kern/56242: mount_chfs(8) panics with "locking against myself" mutex error, if previously unmounted with edited files

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56242: mount_chfs(8) panics with "locking against myself" mutex error, if previously unmounted with edited files
From: vezhlys%gmail.com@localhost
Date: Wed, 9 Jun 2021 11:45:00 +0000 (UTC)

>Number:         56242
>Category:       kern
>Synopsis:       mount_chfs(8) panics with "locking against myself" mutex error, if previously unmounted with edited files
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 09 11:45:00 +0000 2021
>Originator:     Andrius V
>Release:        NetBSD 9.2
>Organization:
>Environment:
NetBSD  9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 22:13:25 EEST 2021  andriusv@:/home/andriusv/netbsd-src/sys/arch/amd64/compile/GENERIC amd64
>Description:
mount_chfs(8) panics with "locking against myself" mutex error, if previously unmounted with edited files both on NetBSD 9 and current branches (likely 8 too). The problem is caused by unclosed mutex lock in chfs_scan_check_vnode (chfs_scan.c#154) (premature return). While at it I found few other places where mutex seems to be left open and I believe should be closed (return is used before mutex_exit).

bt:
Mutex error: mutex_vector_enter,544: locking against myself

lock address : 0x00000000c73ec030
current cpu  :                  0
current lwp  : 0x00000000c69380c0
owner field  : 0x00000000c69380c0 wait/spin:                0/0

panic: lock error: Mutex: mutex_vector_enter,544: locking against myself: lock 0xc73ec030 cpu 0 lwp 0xc69380c0
cpu0: Begin traceback...
vpanic(c129d150,dccf2c24,dccf2c40,c0cee127,c129d150,c1257ab4,c117786c,220,c129554f,c73ec030) at netbsd:vpanic+0x13c
device_printf(c129d150,c1257ab4,c117786c,220,c129554f,c73ec030,0,c69380c0,dccf2c64,c0ca6928) at netbsd:device_printf
lockdebug_abort(c117786c,220,c73ec030,c14ce344,c129554f,c69380c0,c69380c0,dccf2cc4,c0ca6ef2,c129554f) at netbsd:lockdebug_abort+0xd0
mutex_abort(c129554f,c0ca71a2,c1599fca,0,0,12b,dccf2cd0,dccf2cd0,0,0) at netbsd:mutex_abort+0x2f
mutex_vector_enter(c73ec030,c73ec030,0,4e04,0,0,3df8,4df8,0,c) at netbsd:mutex_vector_enter+0x429
chfs_build_set_vnodecache_nlink(c73ec000,c73e3f00,1,c6f22e00,c73ec000,c73ec028,2000000,0,0,dccf2d28) at chfs:chfs_build_set_vnodecache_nlink+0x58
chfs_build_filesystem(c73ec000,1,0,c69380c0,0,0,c73ecb48,c73ec030,c73ec028,c6f22e50) at chfs:chfs_build_filesystem+0x150
chfs_mountfs(c6527e00,c6870000,fffffffe,1,c6870000,dccf2dc8,c0ceb480,c73e03c0,0,c73e03c0) at chfs:chfs_mountfs+0x353
chfs_mount(c6870000,bfb1e4f8,c73ca0e0,dccf2f30,c6870000,dccf2e94,c0d53582,c6870000,bfb1e4f8,c73ca0e0) at chfs:chfs_mount+0x12e
VFS_MOUNT(c6870000,bfb1e4f8,c73ca0e0,dccf2f30,0,c73ca0e0,c73ca0e0,4,1,0) at netbsd:VFS_MOUNT+0x39
mount_domount(c69380c0,dccf2ed8,db564040,bfb1e4f8,0,c73ca0e0,dccf2f30,0,db564040,dccf2f60) at netbsd:mount_domount+0xc6
do_sys_mount(c69380c0,d0a24a,0,bfb1e4f8,0,bfb1e0f0,0,4,dccf2f60,dccf2f9c) at netbsd:do_sys_mount+0x21e
sys___mount50(c69380c0,dccf2f68,dccf2f60,c69380c0,14028,19a,dccf2f60,dccf2f68,0,0) at netbsd:sys___mount50+0x4d
netbsd:syscall+0x17c
--- syscall (number 410) ---
b65b0007:
cpu0: End traceback...

>How-To-Repeat:
modload flash
modload nand
modload nandemulator
mount -t chfs /dev/flash0 /mnt
touch /mnt/file1.txt
touch /mnt/file2.txt
umount /mnt
mount -t chfs /dev/flash0 /mnt
touch /mnt/file2.txt
umount /mnt
mount -t chfs /dev/flash0 /mnt
(should panic)
>Fix:
Index: sys/ufs/chfs/chfs_scan.c
===================================================================
RCS file: /pub/NetBSD-CVS/src/sys/ufs/chfs/chfs_scan.c,v
retrieving revision 1.8
diff -p -u -r1.8 chfs_scan.c
--- sys/ufs/chfs/chfs_scan.c	17 Jun 2019 17:14:56 -0000	1.8
+++ sys/ufs/chfs/chfs_scan.c	9 Jun 2021 11:25:50 -0000
@@ -151,6 +151,7 @@ chfs_scan_check_vnode(struct chfs_mount 
 		} else {
 			err = chfs_update_eb_dirty(chmp, cheb,
 			    sizeof(struct chfs_flash_vnode));
+			mutex_exit(&chmp->chm_lock_vnocache);
 			return CHFS_NODE_OK;
 		}
 	} else {
@@ -325,6 +326,7 @@ chfs_scan_check_dirent_node(struct chfs_
 	parentvc = chfs_scan_make_vnode_cache(chmp, le64toh(dirent->pvno));
 	if (!parentvc) {
 		chfs_free_dirent(fd);
+		mutex_exit(&chmp->chm_lock_vnocache);
 		return ENOMEM;
 	}
 
@@ -381,8 +383,10 @@ chfs_scan_check_data_node(struct chfs_mo
 	vc = chfs_vnode_cache_get(chmp, vno);
 	if (!vc) {
 		vc = chfs_scan_make_vnode_cache(chmp, vno);
-		if (!vc)
+		if (!vc) {
+			mutex_exit(&chmp->chm_lock_vnocache);
 			return ENOMEM;
+		}
 	}
 	chfs_add_node_to_list(chmp, vc, nref, &vc->dnode);
 	mutex_exit(&chmp->chm_lock_vnocache);

Index: sys/ufs/chfs/chfs_readinode.c
===================================================================
RCS file: /pub/NetBSD-CVS/src/sys/ufs/chfs/chfs_readinode.c,v
retrieving revision 1.10
diff -p -u -r1.10 chfs_readinode.c
--- sys/ufs/chfs/chfs_readinode.c	1 Jun 2017 02:45:15 -0000	1.10
+++ sys/ufs/chfs/chfs_readinode.c	9 Jun 2021 11:25:58 -0000
@@ -1012,6 +1012,7 @@ retry:
 				(unsigned long long)vc->vno, vc->state);
 			chfs_err("wants to read a nonexistent ino %llu\n",
 				(unsigned long long)vc->vno);
+			mutex_exit(&chmp->chm_lock_vnocache);
 			return ENOENT;
 		default:
 			panic("BUG() Bad vno cache state.");

Prev by Date: Re: port-zaurus/56238: Several ARM-Variants seem to miss gcov-iov.h
Next by Date: Re: kern/55699: Panic certainly in iSCSI initiator
Previous by Thread: Re: kern/55956 (umb(4): device disconnect causes a kernel crash in umb_detach())
Next by Thread: Re: kern/53019 (xhci-connected keyboard with LOCKDEBUG kernel causes panic)
Indexes:

Home | Main Index | Thread Index | Old Index