netbsd-bugs: kern/2443: NQNFS mount crashes in nfs

Subject: kern/2443: NQNFS mount crashes in nfs_request if namei involved
To: None <gnats-bugs@NetBSD.ORG>
From: None <smd@sprintlink.net>
List: netbsd-bugs
Date: 05/18/1996 02:45:13
>Number:         2443
>Category:       kern
>Synopsis:       NQNFS mount crashes in nfs_request if namei involved
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 20 04:20:05 1996
>Last-Modified:
>Originator:     Sean Doran
>Organization:
Sprint
>Release:        NetBSD-current sup.netbsd.org
>Environment:
NetBSD chops.icp.net 1.1B NetBSD 1.1B (CHOPS) #0: Sat May 18 00:56:59 EDT 1996     smd@titan.sprintlink.net:/usr/src/sys/arch/sparc/compile/CHOPS sparc

NetBSD titan.sprintlink.net 1.1B NetBSD 1.1B (TITAN) #0: Thu May 16 02:24:33 EDT 1996     smd@chops.icp.net:/usr/src/sys/arch/sparc/compile/TITAN sparc


>Description:
	Mount works correctly.  df works correctly.
	cd into mount-point works correctly.  ls or unmount 
	or cd beyond mount-pont causes panic trap type 4
	if and only if '-q' option given to mount_nfs.

three traces:  (#1: ls)

login: trap type 0x4: pc=f8076e04 npc=f8076e58 psr=114000c3<S,PS>
panic: fp disabled
Stopped at      _Debugger+0x4:  jmpl            [%o7 + 0x8], %g0
db> bt
No such command
db> trace
_trap(4, 114000c3, f8076e04, f9e9ea38, 0, 0) at _trap+0x218
slowtrap(f8696200, f8747d00, 1, 1, 319d68d0, 319d68a5) at slowtrap+0x124
_nfs_request(f8747d00, 0, f, f8749a00, f872bb80, f9e9ebf4) at _nfs_request+0x98
0
_nfs_lookup(8, 0, f8720001, 44, f865e300, f9e9eed4) at _nfs_lookup+0x750
_lookup(f9e9ee10, 0, f8712500, f9e9ee28, f9e9d000, f8720000) at _lookup+0x330
_namei(0, f9e9ed80, 3507c, 241dc, 11000080, f9e9efb0) at _namei+0x1c4
_sys_stat(f8712500, f9e9ef28, f9e9ef20, f804197c, 35ffc, 80) at _sys_stat+0x24
_syscall(bc, f9e9efb0, 0, 3, 11000082, f9e9efb0) at _syscall+0x1f0
syscall(350c0, f7fff740, 0, 350c0, 11000083, f9e9efb0) at syscall+0x120

#2: umount

trap type 0x4: pc=f8076e04 npc=f8076e58 psr=114000c3<S,PS>
panic: fp disabled
Stopped at      _Debugger+0x4:  jmpl            [%o7 + 0x8], %g0
db> bt
No such command
db> trace
_trap(4, 114000c3, f8076e04, f9ee4a38, 0, 0) at _trap+0x218
slowtrap(f8750400, f8745600, 1, 1, 319d6c9b, 319d59f9) at slowtrap+0x124
_nfs_request(f8745600, 0, f, f874ac00, f874aa80, f9ee4bf4) at _nfs_request+0x98
0
_nfs_lookup(8, 0, f86f0801, 4, f865e240, f9ee4c44) at _nfs_lookup+0x750
_lookup(f9ee4e10, 0, f873c300, f9ee4e28, f9ee3000, f86f0800) at _lookup+0x330
_namei(0, f9ee4d80, fffffff8, f9ee3000, 14f, 1f000) at _namei+0x1c4
_sys_lstat(f873c300, f9ee4f28, f9ee4f20, f80419f4, 1fffc, 400) at _sys_lstat+0x
24
_syscall(be, f9ee4fb0, 0, 3, 1effc, f9ee4fb0) at _syscall+0x1f0
syscall(1f000, f7ffe050, eec4, 2, 11400083, f9ee4fb0) at syscall+0x120

#3:

chops# mount_nfs -q -i -b -P titan:/u3/smd /mnt
chops# df   
Filesystem    1K-blocks     Used    Avail Capacity  Mounted on
/dev/sd0a         15487    12407     1531    89%    /
/dev/sd0g        214991   104412    99829    51%    /usr
/dev/sd0h         60135    47398     9730    83%    /u
mfs:20            15815        1    15023     0%    /tmp
/dev/sd1e         98983    77826    16207    83%    /u1
/dev/sd1f         98983    90080     3953    96%    /u2
/dev/sd1g        200895   125177    65673    66%    /usr/local
procfs                4        4        0   100%    /proc
kernfs                1        1        0   100%    /kern
fdesc                 1        1        0   100%    /dev/fd
titan:/u3/smd   1254814  1073359    55973    95%    /mnt
chops# cd /mnt/src
trap type 0x4: pc=f8076e04 npc=f8076e58 psr=114000c5<S,PS>
panic: fp disabled
Stopped at      _Debugger+0x4:  jmpl            [%o7 + 0x8], %g0
db> trace
_trap(4, 114000c5, f8076e04, f9edea18, 0, 0) at _trap+0x218
slowtrap(f8732a00, f873d600, 1, 1, 319d6f19, 319d59f9) at slowtrap+0x124
_nfs_request(f873d600, 0, f, f8746180, f873ca80, f9edebd4) at _nfs_request+0x98
0
_nfs_lookup(8, 0, f86f0808, 4044, f865e240, 8000) at _nfs_lookup+0x750
_lookup(0, f86f0801, f8742600, f9edee88, f9edd000, f86f0800) at _lookup+0x330
_namei(0, f9eded60, 8, 0, 50d20, 0) at _namei+0x1c4
_change_dir(f9edee70, f8742600, 53400, 8, 0, f9edefb0) at _change_dir+0x8
_sys_chdir(f8742600, f9edef28, f9edef20, f8040938, ffff, f9edefb0) at _sys_chdi
r+0x28
_syscall(c, f9edefb0, 0, 12, 4408c, 8000) at _syscall+0x1f0
syscall(53400, 0, 50900, f80271ac, 4408c, 8000) at syscall+0x120

>How-To-Repeat:
	mount_nfs -T -P -q -i -b titan.sprintlink.net:/u4/smd /mnt
	/bin/ls /mnt

	(produces trace #1)

	mount_nfs -q -i -b -P titan.sprintlink.net:/u3/smd /mnt
	umount /mnt

	(produces trace #2)
>Fix:
	Workaround: don't give '-q' to NQNFS.
	No fix known yet.

>Audit-Trail:
>Unformatted: