Data race on vm_page_t::flags

Question

Data race on vm_page_t::flags

Opened this issue 3 years ago · 0 comments

KCSAN has found a data race on vm_page_t::flags.

Stack traces of threads involved in the data race:

#0  halt () at sys/kern/klog.c:154
#1  0xc014ace0 in klog_panic () at sys/kern/klog.c:166
#2  0xc01136bc in kcsan_check (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x0) at sys/kern/kcsan.c:227
#3  0xc011370c in __tsan_write1 (ptr=ptr@entry=0xc02caccc) at sys/kern/kcsan.c:246
#4  0xc0167694 in pmap_enter (pmap=pmap@entry=0xc0019208, va=va@entry=0x420000, pg=pg@entry=0xc02cacb0, prot=<optimized out>, flags=flags@entry=0x0) at sys/mips/pmap.c:340
#5  0xc011aa00 in vm_page_fault (map=0xc00181a8, fault_addr=fault_addr@entry=0x420000, fault_type=fault_type@entry=VM_PROT_WRITE) at sys/kern/vm_map.c:460
#6  0xc016415c in tlb_exception_handler (ctx=ctx@entry=0xc006aadc) at sys/mips/trap.c:155
#7  0xc0164304 in kern_trap_handler (ctx=ctx@entry=0xc006aadc) at sys/mips/trap.c:247
#8  0xc0164860 in mips_exc_handler (ctx=0xc006aadc) at sys/mips/trap.c:276
#9  0x801008e4 in kern_exc_enter () at sys/mips/ebase.S:429
#10 0xc015e26c in bcopy () at lib/libc/string/mips/bcopy.S:116
#11 0xc0163d58 in copyout () at sys/mips/copy.S:86
#12 0xc012259c in copyout_vmspace (vm=0xc00181a8, kaddr=0xc2af6a28, udaddr=0x400000 <gen_random>, len=0x2e000) at sys/kern/uio.c:29
#13 0xc0113784 in __tsan_read4 (ptr=<optimized out>) at sys/kern/kcsan.c:248
#14 0xc012287c in uiomove (buf=<optimized out>, n=0xc2af6a28, uio=0x0, uio@entry=0xc006ac70) at sys/kern/uio.c:66
#15 0xc0122c50 in uiomove_frombuf (buf=buf@entry=0xc2af5a28, buflen=0x37a34, uio=uio@entry=0xc006ac70) at sys/kern/uio.c:104
#16 0xc014c780 in initrd_vnode_read (v=<optimized out>, uio=0xc006ac70) at sys/kern/initrd.c:247
#17 0xc01529ec in VOP_READ (uio=0xc006ac70, v=0xc0015660) at include/sys/vnode.h:151
#18 load_elf_segment (p=p@entry=0xc0070020, vn=vn@entry=0xc0015660, ph=ph@entry=0xc0199a20 <BOOT_ARENA+43552>) at sys/kern/exec_elf.c:124
#19 0xc0153378 in exec_elf_load (p=p@entry=0xc0070020, vn=0xc0015660, eh=eh@entry=0xc006ad5c) at sys/kern/exec_elf.c:166
#20 0xc0154c98 in _do_execve (args=args@entry=0xc006add0) at sys/kern/exec.c:401
#21 0xc0154fb4 in do_execve (u_path=u_path@entry=0x41400c " ", u_argp=u_argp@entry=0x7f7fff18, u_envp=0x7f7fffb4) at sys/kern/exec.c:449
#22 0xc0135514 in sys_execve (p=<optimized out>, args=0xc006ae38, res=<optimized out>) at sys/kern/syscalls.c:494
#23 0xc016444c in syscall_handler (ctx=ctx@entry=0xc006aed8, result=result@entry=0xc006ae80) at sys/mips/trap.c:59
#24 0xc0164644 in user_trap_handler (ctx=ctx@entry=0xc006aed8) at sys/mips/trap.c:202
#25 0xc01647c4 in mips_exc_handler (ctx=0xc006aed8) at sys/mips/trap.c:274

#0  0xc013c0f4 in sched_switch () at sys/kern/sched.c:165
#1  0xc012f080 in thread_yield () at sys/kern/thread.c:196
#2  0xc011334c in setup_watchpoint (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x1) at sys/kern/kcsan.c:179
#3  0xc0113618 in kcsan_check (addr=addr@entry=0xc02caccc, size=size@entry=0x1, is_read=is_read@entry=0x1) at sys/kern/kcsan.c:219
#4  0xc01136e4 in __tsan_read1 (ptr=ptr@entry=0xc02caccc) at sys/kern/kcsan.c:246
#5  0xc0116324 in pm_find_buddy (seg=seg@entry=0xc0188040 <freeseg+56>, pg=pg@entry=0xc02cac8c) at sys/kern/vm_physmem.c:180
#6  0xc0116b38 in pm_free_from_seg (seg=seg@entry=0xc0188040 <freeseg+56>, page=page@entry=0xc02cac8c) at sys/kern/vm_physmem.c:296
#7  0xc0116eec in vm_page_free_nolock (pg=pg@entry=0xc02cac8c) at sys/kern/vm_physmem.c:319
#8  0xc0117978 in vm_page_free (page=page@entry=0xc02cac8c) at sys/kern/vm_physmem.c:329
#9  0xc0117ea4 in vm_object_remove_pages_nolock (obj=obj@entry=0xc00659a8, offset=offset@entry=0x0, length=length@entry=0xfffff000) at sys/kern/vm_object.c:73
#10 0xc0118640 in vm_object_drop (obj=0xc00659a8) at sys/kern/vm_object.c:95
#11 0xc0118c90 in vm_map_entry_free (ent=ent@entry=0xc00669a8) at sys/kern/vm_map.c:137
#12 0xc0119acc in vm_map_entry_destroy (map=map@entry=0xc00181c8, ent=ent@entry=0xc00669a8) at sys/kern/vm_map.c:166
#13 0xc0119dc0 in vm_map_delete (map=map@entry=0xc00181c8) at sys/kern/vm_map.c:224
#14 0xc014364c in proc_exit (exitstatus=0x0) at sys/kern/proc.c:597
#15 0xc01371c8 in sys_exit (p=0xc0070560, args=0xc0079e38, res=<optimized out>) at sys/kern/syscalls.c:47
#16 0xc016444c in syscall_handler (ctx=ctx@entry=0xc0079ed8, result=result@entry=0xc0079e80) at sys/mips/trap.c:59
#17 0xc0164644 in user_trap_handler (ctx=ctx@entry=0xc0079ed8) at sys/mips/trap.c:202
#18 0xc01647c4 in mips_exc_handler (ctx=0xc0079ed8) at sys/mips/trap.c:274

I will probably take a look at it. I have created an issue just to make sure that it won't get lost.