Date: Mon, 29 May 2006 15:40:29 GMT From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/98064: Crash with FIFOs (named pipes) and truncate() Message-ID: <200605291540.k4TFeT7a057549@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/98064; it has been noted by GNATS. From: Maxim Konovalov <maxim@macomnet.ru> To: Bruce Evans <bde@zeta.org.au> Cc: bug-followup@FreeBSD.org Subject: Re: kern/98064: Crash with FIFOs (named pipes) and truncate() Date: Mon, 29 May 2006 19:33:16 +0400 (MSD) On Tue, 30 May 2006, 00:04+1000, Bruce Evans wrote: > On Mon, 29 May 2006, Maxim Konovalov wrote: > > > > I have used used the following fixes in this area for many years. They > > > make truncate() on a fifo and some other file types always succeed > > > instead of wandering off into UFS_TRUNCATE() (which is always (?) > > > ffs_truncate()) and tending to cause panics there. > > [...] > > > > Why doesn't RELENG_4 suffer from this? The code of ufs_setattr() is > > very similar there. > > Hmm, my fixes are for ~5.2 and they may be unnecessary there too. I don't > remember noticing this particular problem. Perhaps some changes in -current > resulted in ffs_update() doing more and happening to do something bad. > Unfortunately, the PR doesn't contain much debugging info so it isn't > clear that the problem is in ffs_update(). Here is a backtrace: Unread portion of the kernel message buffer: No strategy for buffer at 0xcc6a8b70 vnode 0xc2c6c514: tag ufs, type VFIFO usecount 1, writecount 0, refcount 2 mountedhere 0 flags () lock type ufs: EXCL (count 1) by thread 0xc28ca6c0 (pid 1039) ino 141854, on dev ad0s1e Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x20:0xc047cf95 stack pointer = 0x28:0xd565f798 frame pointer = 0x28:0xd565f798 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1039 (q) panic: from debugger Uptime: 31s Physical memory: 494 MB Dumping 48 MB: 33 17 1 #0 doadump () at pcpu.h:166 166 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); gdb% bt #0 doadump () at pcpu.h:166 #1 0xc04b4de4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc04b508f in panic (fmt=0xc05e237c "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc0444f25 in db_panic (addr=-1069035627, have_addr=0, count=-1, modif=0xd565f578 "") at /usr/src/sys/ddb/db_command.c:426 #4 0xc0444ebc in db_command (last_cmdp=0xc0640704, cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:395 #5 0xc0444f7a in db_command_loop () at /usr/src/sys/ddb/db_command.c:446 #6 0xc0446b91 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 #7 0xc04cfb35 in kdb_trap (type=12, code=0, tf=0x0) at /usr/src/sys/kern/subr_kdb.c:481 #8 0xc05bfa14 in trap_fatal (frame=0xd565f758, eva=12) at /usr/src/sys/i386/i386/trap.c:861 #9 0xc05bf77f in trap_pfault (frame=0xd565f758, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:778 #10 0xc05bf3bd in trap (frame= {tf_fs = -1027211256, tf_es = 65576, tf_ds = -714801112, tf_edi = 67584, tf_esi = -1027160812, tf_ebp = -714737768, tf_isp = -714737788, tf_ebx = -1027336392, tf_edx = 0, tf_ecx = -1056878592, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1069035627, tf_cs = 32, tf_eflags = 590406, tf_esp = -714737748, tf_ss = -1068030820}) at /usr/src/sys/i386/i386/trap.c:463 #11 0xc05b035a in calltrap () at /usr/src/sys/i386/i386/exception.s:138 ---Type <return> to continue, or q <return> to quit--- #12 0xc047cf95 in fifo_printinfo (vp=0x0) at /usr/src/sys/fs/fifofs/fifo_vnops.c:448 #13 0xc057249c in ufs_print (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1965 #14 0xc05d1c70 in VOP_PRINT_APV (vop=0x0, a=0xd565f7cc) at vnode_if.c:1899 #15 0xc050cafa in vn_printf (vp=0xc2c6c514, fmt=0xc05e2816 "%s\n") at vnode_if.h:971 #16 0xc0502a4e in vop_nostrategy (ap=0xd565f8a8) at /usr/src/sys/kern/vfs_default.c:195 #17 0xc05d1b05 in VOP_STRATEGY_APV (vop=0xc062a280, a=0xd565f8a8) at vnode_if.c:1797 #18 0xc0568920 in ffsext_strategy (ap=0xd565f8a8) at /usr/src/sys/ufs/ffs/ffs_vnops.c:1291 #19 0xc05d1b05 in VOP_STRATEGY_APV (vop=0xc0631520, a=0xd565f8a8) at vnode_if.c:1797 #20 0xc04ff6fd in bufstrategy (bo=0x0, bp=0xcc6a8b70) at vnode_if.h:928 #21 0xc04fa81e in bufwrite (bp=0xcc6a8b70) at buf.h:419 #22 0xc04fae51 in bawrite (bp=0x0) at buf.h:405 #23 0xc0552581 in ffs_truncate (vp=0xc2c6c514, length=16000, flags=67584, cred=0xc2be3e80, td=0xc28ca6c0) at /usr/src/sys/ufs/ffs/ffs_inode.c:304 #24 0xc056ffe9 in ufs_setattr (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:532 #25 0xc05d0ae6 in VOP_SETATTR_APV (vop=0x0, a=0xd565fb3c) at vnode_if.c:586 #26 0xc0513195 in kern_truncate (td=0xc28ca6c0, path=0x0, pathseg=UIO_USERSPACE, length=16000) at vnode_if.h:314 ---Type <return> to continue, or q <return> to quit--- #27 0xc0512fac in truncate (td=0xc28ca6c0, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:3018 #28 0xc05bfd2a in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077941208, tf_esi = -1077941216, tf_ebp = -1077941336, tf_isp = -714736284, tf_ebx = 672492728, tf_edx = 16, tf_ecx = 2, tf_eax = 198, tf_trapno = 12, tf_err = 2, tf_eip = 672423415, tf_cs = 51, tf_eflags = 534, tf_esp = -1077941380, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:1016 #29 0xc05b03af in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:191 #30 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) gdb% -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605291540.k4TFeT7a057549>