Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data race on vm_page_t::flags #1156

Open
xThaid opened this issue Jun 17, 2021 · 0 comments
Open

Data race on vm_page_t::flags #1156

xThaid opened this issue Jun 17, 2021 · 0 comments
Labels
KCSAN bug found by KCSAN

Comments

@xThaid
Copy link
Collaborator

xThaid commented Jun 17, 2021

KCSAN has found a data race on vm_page_t::flags.

Stack traces of threads involved in the data race:

#0  halt () at sys/kern/klog.c:154
#1  0xc014ace0 in klog_panic () at sys/kern/klog.c:166
#2  0xc01136bc in kcsan_check (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x0) at sys/kern/kcsan.c:227
#3  0xc011370c in __tsan_write1 (ptr=ptr@entry=0xc02caccc) at sys/kern/kcsan.c:246
#4  0xc0167694 in pmap_enter (pmap=pmap@entry=0xc0019208, va=va@entry=0x420000, pg=pg@entry=0xc02cacb0, prot=<optimized out>, flags=flags@entry=0x0) at sys/mips/pmap.c:340
#5  0xc011aa00 in vm_page_fault (map=0xc00181a8, fault_addr=fault_addr@entry=0x420000, fault_type=fault_type@entry=VM_PROT_WRITE) at sys/kern/vm_map.c:460
#6  0xc016415c in tlb_exception_handler (ctx=ctx@entry=0xc006aadc) at sys/mips/trap.c:155
#7  0xc0164304 in kern_trap_handler (ctx=ctx@entry=0xc006aadc) at sys/mips/trap.c:247
#8  0xc0164860 in mips_exc_handler (ctx=0xc006aadc) at sys/mips/trap.c:276
#9  0x801008e4 in kern_exc_enter () at sys/mips/ebase.S:429
#10 0xc015e26c in bcopy () at lib/libc/string/mips/bcopy.S:116
#11 0xc0163d58 in copyout () at sys/mips/copy.S:86
#12 0xc012259c in copyout_vmspace (vm=0xc00181a8, kaddr=0xc2af6a28, udaddr=0x400000 <gen_random>, len=0x2e000) at sys/kern/uio.c:29
#13 0xc0113784 in __tsan_read4 (ptr=<optimized out>) at sys/kern/kcsan.c:248
#14 0xc012287c in uiomove (buf=<optimized out>, n=0xc2af6a28, uio=0x0, uio@entry=0xc006ac70) at sys/kern/uio.c:66
#15 0xc0122c50 in uiomove_frombuf (buf=buf@entry=0xc2af5a28, buflen=0x37a34, uio=uio@entry=0xc006ac70) at sys/kern/uio.c:104
#16 0xc014c780 in initrd_vnode_read (v=<optimized out>, uio=0xc006ac70) at sys/kern/initrd.c:247
#17 0xc01529ec in VOP_READ (uio=0xc006ac70, v=0xc0015660) at include/sys/vnode.h:151
#18 load_elf_segment (p=p@entry=0xc0070020, vn=vn@entry=0xc0015660, ph=ph@entry=0xc0199a20 <BOOT_ARENA+43552>) at sys/kern/exec_elf.c:124
#19 0xc0153378 in exec_elf_load (p=p@entry=0xc0070020, vn=0xc0015660, eh=eh@entry=0xc006ad5c) at sys/kern/exec_elf.c:166
#20 0xc0154c98 in _do_execve (args=args@entry=0xc006add0) at sys/kern/exec.c:401
#21 0xc0154fb4 in do_execve (u_path=u_path@entry=0x41400c " ", u_argp=u_argp@entry=0x7f7fff18, u_envp=0x7f7fffb4) at sys/kern/exec.c:449
#22 0xc0135514 in sys_execve (p=<optimized out>, args=0xc006ae38, res=<optimized out>) at sys/kern/syscalls.c:494
#23 0xc016444c in syscall_handler (ctx=ctx@entry=0xc006aed8, result=result@entry=0xc006ae80) at sys/mips/trap.c:59
#24 0xc0164644 in user_trap_handler (ctx=ctx@entry=0xc006aed8) at sys/mips/trap.c:202
#25 0xc01647c4 in mips_exc_handler (ctx=0xc006aed8) at sys/mips/trap.c:274

#0  0xc013c0f4 in sched_switch () at sys/kern/sched.c:165
#1  0xc012f080 in thread_yield () at sys/kern/thread.c:196
#2  0xc011334c in setup_watchpoint (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x1) at sys/kern/kcsan.c:179
#3  0xc0113618 in kcsan_check (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x1) at sys/kern/kcsan.c:219
#4  0xc01136e4 in __tsan_read1 (ptr=ptr@entry=0xc02caccc) at sys/kern/kcsan.c:246
#5  0xc0116324 in pm_find_buddy (seg=seg@entry=0xc0188040 <freeseg+56>, pg=pg@entry=0xc02cac8c) at sys/kern/vm_physmem.c:180
#6  0xc0116b38 in pm_free_from_seg (seg=seg@entry=0xc0188040 <freeseg+56>, page=page@entry=0xc02cac8c) at sys/kern/vm_physmem.c:296
#7  0xc0116eec in vm_page_free_nolock (pg=pg@entry=0xc02cac8c) at sys/kern/vm_physmem.c:319
#8  0xc0117978 in vm_page_free (page=page@entry=0xc02cac8c) at sys/kern/vm_physmem.c:329
#9  0xc0117ea4 in vm_object_remove_pages_nolock (obj=obj@entry=0xc00659a8, offset=offset@entry=0x0, length=length@entry=0xfffff000) at sys/kern/vm_object.c:73
#10 0xc0118640 in vm_object_drop (obj=0xc00659a8) at sys/kern/vm_object.c:95
#11 0xc0118c90 in vm_map_entry_free (ent=ent@entry=0xc00669a8) at sys/kern/vm_map.c:137
#12 0xc0119acc in vm_map_entry_destroy (map=map@entry=0xc00181c8, ent=ent@entry=0xc00669a8) at sys/kern/vm_map.c:166
#13 0xc0119dc0 in vm_map_delete (map=map@entry=0xc00181c8) at sys/kern/vm_map.c:224
#14 0xc014364c in proc_exit (exitstatus=0x0) at sys/kern/proc.c:597
#15 0xc01371c8 in sys_exit (p=0xc0070560, args=0xc0079e38, res=<optimized out>) at sys/kern/syscalls.c:47
#16 0xc016444c in syscall_handler (ctx=ctx@entry=0xc0079ed8, result=result@entry=0xc0079e80) at sys/mips/trap.c:59
#17 0xc0164644 in user_trap_handler (ctx=ctx@entry=0xc0079ed8) at sys/mips/trap.c:202
#18 0xc01647c4 in mips_exc_handler (ctx=0xc0079ed8) at sys/mips/trap.c:274

I will probably take a look at it. I have created an issue just to make sure that it won't get lost.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
KCSAN bug found by KCSAN
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xThaid