netbsd-bugs: kern/37034: Processes stuck on vnlock: accessing msdos fs mounted from img (vnconfig)

Subject: kern/37034: Processes stuck on vnlock: accessing msdos fs mounted from img (vnconfig)
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <netbsd@eq.cz>
List: netbsd-bugs
Date: 09/28/2007 08:25:01

>Number:         37034
>Category:       kern
>Synopsis:       Processes stuck on vnlock: accessing msdos fs mounted from img (vnconfig)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 28 08:25:01 +0000 2007
>Originator:     rudolf
>Release:        NetBSD 4.0_RC1 (netbsd-4 20070927)
>Organization:
>Environment:
NetBSD bludicka.crlf.cz 4.0_RC1 NetBSD 4.0_RC1 (GENERIC_debug) #0: Thu Sep 27 23:52:18 CEST 2007  root@bludicka.crlf.cz:/mnt/B/obj/sys/arch/amd64/compile/GENERIC_debug amd64
>Description:
I have this backup MSDOS img. I can access the DOS filesystem with 'ls'. I can it access with 'ls -al', but only once. The second time I try, the process gets stucked in vnlock.

The t/t of one of the hanging processes looks like this:
ltsleep()
acquire()
lockmgr()
VOP_LOCK()
vn_lock()
vget()
deget()
msdosfs_root()
lookup()
namei()
sys___lstat30()
syscall_plain()

I have a kernel dump from single-user with everything mounted read-only with one stucked process, I can provide it at request. The kernel is GENERIC with the following changes:
--- /usr/src/sys/arch/amd64/conf/GENERIC        2007-09-23 12:30:48.000000000 +0200
+++ /usr/src/sys/arch/amd64/conf/GENERIC_debug  2007-09-23 12:04:05.000000000 +0200
@@ -83,20 +83,20 @@
 #options       BUFQ_PRIOCSCAN
 
 # Diagnostic/debugging support options
-#options       DIAGNOSTIC      # expensive kernel consistency checks
-#options       DEBUG           # expensive debugging checks/support
-#options       KMEMSTATS       # kernel memory statistics (vmstat -m)
+options        DIAGNOSTIC      # expensive kernel consistency checks
+options        DEBUG           # expensive debugging checks/support
+options        KMEMSTATS       # kernel memory statistics (vmstat -m)
 
 #
 # Because gcc omits the frame pointer for any -O level, the line below
 # is needed to make backtraces in DDB work.
 #
-#makeoptions   COPTS="-O2 -fno-omit-frame-pointer"
-#options       DDB             # in-kernel debugger
-#options       DDB_HISTORY_SIZE=512    # enable history editing in DDB
+makeoptions    COPTS="-O2 -fno-omit-frame-pointer"
+options        DDB             # in-kernel debugger
+options        DDB_HISTORY_SIZE=512    # enable history editing in DDB
 #options       KGDB            # remote debugger
 #options       KGDB_DEVNAME="\"com\"",KGDB_DEVADDR=0x3f8,KGDB_DEVRATE=9600
-#makeoptions   DEBUG="-g"      # compile full symbol table
+makeoptions    DEBUG="-g"      # compile full symbol table
 
 # Compatibility options
 options        COMPAT_15       # compatibility with NetBSD 1.5,

>How-To-Repeat:
The dump I have was acquired like this:

boot -s
mount -r /dev/wd1e /mnt
cd /mnt/dir_with_dos_img
vnconfig -r vnd0 msdos.img
mount -r -t msdos /dev/vnd0a /mnt2
ls /mnt2/
=> this can be repeated without a stuck
ls -al /mnt2/
=> This time I get the listing
ls -al /mnt2/
=> stuck
CTRL+ALT+ESC
reboot 0x104
=> lockmgr: no context panic
reboot 0x104
=> actually made the dump

>Fix: