From maxim@macomnet.ru  Sun Nov 25 04:15:46 2001
Return-Path: <maxim@macomnet.ru>
Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10])
	by hub.freebsd.org (Postfix) with ESMTP id 3B8E037B41B
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Nov 2001 04:15:45 -0800 (PST)
Received: from macomnet.ru (nas-host-250.macomnet.ru [195.128.64.250])
	by relay1.macomnet.ru (8.11.3/8.11.3) with ESMTP id fAPCFfF760033
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Nov 2001 15:15:42 +0300 (MSK)
Received: (from maxim@localhost)
	by macomnet.ru (8.11.6/8.11.6) id fAPCFVo06959;
	Sun, 25 Nov 2001 15:15:31 +0300 (MSK)
	(envelope-from maxim)
Message-Id: <200111251215.fAPCFVo06959@macomnet.ru>
Date: Sun, 25 Nov 2001 15:15:31 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
Reply-To: Maxim Konovalov <maxim@macomnet.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: kernel panic with 'options LOCKF_DEBUG'
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         32267
>Category:       kern
>Synopsis:       kernel panic with 'options LOCKF_DEBUG'
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 25 04:20:02 PST 2001
>Closed-Date:    Sun Dec 2 04:47:51 PST 2001
>Last-Modified:  Sun Dec 02 04:48:17 PST 2001
>Originator:     Maxim Konovalov, maxim@macomnet.ru
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
n/a
>Environment:
System: FreeBSD miss 5.0-CURRENT FreeBSD 5.0-CURRENT #4: Wed Nov 7 21:38:49 MSK 2001 maxim@miss:/vol0/obj/usr/src/sys/MISS i386

>Description:

	src/kern/kern_lockf.c:

	lf_print and lf_printlist are trying to deref an
	uninitiliazed lf_inode.

	There was a short discussion in -hackers but nobody has
	committed the fix:

http://www.freebsd.org/cgi/getmsg.cgi?fetch=414034+0+/usr/local/www/db/text/2001/freebsd-hackers/20011118.freebsd-hackers

>How-To-Repeat:

	echo 'options LOCKF_DEBUG' >> KERNCONF,
	recompile the kernel, install it, reboot,

	# sysctl -w debug.lockf_debug=1
	$ lockf -k /etc/passwd sleep 1

	got the panic.

>Fix:

Index: kern_lockf.c
===================================================================
RCS file: /vol0/cvs/ncvs/src/sys/kern/kern_lockf.c,v
retrieving revision 1.38
diff -u -r1.38 kern_lockf.c
--- kern_lockf.c	2001/09/12 08:37:44	1.38
+++ kern_lockf.c	2001/11/16 11:49:42
@@ -163,7 +163,13 @@
 	lock->lf_start = start;
 	lock->lf_end = end;
 	lock->lf_id = ap->a_id;
-/*	lock->lf_inode = ip; */	/* XXX JH */
+	/*
+	 * XXX The problem is that VTOI is ufs specific, so it will
+	 * break LOCKF_DEBUG for all other FS's other than UFS because
+	 * it casts the vnode->data ptr to struct inode *.
+	 */
+/*	lock->lf_inode = VTOI(ap->a_vp); */
+	lock->lf_inode = (struct inode *)0;
 	lock->lf_type = fl->l_type;
 	lock->lf_head = head;
 	lock->lf_next = (struct lockf *)0;
@@ -768,15 +774,22 @@
 		printf("proc %ld", (long)((struct proc *)lock->lf_id)->p_pid);
 	else
 		printf("id %p", (void *)lock->lf_id);
-	/* XXX no %qd in kernel.  Truncate. */
-	printf(" in ino %lu on dev <%d, %d>, %s, start %ld, end %ld",
-	    (u_long)lock->lf_inode->i_number,
-	    major(lock->lf_inode->i_dev),
-	    minor(lock->lf_inode->i_dev),
-	    lock->lf_type == F_RDLCK ? "shared" :
-	    lock->lf_type == F_WRLCK ? "exclusive" :
-	    lock->lf_type == F_UNLCK ? "unlock" :
-	    "unknown", (long)lock->lf_start, (long)lock->lf_end);
+	if (lock->lf_inode != (struct inode *)0)
+		/* XXX no %qd in kernel.  Truncate. */
+		printf(" in ino %lu on dev <%d, %d>, %s, start %ld, end %ld",
+		    (u_long)lock->lf_inode->i_number,
+		    major(lock->lf_inode->i_dev),
+		    minor(lock->lf_inode->i_dev),
+		    lock->lf_type == F_RDLCK ? "shared" :
+		    lock->lf_type == F_WRLCK ? "exclusive" :
+		    lock->lf_type == F_UNLCK ? "unlock" :
+		    "unknown", (long)lock->lf_start, (long)lock->lf_end);
+	else
+		printf(" %s, start %ld, end %ld",
+		    lock->lf_type == F_RDLCK ? "shared" :
+		    lock->lf_type == F_WRLCK ? "exclusive" :
+		    lock->lf_type == F_UNLCK ? "unlock" :
+		    "unknown", (long)lock->lf_start, (long)lock->lf_end);
 	if (!TAILQ_EMPTY(&lock->lf_blkhd))
 		printf(" block %p\n", (void *)TAILQ_FIRST(&lock->lf_blkhd));
 	else
@@ -789,6 +802,9 @@
 	struct lockf *lock;
 {
 	register struct lockf *lf, *blk;
+
+	if (lock->lf_inode == (struct inode *)0)
+		return;
 
 	printf("%s: Lock list for ino %lu on dev <%d, %d>:\n",
 	    tag, (u_long)lock->lf_inode->i_number,
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alfred 
State-Changed-When: Sun Dec 2 04:47:51 PST 2001 
State-Changed-Why:  
attached patch has been committed 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32267 
>Unformatted:
