From nobody  Wed May 27 01:22:17 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA02238;
          Wed, 27 May 1998 01:22:17 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199805270822.BAA02238@hub.freebsd.org>
Date: Wed, 27 May 1998 01:22:17 -0700 (PDT)
From: ovg@nusun.jinr.ru
To: freebsd-gnats-submit@freebsd.org
Subject: panic: Bad nfs svc reply
X-Send-Pr-Version: www-1.0

>Number:         6771
>Category:       kern
>Synopsis:       panic: Bad nfs svc reply
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 27 01:20:02 PDT 1998
>Closed-Date:    Sun Dec 12 00:07:01 PST 1999
>Last-Modified:  Sun Dec 12 00:07:59 PST 1999
>Originator:     Vladimir Olshevsky
>Release:        FreeBSD i386 2.2.6
>Organization:
Joint Institute for Nuclear Research
>Environment:
FreeBSD nuraid.jinr.ru 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #1:
Fri May 22 19:00:11 MSD 1998
ovg@nuraid.jinr.ru:/usr/src/sys/compile/NURAID  i386
>Description:
NFS server had several random crashes, saying on next 
boot "reboot after panic: Bad nfs svc reply"
Here is a kgdb session log:

(kgdb) symbol-file kernel.debug.0
Reading symbols from kernel.debug.0...done.
(kgdb) exec-file /var/crash/kernel.0
(kgdb) core-file /var/crash/vmcore.0
IdlePTD 208000
current pcb at 1ec9ac
panic: Bad nfs svc reply
#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
266                                     dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
#1  0xf0110f92 in panic (fmt=0xf01714dd "Bad nfs svc reply")
    at ../../kern/kern_shutdown.c:390
#2  0xf0171acd in nfssvc_nfsd (nsd=0xefbffe8c, argp=0x1770c "", p=0xf252d400)
    at ../../nfs/nfs_syscalls.c:665
#3  0xf0171188 in nfssvc (p=0xf252d400, uap=0xefbfff94, retval=0xefbfff84)
    at ../../nfs/nfs_syscalls.c:344
#4  0xf01bc263 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 8, 
      tf_esi = 4, tf_ebp = -272638388, tf_isp = -272629788, tf_ebx = 1, 
      tf_edx = -272638564, tf_ecx = 0, tf_eax = 155, tf_trapno = 12, 
      tf_err = 7, tf_eip = 10805, tf_cs = 31, tf_eflags = 658, 
      tf_esp = -272638556, tf_ss = 39}) at ../../i386/i386/trap.c:918
#5  0x2a35 in ?? ()
#6  0x107e in ?? ()
(kgdb) up 2
#2  0xf0171acd in nfssvc_nfsd (nsd=0xefbffe8c, argp=0x1770c "", p=0xf252d400)
    at ../../nfs/nfs_syscalls.c:665
665                                     panic("Bad nfs svc reply");
(kgdb) list
660                                     siz += m->m_len;
661                                     m = m->m_next;
662                             }
663                             if (siz <= 0 || siz > NFS_MAXPACKET) {
664                                     printf("mbuf siz=%d\n",siz);
665                                     panic("Bad nfs svc reply");
666                             }
667                             m = mreq;
668                             m->m_pkthdr.len = siz;
669                             m->m_pkthdr.rcvif = (struct ifnet *)0;
(kgdb) print siz
$1 = 50260
(kgdb)

>How-To-Repeat:
Don't know
>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->peter 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed May 27 02:31:51 PDT 1998 
Responsible-Changed-Why:  
Mr NFS 

From: Sergiy Zhuk <serge@yahoo-inc.com>
To: freebsd-gnats-submit@freebsd.org, ovg@nusun.jinr.ru,
	peter@freebsd.org
Cc: serge@yahoo-inc.com
Subject: Re: kern/6771: panic: Bad nfs svc reply
Date: Fri, 12 Mar 1999 22:11:55 -0800

 hi
 
 The same bug is present on the latest 2.2.8-STABLE.
 
 To reproduce:
 
 export a filesystem with a big number of files in some
 directory (e.g. more than 1000).
 Mount it using an NFS client from an NT box (i was using
 an NFS client by Intergraph).
 Open NT Explorer (or similar) and go to the directory with 
 a lot of files on the mounted filesystem.
 FreeBSD machine will panic with the same error message and 
 at the same place in code (nfs/nfs_syscalls.c).
 I was unable to reproduce it with any other client OS.
 I tried bsd,solaris and irix - works fine.
 Not sure if it's a client bug or a server bug, but in any case
 bsd machine should not panic because of incorrect nfs packet
 size, i believe...
 
 --
 rgds,
 serge
 

From: Mark Dawson <md@doc.ic.ac.uk>
To: freebsd-gnats-submit@freebsd.org, ovg@nusun.jinr.ru
Cc:  
Subject: Re: kern/6771: panic: Bad nfs svc reply
Date: Thu, 25 Mar 1999 15:44:21 +0000

 I just got hit by this panic.  Our FreeBSD-2.2-STABLE server crashed out
 with:
 
 	mbuf siz=33460
 	panic: Bad nfs svc reply
 
 while I was accessing a largish directory from an O2 running IRIX 6.5. 
 The filesystem was mounted via the amd automounter with mount options:
 
 	rw,wsize=32768,nosuid,noconn,rsize=32768,resvport,intr,grpid,nfsv2,hard
 
 The problem was caused by 'ls /path/to/directory/*' and is reproducible.
 
 Do you know if there a fix/workaround available?
 
 Mark
 
State-Changed-From-To: open->closed 
State-Changed-By: dillon 
State-Changed-When: Sun Dec 12 00:07:01 PST 1999 
State-Changed-Why:  
A number of NFS panics relating to the incorrect calculation of the 
packet size, especially in relation to directory scans, have been 
fixed in recent (3.x and 4.x) kernels. 
>Unformatted:
