kern/56816: Deadlock: sleep during unloading module with kernconfig_lock being held

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56816: Deadlock: sleep during unloading module with kernconfig_lock being held
From: rokuyama.rk%gmail.com@localhost
Date: Sat, 7 May 2022 03:50:01 +0000 (UTC)

>Number:         56816
>Category:       kern
>Synopsis:       Deadlock: sleep during unloading module with kernconfig_lock being held
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 07 03:50:00 +0000 2022
>Originator:     Rin Okuyama
>Release:        9.99.96
>Organization:
Department of Physics, Meiji University
>Environment:
NetBSD rb800 9.99.96 NetBSD 9.99.96 (RB800_LOCKDEBUG) #3: Fri May  6 20:53:08 JST 2022  rin@latipes:/build/src/sys/arch/evbppc/compile/RB800_LOCKDEBUG evbppc
>Description:
Summary:

During audio(4) module being unloaded, devsw_detach() sleeps in
localcount_fini() with kernconfig_lock() being held. This results in
deadlock when the next module is loaded.

Details:

An evbppc/booke machine (MODULAR_DEFAULT_AUTOLOAD enabled and no
audio device available) is stuck during full ATF run.

With DDB and LOCKDEBUG, the scenario described above is confirmed:

----
# cd /usr/tests; atf-run | atf-report
...
lib/libc/gen/posix_spawn/t_spawn (157/911): 16 test cases
...
    t_spawn_zero: ~Stopped in pid 0.2 (system) at  netbsd:cpu_Debugger+0xc:        tw      0, r1, r1
db> ps
PID    LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
17317 17317 3   0         0            e147640            t_spawn tstile
...
db> trace/a e147640
trace: pid 17317 lid 17317 at 0xd81bd0
0x00d81c30: at cpu_switchto+0x34
0x00d81c40: at mi_switch+0x22c
0x00d81c80: at sleepq_block+0xd4
0x00d81cb0: at turnstile_block+0x1f0
0x00d81d00: at mutex_enter+0x190
0x00d81d40: at kernconfig_lock+0x3c
0x00d81d60: at module_autoload+0x28
0x00d81d80: at execve_loadvm+0x3ec
0x00d81e00: at do_posix_spawn+0xd0
0x00d81e70: at sys_posix_spawn+0xe4
0x00d81eb0: at syscall+0x1e0
0x00d81f20: user SC trap #474 by 0xfdcce158: srr1=0x2d030
            r1=0xffff7400 cr=0x28000442 xer=0 ctr=0xfdcce150
db> show lock
...
lock address : 0x00000000006cdc5c type     :     sleep/adaptive
initialized  : 0x00000000002a81a8
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  1
relevant cpu :                  0 last held:                  0
relevant lwp : 0x000000000ff4d040 last held: 0x000000000ff43380
last locked* : 0x00000000002a8208 unlocked : 0x00000000002d2974
owner field  : 0x000000000ff43380 wait/spin:                1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xe147640
...
db> trace/a ff43380
trace: pid 0 lid 8 at 0xc62ce0
0x00c62d40: at cpu_switchto+0x34
0x00c62d50: at mi_switch+0x22c
0x00c62d90: at sleepq_block+0xd4
0x00c62dc0: at cv_wait+0x50
0x00c62de0: at localcount_drain+0xd4
0x00c62e20: at devsw_detach_locked+0x1f8
0x00c62e50: at devsw_detach+0x38
0x00c62e70: at audio_modcmd+0x124
0x00c62e90: at module_do_unload+0x114
0x00c62ee0: at module_thread+0x198
0x00c62f20: at cpu_lwp_bootstrap+0xc
0x00c62fe8: at 0xfffffffc
...
----
>How-To-Repeat:
Full ATF run on kernel with MODULE_DEFAULT_AUTOLOAD option but
without audio(4) drivers.
>Fix:
N/A

Follow-Ups:
- Re: kern/56816: Deadlock: sleep during unloading module with kernconfig_lock being held
  - From: Rin Okuyama

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: kern/56816: Deadlock: sleep during unloading module with kernconfig_lock being held
Previous by Thread: Re: toolchain/56771 (profiled programs crash in __mcount)
Next by Thread: Re: kern/56816: Deadlock: sleep during unloading module with kernconfig_lock being held
Indexes:

Home | Main Index | Thread Index | Old Index