kern/38761: new (?) race in buffer cache code

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38761: new (?) race in buffer cache code
From: ad%netbsd.org@localhost
Date: Mon, 26 May 2008 16:25:00 +0000 (UTC)

>Number:         38761
>Category:       kern
>Synopsis:       new (?) race in buffer cache code
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 26 16:25:00 +0000 2008
>Originator:     Andrew Doran
>Release:        4.99.63
>Organization:
The NetBSD Project
>Environment:
>Description:
This appears to be a new one. I'm only seeing it after 'cvs up' and
first build.sh in a few days.

db{0}> t/a d17dc300
trace: pid 13230 lid 1 at 0xd1cd282c
sleepq_block(0,0,c09d4404,c0a309c4,0,c4c94244,c0ae4318,c4c941f4,b,0) at 
netbsd:sleepq_block+0x102
cv_timedwait(c4c94244,c0ae5ca0,0,c0405f3a,ce2e5600,ffffffff,0,c4c941f4,14f0100,0)
 at netbsd:cv_timedwait+0x11d
bbusy(c4c941f4,0,0,0,0,0,0,0,d003c9f4,0) at netbsd:bbusy+0xcd
getblk(d003c9f4,14f0100,0,4000,0,0,2,d1cd29b8,0,1) at netbsd:getblk+0x65
bio_doread(4000,ffffffff,0,14f0100,0,c4a70000,d1cd29cc,c03ae7be,d003c9f4,14f0100
 ) at netbsd:bio_doread+0x37
bread(d003c9f4,14f0100,0,4000,ffffffff,1,d1cd29b8,c03e9ef0,2,1ed) at 
netbsd:bread+0x36
ffs_nodealloccg(d3475d50,3a,145708,0,81a4,d3475d50,3a,d3475d50,c4a70000,0) at 
netbsd:ffs_nodealloccg+0xee
ffs_hashalloc(145708,0,81a4,c03ae6d0,0,18,1,7400,7200,7400) at 
netbsd:ffs_hashalloc+0x3a
ffs_valloc(d346da88,81a4,ce2e5600,d1cd2c8c,d00df2d8,d3475d50,d1cd2b3c,c04af7bb,d00dd468,0)
 at netbsd:ffs_valloc+0x15c
ufs_makeinode(81a4,d346da88,d1cd2c8c,d1cd2ca0,d346da88,d1cd2c78,d1cd2b9c,c04b37dc,d1cd2b84,0)
 at netbsd:ufs_makeinode+0x54
ufs_create(d1cd2b84,0,d1cd2b7c,c0504310,c4755504,c4755504,d1cd2cac,c03f31ac,c07d69e0,d346da88)
 at netbsd:ufs_create+0x59  
VOP_CREATE(d346da88,d1cd2c8c,d1cd2ca0,d1cd2bd0,51,6e617261,200,0,d17dc300,ce2e5600)
 at netbsd:VOP_CREATE+0x6c
vn_open(d1cd2c78,60a,1a4,c0458d92,c0ae4880,d1a46c10,0,d05f3584,bbb0b000,d3a8d800)
 at netbsd:vn_open+0x372
sys_open(d17dc300,d1cd2d00,d1cd2d28,bfbff3d6,609,1b6,1,0,0,bbbf4715) at 
netbsd:sys_open+0xc0
syscall(d1cd2d48,b3,ab,1f,1f,27,0,bfbfe158,0,bfbfe12d) at
netbsd:syscall+0xa0
db{0}> show buf c4c941f4
  vp 0xd003c9f4 lblkno 0x14f0100 blkno 0x14f0100 rawblkno 0x24f08df dev 0x4
  error 0 flags 0x200<DONE>
  bufsize 0x4000 bcount 0x4000 resid 0x0
  data 0xd32d8000 saveaddr 0x0 dep 0x0  
  iodone 0x0 objlock 0xd003c9f4

The buffer is not BUSY, so there is no reason for the thread to be
waiting.
 

>How-To-Repeat:
build.sh on 8cpu system
>Fix:
Two likely causes:

- cv_broadcast(&bp->b_busy) without bufcache_lock held.
- Modification of b_cflag without bufcache_lock held.

Prev by Date: kern/38760: umount -f /usr panics the system
Next by Date: Re: kern/10304 (IP-address resolving of a.out-binaries fails with a.out-emulation)
Previous by Thread: kern/38760: umount -f /usr panics the system
Next by Thread: PR/38728 CVS commit: src/crypto/dist/openssl/crypto
Indexes:

Home | Main Index | Thread Index | Old Index