[DragonFlyBSD - Bug #2364] (In Progress) panic: lockmgr: locking against myself

Matthew Dillon via Redmine bugtracker-admin at leaf.dragonflybsd.org
Thu Aug 16 17:06:11 PDT 2012


Issue #2364 has been updated by Matthew Dillon.

Status changed from New to In Progress

Here is a better test program, works for x86-64 or i386.  The size of the file depends on how UFS was formatted.  The file must be such that the last block is a fragment which covers less than a page.  We then issue a write that hits that fragment.  The bread() of the buffer brings in the VM page but the VM page's valid bits are not fully set.  This then causes the copyin or copyout to fault, creating the double-lock.

/*
 * Must be one fragment less than a page.  Typical UFS filesystems
 * are configured 1K/8K or 2K/16K.  Larger ones tend to be configured
 * 2K/16K.  Use 7168 for 1K/8K and 6144 for 2K/16K
 *
 * dd if=/dev/zero of=test bs=6144 count=1
 * dd if=/dev/zero of=test bs=7168 count=1
 */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>

main(int argc, char **argv)
{
        int fd;
        int backup_fd;
        char *mmap_region;
        char buf[8192];
        int i0, i;
        ssize_t n;

        fd = open(argv[1], O_RDWR);
        mmap_region = mmap(NULL, 16384 * 2,
                 PROT_READ|PROT_WRITE,MAP_PRIVATE,
                fd, 0);
        fprintf(stderr, "%d %p\n", fd, mmap_region);
#if 1
        madvise(mmap_region, 16384 * 2, MADV_RANDOM);
        madvise(mmap_region, 16384 * 2, MADV_INVAL);
#endif
        mmap_region[4] = 'b';
        lseek(fd, 0, SEEK_SET);
        n = write(fd, mmap_region, 4096+2048);
        printf("write n=%zd\n", n);
        munmap(mmap_region, 16384 * 2);
}

----------------------------------------
Bug #2364: panic: lockmgr: locking against myself
http://bugs.dragonflybsd.org/issues/2364

Author: John Marino
Status: In Progress
Priority: High
Assignee: Venkatesh Srinivas
Category: 
Target version: 


This is an easily repeatable panic.
Edit a file with size > 4096 bytes using /usr/pkg/bin/heme, and save.
*boom*

http://leaf.dragonflybsd.org/~marino/core/core.locking_against_myself.txt

Seen on i386 on Virtualbox but already reproduced independently by vrinivas.
DragonFly a4d7a8c-DEVELOPMENT #4: Mon May 7 18:55:28 CEST 2012 root@:/usr/obj/usr/src/sys/GENERIC

core dump located in leaf ~marino/crash


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account





More information about the Bugs mailing list