a null pointer panic due to clobbered bufobjs
Bruce Evans
brde at optusnet.com.au
Wed Jul 18 19:46:52 UTC 2007
Repeated read-only mounting of a single device (to the same or different
mount points) now seems to work, but each mount clobbers the previous
mount's setting of the device vnode's bufobj. See g_vfs_open() and
ffs_mount(). The clobbered bufobj even seems to work, since it remains
pointing to essential an alias of the clobbered data. But then on
unmount of the ultimate clobberer, the bufobj is left pointing to
garbage (mainly in bo->bo_private when that is freed via a different
pointer to it).
This causes things like the following to panic on a null pointer in
g_io_request():
# mount -o ro /dev/mumble /mnt
# mount -o ro /dev/mumble /mnt
# umount /mnt # unmount one so that other can be remounted rw
# no way to control which one gets unmounted (?),
# but it is apparently the last one
# umount -u -o noro /mnt
but the following seems to work:
# mount -o ro /dev/mumble /mnt
# mount -o ro /dev/mumble /mnt1 # diferent mount point for control
# umount /mnt # unmount first one
# mount -u -o noro /mnt1
Bruce
More information about the freebsd-bugs
mailing list