kern/52936: Huge writes to nfs exported FAT filesystems cause server reboots

DoubleF doublef at tele-kom.ru
Wed Jun 4 06:50:13 PDT 2003 

>Number:         52936
>Category:       kern
>Synopsis:       Huge writes to nfs exported FAT filesystems cause server reboots
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 04 06:50:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     DoubleF
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
Volgograd state technical university	
>Environment:
System: FreeBSD Shark.localdomain 4.8-RELEASE FreeBSD 4.8-RELEASE #8: Fri May 9 11:42:57 MSD 2003 df at Hal.localdomain:/usr/obj/usr/src/sys/SHARK i386

	Reproduced on 2 machines, both 4.8-RELEASE with FAT and NFS support
compiled into kernel:
	Shark: P54C-150, 32M RAM, 2G HDD (FAT is FAT16)
	Hal: AMD Duron-1300, 128M RAM, 80G HDD (FAT is FAT32)
	Reproduced on the same machines with the GENERIC kernel

>Description:
	During a large (client) write to the exported filesystem the kernel
page faults as follows:
-------------------------
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc015d36f
stack pointer           = 0x10:0xccf70d80
frame pointer           = 0x10:0xccf70d9c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 102 (nfsd)
interrupt mask          = net tty bio cam
trap number             = 12
panic: page fault
syncing disks... panic: lockmgr: non-zero exclusive count
Uptime: 3m0s
-------------------------
	The backtrace shows:
-------------------------
#0  0xc0161c9a in dumpsys ()
#1  0xc0161a6b in boot ()
#2  0xc0161e90 in poweroff_wait ()
#3  0xc015c3c9 in lockmgr ()
#4  0xc018c934 in vop_stdlock ()
#5  0xc0217f65 in ufs_vnoperate ()
#6  0xc0196a89 in vn_lock ()
#7  0xc018f85b in vget ()
#8  0xc021016f in ffs_sync ()
#9  0xc0191887 in sync ()
#10 0xc0161806 in boot ()
#11 0xc0161e90 in poweroff_wait ()
#12 0xc028500a in trap_fatal ()
#13 0xc0284cdd in trap_pfault ()
#14 0xc02848c7 in trap ()
#15 0xc015d36f in malloc ()
#16 0xc01dd6aa in nfsrv_dorec ()
#17 0xc01e1bd0 in nfssvc_nfsd ()
#18 0xc01e1863 in nfssvc ()
#19 0xc028522e in syscall2 ()
#20 0xc0278da5 in Xint0x80_syscall ()
#21 0x0804813e in ?? ()
-------------------------
	This does not happen when data is copied otherwise (f.e.
through netcat). 
>How-To-Repeat:
	On the server:
	The FAT filesystem is mounted read-write to, say, /DOS.
	The /etc/exports file contains the line
	/DOS	<client-name>
	On the client:
	# mount_nfs <server-name>:/DOS /mnt
	# cd /mnt
	# cat /dev/zero >aLargeFile
>Fix:
	None at the moment except for not exporting FAT filesystems by
	NFS.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list