From owner-freebsd-current@FreeBSD.ORG Thu Oct 5 00:22:05 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8FF416A412; Thu, 5 Oct 2006 00:22:05 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A4C343D58; Thu, 5 Oct 2006 00:22:04 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 5139F1A4D82; Wed, 4 Oct 2006 17:22:04 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id B9C00515BC; Wed, 4 Oct 2006 20:22:03 -0400 (EDT) Date: Wed, 4 Oct 2006 20:22:03 -0400 From: Kris Kennaway To: David Xu Message-ID: <20061005002203.GB42061@xor.obsecurity.org> References: <20061004203715.GA38692@xor.obsecurity.org> <200610050819.53832.davidxu@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oC1+HKm2/end4ao3" Content-Disposition: inline In-Reply-To: <200610050819.53832.davidxu@freebsd.org> User-Agent: Mutt/1.4.2.2i Cc: current@freebsd.org, Kris Kennaway Subject: Re: Thread stuck in aioprn X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 00:22:05 -0000 --oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 05, 2006 at 08:19:53AM +0800, David Xu wrote: > On Thursday 05 October 2006 04:37, Kris Kennaway wrote: > > When running stress2 I got an unkillable process stuck in the aioprn > > state: > > > > #0 sched_switch (td=3D0xc5652bd0, newtd=3D0xc4916a20, flags=3D1) at at= omic.h:265 > > #1 0xc0549b96 in mi_switch (flags=3D1, newtd=3D0x0) at > > ../../../kern/kern_synch.c:425 #2 0xc056baa6 in sleepq_switch (wchan= =3D0x0) > > at ../../../kern/subr_sleepqueue.c:450 #3 0xc056bc9b in sleepq_timedwa= it > > (wchan=3D0xc5668c80) at ../../../kern/subr_sleepqueue.c:567 #4 0xc0549= 59e in > > msleep (ident=3D0xc5668c80, mtx=3D0xc5c6ee0c, priority=3D76, wmesg=3D0x= c0763914 > > "aioprn", timo=3D100) at ../../../kern/kern_synch.c:207 > > #5 0xc05a0597 in aio_proc_rundown (arg=3D0x0, p=3D0xc5668b04) at > > ../../../kern/vfs_aio.c:699 #6 0xc0524769 in exit1 (td=3D0xc5652bd0, r= v=3D9) > > at ../../../kern/kern_exit.c:237 #7 0xc0545eab in sigexit (td=3D0xc565= 2bd0, > > sig=3D9) at ../../../kern/kern_sig.c:2883 #8 0xc0546c3b in postsig (si= g=3D9) > > at ../../../kern/kern_sig.c:2765 #9 0xc056e503 in ast (framep=3D0xed16= dd38) > > at ../../../kern/subr_trap.c:270 #10 0xc06ff61d in doreti_ast () at > > ../../../i386/i386/exception.s:284 > > > > This was from the 'random syscall' test, so chances are there is some > > insufficient error handling of invalid data here. > > > > Kris >=20 > Are you using aio with non-disk file ? I know it is not safe to use > aio with socket, pipe, fifo, etcs, only disk file may be safe. I guess I was unclear: the stress2 test calls random syscalls with random arguments, so the error condition is probably from insufficient sanity checking of the input in aio_read(). Kris --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFJFArWry0BWjoQKURAh9EAKDCnOxZrxVV7vWLmyU6lbkA9RwPewCeNF/J T6I1BOxvliXnk0ZfWEFjTpU= =WuJM -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3--