kern/66611: Crashing NFS servers
Bjoern Groenvall
bg at sics.se
Thu May 13 08:30:21 PDT 2004
>Number: 66611
>Category: kern
>Synopsis: Crashing NFS servers
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 13 08:30:20 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Bjoern Groenvall
>Release: FreeBSD 5.2.1-RELEASE i386
>Organization:
SICS
>Environment:
FreeBSD filur.sics.se 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Wed Mar 3 17:14:07 CET 2004 bg at filur.sics.se:/usr/src/sys/i386/compile/FILUR i386
The same bug is also present on atleast 4.7-RELEASE-p17 and
4.8-RELEASE.
>Description:
This bug seems to happen only on NFS servers!
At times, this happens several times a day, sometimes months can go by
without this ever happening. To avoid the problem a workaround is
attached at the bottom.
Under certain conditions tcp_usr_rcvd passes as NULL pointer
to tcp_output which will lead to a panic. Here is a backtrace
as printed on the console (typed in manually and stripped from
numerical information).
Stack backtrace:
backtrace
tcp_usr_rcvd
soreceive
nfsrv_rcv
sowakeup
soisdisconnected
tcp_discardcb
tcp_close
tcp_input
ip_input
netisr_processqueue
swi_net
ithread_loop
fork_exit
fork_trampoline
--- trap 0x1, eip = 0, esp = 0xd77c2d7c, ebp = 0 ---
>How-To-Repeat:
This seems to only happen on NFS servers. Don't know how to trigger
the bug.
>Fix:
No fix but a sample workaround.
--- sys/netinet/tcp_usrreq.c.orig Fri Jan 9 13:32:36 2004
+++ sys/netinet/tcp_usrreq.c Tue Feb 24 17:37:27 2004
@@ -619,6 +619,12 @@
const int inirw = INI_READ;
COMMON_START();
+ if (tp == 0) {
+ splx(s);
+ printf("tcp_usr_rcvd: tp == 0\n");
+ backtrace();
+ return EINVAL;
+ }
tcp_output(tp);
COMMON_END(PRU_RCVD);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list