Bug 24680

Summary: panic on cd .. on the root of a filesystem that is unmounted.
Product: Base System Reporter: pantzer <pantzer>
Component: kernAssignee: Alfred Perlstein <alfred>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.2-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description pantzer 2001-01-27 16:10:00 UTC 
The kernel will panic if a user does cd .. in a shell that was on the
mountpoint of a filesystem that has been unmounted with the force flag.

#0  dumpsys () at ../../kern/kern_shutdown.c:469
#1  0xc013336f in boot (howto=260) at ../../kern/kern_shutdown.c:309
#2  0xc0133705 in panic (fmt=0xc023fcf4 "from debugger")
    at ../../kern/kern_shutdown.c:556
#3  0xc011e339 in db_panic (addr=-1072311442, have_addr=0, count=-1, 
    modif=0xc5d10c7c "") at ../../ddb/db_command.c:433
#4  0xc011e2d9 in db_command (last_cmdp=0xc026ab78, cmd_table=0xc026a9d8, 
    aux_cmd_tablep=0xc0284208) at ../../ddb/db_command.c:333
#5  0xc011e39e in db_command_loop () at ../../ddb/db_command.c:455
#6  0xc01204ab in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#7  0xc021ca8a in kdb_trap (type=12, code=0, regs=0xc5d10dd0)
    at ../../i386/i386/db_interface.c:158
#8  0xc022bcc8 in trap_fatal (frame=0xc5d10dd0, eva=16)
    at ../../i386/i386/trap.c:946
#9  0xc022b9a1 in trap_pfault (frame=0xc5d10dd0, usermode=0, eva=16)
    at ../../i386/i386/trap.c:844
#10 0xc022b517 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, 
      tf_edi = -976154868, tf_esi = -980796414, tf_ebp = -976155060, 
      tf_isp = -976155140, tf_ebx = -975865280, tf_edx = -976154908, 
      tf_ecx = 38, tf_eax = 0, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1072311442, tf_cs = 8, tf_eflags = 582, tf_esp = -975865280, 
      tf_ss = -1064217856}) at ../../i386/i386/trap.c:443
#11 0xc015d36e in lookup (ndp=0xc5d10ee4) at ../../kern/vfs_lookup.c:408
#12 0xc015cef4 in namei (ndp=0xc5d10ee4) at ../../kern/vfs_lookup.c:153
#13 0xc0161705 in change_dir (ndp=0xc5d10ee4, p=0xc58935e0)
    at ../../kern/vfs_syscalls.c:935
#14 0xc01615b8 in chdir (p=0xc58935e0, uap=0xc5d10f80)
    at ../../kern/vfs_syscalls.c:836
#15 0xc022bfa1 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 135464784, tf_esi = 0, tf_ebp = -1077954296, 
      tf_isp = -976154668, tf_ebx = 135725184, tf_edx = 135472514, 
      tf_ecx = 135472640, tf_eax = 12, tf_trapno = 22, tf_err = 2, 
      tf_eip = 134802156, tf_cs = 31, tf_eflags = 582, tf_esp = -1077957444, 
      tf_ss = 47}) at ../../i386/i386/trap.c:1150
#16 0xc021d3d5 in Xint0x80_syscall ()
#17 0x804bb09 in ?? ()
#18 0x80532e4 in ?? ()
#19 0x806061a in ?? ()
#20 0x8060855 in ?? ()
#21 0x804a7db in ?? ()
#22 0x8049a07 in ?? ()
#23 0x8048135 in ?? ()

Fix: This might not be the "right" fix, but it stops the panic.
How-To-Repeat: 
mount /dev/ad1a /mnt
cd /mnt
umount -f /mnt
cd ..

PANIC
Comment 1 tmoestl 2001-01-27 17:12:40 UTC 
Hi,

this bug should be fixed in -CURRENT (vfs_lookup.c v. 1.41), but the fix 
has not yet been MFC'ed.

	- thomas
Comment 2 Johan Karlsson freebsd_committer freebsd_triage 2001-02-09 19:26:03 UTC 
State Changed
From-To: open->closed

Sort of duplicate of 19572 which got a fix in 
23191, which is handled by Alfred. 

This get to serv a MFC reminder. 

Alfred, can you please MCF rev 1.41 of src/sys/kern/vfs_lookup.c 
if this works in -current.
Comment 3 Johan Karlsson freebsd_committer freebsd_triage 2001-02-09 19:26:03 UTC 
Responsible Changed
From-To: freebsd-bugs->alfred