netbsd-bugs: kern/36958: union mounts fails to mark fs with in-use vnodes as busy

Subject: kern/36958: union mounts fails to mark fs with in-use vnodes as busy
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <bad@bsd.de>
List: netbsd-bugs
Date: 09/09/2007 19:45:00
>Number:         36958
>Category:       kern
>Synopsis:       the system panics when an active union mount is unmounted
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 09 19:45:00 +0000 2007
>Originator:     Christoph Badura
>Release:        NetBSD 3.1_STABLE
>Organization:
	
>Environment:
	
	
System: NetBSD just-passing-through 3.1_STABLE NetBSD 3.1_STABLE (pe1400-dom0) #3: Mon Aug 27 00:44:13 MEST 2007  root@nervous-energy:/m/obj/m/src/sys/arch/i386/compile/pe1400-dom0 i386
Architecture: i386
Machine: i386
Sources as of 2007-08-26
>Description:
	

When a union mount is unmounted but there are vnodes from the union mount
still active, the system panics instead of refusing to unmount because
the file system is busy.

>How-To-Repeat:
	
Execute the following commands after booting to single-user bode:

# mount -t mfs -o -s=5M swap /tmp
# cd /tmp
# mkdir a b
# mount -t union /tmp/a /tmp/b
# mount
root_device on / type ffs (read-only, local)
mfs:12 on /tmp type mfs (synchronous, local)
<above>:/tmp/a on /tmp/b type union (local)
# cd b
# umount /tmp/b
panic: unmount: dangling vnode
Stopped in pid 17.1 (umount) at netbsd:cpu_Debugger+0x4:        popl    %ebp
cpu_Debugger(c03fcf80,c6383e88,c6383e7c,c01ef34e,c066dc60) at netbsd:cpu_Debugge
r+0x4
panic(c03f99f2,0,c5a82b28,c5a82b28,11) at netbsd:panic+0x135
dounmount(c0720000,0,c5a82b28,c5a881c0,bdbb3000) at netbsd:dounmount+0x3f2
sys_unmount(c5a8b39c,c6383f64,c6383f5c,c5a82b28,1) at netbsd:sys_unmount+0xf9
syscall_plain() at netbsd:syscall_plain+0x19b
--- syscall (number 22) ---
0xbdb47287:
ds          0x11
es          0x11
fs          0x31
gs          0x11
edi         0xc03f99f2  copyright+0xdab2
esi         0x100
ebp         0xc6383e4c
ebx         0xc6383e88
edx         0
ecx         0xfffffffe
eax         0x1
eip         0xc037bbf4  cpu_Debugger+0x4
cs          0x9
eflags      0x202
esp         0xc6383e4c
ss          0x11
netbsd:cpu_Debugger+0x4:        popl    %ebp
Stopped in pid 17.1 (umount) at netbsd:cpu_Debugger+0x4:        popl    %ebp
db> reboot 808
syncing disks... done

# mount -t mfs -o -s=5M swap /tmp
# cd /tmp
# mkdir a b
# touch a/foo
# mount -t union /tmp/a /tmp/b
# ls /tmp/b b
foo
# mount
root_device on / type ffs (read-only, local)
mfs:12 on /tmp type mfs (synchronous, local)
<above>:/tmp/a on /tmp/b type union (local)
# sleep 300 < /tmp/b/foo &
# umount /tmp/b
panic: unmount: dangling vnode
Stopped in pid 20.1 (umount) at netbsd:cpu_Debugger+0x4:        popl    %ebp
cpu_Debugger(c03fcf80,c635fe88,c635fe7c,c01ef34e,c066d920) at netbsd:cpu_Debugge
r+0x4
panic(c03f99f2,0,c5a82cc0,c5a82cc0,14) at netbsd:panic+0x135
dounmount(c0720000,0,c5a82cc0,c5a882a0,bdbb3000) at netbsd:dounmount+0x3f2
sys_unmount(c5a8b420,c635ff64,c635ff5c,c5a82cc0,1) at netbsd:sys_unmount+0xf9
syscall_plain() at netbsd:syscall_plain+0x19b
--- syscall (number 22) ---
0xbdb47287:
ds          0x11
es          0x11
fs          0x31
gs          0x11
edi         0xc03f99f2  copyright+0xdab2
esi         0x100
ebp         0xc635fe4c
ebx         0xc635fe88
edx         0
ecx         0xfffffffe
eax         0x1
eip         0xc037bbf4  cpu_Debugger+0x4
cs          0x9
eflags      0x202
esp         0xc635fe4c
ss          0x11
netbsd:cpu_Debugger+0x4:        popl    %ebp
Stopped in pid 20.1 (umount) at netbsd:cpu_Debugger+0x4:        popl    %ebp
db> reboot 808
syncing disks... done
>Fix: