From ohartman@mail.physik.uni-mainz.de  Fri Jan  9 04:10:31 2004
Return-Path: <ohartman@mail.physik.uni-mainz.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A701E16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  9 Jan 2004 04:10:31 -0800 (PST)
Received: from mail.physik.uni-mainz.de (mail.Physik.Uni-Mainz.DE [134.93.180.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E6B943D54
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  9 Jan 2004 04:10:30 -0800 (PST)
	(envelope-from ohartman@mail.physik.uni-mainz.de)
Received: from mail.physik.uni-mainz.de (localhost [127.0.0.1])
	by mail.physik.uni-mainz.de (8.12.10/8.12.10) with ESMTP id i09CATZx071628
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 9 Jan 2004 12:10:29 GMT
	(envelope-from ohartman@mail.physik.uni-mainz.de)
Received: (from ohartman@localhost)
	by mail.physik.uni-mainz.de (8.12.10/8.12.10/Submit) id i09CANK5071627;
	Fri, 9 Jan 2004 13:10:24 +0100 (CET)
	(envelope-from ohartman)
Message-Id: <200401091210.i09CANK5071627@mail.physik.uni-mainz.de>
Date: Fri, 9 Jan 2004 13:10:24 +0100 (CET)
From: "O. Hartmann" <ohartman@mail.physik.uni-mainz.de>
Reply-To: "O. Hartmann" <ohartman@mail.physik.uni-mainz.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rpc.lockd coredumps with SIGNAL 11
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         61122
>Category:       kern
>Synopsis:       rpc.lockd coredumps with SIGNAL 11
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    mr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 09 04:20:06 PST 2004
>Closed-Date:    Fri Jul 16 12:53:20 GMT 2004
>Last-Modified:  Fri Jul 16 12:53:20 GMT 2004
>Originator:     O. Hartmann
>Release:        FreeBSD 5.2-RC i386
>Organization:
IPA Institut fuer Physik der Atmosphaere
		Institute for physics of the atmosphere
		Johannes Gutenberg-Universitaet Mainz
>Environment:
FreeBSD 5.2-RC SMP Dual i866 Mhz Server (TYAN Thunder 2500 main PCB, AMI RAID, 2GB ECC RAM )
System: FreeBSD mail.physik.uni-mainz.de 5.2-RC FreeBSD 5.2-RC #32: Sun Jan 4 12:21:30 GMT 2004 root@mail.physik.uni-mainz.de:/usr/obj/usr/src/sys/MAIL i386


	Machine: Dual PIII/866Mhz machine, AMI Enterprise 1600 RAID (Level 5 with 240GB diskspace), 2GB ECC RAM, acting as
	NFS server for several AMD-mounting NFS-clients
>Description:
	Sometimes rpc.lockd on the server crashes with coredump on signal 11 while opening a file from a clientside.
	This happens many times using vi, but happens also when other applications try to open or write files located
	on the server and mounted via NFS/AMD.
>How-To-Repeat:
	No glue how to repeat. It happens out of the blue. 
>Fix:

	


>Release-Note:
>Audit-Trail:

From: fabbri <fabbri@isilon.com>
To: freebsd-gnats-submit@FreeBSD.org,
	ohartman@mail.physik.uni-mainz.de
Cc:  
Subject: Re: kern/61122: rpc.lockd coredumps with SIGNAL 11
Date: Fri, 13 Feb 2004 11:26:44 -0800

 I have a patch for at least one cause of this.  
 
 Description:
 
 One of the pair of processes implemening nfs locking was crashing with
 a seg-fault when it handled locks which were contended over a long
 period.
 
 - In the case where it processed the last element in the list,
   retry_blockingfilelocklist() would dereference a null pointer trying
   to LIST_INSERT_BEFORE(null, ..). 
 
 - Rework the list iteration to keep track of the previous element so
   we can correctly do a O(1) reinsertion in a LIST. 
 
 Patch:
 
 
 Index: lockd_lock.c
 ===================================================================
 RCS file: /usr/local/ncvs/atera/src/usr.sbin/rpc.lockd/lockd_lock.c,v
 retrieving revision 1.1.1.1
 diff -u -p -r1.1.1.1 lockd_lock.c
 --- lockd_lock.c	9 Mar 2002 02:35:14 -0000	1.1.1.1
 +++ lockd_lock.c	13 Feb 2004 19:20:12 -0000
 @@ -1226,11 +1226,12 @@ void
  retry_blockingfilelocklist(void)
  {
  	/* Retry all locks in the blocked list */
 -	struct file_lock *ifl, *nfl; /* Iterator */
 +	struct file_lock *ifl, *nfl, *pfl; /* Iterator */
  	enum partialfilelock_status pflstatus;
  
  	debuglog("Entering retry_blockingfilelocklist\n");
  
 +	pfl = NULL;
  	ifl = LIST_FIRST(&blockedlocklist_head);
  	debuglog("Iterator choice %p\n",ifl);
  
 @@ -1260,9 +1261,14 @@ retry_blockingfilelocklist(void)
  		} else {
  			/* Reinsert lock back into same place in blocked list */
  			debuglog("Replacing blocked lock\n");
 -			LIST_INSERT_BEFORE(nfl, ifl, nfslocklist);
 +			if (pfl != NULL) 
 +				LIST_INSERT_AFTER(pfl, ifl, nfslocklist);
 +			else
 +				LIST_INSERT_HEAD(&blockedlocklist_head, ifl, 
 +				    nfslocklist);
  		}
  
 +		pfl = ifl;
  		/* Valid increment behavior regardless of state of ifl */
  		ifl = nfl;
  	}
 -- 
 << Aaron Fabbri  o  Developer, Filesystems Team  o  isilon.com >>
Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue Jun 22 16:32:43 GMT 2004 
Responsible-Changed-Why:  
Colin has an express interest in such bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61122 
State-Changed-From-To: open->closed 
State-Changed-By: mr 
State-Changed-When: Fri Jul 16 12:51:23 GMT 2004 
State-Changed-Why:  
kern/61122 should be fixed by bin/66837 which has been committed. 


Responsible-Changed-From-To: cperciva->mr 
Responsible-Changed-By: mr 
Responsible-Changed-When: Fri Jul 16 12:51:23 GMT 2004 
Responsible-Changed-Why:  
kern/61122 should be fixed by bin/66837 which has been committed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61122 
>Unformatted:
