From owner-freebsd-bugs@FreeBSD.ORG Wed May 31 13:10:25 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 256A416A446 for ; Wed, 31 May 2006 13:10:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBE9443D8F for ; Wed, 31 May 2006 13:10:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4VDALff044613 for ; Wed, 31 May 2006 13:10:21 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4VDALDE044612; Wed, 31 May 2006 13:10:21 GMT (envelope-from gnats) Date: Wed, 31 May 2006 13:10:21 GMT Message-Id: <200605311310.k4VDALDE044612@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Bruce Evans Cc: Subject: Re: kern/98064: Crash with FIFOs (named pipes) and truncate() X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bruce Evans List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 13:10:31 -0000 The following reply was made to PR kern/98064; it has been noted by GNATS. From: Bruce Evans To: Maxim Konovalov Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/98064: Crash with FIFOs (named pipes) and truncate() Date: Wed, 31 May 2006 23:06:15 +1000 (EST) On Wed, 31 May 2006, Maxim Konovalov wrote: > [...] >> It has paniced in the debugging code in vop_nostrategy(). That code >> is apparently broken. vop_nostrategy() starts with a printf() that >> works. It then calls vprint() which panics. ap=0x0 in ufs_print and >> vp=0x0 in fifo_printinfo() seem to have been corrupted between printing >> some info about the fifo and panicing. Instead of panicing, vprint() >> is supposed to return. Then vop_nostrategy() is supposed to do nothing >> except fail the i/o. > > It appears this stack trace is not correct. Actially it panics at > fifo_printinfo() when tries to dereference vp->v_fifoinfo. I added a > simple check (unneeded in normal situation I believe) and as expected > panic moved to VOP_STRATEGY assert. > > --- fifo_vnops.c 15 Mar 2006 10:15:35 -0000 1.134 > +++ fifo_vnops.c 30 May 2006 20:09:26 -0000 > @@ -449,4 +449,5 @@ fifo_printinfo(vp) > > - printf(", fifo with %ld readers and %ld writers", > - fip->fi_readers, fip->fi_writers); > + if (fip != NULL) > + printf(", fifo with %ld readers and %ld writers", > + fip->fi_readers, fip->fi_writers); > return (0); > > My traces show namei(&nd) in kern_truncate() returns nd with > ni_vp->v_fifoinfo = 0x0, ni_vp->v_type = VFIFO. That is why kernel > panics in fifo_printinfo() later. But how can it happen? fip is always null for non-open fifos, and truncate(2) doesn't open the file. Change the printing to print just ", fifo" or ", closed fifo" in the fip == NULL case. I would have expected RELENG_4 to panic here too. Maybe the vnop plumbing is broken in RELENG_4, resulting in fifo_print() not being called. Bruce