Bug 203492

Summary: mount_unionfs -o below causes panic
Product: Base System Reporter: mwlucas
Component: kernAssignee: freebsd-fs (Nobody) <fs>
Status: Closed FIXED    
Severity: Affects Some People CC: mckusick
Priority: --- Keywords: needs-patch, needs-qa
Version: CURRENTFlags: koobs: mfc-stable10?
koobs: mfc-stable9?
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
core.txt none

Description mwlucas 2015-10-01 20:49:23 UTC 
Created attachment 161624 [details]
core.txt

Running:

FreeBSD storm 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r288449: Thu Oct  1 10:07:03 EDT 2015     root@storm:/usr/obj/usr/src/sys/JAIL  amd64

The kernel config is:

include GENERIC
ident   VIMAGE
options         VIMAGE
options         RACCT
options         RCTL

The same behavior also occurs on GENERIC, however.

This host has a jails pool, with two datasets: basejail and jail1. I want jail1 to be the mountpoint, and mount jail1 on top of basejail. My understanding is that I can then reuse the basejail dataset for multiple jails.

# cd jails
# mount_unionfs -o below basejail/ jail1/

If I go into /jails/jail1 and try to remove something from the lower layer, I get a panic.

Unread portion of the kernel message buffer:
panic: solaris assert: cnp->cn_namelen < sizeof(nm), file: /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c, line: 6213
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe085d12b360
vpanic() at vpanic+0x189/frame 0xfffffe085d12b3e0
panic() at panic+0x43/frame 0xfffffe085d12b440
assfail() at assfail+0x1a/frame 0xfffffe085d12b450
zfs_freebsd_lookup() at zfs_freebsd_lookup+0x47/frame 0xfffffe085d12b590
VOP_CACHEDLOOKUP_APV() at VOP_CACHEDLOOKUP_APV+0xf1/frame 0xfffffe085d12b5c0
vfs_cache_lookup() at vfs_cache_lookup+0xd6/frame 0xfffffe085d12b620
VOP_LOOKUP_APV() at VOP_LOOKUP_APV+0xf1/frame 0xfffffe085d12b650
relookup() at relookup+0xa1/frame 0xfffffe085d12b6b0
unionfs_relookup() at unionfs_relookup+0x105/frame 0xfffffe085d12b710
unionfs_relookup_for_delete() at unionfs_relookup_for_delete+0x56/frame 0xfffffe085d12b7a0
unionfs_rmdir() at unionfs_rmdir+0xd1/frame 0xfffffe085d12b800
VOP_RMDIR_APV() at VOP_RMDIR_APV+0xf7/frame 0xfffffe085d12b830
kern_rmdirat() at kern_rmdirat+0x1bc/frame 0xfffffe085d12b9a0
amd64_syscall() at amd64_syscall+0x2e1/frame 0xfffffe085d12bab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe085d12bab0
--- syscall (137, FreeBSD ELF64, sys_rmdir), rip = 0x800896dba, rsp = 0x7fffffffe8f8, rbp = 0x7fffffffe930 ---
KDB: enter: panic
Comment 1 mwlucas 2015-10-02 16:47:19 UTC 
Just tried this on 10.1-R. Cannot reproduce there.

Apparently a current-only thing.

But I say this book targets 10+, and there is no 11.0-R, so at least I can keep writing. ;-)
Comment 2 Kirk McKusick freebsd_committer freebsd_triage 2021-08-01 21:41:57 UTC 
This bug appears to have been fixed in current systems (tested on 13.0-stable). If it can be reproduced, please submit a new report.