From nobody@FreeBSD.org  Wed Sep 13 23:02:36 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8DB3A16A407
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 23:02:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6086343D45
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 23:02:36 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8DN2aV5044530
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 23:02:36 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k8DN2aWC044529;
	Wed, 13 Sep 2006 23:02:36 GMT
	(envelope-from nobody)
Message-Id: <200609132302.k8DN2aWC044529@www.freebsd.org>
Date: Wed, 13 Sep 2006 23:02:36 GMT
From: Martin <nakal@web.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mount -o rw, umount may panic system
X-Send-Pr-Version: www-2.3

>Number:         103245
>Category:       kern
>Synopsis:       mount -o rw, umount may panic system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 13 23:10:17 GMT 2006
>Closed-Date:    Tue Feb 12 16:39:18 UTC 2008
>Last-Modified:  Tue Feb 12 16:39:18 UTC 2008
>Originator:     Martin
>Release:        FreeBSD 6.1R
>Organization:
>Environment:
FreeBSD 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sat May 13 00:26:37 CEST 2006
>Description:
Under certain circumstances, it is possible to cause a panic while remounting
and unmounting an originally read-only mounted UFS file system.

>How-To-Repeat:
fstab which I'm using contains entries to my old FreeBSD installation:

[...]
/dev/ad0s3a            /freebsd-old            ufs     ro      0       0
/dev/ad0s3f            /freebsd-old/var        ufs     ro      0       0
/dev/ad0s3d            /freebsd-old/usr        ufs     ro      0       0
/dev/ad0s3e            /freebsd-old/usr/home   ufs     ro      0       0

Everything is read-only and mounted after boot. Now, try to remount:

# mount -o rw /freebsd-old/usr/home
# mount

[...]
/dev/ad0s3a on /freebsd-old (ufs, local, read-only)
/dev/ad0s3f on /freebsd-old/var (ufs, local, read-only)
/dev/ad0s3d on /freebsd-old/usr (ufs, local, read-only)
/dev/ad0s3e on /freebsd-old/usr/home (ufs, local, read-only)
/dev/ad0s3e on /freebsd-old/usr/home (ufs, local, read-only)

You see two entries of /dev/ad0s3e, both of them read-only. From here on, try a few more "mount -o rw /freebsd-old/usr/home" and "umount /freebsd-old/usr/home". This will result in a panic.

(Note:
# mount -o rw /dev/ad0s3e /freebsd-old/usr/home
mount: /dev/ad0s3e: Operation not permitted

Please reproduce it, exactly with the steps above.
)

>Fix:

>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@obsecurity.org>
To: Martin <nakal@web.de>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/103245: mount -o rw, umount may panic system
Date: Thu, 14 Sep 2006 12:23:51 -0400

 On Wed, Sep 13, 2006 at 11:02:36PM +0000, Martin wrote:
 
 > /dev/ad0s3e on /freebsd-old/usr/home (ufs, local, read-only)
 > /dev/ad0s3e on /freebsd-old/usr/home (ufs, local, read-only)
 > 
 > You see two entries of /dev/ad0s3e, both of them read-only. From
 > here on, try a few more "mount -o rw /freebsd-old/usr/home" and
 > "umount /freebsd-old/usr/home". This will result in a panic.
 
 This is a known bug, see discussion recently on current@
 
 Kris
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Tue Feb 12 16:39:17 UTC 2008 
State-Changed-Why:  
Submitter reports this can be closed (no longer reproducable) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103245 
>Unformatted:
