netbsd-bugs: kern/4629: another "panic: locking against myself"

Subject: kern/4629: another "panic: locking against myself"
To: None <gnats-bugs@gnats.netbsd.org>
From: None <chuq@chuq.com>
List: netbsd-bugs
Date: 12/02/1997 23:49:12
>Number:         4629
>Category:       kern
>Synopsis:       another "panic: locking against myself"
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec  3 22:20:04 1997
>Last-Modified:
>Originator:     Chuck Silvers
>Organization:
>Release:        1.3-BETA of Dec 2
>Environment:
System: NetBSD sparc1.chuq.com 1.3_BETA NetBSD 1.3_BETA (CHUQ) #54: Tue Dec  2 22:52:04 PST 1997     chs@chuq.chuq.com:/home/chs/netbsd/src/sys/arch/sparc/compile/CHUQ sparc

>Description:

panic: locking against myself
Stopped at      _Debugger+0x4:  jmpl            [%o7 + 0x8], %g0
db> t
_ufs_lock(0xf0675680, 0xf00d4940, 0xf0675680, 0x3000, 0x5f6564, 0x61746100) at _ufs_lock+0x80
_vnode_pager_io(0xf06a7b20, 0x3000, 0x1, 0x1, 0x0, 0xffffffff) at _vnode_pager_io+0x78
_vnode_pager_getpage(0xf06a2e40, 0xf18a7b08, 0x1, 0x1, 0xf00e3430, 0x80002363) at _vnode_pager_getpage+0x14
_vm_pager_get_pages(0xf06a2e40, 0xf18a7b08, 0x1, 0x1, 0x0, 0xf072ed80) at _vm_pager_get_pages+0x58
_vm_pager_get(0xf06a2e40, 0xf01c8638, 0x1, 0x3000, 0xf18a7b58, 0xf18a7b54) at _vm_pager_get+0x14
_vm_fault(0xf072ed80, 0xffdf, 0x0, 0xf0145800, 0x0, 0x3) at _vm_fault+0x488
_mem_access_fault(0xf072cb00, 0x8080, 0x5000, 0xf0007cb4, 0xc4, 0xf18a7c70) at _mem_access_fault+0x1a8
normal_mem_fault(0xf0c54f10, 0x5000, 0x10e8, 0xf18a6000, 0x5f6564, 0x61746100) at normal_mem_fault+0x28
_copyout(0xf0c54000, 0x2000, 0xf18a7e98, 0x0, 0x2000, 0xffffffff) at _copyout+0x28
_ffs_read(0x0, 0xf0675680, 0x0, 0x0, 0xf0199f60, 0x80002363) at _ffs_read+0x29c
_vn_read(0xf06abb80, 0xf18a7e98, 0xf0736e00, 0xf0052f64, 0x40f0, 0xf18a7e94) at _vn_read+0xb0
_sys_read(0xf06b4200, 0x8000, 0xf18a7f20, 0xf00349c0, 0x0, 0x1) at _sys_read+0xc4         
_syscall(0x3, 0xf18a7fb0, 0x0, 0x10, 0x83, 0xf18a7fb0) at _syscall+0x1f0
syscall(0x0, 0x40f0, 0x8000, 0xeffffa0c, 0x4000, 0x14) at syscall+0xb8


>How-To-Repeat:

compile this one-liner, crashme.c:
	char buf[8192] = { 0 }; int main() { read(0, buf, sizeof(buf)); }
and invoke it as "./crashme < ./crashme".
if executable resides on an ffs filesystem, and "buf" is big enough
to contain a page that isn't touched while starting the process,
you'll get the panic (two pages is enough, thus 8k on my machine).

it looks like the vnode is locked once for the read,
and again to page in "buf".  oddly, the panic still occurs
if the "= { 0 }" is removed, putting "buf" in the bss segment,
which I would think would avoid the page-in, but apparently not.

>Fix:

dunno.
>Audit-Trail:
>Unformatted: