Bug 15883

Summary: NFS leases (-q) panic -current
Product: Base System Reporter: dgilbert <dgilbert>
Component: kernAssignee: Matt Dillon <dillon>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-CURRENT   
Hardware: Any   
OS: Any   

Description dgilbert 2000-01-04 16:40:00 UTC 
When a file recently written by an NFS client is accessed by the server,
the server panic's.

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x12ffa8d4
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01b5bc9
stack pointer           = 0x10:0xcf608cbc
frame pointer           = 0x10:0xcf608d48
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3851 (mv)
interrupt mask          =
kernel: type 12 trap, code=0
Stopped at      nqsrv_send_eviction+0x9d:       movl    0x14(%eax),%eax

nqsrv_send_eviction(cf5fb540,c2786540,ffffffff,0,c273ee80) at nqsrv_send_eviction+0x9d
nqsrv_getlease(cf5fb540,cf608e3c,6,ffffffff,ce1e0080) at nqsrv_getlease+0x2cd
nqnfs_vop_lease_check(cf608e88,cf608e64,c0212229,cf608e88,cf608f3c) at nqnfs_vop_lease_check+0x34
vop_defaultop(cf608e88,cf608f3c,c0195cd8,cf608e88,ce1e0080) at vop_defaultop+0x15
ufs_vnoperate(cf608e88) at ufs_vnoperate+0x15
rename(ce1e0080,cf608f80,0,bfbff868,bfbff9af) at rename+0x2fc
syscall(2f,2f,2f,bfbff9af,bfbff868) at syscall+0x176
Xint0x80_syscall() at Xint0x80_syscall+0x26

Fix: 

None known.
How-To-Repeat: 
on nfs client (with mount -q foo:/raid /raid)
cp kernel /raid/kernel

on nfs server (with /raid)
mv kernel /usr/tftpboot/

(within a few seconds)
Comment 1 Matt Dillon freebsd_committer freebsd_triage 2000-01-25 07:17:43 UTC 
Responsible Changed
From-To: freebsd-bugs->dillon

Changing responsibility to NFS maintainer for followup
Comment 2 Matt Dillon freebsd_committer freebsd_triage 2000-01-26 20:55:29 UTC 
State Changed
From-To: open->closed

A fix has been committed to -current which appears to solve this problem. 
The problem occurs with UDP NQNFS mounts.  The NQNFS code was improperly 
assuming that union fields for the TCP case were being initialized for 
the UDP case, resulting in the crash.