From owner-freebsd-bugs  Wed Sep  4 15:20:04 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA05839
          for bugs-outgoing; Wed, 4 Sep 1996 15:20:04 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA05833;
          Wed, 4 Sep 1996 15:20:02 -0700 (PDT)
Resent-Date: Wed, 4 Sep 1996 15:20:02 -0700 (PDT)
Resent-Message-Id: <199609042220.PAA05833@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org,
        Received:"from trevor.cova-tech.com ([194.217.109.83])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA05305
          for" <FreeBSD-gnats-submit@freebsd.org>; Wed,
        4 Sep 1996 15:11:47.-0700 (PDT)
Received: (from mark@localhost) by trevor.cova-tech.com (8.7.5/8.7.3) id XAA00834; Wed, 4 Sep 1996 23:11:03 +0100 (BST)
Message-Id: <199609042211.XAA00834@trevor.cova-tech.com>
Date: Wed, 4 Sep 1996 23:11:03 +0100 (BST)
From: mark@cova-tech.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/1566: panic: ufs_ihashget: recursive lock not expected
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1566
>Category:       kern
>Synopsis:       panic: ufs_ihashget: recursive lock not expected
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep  4 15:20:01 PDT 1996
>Last-Modified:
>Originator:     Mark Valentine
>Organization:
Cova Technology
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

	FreeBSD 2.2-CURRENT, 133MHz Pentium, 256k cache, 32MB parity RAM,
	NCR810 SCSI, 4GB Hawk.

>Description:

	Easily reproducible panic (as synopsis) when listing a directory
	on a FreeBSD NFS server mounted on a Solaris 2.5 client with NFSv3.

>How-To-Repeat:

	I was using file name completion on the client to list the directory.

>Fix:
	
	I found a fix by Doug Rabson in the hackers archive (Subject: NFS
	crash), but it doesn't seem to have been applied.  John Fieber also
	reported on the list that the fix worked for an OSF/1 client.
	Several people reported the panic, but none have so far submitted
	it to GNATS as far as I can see.

	Doug's fix is against rev. 1.30 of sys/nfs/nfs_serv.c; here's a
	version of his fix against against 1.32:

--- nfs_serv.c.ctm	Mon Sep  2 23:44:18 1996
+++ nfs_serv.c	Wed Sep  4 22:55:23 1996
@@ -2899,6 +2899,7 @@
 		nfsm_srvpostop_attr(getret, &at);
 		return (0);
 	}
+	vput(nvp);
 	    
 	dirlen = len = NFSX_V3POSTOPATTR + NFSX_V3COOKIEVERF + 2 * NFSX_UNSIGNED;
 	nfsm_reply(cnt);

>Audit-Trail:
>Unformatted: