Date: Thu, 19 Jul 2007 05:46:18 +1000 (EST) From: Bruce Evans <brde@optusnet.com.au> To: bugs@freebsd.org Subject: a null pointer panic due to clobbered bufobjs Message-ID: <20070719051755.U1463@besplex.bde.org>
next in thread | raw e-mail | index | archive | help
Repeated read-only mounting of a single device (to the same or different mount points) now seems to work, but each mount clobbers the previous mount's setting of the device vnode's bufobj. See g_vfs_open() and ffs_mount(). The clobbered bufobj even seems to work, since it remains pointing to essential an alias of the clobbered data. But then on unmount of the ultimate clobberer, the bufobj is left pointing to garbage (mainly in bo->bo_private when that is freed via a different pointer to it). This causes things like the following to panic on a null pointer in g_io_request(): # mount -o ro /dev/mumble /mnt # mount -o ro /dev/mumble /mnt # umount /mnt # unmount one so that other can be remounted rw # no way to control which one gets unmounted (?), # but it is apparently the last one # umount -u -o noro /mnt but the following seems to work: # mount -o ro /dev/mumble /mnt # mount -o ro /dev/mumble /mnt1 # diferent mount point for control # umount /mnt # unmount first one # mount -u -o noro /mnt1 Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070719051755.U1463>