netbsd-bugs: kern/28684: recent NFS changes cause panic

Subject: kern/28684: recent NFS changes cause panic
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <j+nbsd@2004.salmi.ch>
List: netbsd-bugs
Date: 12/16/2004 22:54:01
>Number:         28684
>Category:       kern
>Synopsis:       recent NFS changes cause panic
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 16 22:54:01 +0000 2004
>Originator:     Jukka Salmi
>Release:        NetBSD 2.99.11
>Environment:
NetBSD net45xx.salmi.ch 2.99.11 NetBSD 2.99.11 (NET4501) #0: Thu Dec 16 23:12:51 CET 2004  build@himo.salmi.ch:/build/nbsd/sys/arch/i386/compile/NET4501 i386
Architecture: i386
Machine: i386
>Description:
At least some of the recent NFS changes commited on 2004/12/14 ([1], [2])
cause my netbooted Soekris net4501 to panic when copying files from a NFS
mounted filesystem to a FFS on CF.

I'll try to describe the problem here, but since I'm not very familiar with
NFS it's possible that I miss some important things. If so please tell
what kind of information I should provide.

[1] http://mail-index.netbsd.org/source-changes/2004/12/14/0012.html
[2] http://mail-index.netbsd.org/source-changes/2004/12/14/0013.html

>How-To-Repeat:
I just netboot the net4501 (which mounts all filesystems via NFS from a
NetBSD-current system), create a FFS filesystem on the compact flash card,
mount it, copy a file from a NFS to the CF. If it doesn't panic already I
execute sync(8) which reliably causes a panic.

(/mnt/cf is the FFS on CF; the remaining filesystems are NFS mounted)

# cp -p /usr/mdec/boot /mnt/cf
# panic: genfs: bad op
Stopped in pid 8.1 (ioflush) at netbsd:cpu_Debugger+0x4:        popl    %ebp
db> tr
cpu_Debugger(c057f754,c056e600,c2e30e00,c36f3e54,c01f217e) at netbsd:cpu_Debugger+0x4
panic(c028d5fa,c36f3e68,c01f0cdc,c36f3e60,c0269cc0) at netbsd:panic+0xa9
genfs_nullop(c36f3e60,c0269cc0,c057f754,c36f3e8c,c0194e9e) at netbsd:genfs_nullop
VOP_BWRITE(c057f754,c056e000,0,0,0) at netbsd:VOP_BWRITE+0x24
ffs_sbupdate(c0538000,3,c01f12ca,c36f3ea4,c056e000) at netbsd:ffs_sbupdate+0xad
ffs_cgupdate(c0538000,3,0,0,0) at netbsd:ffs_cgupdate+0x24
ffs_sync(c0580000,3,c2e1e000,c36cbb28,c0580000) at netbsd:ffs_sync+0x1bb
sync_fsync(c36f3f20,c026a100,c390e204,c2e1e000,8) at netbsd:sync_fsync+0x80
VOP_FSYNC(c390e204,c2e1e000,8,0,0) at netbsd:VOP_FSYNC+0x4c
sched_sync(c36d439c,334000,33b000,0,c0100321) at netbsd:sched_sync+0xe5
db> 

# umount /mnt/cf
panic: genfs: bad op
Stopped in pid 433.1 (umount) at        netbsd:cpu_Debugger+0x4:        popl    %ebp
db> tr
cpu_Debugger(c0580cac,0,c376d3f4,c370cddc,c01f217e) at netbsd:cpu_Debugger+0x4
panic(c028d5fa,c370cdf0,c01f0cdc,c370cde8,c0269cc0) at netbsd:panic+0xa9
genfs_nullop(c370cde8,c0269cc0,c0580cac,c370ce0c,c01e88ab) at netbsd:genfs_nullop
VOP_BWRITE(c0580cac,1,0,0,c0583000) at netbsd:VOP_BWRITE+0x24
vflushbuf(c376d3f4,1,c370ce58,c01f107e,c370ce28) at netbsd:vflushbuf+0xb0
spec_fsync(c370ce28,c026a100,c376d3f4,c2e1e0fc,1) at netbsd:spec_fsync+0x1c
VOP_FSYNC(c376d3f4,c2e1e0fc,1,0,0) at netbsd:VOP_FSYNC+0x4c
ffs_flushfiles(c0583000,0,c370d004,0,c370d004) at netbsd:ffs_flushfiles+0x81
ffs_unmount(c0583000,0,c370d004,0,c370cf68) at netbsd:ffs_unmount+0x3a
dounmount(c0583000,0,c370d004,c370d004,bfbfe6a0) at netbsd:dounmount+0xe3
sys_unmount(c36d4528,c370cf70,c370cf68,0,0) at netbsd:sys_unmount+0xf2
syscall_plain() at netbsd:syscall_plain+0x95
--- syscall (number 22) ---
0x4807c78b:
db> 

# mount /mnt/cf
# echo test >/mnt/cf/file
# sync
panic: genfs: bad op
Stopped in pid 380.1 (sync) at  netbsd:cpu_Debugger+0x4:        popl    %ebp
db> tr
cpu_Debugger(c057f564,0,c36d9000,c38c3e6c,c01f217e) at netbsd:cpu_Debugger+0x4
panic(c028d5fa,c38c3e80,c01f0cdc,c38c3e78,c0269cc0) at netbsd:panic+0xa9
genfs_nullop(c38c3e78,c0269cc0,c057f564,c38c3e9c,c01e88ab) at netbsd:genfs_nullop
VOP_BWRITE(c057f564,0,0,c0538c00,c053a000) at netbsd:VOP_BWRITE+0x24
vflushbuf(c36d9000,0,c38c3ee8,c01f107e,c38c3eb8) at netbsd:vflushbuf+0xb0
spec_fsync(c38c3eb8,c026a100,c36d9000,c2e1e0fc,0) at netbsd:spec_fsync+0x1c
VOP_FSYNC(c36d9000,c2e1e0fc,0,0,0) at netbsd:VOP_FSYNC+0x4c
ffs_sync(c057e000,2,c2e1e0fc,c370d664,c057e000) at netbsd:ffs_sync+0x16a
sys_sync(c36d4738,c38c3f70,c38c3f68,0,0) at netbsd:sys_sync+0x8b
syscall_plain() at netbsd:syscall_plain+0x95
--- syscall (number 36) ---
0x4807b07f:
db> 

>Fix:
As a workaround, I'm using the files from before the commit in question,
which are:
	nfs_bio.c 1.122
	nfs_var.h 1.46
	nfs_vnops.c 1.211
	nfsnode.h 1.50