Date: Sat, 27 Jan 2001 17:03:18 +0100 (CET) From: pantzer@ludd.luth.se To: FreeBSD-gnats-submit@freebsd.org Subject: kern/24680: panic on cd .. on the root of a filesystem that is unmounted. Message-ID: <200101271603.f0RG3I905012@skalman.campus.luth.se>
next in thread | raw e-mail | index | archive | help
>Number: 24680
>Category: kern
>Synopsis: panic on cd .. on the root of a filesystem that is unmounted.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 27 08:10:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Mattias Pantzare
>Release: FreeBSD 4.2-STABLE i386
>Organization:
>Environment:
>Description:
The kernel will panic if a user does cd .. in a shell that was on the
mountpoint of a filesystem that has been unmounted with the force flag.
#0 dumpsys () at ../../kern/kern_shutdown.c:469
#1 0xc013336f in boot (howto=260) at ../../kern/kern_shutdown.c:309
#2 0xc0133705 in panic (fmt=0xc023fcf4 "from debugger")
at ../../kern/kern_shutdown.c:556
#3 0xc011e339 in db_panic (addr=-1072311442, have_addr=0, count=-1,
modif=0xc5d10c7c "") at ../../ddb/db_command.c:433
#4 0xc011e2d9 in db_command (last_cmdp=0xc026ab78, cmd_table=0xc026a9d8,
aux_cmd_tablep=0xc0284208) at ../../ddb/db_command.c:333
#5 0xc011e39e in db_command_loop () at ../../ddb/db_command.c:455
#6 0xc01204ab in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#7 0xc021ca8a in kdb_trap (type=12, code=0, regs=0xc5d10dd0)
at ../../i386/i386/db_interface.c:158
#8 0xc022bcc8 in trap_fatal (frame=0xc5d10dd0, eva=16)
at ../../i386/i386/trap.c:946
#9 0xc022b9a1 in trap_pfault (frame=0xc5d10dd0, usermode=0, eva=16)
at ../../i386/i386/trap.c:844
#10 0xc022b517 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -976154868, tf_esi = -980796414, tf_ebp = -976155060,
tf_isp = -976155140, tf_ebx = -975865280, tf_edx = -976154908,
tf_ecx = 38, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1072311442, tf_cs = 8, tf_eflags = 582, tf_esp = -975865280,
tf_ss = -1064217856}) at ../../i386/i386/trap.c:443
#11 0xc015d36e in lookup (ndp=0xc5d10ee4) at ../../kern/vfs_lookup.c:408
#12 0xc015cef4 in namei (ndp=0xc5d10ee4) at ../../kern/vfs_lookup.c:153
#13 0xc0161705 in change_dir (ndp=0xc5d10ee4, p=0xc58935e0)
at ../../kern/vfs_syscalls.c:935
#14 0xc01615b8 in chdir (p=0xc58935e0, uap=0xc5d10f80)
at ../../kern/vfs_syscalls.c:836
#15 0xc022bfa1 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 135464784, tf_esi = 0, tf_ebp = -1077954296,
tf_isp = -976154668, tf_ebx = 135725184, tf_edx = 135472514,
tf_ecx = 135472640, tf_eax = 12, tf_trapno = 22, tf_err = 2,
tf_eip = 134802156, tf_cs = 31, tf_eflags = 582, tf_esp = -1077957444,
tf_ss = 47}) at ../../i386/i386/trap.c:1150
#16 0xc021d3d5 in Xint0x80_syscall ()
#17 0x804bb09 in ?? ()
#18 0x80532e4 in ?? ()
#19 0x806061a in ?? ()
#20 0x8060855 in ?? ()
#21 0x804a7db in ?? ()
#22 0x8049a07 in ?? ()
#23 0x8048135 in ?? ()
>How-To-Repeat:
mount /dev/ad1a /mnt
cd /mnt
umount -f /mnt
cd ..
PANIC
>Fix:
This might not be the "right" fix, but it stops the panic.
*** vfs_lookup.c Sat Jan 27 17:37:24 2001
--- vfs_lookup.c.new Sat Jan 27 17:37:06 2001
***************
*** 404,409 ****
--- 404,411 ----
if ((dp->v_flag & VROOT) == 0 ||
(cnp->cn_flags & NOCROSSMOUNT))
break;
+ if (dp->v_mount == 0)
+ break;
tdp = dp;
dp = dp->v_mount->mnt_vnodecovered;
vput(tdp);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101271603.f0RG3I905012>