Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Mar 2001 12:35:21 -0800 (PST)
From:      albowicz@cs.ucr.edu
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/25617: aio_read crashes system.
Message-ID:  <200103082035.f28KZLi52527@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         25617
>Category:       kern
>Synopsis:       aio_read crashes system.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 08 12:40:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Joe Albowicz
>Release:        4.2-STABLE
>Organization:
>Environment:
FreeBSD cd8.corp124.com 4.2-STABLE FreeBSD 4.2-STABLE #2: Wed Feb  7 19:13:39 PST 2001     nigelc@cd14.corp124.com:/usr/src/sys/compile/CDs-BSD-STABLE  i386
>Description:

Issuing two aio_reads for 131K blocks on a raw scsi device crashes the system.  Other block sizes do not crash the system.  Also using a normal file (e.g. "/tmp/foo.txt") does not crash the system.
>How-To-Repeat:
Run this program. as "a.out /dev/rda2"

#include <aio.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <string.h>


void do_aio_stuff(char * fname, int sector_size, int num_aiocbs)
{
  char buffs[num_aiocbs * sector_size];

  int fh = open(fname, O_RDONLY);
  assert(fh >= 0);
  
  aiocb iocbs[num_aiocbs];
  int cb_index;

  memset(iocbs, '\0', sizeof(aiocb) * num_aiocbs);

  for(cb_index = 0; cb_index < 2; cb_index++)
  {
      off_t pos = (long long) cb_index * sector_size +16384;
      
      iocbs[cb_index].aio_fildes = fh;
      iocbs[cb_index].aio_offset = pos;
      iocbs[cb_index].aio_buf = &buffs[cb_index*sector_size];
      iocbs[cb_index].aio_nbytes = sector_size;

      int ret_val = aio_read(&iocbs[cb_index]);
      if(ret_val == -1)
      {
          printf("aio_read error == %s\n", strerror(errno));
          exit(0);
      }
  }


  printf("Going to sleep\n");
  sleep(5);
  
  close(fh);
}


int main(int argc, char * argv[])
{
  char partition_name[1000];
  strcpy(partition_name, argv[1]);
  
  //int ss = 16384; // WORKS!!
  int ss = 131072;
  //int ss = 262144; // WORKS!!
  
  do_aio_stuff(partition_name, ss, 10);
  
  return 0;

}



>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103082035.f28KZLi52527>