From rolfjs@ife.no  Tue Jun 23 02:04:39 1998
Received: from barney.ife.no (barney.ife.no [128.39.229.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA26803
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Jun 1998 02:04:34 -0700 (PDT)
          (envelope-from rolfjs@ife.no)
Received: from virginis.ife.no by barney.ife.no (5.65/Ultrix3.0-C)
	id AA06158; Tue, 23 Jun 1998 11:03:51 +0200
Received: by virginis.ife.no ; Tue, 23 Jun 1998 11:03:44 +0200 (CEST)
Message-Id: <199806230903.LAA10674@virginis.ife.no>
Date: Tue, 23 Jun 1998 11:03:44 +0200 (CEST)
From: rolfjs@ife.no
Reply-To: rolfjs@ife.no
To: FreeBSD-gnats-submit@freebsd.org
Subject: Panic in vinvalbuf when appending to and looking at tail of NFS file.
X-Send-Pr-Version: 3.2

>Number:         7028
>Category:       kern
>Synopsis:       Panic in vinvalbuf when appending/looking at tail of NFS file.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 23 02:10:01 PDT 1998
>Closed-Date:    Sat Dec 11 22:47:04 PST 1999
>Last-Modified:  Sat Dec 11 22:47:45 PST 1999
>Originator:     Rolf J Soedahl
>Release:        FreeBSD 2.2.6-RELEASE i386
>Organization:
Institute for energy technology
		 P.O. Box 40
		 N-2007 KJELLER
		 NORWAY
>Environment:
	NFS client: FreeBSD 2.2.6 (also FreeBSD 3.0 980222)
	NFS server: FreeBSD 2.2.6 (also FreeBSD 3.0 980222 / Digital UNIX 3.2G)

>Description:
	When writing to a file in a NFS-mounted directory in append mode
	(using shell >> or "a" in fopen), looking at the tail of this file
	on the same NFS client causes a kernel panic in vinvalbuf.
	Note that both the writing and the looking (with tail) is done at
	the NFS client.

	I post this bug as confidential because I think a fix should
	be available when users start to "investigate" this malfunction.

>How-To-Repeat:
	Method 1:
		This standard command sequence shows the problem:
			cd Any-NFS-mounted-directory-with-write-permission
			touch out
			/usr/sbin/lptest 50 100000 >> out &
			sleep 1
			tail out

		This is the output from DDB (as read and reentered by me):

panic: vinvalbuf: flush failed
Debugger("panic")
Stopped at	_Debugger+0x35: movb	$0,_in_Debugger.122
db>
db> ps
  pid   proc     addr    uid  ppid  pgrp  flag stat wmesg   wchan   cmd
  208 f0743c00 f4b44000 1000   204   204 004006  2                  tail
  206 f0743e00 f4b42000 1000   204   206 004006  2                  lptest
  204 f06ec000 f4b40000 1000   179   204 004086  3   pause f4b40128 csh
  --More--
db>
db> trace
_Debugger(f0117e38) at _Debugger+0x35
_panic(f01344a0,f074b200,0,0,10) at _panic+0x5a
_vinvalbuf(f074cf00,1,f073f000,f0743e00,0,0) at _vinvalbuf+0x21c
_nfs_vinvalbuf(f074cf00,1,f073f000,f0743e00,1) at _nfs_vinvalbuf+0xf8
_nfs_write(efbffee8,f01f94d0,400,efbfff94,2) at _nfs_write+0xfa
_vn_write(f074ab00,efbfff34,f073f000,f01f94d0,f0743e00) at _vn_write+0x93
_write(f0743e00,efbfff94,efbfff84,20079060,21d4) at _write+0x97
_syscall(27,27,efbfd5bc,21d4,efbfd548) at _syscall+0x183
_Xsyscall() at _Xsyscall+0x35
---syscall 0x4, eip = 0x2006c981, esp = 0xefbfd530, ebp = 0xefbfd548 ---

	Method 2:
		This small C program may be used instead of lptest. It results
		in a panic for N = 100 with my client and server configuration.
		Smaller values of N has not crashed, I suspect there is a race
		condition in the kernel.

/* Program nfstest.c. Usage: "./nfstest 100".
** If this program is executed in a NFS-mounted directory,
** the command "tail out" gives panic in vinvalbuf
** when N is large (e.g. 100). */

#include <stdlib.h>
#include <stdio.h>

#define FILENAME "out"

main(int argc, char **argv)
{
	FILE	*f;
	int	i, N;
	if (argc != 2) {
		fprintf(stderr, "Usage: %s N\n", argv[0]);
		exit(1);
	}
	N = atoi(argv[1]);
	printf("N = %d\n", N);
	if ((f = fopen(FILENAME, "a")) == NULL) {	/* Append mode !! */
		fprintf(stderr, "fopen failed");
		exit(1);
	}
	for (;;) {
		for (i = 0; i < N; i++)
			fprintf(f, "testing NFS in append mode\n");
		sleep(1);
	}
}

>Fix:
	Sorry, I have no fix for this problem.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dillon 
State-Changed-When: Sat Dec 11 22:47:04 PST 1999 
State-Changed-Why:  
This bug is believed to be fixed in 3.x and 4.x 
>Unformatted:
