kern/39842: fcntl(2)/F_SETLK overlapping locks LOCKDEBUG kernel panic

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/39842: fcntl(2)/F_SETLK overlapping locks LOCKDEBUG kernel panic
From: njoly%pasteur.fr@localhost
Date: Fri, 31 Oct 2008 18:25:00 +0000 (UTC)

>Number:         39842
>Category:       kern
>Synopsis:       fcntl(2)/F_SETLK overlapping locks LOCKDEBUG kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Oct 31 18:25:00 +0000 2008
>Originator:     Nicolas Joly
>Release:        NetBSD 5.99.01
>Organization:
Institut Pasteur, Paris.
>Environment:
System: NetBSD lanfeust.sis.pasteur.fr 5.99.01 NetBSD 5.99.01 (LANFEUST) #1: 
Fri Oct 31 13:10:41 CET 2008 
njoly%lanfeust.sis.pasteur.fr@localhost:/local/src/NetBSD/obj.amd64/sys/arch/amd64/compile/LANFEUST
 amd64
Architecture: x86_64
Machine: amd64
>Description:
The following testcase triggers a LOCKDEBUG kernel panic, when trying to setup
2 overlapping F_WRLCK+F_RDLCK locks with fcntl(2)/F_SETLK.

#include <err.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>

#define TEST_FILE "fcntl.test"

int main() {
  char *buf;
  int res, fd;
  size_t len;
  ssize_t siz;
  struct flock lck;

  lck.l_whence = SEEK_SET;

  fd = open(TEST_FILE, O_RDWR|O_CREAT, 0660);
  if (fd == -1)
    err(1, "open failed");

  buf = "0123456789"; len = strlen(buf);
  siz = write(fd, buf, len);
  if (siz == -1)
    err(1, "write failed");

  lck.l_start = 1; lck.l_len = len - 2; lck.l_type = F_WRLCK;
  res = fcntl(fd, F_SETLK, &lck);
  if (res == -1)
    err(1, "fcntl failed");

  lck.l_start = 2; lck.l_len = len - 4; lck.l_type = F_RDLCK;
  res = fcntl(fd, F_SETLK, &lck);
  if (res == -1)
    err(1, "fcntl failed");

  res = close(fd);
  if (res == -1)
    err(1, "close failed");

  res = unlink(TEST_FILE);
  if (res == -1)
    err(1, "unlink failed");

  return 0; }

njoly@lanfeust [netbsd/todo]> ./fcntl 
[...]
panic: LOCKDEBUG
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffff8052eeb5 cs 8 rflags 246 cr2  ffff800049019000 
cpl 0 rsp ffff80004a1f2820
Stopped in pid 340.1 (fcntl) at netbsd:breakpoint+0x5:  leave
db{0}> bt
breakpoint() at netbsd:breakpoint+0x5
panic() at netbsd:panic+0x260
lockdebug_abort1() at netbsd:lockdebug_abort1+0xd3
lockdebug_alloc() at netbsd:lockdebug_alloc+0xd7
cv_init() at netbsd:cv_init+0x27
lf_split() at netbsd:lf_split+0x5b
lf_advlock() at netbsd:lf_advlock+0x73e
VOP_ADVLOCK() at netbsd:VOP_ADVLOCK+0x71
do_fcntl_lock() at netbsd:do_fcntl_lock+0x15b
sys_fcntl() at netbsd:sys_fcntl+0xf0
syscall() at netbsd:syscall+0xb6

>How-To-Repeat:
Run the above testcase on LOCKDEBUG kernel.
>Fix:

Prev by Date: Re: kern/39275
Next by Date: Re: kern/39777: NFS client triggers kernel panics
Previous by Thread: kern/39838: wi(4) PCMCIA card fails in -current when inserted in cardbus system
Next by Thread: PR/39721 CVS commit: [netbsd-4] src/usr.bin/config
Indexes:

Home | Main Index | Thread Index | Old Index