kern/98064: Crash with FIFOs (named pipes) and truncate()
Bruce Evans
bde at zeta.org.au
Wed May 31 06:10:31 PDT 2006
The following reply was made to PR kern/98064; it has been noted by GNATS.
From: Bruce Evans <bde at zeta.org.au>
To: Maxim Konovalov <maxim at macomnet.ru>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: kern/98064: Crash with FIFOs (named pipes) and truncate()
Date: Wed, 31 May 2006 23:06:15 +1000 (EST)
On Wed, 31 May 2006, Maxim Konovalov wrote:
> [...]
>> It has paniced in the debugging code in vop_nostrategy(). That code
>> is apparently broken. vop_nostrategy() starts with a printf() that
>> works. It then calls vprint() which panics. ap=0x0 in ufs_print and
>> vp=0x0 in fifo_printinfo() seem to have been corrupted between printing
>> some info about the fifo and panicing. Instead of panicing, vprint()
>> is supposed to return. Then vop_nostrategy() is supposed to do nothing
>> except fail the i/o.
>
> It appears this stack trace is not correct. Actially it panics at
> fifo_printinfo() when tries to dereference vp->v_fifoinfo. I added a
> simple check (unneeded in normal situation I believe) and as expected
> panic moved to VOP_STRATEGY assert.
>
> --- fifo_vnops.c 15 Mar 2006 10:15:35 -0000 1.134
> +++ fifo_vnops.c 30 May 2006 20:09:26 -0000
> @@ -449,4 +449,5 @@ fifo_printinfo(vp)
>
> - printf(", fifo with %ld readers and %ld writers",
> - fip->fi_readers, fip->fi_writers);
> + if (fip != NULL)
> + printf(", fifo with %ld readers and %ld writers",
> + fip->fi_readers, fip->fi_writers);
> return (0);
>
> My traces show namei(&nd) in kern_truncate() returns nd with
> ni_vp->v_fifoinfo = 0x0, ni_vp->v_type = VFIFO. That is why kernel
> panics in fifo_printinfo() later. But how can it happen?
fip is always null for non-open fifos, and truncate(2) doesn't open
the file.
Change the printing to print just ", fifo" or ", closed fifo" in the
fip == NULL case.
I would have expected RELENG_4 to panic here too. Maybe the vnop plumbing
is broken in RELENG_4, resulting in fifo_print() not being called.
Bruce
More information about the freebsd-bugs
mailing list