Bug 53005 - kernel oops with release of multiple concurrent read locks on NFS mounted file.
kernel oops with release of multiple concurrent read locks on NFS mounted file.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-09-01 11:56 EDT by Need Real Name
Modified: 2007-04-18 12:36 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-15 23:36:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gzip tar file containing C code for testcase, Makefile, test harness and further bug description (3.83 KB, application/octet-stream)
2001-09-01 12:02 EDT, Need Real Name
no flags Details

  None (edit)
Description Need Real Name 2001-09-01 11:56:58 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)

Description of problem:
When a large number of parallel programs have concurrent read locks to the same NFS mounted file, a kernel Oops 
occurs when the files are closed. This is being filed agains kernel since that is the Oops message fs/lock.c.

I will upload a complete test case with a program which recreates the problem, a test harness, and full kernel report, but here is
the top of it.
Sep  1 11:39:14 nclx21 kernel: Code: 8b 03 8d 73 04 89 02 8b 43 04 c7 03 00 00 00 00 8b 56 04 89
Sep  1 11:39:14 nclx21 kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
Sep  1 11:39:14 nclx21 kernel:  printing eip:
Sep  1 11:39:14 nclx21 kernel: c014c5ab
Sep  1 11:39:14 nclx21 kernel: pgd entry d4a74000: 0000000000000000
Sep  1 11:39:14 nclx21 kernel: pmd entry d4a74000: 0000000000000000
Sep  1 11:39:14 nclx21 kernel: ... pmd not present!
Sep  1 11:39:14 nclx21 kernel: Oops: 0000
Sep  1 11:39:14 nclx21 kernel: CPU:    1
Sep  1 11:39:14 nclx21 kernel: EIP:    0010:[locks_delete_lock+11/208]
Sep  1 11:39:14 nclx21 kernel: EIP:    0010:[<c014c5ab>]


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See uploaded README

Actual Results:  Segmentaioon fault and kernel Oops, see uploaded README for details

Expected Results:  program should exit 0

Additional info:
Comment 1 Need Real Name 2001-09-01 12:02:25 EDT
Created attachment 30537 [details]
gzip tar file containing C code for testcase, Makefile, test harness and further bug description
Comment 2 Need Real Name 2001-09-01 20:49:28 EDT
I have modified the previously uploaded testcase to explicitly release the read 
lock using fcntl. In that case the program no longer seg faults. This further 
leads me to believe that the problem is not NFS specific, but rather that 
traversal of all fd's for the inode on close.
Comment 3 Arjan van de Ven 2001-09-03 14:22:09 EDT
        lock_kernel();
        before = &inode->i_flock;
        while ((fl = *before) != NULL) {
                if ((fl->fl_flags & FL_POSIX) && fl->fl_owner == owner) {
                        locks_unlock_delete(before);
                        continue;
                }
                before = &fl->fl_next;
        }
        unlock_kernel();


seems to be actually ok due to the "continue" in there;
boy this code is evil.... looking some more

Note You need to log in before you can comment on or make changes to this bug.