Date: Mon, 5 Feb 1996 03:01:28 -0700 From: Matt Day <mday@artisoft.com> To: freebsd-bugs@freebsd.org, freebsd-hackers@freebsd.org Subject: Bad bug in ffs_sync() & friends Message-ID: <199602051001.DAA26813@sting.artisoft.com>
next in thread | raw e-mail | index | archive | help
Hi, I think there is a very rare, yet fatal, bug in ffs_sync() in the -CURRENT code (and the -STABLE code, and NetBSD 1.1, etc...). This bug has occured twice on my system in the past 6 months. Consider this scenario: ffs_vget() calls getnewvnode(), and then calls MALLOC() to allocate memory for the incore inode. That MALLOC() blocks. While that MALLOC() is blocked, ffs_sync() gets called. ffs_sync() finds the vnode just set up by that getnewvnode() on the mnt_vnodelist (because getnewvnode() put it there) and proceeds to dereference vp->v_data by calling VOP_ISLOCKED(), but v_data is still zero because that MALLOC() blocked. It looks like this bug is lurking in many other routines as well -- pretty much any routine that runs down the mnt_vnodelist. What do you think? Please e-mail me directly, as I do not subscribe to these mailing lists. Thanks, Matt Day <mday@artisoft.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602051001.DAA26813>