umount/ls panic

Nicolas Thery nthery at gmail.com
Sun Oct 21 08:34:46 PDT 2007


2007/10/4, Petr Janda <elekktretterr at exemail.com.au>:
> Hi Matt and the rest,
> I just discovered a new bug. What happened is this:
>
> ad3s2 is mount on /mnt/windows
>
> i mounted fat32 fs (ad3s3) over /mnt/windows
>
> cd /mnt/windows, then force umount of /mnt/windows. if you dont get a panic
> yet, try ls the directory you are in (mnt windows) and get this panic:
>
> http://www.punchyouremployer.com/images/p1000675.jpg

This bug is not related to fat32.  It can for example be reproduced with /proc:

cd /proc
umount -f /proc
ls (or any external command)

It can also be reproduced w/o force unmount:

sleep 30 &
cd /proc/$!
. .. wait for 30s or kill the sleep process ...
ls (or any external command)

When forking ls, fdcopy() calls vref() on fd_cdir but the latter was
inactivated earlier during unmounting (vflush()).  This triggers the
assertion in vref().

I don't know how to fix this.  As an experiment, I tried setting
fd_cdir to NULL if VINACTIVE is set but this triggers a crash at
boot-time.  Maybe the assertion should be relaxed, for this case only,

KKASSERT(vp->v_sysref.refcnt > 0 && (vp->v_flag & VFREE) == 0);

Any advice?





More information about the Bugs mailing list