Subject: kern/20528: scsictl can detach a mounted device
To: None <gnats-bugs@gnats.netbsd.org>
From: None <pavel.cahyna@st.mff.cuni.cz>
List: netbsd-bugs
Date: 02/28/2003 10:40:13
>Number: 20528
>Category: kern
>Synopsis: scsictl can detach a mounted device
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Feb 28 10:41:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Pavel Cahyna
>Release: 1.6_STABLE
>Organization:
>Environment:
NetBSD k2 1.6_STABLE NetBSD 1.6_STABLE (EISA-DEBUG: ep bez resetu, DEBUG, DIAGNOSTIC, odesilani multicastu) #4: Mon Feb 10 22:06:29 CET 2003 build@omega:/obj/kernobjdir/i386/EISA-DEBUG i386
>Description:
when a partition on a SCSI disk is mounted, it should not be possible to detach the disk. But currently, it is possible. If you do it, the partition can't be umounted (umount reposts "Input/output error") even if the SCSI bus is scanned for new devices and the disk is found again. If I tried to unmount the partition with umount -f, the kernel will panic with:
panic: vgonel: not clean, vp 0xc5da3f14
Here is the backtrace using gdb:
(gdb) bt
#0 0x1 in ?? ()
#1 0xc030dc33 in cpu_reboot (howto=256, bootstr=0x0)
at /usr/src/sys/arch/i386/i386/machdep.c:2236
#2 0xc0220b43 in db_sync_cmd () at /usr/src/sys/ddb/db_command.c:722
#3 0xc0220748 in db_command (last_cmdp=0xc0444014, cmd_table=0xc03df9ec)
at /usr/src/sys/ddb/db_command.c:456
#4 0xc0220347 in db_command_loop () at /usr/src/sys/ddb/db_command.c:246
#5 0xc0223e20 in db_trap (type=1, code=0) at /usr/src/sys/ddb/db_trap.c:92
#6 0xc030aa5c in kdb_trap (type=1, code=0, regs=0xc5e6fd60)
at /usr/src/sys/arch/i386/i386/db_interface.c:129
#7 0xc031682b in trap (frame={tf_gs = 16, tf_fs = 16, tf_es = -974782448,
tf_ds = 16, tf_edi = 256, tf_esi = -1069637845, tf_ebp = -974717536,
tf_ebx = -974717492, tf_edx = -1069650306, tf_ecx = 5440, tf_eax = 4423,
tf_trapno = 1, tf_err = 0, tf_eip = -1070552276, tf_cs = -1069678584,
tf_eflags = 514, tf_esp = -974717504, tf_ss = -1071368267,
tf_vm86_es = -975552748, tf_vm86_ds = -975552748, tf_vm86_fs = 0,
tf_vm86_gs = -1071220473}) at /usr/src/sys/arch/i386/i386/trap.c:220
#8 0xc0100e81 in calltrap ()
#9 0xc02437b5 in panic (fmt=0xc03e9f2b "vgonel: not clean, vp %p")
at /usr/src/sys/kern/subr_prf.c:237
#10 0xc0260a01 in vgonel (vp=0xc5da3f14, p=0xc5ea1ae0)
at /usr/src/sys/kern/vfs_subr.c:1726
#11 0xc02605d3 in vflush (mp=0xc06fb800, skipvp=0x0, flags=2)
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/kern/vfs_subr.c:1440
#12 0xc02011d3 in ffs_flushfiles (mp=0xc06fb800, flags=2, p=0xc5ea1ae0)
at /usr/src/sys/ufs/ffs/ffs_vfsops.c:957
#13 0xc0201001 in ffs_unmount (mp=0xc06fb800, mntflags=524288, p=0xc5ea1ae0)
at /usr/src/sys/ufs/ffs/ffs_vfsops.c:882
#14 0xc026269b in dounmount (mp=0xc06fb800, flags=524288, p=0xc5ea1ae0)
at /usr/src/sys/kern/vfs_syscalls.c:516
#15 0xc026258c in sys_unmount (p=0xc5ea1ae0, v=0xc5e6ff80, retval=0xc5e6ff78)
at /usr/src/sys/kern/vfs_syscalls.c:464
#16 0xc0316383 in syscall_plain (frame={tf_gs = 31, tf_fs = 31, tf_es = 31,
tf_ds = 31, tf_edi = -1077947472, tf_esi = -1077947504,
tf_ebp = -1077946352, tf_ebx = 134734246, tf_edx = -1077947472,
tf_ecx = 110, tf_eax = 22, tf_trapno = 3, tf_err = 2,
tf_eip = 134516223, tf_cs = 23, tf_eflags = 663, tf_esp = -1077947580,
tf_ss = 31, tf_vm86_es = 0, tf_vm86_ds = 0, tf_vm86_fs = 0,
tf_vm86_gs = 0}) at /usr/src/sys/arch/i386/i386/syscall.c:140
#17 0xc0100f4e in syscall1 ()
can not access 0xbfbfd810, invalid translation (invalid PDE)
can not access 0xbfbfd810, invalid translation (invalid PDE)
Cannot access memory at address 0xbfbfd810
>How-To-Repeat:
## sd2 is on scsibus1 target 0
# mount -o async,noatime /dev/sd2a /mnt
# scsictl /dev/scsibus1 detach 0 0
sd2 detached
# umount /mnt
umount: /mnt: Input/output error
# umount -f /mnt
panic
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: