netbsd-bugs: kern/12680: repeatable panic: 'lockmgr: locking against myself'

Subject: kern/12680: repeatable panic: 'lockmgr: locking against myself'
To: None <gnats-bugs@gnats.netbsd.org>
From: None <Thilo.Manske@HEH.Uni-Oldenburg.DE>
List: netbsd-bugs
Date: 04/17/2001 01:51:15
>Number:         12680
>Category:       kern
>Synopsis:       repeatable panic: 'lockmgr: locking against myself'
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 16 16:52:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Thilo Manske
>Release:        tested on 1.5R - 1.5U
>Organization:
>Environment:
System: many (probably any)
Architecture: tested on i386, sparc, vax, pmax, probably any as NFS client
	and i386 and sparc as NFS servers
Machine: many (probably any)
>Description:

When a user is in a place on an NFS mounted filesystem, where at least one
directory up in the path but still in the filesystem (excluding the
current directory) is not accessable by him/her, some "special" access to directories
up in the path causes a panic.

i.e. when it's current dir is ../mount_point/dir_1/dir_2/.../dir_n-1/dir_n,
mount_point is the mount point of an NFS (i.e. "the first" directory of the
NFS) and one of mount_point,dir1...dir_n-1 is "forbidden" for the user
(X-bits in filemode).

I haven't investigated how exactly these "special" accesses look like, but
"pwd;pwd" does it and zsh causes this panic as well. I once managed to get a
panic with "cd ../..", but this doesn't seem to work in all cases.

The panics look like this:
(from i386, with the "zsh" method)
panic: lockmgr: locking against myself
Begin traceback...
lockmgr(cbc6c354,30002,cbc6c2d0,cbdecde8,c014ea4f) at lockmgr+0x556
genfs_lock(cbdecddc) at genfs_lock+0x18
vn_lock(cbc6c2d0,20002,cbc6c2d0,cbdecedc,cbdeceb8) at vn_lock+0x63
lookup(cbdeceb8,cbdecf80,cbcfd8fc,cbdecf88,cbaef234) at lookup+0x76
namei(cbdeceb8,cbdecf80,cbcfd8fc,c024407c,8091572) at namei+0x34b
sys___stat13(cbcfd8fc,cbdecf88,cbdecf80) at sys___stat13+0x44
syscall_plain(1f,1f,bfbfdff0,bfbfd9c0,bfbfd924) at syscall_plain+0x98
End traceback...

Or (sparc, "pwd:pwd"):
panic: lockmgr: locking against myself
Stopped in pid 194 (sh) at      cpu_Debugger+0x4:       jmpl            [%o7 + 0
x8], %g0
db> trace/t
lockmgr(0xf4e91f34, 0x2, 0xf4e91eb0, 0xf, 0xffffffff, 0x1f) at lockmgr+0x5ec
genfs_lock(0xf4ea8da8, 0xf02c9000, 0xf00616f0, 0x7c, 0x9a400, 0x9a968) at genfs_lock+0x10
vn_lock(0xf4e91eb0, 0x20002, 0xf4e91eb0, 0x9a800, 0x9a000, 0x9a968) at vn_lock+0x74
getcwd_common(0xf4e91eb0, 0xf4d97000, 0xf4ea8eb4, 0xf033df00, 0x80, 0x1) at getcwd_common+0x60
sys___getcwd(0xf4e45598, 0xf4ea8f28, 0xf4ea8f20, 0xf00548d0, 0xffffffff, 0x9a800) at sys___getcwd+0x80
syscall(0x128, 0xf4ea8fb0, 0x412f0, 0x0, 0x0, 0xd) at syscall+0x198
_syscall(0xeffff3a8, 0x100, 0x99c00, 0x10, 0xffffffff, 0x27) at _syscall+0xb8

>How-To-Repeat:
There are many ways, eg:
	mkdir -p /var/tmp/x/y
	chmod 700 /var/tmp/x
	cd /var/tmp/x/y
	su
	su -m nobody
	pwd;pwd	(or 'zsh')
	on a diskless machine (i.e. /var is NFS)
or:
	login to a machine where your home dir is  NFS-mounted with "maproot=root"
	make sure your home dir is not world readable (chmod 700 ~)
	mkdir ~/x
	cd ~/x
	su
	pwd:pwd (or 'zsh')
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: