From owner-freebsd-bugs@FreeBSD.ORG Wed Jun 4 06:50:13 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80AB237B401 for ; Wed, 4 Jun 2003 06:50:13 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 896AF43F85 for ; Wed, 4 Jun 2003 06:50:12 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h54DoCUp093237 for ; Wed, 4 Jun 2003 06:50:12 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h54DoCr8093236; Wed, 4 Jun 2003 06:50:12 -0700 (PDT) Resent-Date: Wed, 4 Jun 2003 06:50:12 -0700 (PDT) Resent-Message-Id: <200306041350.h54DoCr8093236@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, DoubleF Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7436A37B401 for ; Wed, 4 Jun 2003 06:47:41 -0700 (PDT) Received: from mx.tele-kom.ru (mx.tele-kom.ru [213.80.148.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 84CC643F75 for ; Wed, 4 Jun 2003 06:47:39 -0700 (PDT) (envelope-from doublef@tele-kom.ru) Received: (qmail 41684 invoked by uid 555); 4 Jun 2003 17:47:37 +0400 Received: from (213.80.149.131) by t-k.ru with TeleMail/2 id 1054734456-41661 for doublef@tele-kom.ru; Wed, Jun 4 17:47:36 2003 +0400 (MSD) Message-Id: <20030604134737.41681.qmail@mx.tele-kom.ru> Date: Wed, 4 Jun 2003 17:09:18 +0400 (MSD) From: DoubleF To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/52936: Huge writes to nfs exported FAT filesystems cause server reboots X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: DoubleF List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 13:50:13 -0000 >Number: 52936 >Category: kern >Synopsis: Huge writes to nfs exported FAT filesystems cause server reboots >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 04 06:50:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: DoubleF >Release: FreeBSD 4.8-RELEASE i386 >Organization: Volgograd state technical university >Environment: System: FreeBSD Shark.localdomain 4.8-RELEASE FreeBSD 4.8-RELEASE #8: Fri May 9 11:42:57 MSD 2003 df@Hal.localdomain:/usr/obj/usr/src/sys/SHARK i386 Reproduced on 2 machines, both 4.8-RELEASE with FAT and NFS support compiled into kernel: Shark: P54C-150, 32M RAM, 2G HDD (FAT is FAT16) Hal: AMD Duron-1300, 128M RAM, 80G HDD (FAT is FAT32) Reproduced on the same machines with the GENERIC kernel >Description: During a large (client) write to the exported filesystem the kernel page faults as follows: ------------------------- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x1 fault code = supervisor read, page not present instruction pointer = 0x8:0xc015d36f stack pointer = 0x10:0xccf70d80 frame pointer = 0x10:0xccf70d9c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 102 (nfsd) interrupt mask = net tty bio cam trap number = 12 panic: page fault syncing disks... panic: lockmgr: non-zero exclusive count Uptime: 3m0s ------------------------- The backtrace shows: ------------------------- #0 0xc0161c9a in dumpsys () #1 0xc0161a6b in boot () #2 0xc0161e90 in poweroff_wait () #3 0xc015c3c9 in lockmgr () #4 0xc018c934 in vop_stdlock () #5 0xc0217f65 in ufs_vnoperate () #6 0xc0196a89 in vn_lock () #7 0xc018f85b in vget () #8 0xc021016f in ffs_sync () #9 0xc0191887 in sync () #10 0xc0161806 in boot () #11 0xc0161e90 in poweroff_wait () #12 0xc028500a in trap_fatal () #13 0xc0284cdd in trap_pfault () #14 0xc02848c7 in trap () #15 0xc015d36f in malloc () #16 0xc01dd6aa in nfsrv_dorec () #17 0xc01e1bd0 in nfssvc_nfsd () #18 0xc01e1863 in nfssvc () #19 0xc028522e in syscall2 () #20 0xc0278da5 in Xint0x80_syscall () #21 0x0804813e in ?? () ------------------------- This does not happen when data is copied otherwise (f.e. through netcat). >How-To-Repeat: On the server: The FAT filesystem is mounted read-write to, say, /DOS. The /etc/exports file contains the line /DOS On the client: # mount_nfs :/DOS /mnt # cd /mnt # cat /dev/zero >aLargeFile >Fix: None at the moment except for not exporting FAT filesystems by NFS. >Release-Note: >Audit-Trail: >Unformatted: