netbsd-bugs: kern/24887: rename violates vnode locking order

Subject: kern/24887: rename violates vnode locking order
To: None <gnats-bugs@gnats.netbsd.org>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 03/23/2004 16:39:38
>Number:         24887
>Category:       kern
>Synopsis:       rename violates vnode locking order
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 23 07:40:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release:        NetBSD 1.6ZK
>Organization:

>Environment:
	
	
System: NetBSD kaeru 1.6ZK NetBSD 1.6ZK (build.kaeru) #1138: Tue Mar 23 09:52:05 JST 2004 takashi@kaeru:/home/takashi/work/kernel/build.kaeru i386
Architecture: i386
Machine: i386
>Description:
	VOP_RENAME of many filesystems including ufs violate
	vnode locking order and sometimes deadlock.

(gdb) p (struct lock *)0xcabc552c
$1 = (struct lock *) 0xcabc552c
(gdb) p $1
$2 = (struct lock *) 0xcabc552c
(gdb) p *$1
$3 = {lk_interlock = {lock_data = 0,
    lock_file = 0xc04f3f60 "/home/takashi/nbsd/sys/kern/kern_lock.c",
    unlock_file = 0xc04f3f60 "/home/takashi/nbsd/sys/kern/kern_lock.c",
    lock_line = 513, unlock_line = 855, list = {tqe_next = 0x0,
      tqe_prev = 0x0}, lock_holder = 4294967295}, lk_flags = 525312,
  lk_sharecount = 0, lk_exclusivecount = 1, lk_recurselevel = 0,
  lk_waitcount = 7, lk_wmesg = 0xc04b1757 "vnlock", lk_un = {lk_un_sleep = {
      lk_sleep_lockholder = 6911, lk_sleep_locklwp = 1, lk_sleep_prio = 20,
      lk_sleep_timo = 0}, lk_un_spin = {lk_spin_cpu = 6911, lk_spin_list = {
        tqe_next = 0x1, tqe_prev = 0x14}}},
  lk_lock_file = 0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c",
  lk_unlock_file = 0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c", lk_lock_line = 324, lk_unlock_line = 340}
(gdb) p (struct lock *) 0xc9e457f4
$4 = (struct lock *) 0xc9e457f4
(gdb) p *$4
$5 = {lk_interlock = {lock_data = 0,
    lock_file = 0xc04f3f60 "/home/takashi/nbsd/sys/kern/kern_lock.c",
    unlock_file = 0xc04f6280 "/home/takashi/nbsd/sys/kern/kern_synch.c",
    lock_line = 513, unlock_line = 458, list = {tqe_next = 0x0,
      tqe_prev = 0x0}, lock_holder = 4294967295}, lk_flags = 525312,
  lk_sharecount = 0, lk_exclusivecount = 1, lk_recurselevel = 0,
  lk_waitcount = 1, lk_wmesg = 0xc04b1757 "vnlock", lk_un = {lk_un_sleep = {
      lk_sleep_lockholder = 5453, lk_sleep_locklwp = 1, lk_sleep_prio = 20,
      lk_sleep_timo = 0}, lk_un_spin = {lk_spin_cpu = 5453, lk_spin_list = {
        tqe_next = 0x1, tqe_prev = 0x14}}},
  lk_lock_file = 0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c",
  lk_unlock_file = 0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c", lk_lock_line = 324, lk_unlock_line = 340}
(gdb) lwp 0xcad9fc98 1
$6 = (struct lwp *) 0xcaad27c4
(gdb) bt
#0  0xcaad27c4 in ?? ()
#1  0xc02b1843 in ltsleep (ident=0xc9e457f4, priority=0, wmesg=0x0, timo=0,
    interlock=0xc9e457f4) at /home/takashi/nbsd/sys/kern/kern_synch.c:493
#2  0xc02a182e in acquire (lkp=0xc9e457f4, s=0xca18fbac, extflags=0, drain=0,
    wanted=1536) at /home/takashi/nbsd/sys/kern/kern_lock.c:259
#3  0xc02a1eef in _lockmgr (lkp=0xc9e457f4, flags=3390634924,
    interlkp=0xc9e4576c,
    file=0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c",
    line=324) at /home/takashi/nbsd/sys/kern/kern_lock.c:730
#4  0xc02f0886 in genfs_lock (v=0x0)
    at /home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c:324
#5  0xc02ef60d in VOP_LOCK (vp=0x0, flags=0)
    at /home/takashi/nbsd/sys/kern/vnode_if.c:1082
#6  0xc02eeb25 in vn_lock (vp=0xc9e4576c, flags=65538)
    at /home/takashi/nbsd/sys/kern/vfs_vnops.c:782
#7  0xc02e4dc4 in vget (vp=0xc9e4576c, flags=65538)
    at /home/takashi/nbsd/sys/kern/vfs_subr.c:1245
#8  0xc02e06da in cache_lookup (dvp=0xcabc54a4, vpp=0xca18fec4, cnp=0xca18fed8)
    at /home/takashi/nbsd/sys/kern/vfs_cache.c:278
#9  0xc0271c32 in ufs_lookup (v=0xca18fd64)
    at /home/takashi/nbsd/sys/ufs/ufs/ufs_lookup.c:169
#10 0xc02eef3f in VOP_LOOKUP (dvp=0x0, vpp=0x0, cnp=0x0)
    at /home/takashi/nbsd/sys/kern/vnode_if.c:131
---Type <return> to continue, or q <return> to quit---
#11 0xc02e2cfc in lookup (ndp=0xca18feb4)
    at /home/takashi/nbsd/sys/kern/vfs_lookup.c:509
#12 0xc02e277c in namei (ndp=0xca18feb4)
    at /home/takashi/nbsd/sys/kern/vfs_lookup.c:172
#13 0xc02ed0d5 in rename_files (from=0x0, to=0x0, p=0xcad9fc98, retain=0)
    at /home/takashi/nbsd/sys/kern/vfs_syscalls.c:3186
#14 0xc02ed060 in sys_rename (l=0x0, v=0x0, retval=0xca18ff5c)
    at /home/takashi/nbsd/sys/kern/vfs_syscalls.c:3141
#15 0xc0372817 in syscall_plain (frame=0xca18ffa8)
    at /home/takashi/nbsd/sys/arch/i386/i386/syscall.c:156
(gdb) lwp 0xca1bf8f8 1
$7 = (struct lwp *) 0xca1b3df0
(gdb) bt
#0  0xca1b3df0 in ?? ()
#1  0xc02b1843 in ltsleep (ident=0xcabc552c, priority=0, wmesg=0x0, timo=0,
    interlock=0xcabc552c) at /home/takashi/nbsd/sys/kern/kern_synch.c:493
#2  0xc02a182e in acquire (lkp=0xcabc552c, s=0xcbbebbac, extflags=0, drain=0,
    wanted=1536) at /home/takashi/nbsd/sys/kern/kern_lock.c:259
#3  0xc02a1eef in _lockmgr (lkp=0xcabc552c, flags=3418274732,
    interlkp=0xcabc54a4,
    file=0xc04f9d60 "/home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c",
    line=324) at /home/takashi/nbsd/sys/kern/kern_lock.c:730
#4  0xc02f0886 in genfs_lock (v=0x0)
    at /home/takashi/nbsd/sys/miscfs/genfs/genfs_vnops.c:324
#5  0xc02ef60d in VOP_LOCK (vp=0x0, flags=0)
    at /home/takashi/nbsd/sys/kern/vnode_if.c:1082
#6  0xc02eeb25 in vn_lock (vp=0xcabc54a4, flags=2)
    at /home/takashi/nbsd/sys/kern/vfs_vnops.c:782
#7  0xc02767ab in ufs_rename (v=0xcbbebdf4)
    at /home/takashi/nbsd/sys/ufs/ufs/ufs_vnops.c:891
#8  0xc02ef415 in VOP_RENAME (fdvp=0x0, fvp=0x0, fcnp=0x0, tdvp=0x0, tvp=0x0,
    tcnp=0x0) at /home/takashi/nbsd/sys/kern/vnode_if.c:798
#9  0xc02ed3a3 in rename_files (from=0x0, to=0x0, p=0xca1bf8f8, retain=0)
    at /home/takashi/nbsd/sys/kern/vfs_syscalls.c:3245
#10 0xc02ed060 in sys_rename (l=0x0, v=0x0, retval=0xcbbebf5c)
    at /home/takashi/nbsd/sys/kern/vfs_syscalls.c:3141
---Type <return> to continue, or q <return> to quit---
#11 0xc0372817 in syscall_plain (frame=0xcbbebfa8)
    at /home/takashi/nbsd/sys/arch/i386/i386/syscall.c:156
(gdb) fr 7
#7  0xc02767ab in ufs_rename (v=0xcbbebdf4)
    at /home/takashi/nbsd/sys/ufs/ufs/ufs_vnops.c:891
891             if ((error = vn_lock(fvp, LK_EXCLUSIVE)) != 0)
(gdb) list
886                             /* relookup blew away fdvp */
887                             return (error);
888                     }
889                     return (VOP_REMOVE(fdvp, fvp, fcnp));
890             }
891             if ((error = vn_lock(fvp, LK_EXCLUSIVE)) != 0)
892                     goto abortit;
893             dp = VTOI(fdvp);
894             ip = VTOI(fvp);
895             if ((nlink_t) ip->i_nlink >= LINK_MAX) {
(gdb) Quit
(gdb) p $7->l_proc->p_pid
$8 = 5453
(gdb) p $6->l_proc->p_pid
$9 = 6911
(gdb)
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: