From root@velocet.net  Tue Jan  4 08:30:03 2000
Return-Path: <root@velocet.net>
Received: from sabre.velocet.net (sabre.velocet.net [198.96.118.66])
	by hub.freebsd.org (Postfix) with ESMTP id BDBA714F71
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Jan 2000 08:29:32 -0800 (PST)
	(envelope-from root@velocet.net)
Received: by sabre.velocet.net (Postfix, from userid 0)
	id 5F572137FD5; Tue,  4 Jan 2000 11:29:28 -0500 (EST)
Message-Id: <20000104162928.5F572137FD5@sabre.velocet.net>
Date: Tue,  4 Jan 2000 11:29:28 -0500 (EST)
From: dgilbert@velocet.ca
Sender: root@velocet.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: -current NFS leases panic
X-Send-Pr-Version: 3.2

>Number:         15883
>Category:       kern
>Synopsis:       NFS leases (-q) panic -current
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    dillon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan  4 08:40:00 PST 2000
>Closed-Date:    Wed Jan 26 12:55:29 PST 2000
>Last-Modified:  Wed Jan 26 12:56:52 PST 2000
>Originator:     David Gilbert
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
Velocet Communications
>Environment:

	4.0-CURRENT cvsup'd at Christmas

>Description:

When a file recently written by an NFS client is accessed by the server,
the server panic's.

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x12ffa8d4
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01b5bc9
stack pointer           = 0x10:0xcf608cbc
frame pointer           = 0x10:0xcf608d48
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3851 (mv)
interrupt mask          =
kernel: type 12 trap, code=0
Stopped at      nqsrv_send_eviction+0x9d:       movl    0x14(%eax),%eax

nqsrv_send_eviction(cf5fb540,c2786540,ffffffff,0,c273ee80) at nqsrv_send_eviction+0x9d
nqsrv_getlease(cf5fb540,cf608e3c,6,ffffffff,ce1e0080) at nqsrv_getlease+0x2cd
nqnfs_vop_lease_check(cf608e88,cf608e64,c0212229,cf608e88,cf608f3c) at nqnfs_vop_lease_check+0x34
vop_defaultop(cf608e88,cf608f3c,c0195cd8,cf608e88,ce1e0080) at vop_defaultop+0x15
ufs_vnoperate(cf608e88) at ufs_vnoperate+0x15
rename(ce1e0080,cf608f80,0,bfbff868,bfbff9af) at rename+0x2fc
syscall(2f,2f,2f,bfbff9af,bfbff868) at syscall+0x176
Xint0x80_syscall() at Xint0x80_syscall+0x26


>How-To-Repeat:

on nfs client (with mount -q foo:/raid /raid)
cp kernel /raid/kernel

on nfs server (with /raid)
mv kernel /usr/tftpboot/

(within a few seconds)

>Fix:
	
None known.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dillon 
Responsible-Changed-By: dillon 
Responsible-Changed-When: Mon Jan 24 23:17:43 PST 2000 
Responsible-Changed-Why:  
Changing responsibility to NFS maintainer for followup 
State-Changed-From-To: open->closed 
State-Changed-By: dillon 
State-Changed-When: Wed Jan 26 12:55:29 PST 2000 
State-Changed-Why:  
A fix has been committed to -current which appears to solve this problem. 
The problem occurs with UDP NQNFS mounts.  The NQNFS code was improperly 
assuming that union fields for the TCP case were being initialized for 
the UDP case, resulting in the crash. 
>Unformatted:
