
panic(c03f99f2,0,c5a82cc0,c5a82cc0,14) at netbsd:panic+0x135
dounmount(c0720000,0,c5a82cc0,c5a882a0,bdbb3000) at netbsd:dounmount+0x3f2
sys_unmount(c5a8b420,c635ff64,c635ff5c,c5a82cc0,1) at netbsd:sys_unmount+0xf9
syscall_plain() at netbsd:syscall_plain+0x19b
--- syscall (number 22) ---
0xbdb47287:
ds 0x11
es 0x11
fs 0x31
gs 0x11
edi 0xc03f99f2 copyright+0xdab2
esi 0x100
ebp 0xc635fe4c
ebx 0xc635fe88
edx 0
ecx 0xfffffffe
eax 0x1
eip 0xc037bbf4 cpu_Debugger+0x4
cs 0x9
eflags 0x202
esp 0xc635fe4c
ss 0x11
netbsd:cpu_Debugger+0x4: popl %ebp
Stopped in pid 20.1 (umount) at netbsd:cpu_Debugger+0x4: popl %ebp
db> reboot 808
syncing disks... done
>Fix: