Bug 53005 - kernel oops with release of multiple concurrent read locks on NFS mounted file.
Summary: kernel oops with release of multiple concurrent read locks on NFS mounted file.
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-09-01 15:56 UTC by Need Real Name
Modified: 2007-04-18 16:36 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-16 04:36:20 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gzip tar file containing C code for testcase, Makefile, test harness and further bug description (3.83 KB, application/octet-stream)
2001-09-01 16:02 UTC, Need Real Name
no flags Details

Description Need Real Name 2001-09-01 15:56:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)

Description of problem:
When a large number of parallel programs have concurrent read locks to the same NFS mounted file, a kernel Oops 
occurs when the files are closed. This is being filed agains kernel since that is the Oops message fs/lock.c.

I will upload a complete test case with a program which recreates the problem, a test harness, and full kernel report, but here is
the top of it.
Sep  1 11:39:14 nclx21 kernel: Code: 8b 03 8d 73 04 89 02 8b 43 04 c7 03 00 00 00 00 8b 56 04 89
Sep  1 11:39:14 nclx21 kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
Sep  1 11:39:14 nclx21 kernel:  printing eip:
Sep  1 11:39:14 nclx21 kernel: c014c5ab
Sep  1 11:39:14 nclx21 kernel: pgd entry d4a74000: 0000000000000000
Sep  1 11:39:14 nclx21 kernel: pmd entry d4a74000: 0000000000000000
Sep  1 11:39:14 nclx21 kernel: ... pmd not present!
Sep  1 11:39:14 nclx21 kernel: Oops: 0000
Sep  1 11:39:14 nclx21 kernel: CPU:    1
Sep  1 11:39:14 nclx21 kernel: EIP:    0010:[locks_delete_lock+11/208]
Sep  1 11:39:14 nclx21 kernel: EIP:    0010:[<c014c5ab>]


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See uploaded README

Actual Results:  Segmentaioon fault and kernel Oops, see uploaded README for details

Expected Results:  program should exit 0

Additional info:

Comment 1 Need Real Name 2001-09-01 16:02:25 UTC
Created attachment 30537 [details]
gzip tar file containing C code for testcase, Makefile, test harness and further bug description

Comment 2 Need Real Name 2001-09-02 00:49:28 UTC
I have modified the previously uploaded testcase to explicitly release the read 
lock using fcntl. In that case the program no longer seg faults. This further 
leads me to believe that the problem is not NFS specific, but rather that 
traversal of all fd's for the inode on close.

Comment 3 Arjan van de Ven 2001-09-03 18:22:09 UTC
        lock_kernel();
        before = &inode->i_flock;
        while ((fl = *before) != NULL) {
                if ((fl->fl_flags & FL_POSIX) && fl->fl_owner == owner) {
                        locks_unlock_delete(before);
                        continue;
                }
                before = &fl->fl_next;
        }
        unlock_kernel();


seems to be actually ok due to the "continue" in there;
boy this code is evil.... looking some more


Note You need to log in before you can comment on or make changes to this bug.