>Number:         22725
>Category:       kern
>Synopsis:       kernel crash while attempting mkfifo on NFS volume
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 09 01:10:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Pascal Schmidt
>Release:        1.6.1
>Organization:
>Environment:
NetBSD neptune.local 1.6.1 NetBSD 1.6.1 (GENERIC) #0: Tue Apr  8 12:05:52 UTC 2003     autobuild@tgm.daemon.org:/autobuild/netbsd-1-6/i386/OBJ/autobuild/netbsd-1-6/src/sys/arch/i386/compile/GENERIC i386

>Description:
When attempting to run mkfifo on an NFS volume exported from a user-space NFS server on localhost, I get a protection fault inside the kernel.

output on the console (copied by hand) is:

kernel: protection fault trap, code=0
Stopped in pid 2075 (mkfifo) at memcpy+0x1a: repe movsl (%esi),%esi(%edi)

attempting to sync from the debugger does not work then:

db>sync
syncing disks... 7 done
panic: lockmgr: locking against myself
Stopped in pid 2075 (mkfifo) at cpu_Debugger+0x4: leave

Even if this is due to a bug in the NFS server, it should probably
not hang the kernel.

>How-To-Repeat:
1. make sure rpcbind is running, but in-kernel NFS server not
2. download http://www.tzi.de/~pharao90/crashme.tar.gz
3. zcat crashme.tar.gz | tar xf -
4. cd crashme
5. ./configure
6. make .depend
7. make
8. mkdir /tmp/test
9. mkdir /tmp/mnt
10. ./unfsd

now as root:

11. mount_nfs -3 127.0.0.1:/tmp/test /tmp/mnt
12. mkfifo /tmp/mnt/fifo

kernel trap immediately follows

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: