Subject: kern/33257: revoke race
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 04/13/2006 21:50:01
>Number: 33257
>Category: kern
>Synopsis: revoke race
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 13 21:50:00 +0000 2006
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 3.99.17
>Organization:
>Environment:
System: NetBSD kaeru 3.99.17 NetBSD 3.99.17 (build.kaeru.xen.nodebug.work) #9: Tue Apr 11 22:13:48 JST 2006 takashi@kaeru:/usr/home/takashi/work/kernel/build.kaeru.xen.nodebug.work i386
Architecture: i386
Machine: i386
>Description:
pid 0t16741 cleared v_specinfo and then
the current lwp dereferenced it.
db{0}> sh vn 91bf9e7c
OBJECT 0x91bf9e7c: locked=1, pgops=0x8085bfec, npages=0, refs=4
VNODE flags 188<ISTTY,LOCKSWORK,XLOCK>
mp 0x81602000 numoutput 0 size 0x0
data 0x8e902198 usecount 4 writecount 2 holdcnt 0 numoutput 0
tag VT_UFS(1) type VCHR(4) mount 0x81602000 typedata 0x0
db{0}> t
lf_advlock(8e657d94,10,0,0,808e6680) at netbsd:lf_advlock+0xed
spec_advlock(8e657d94,8e657da0,8e657da0,1,80690a80) at netbsd:spec_advlock+0x1d
VOP_ADVLOCK(91bf9e7c,91d88210,2,8e657de4,40) at netbsd:VOP_ADVLOCK+0x3a
closef(91bb5540,8c37feac,0,0,0) at netbsd:closef+0x185
fdfree(8c37feac,0,8f0e5a00,286,f4253) at netbsd:fdfree+0xb2
exit1(8c37feac,1,8e657efc,91d88210,0) at netbsd:exit1+0x1e3
postsig(1,8e657f64,8e657f5c,5d,202) at netbsd:postsig+0x272
syscall_plain() at netbsd:syscall_plain+0xcc
--- syscall (number 4) ---
0x7baec08f:
db{0}> t/t 0t16741
trace: pid 16741 at 0x8b8ffc2c
ltsleep(82098f30,11,807b79c4,0,82098f38) at netbsd:ltsleep+0x436
biowait(82098f30,19ba5e0,0,4000,ffffffff) at netbsd:biowait+0xc3
ffs_update(91bf9e7c,0,0,4,91bf9e7c) at netbsd:ffs_update+0x211
ufs_reclaim(91bf9e7c,8d9cc588,0,0,0) at netbsd:ufs_reclaim+0x4d
ffs_reclaim(8b8ffdc4,91bf9e7c,4,ffffffff,80690880) at netbsd:ffs_reclaim+0x21
VOP_RECLAIM(91bf9e7c,8d9cc588,ffffffff,286,246) at netbsd:VOP_RECLAIM+0x28
vclean(91bf9e7c,8,8d9cc588,88,8fc5ce38) at netbsd:vclean+0x83
vgonel(91bf9e7c,8d9cc588,81511bc0,4,8b8ffe84) at netbsd:vgonel+0x42
genfs_revoke(8b8ffe84,0,202,246,80690500) at netbsd:genfs_revoke+0xed
VOP_REVOKE(91bf9e7c,1,1,286,8f487758) at netbsd:VOP_REVOKE+0x28
exit1(8d9cc588,100,0,8d9cc588,8b8fff5c) at netbsd:exit1+0x6dc
sys_exit(8d9cc588,8b8fff64,8b8fff5c,1,202) at netbsd:sys_exit+0x23
syscall_plain() at netbsd:syscall_plain+0x17e
--- syscall (number 1) ---
0x7bb2abbf:
db{0}>
>How-To-Repeat:
>Fix:
>Unformatted: