>Number:         11585
>Category:       kern
>Synopsis:       msync() causes panic on NFS filesystem.
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 28 21:41:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Kouichi Matsuda
>Release:        NetBSD-current (1.5L at 2000/11/28)
>Organization:
Department of Computer Engineering, Tomakomai National College of Technology
>Environment:
System: NetBSD gamaoyabun.j404.jo.tomakomai-ct.ac.jp 1.5L NetBSD 1.5L (GAMAOYABUN) #116: Wed Nov 29 10:08:30 JST 2000 root@gamaoyabun.j404.jo.tomakomai-ct.ac.jp:/usr/src/sys/arch/i386/compile/GAMAOYABUN i386
Architecture: i386
Machine: i386
>Description:
After UBC code integrated, msync() causes panic
if mapped region is derived from mmap()'ed file on NFS filesystem.
>How-To-Repeat:
for example, use ftp://ftp.netbsd.org/pub/NetBSD/misc/chs/vmtest.c.

mount NFS filesystem:

# mount -t nfs server:/path /mnt

run vmtest with test file on NFS filesystem, this causes panic:

# vmtest /mnt/test_file
uvm_fault(0xcb1e05e4, 0x0, 0, 1) -> 1
kernel: page fault trap, code=0
Stopped in vmtest at	nfs_request+0x122:	movswl		0xc(%ecx),%edx
db> trace
nfs_request(cb1fb47c,c0681000,7,cb201010,0) at nfs_request+0x122
nfs_writerpc(cb1fb47c,cb23391c,cb23390c,cb233910,c06d0618) at nfs_writerpc+0x763
nfs_doio(c06d0618,cb201010,cb2339d4,ffffffff,3) at nfs_doio+0x37d
nfs_strategy(cb2339d4) at nfs_strategy+0x52
nfs_putpages(cb2339ec) at nfs_putpages+0x37f
uvn_put(cb1fb47c,cb233ab4,1,23,cb233aac) at uvn_put+0x3f
uvm_pager_put(cb1fb47c,c0497df0,cb233aac,cb233ab0,23) at uvm_pager_put+0x89
uvn_flush(cb1fb47c,0,0,1000,0,3) at uvn_flush+0x47b
uvm_map_clean(cb1e05e4,480f3000,480f4000,3,cb233f88) at uvm_map_clean+0x314
sys___msync13(cb201010,cb233f88,cb233f80,0,bfbfd870) at sys___msync13()+0x100
syscall() at syscall+0x1f4
--- syscall (number 277) ---
0x4809f20f:
db >

>Fix:
N/A

>Release-Note:
>Audit-Trail:
>Unformatted: