kern/147890: [ufs] [regression] ufs-related lock problem in RELENG_8 (18.04.2010 -> 20.04.2010)

Kostik Belousov kostikbel at gmail.com
Thu Jun 17 08:32:46 UTC 2010 

On Thu, Jun 17, 2010 at 10:28:41AM +0300, Kostik Belousov wrote:
> On Wed, Jun 16, 2010 at 10:20:03PM +0000, Dmitry Pryanishnikov wrote:
> > The following reply was made to PR kern/147890; it has been noted by GNATS.
> > 
> > From: Dmitry Pryanishnikov <lynx.ripe at gmail.com>
> > To: Bruce Cran <bruce at cran.org.uk>
> > Cc: bug-followup at freebsd.org
> > Subject: Re: kern/147890: [ufs] [regression] ufs-related lock problem in 
> > 	RELENG_8 (18.04.2010 -&gt; 20.04.2010)
> > Date: Thu, 17 Jun 2010 01:12:17 +0300
> > 
> >  Hello!
> >  
> >  2010/6/16 Bruce Cran <bruce at cran.org.uk>:
> >  > Could you run the commands shown in
> >  > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-deadlocks.html
> >  > to get more information to help debug the problem please?
> >  
> >    Done - I've rebuilt the kernel from the sources as of 20.04.2010
> >  with the missing debugging options, repeated the problem, turned
> I suspect you do not. In particular, DEBUG_VFS_LOCKS, DEBUG_LOCKS
> and WITNESS seems to be missed.
> 
> >  ddb(4) capture buffer on, issued recommended ddb commands, then called
> >  'doadump'; then rebooted and extracted capture buffer contents from
> >  the crashdump using ddb(8).
> Due to missed options, we cannot trace the lock chains and see why the
> issue happens.
> 
> >  
> >    BTW, is there a way to get this information _without repeating the
> >  problem_ - using only a crashdump from it's previous occurrence? All
> >  data required for analysis should already be there. I suspect not
> >  every deadlock is easy repeatable (like this one)...
> It is, but you have to understand how locks work, and what you are
> looking for.
> 
> >  
> >  db> ps
> >  
> >    pid  ppid  pgrp   uid   state   wmesg     wchan    cmd
> >   2143  1846  2143     0  S+      ufs      0xcd466dc8 sync
> >   2131     1  1911  1000  S       ufs      0xcd466dc8 initial thread
> ...
> >     18     0     0     0  SL      ufs      0xcd466dc8 [syncer]
> ....
> >  Tracing command syncer pid 18 tid 100067 td 0xc7383000
> >  sched_switch(c7383000,0,104,191,e660f504,...) at 0xc05292c0 = sched_switch+0x330
> >  mi_switch(104,0,c0745097,1eb,50,...) at 0xc0510680 = mi_switch+0x200
> >  sleepq_switch(c7383000,0,c0745097,260,50,...) at 0xc054028f =
> >  sleepq_switch+0x15f
> >  sleepq_wait(cd466dc8,50,c07393ba,4,0,...) at 0xc0540f63 = sleepq_wait+0x63
> >  __lockmgr_args(cd466dc8,80100,cd466e30,0,0,...) at 0xc04f087f =
> >  __lockmgr_args+0xb1f
> >  ffs_lock(e732cb34,c054944b,c0763314,80100,cd466d70,...) at 0xc067e9f1
> >  = ffs_lock+0xa1
> >  VOP_LOCK1_APV(c07a47c0,e732cb34,c73830a4,c07b7a20,cd466d70,...) at
> >  0xc070c945 = VOP_LOCK1_APV+0xb5
> >  _vn_lock(cd466d70,80100,c074e6ce,82b,4,...) at 0xc05a2fd8 = _vn_lock+0x78
> >  vget(cd466d70,80100,c7383000,39a,c763b870,...) at 0xc05969db = vget+0xbb
> >  qsync(c763b870,0,c0761f41,552,4,...) at 0xc0687db7 = qsync+0x197
> >  ffs_sync(c763b870,3,c074e6ce,d6b,c763b870,...) at 0xc067a139 = ffs_sync+0x349
> >  sync_fsync(e732cc7c,c0772c36,c76b8778,e732cc7c,c76b86b8,...) at
> >  0xc059812f = sync_fsync+0x18f
> >  VOP_FSYNC_APV(c0799bc0,e732cc7c,c074e6ce,6a5,c7383000,...) at
> >  0xc070a545 = VOP_FSYNC_APV+0xc5
> >  sync_vnode(c093b618,c093b604,3e8,6d4,4e20,...) at 0xc059840b = sync_vnode+0x16b
> >  sched_sync(0,e732cd38,c073bc0b,343,c759f7f8,...) at 0xc0598753 =
> >  sched_sync+0x273
> >  fork_exit(c05984e0,0,e732cd38) at 0xc04dddf8 = fork_exit+0xb8
> >  fork_trampoline() at 0xc06d6b80 = fork_trampoline+0x8
> >  --- trap 0, eip = 0, esp = 0xe732cd70, ebp = 0 ---
> Do you have custoom kernel build, in particular, are quotas compiled in ?
> What are the drives ?
> 
> Having to pull the generic information about the problematic system
> does not make debugging faster.

What _could_ happen in your case is the relock in ufs_accessx for QUOTA.
ufs_delete_denied() calls VOP_ACCESSX for both parent directory
and target vnode while parent directory is locked. If source directory
is not exclusively locked, LOR can happen, since ufs_accessx has to
unlock and lock directory vnode. I am not sure how many similar cases
of VOP_ACCESS[X] is places in the problematic locations.

Try the (untested) patch below.

diff --git a/sys/ufs/ufs/ufs_lookup.c b/sys/ufs/ufs/ufs_lookup.c
index 0030c52..c779491 100644
--- a/sys/ufs/ufs/ufs_lookup.c
+++ b/sys/ufs/ufs/ufs_lookup.c
@@ -77,6 +77,32 @@ SYSCTL_INT(_debug, OID_AUTO, dircheck, CTLFLAG_RW, &dirchk, 0, "");
 /* true if old FS format...*/
 #define OFSFMT(vp)	((vp)->v_mount->mnt_maxsymlinklen <= 0)
 
+#ifdef QUOTA
+static int
+ufs_lookup_upgrade_lock(struct vnode *vp)
+{
+	int error;
+
+	ASSERT_VOP_LOCKED(vp, __FUNCTION__);
+	if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE)
+		return (0);
+
+	error = 0;
+
+	/*
+	 * Upgrade vnode lock, since getinoquota()
+	 * requires exclusive lock to modify inode.
+	 */
+	vhold(vp);
+	vn_lock(vp, LK_UPGRADE | LK_RETRY);
+	VI_LOCK(vp);
+	if (vp->v_iflag & VI_DOOMED)
+		error = ENOENT;
+	vdropl(vp);
+	return (error);
+}
+#endif
+
 static int
 ufs_delete_denied(struct vnode *vdp, struct vnode *tdp, struct ucred *cred,
     struct thread *td)
@@ -232,6 +258,13 @@ ufs_lookup_ino(struct vnode *vdp, struct vnode **vpp, struct componentname *cnp,
 	vnode_create_vobject(vdp, DIP(dp, i_size), cnp->cn_thread);
 
 	bmask = VFSTOUFS(vdp->v_mount)->um_mountp->mnt_stat.f_iosize - 1;
+#ifdef QUOTA
+	if ((nameiop == DELETE || nameiop == RENAME) && (flags & ISLASTCN)) {
+		error = ufs_lookup_upgrade_lock(vdp);
+		if (error != 0)
+			return (error);
+	}
+#endif
 
 restart:
 	bp = NULL;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20100617/27626188/attachment.pgp

More information about the freebsd-fs mailing list