From owner-freebsd-bugs Sun Dec 21 17:42:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA14633 for bugs-outgoing; Sun, 21 Dec 1997 17:42:19 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA14615; Sun, 21 Dec 1997 17:41:37 -0800 (PST) (envelope-from bde@zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.6.9) id MAA01615; Mon, 22 Dec 1997 12:37:13 +1100 Date: Mon, 22 Dec 1997 12:37:13 +1100 From: Bruce Evans Message-Id: <199712220137.MAA01615@godzilla.zeta.org.au> To: cschuber@uumail.gov.bc.ca, freebsd-bugs@hub.freebsd.org Subject: Re: kern/5212: nullfs crashes under several situations Cc: dyson@freebsd.org Sender: owner-freebsd-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I haven't had much chance to look at this (about 1/2 hour this morning), > but my tests show that tyhe nullfs problems are caused by a divide by > zero error at line 227 of vnode_pager.c (line 235 in the 2.2.2 version > of this code). My test was to ftp a file on a nullfs mounted filesystem > on an (not anonymous) ftp server. While testing my fix for this, I noticed that the file blocks were not freed when the file was unlinked in the upper (non-nullfs) layer after the file had been ftp'ed. Possible fix: --- diff -c2 vfs_subr.c~ vfs_subr.c *** vfs_subr.c~ Sat Dec 20 03:37:20 1997 --- vfs_subr.c Mon Dec 22 11:36:50 1997 *************** *** 957,960 **** --- 945,950 ---- if (VSHOULDFREE(vp)) vfree(vp); + (void) vnode_pager_uncache(vp, p); + /* * If we are doing a vput, the node is already locked, and we must --- I think vnode_pager_uncache() should only be called [somewhere near] here when the vnode goes away (on the disk) - calling it for unlink() and rename() is bogus because these syscalls only remove the inode in the usual case. Bruce