From root@overlord.e-gerbil.net  Mon Jun 19 16:41:08 2000
Return-Path: <root@overlord.e-gerbil.net>
Received: from overlord.e-gerbil.net (e-gerbil.net [207.91.110.247])
	by hub.freebsd.org (Postfix) with ESMTP id 8796937B7E5
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 19 Jun 2000 16:41:06 -0700 (PDT)
	(envelope-from root@overlord.e-gerbil.net)
Received: (from root@localhost)
	by overlord.e-gerbil.net (8.9.3/8.9.3) id TAA26487;
	Mon, 19 Jun 2000 19:41:05 -0400 (EDT)
	(envelope-from root)
Message-Id: <200006192341.TAA26487@overlord.e-gerbil.net>
Date: Mon, 19 Jun 2000 19:41:05 -0400 (EDT)
From: ras@e-gerbil.net
Sender: root@overlord.e-gerbil.net
Reply-To: ras@e-gerbil.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: sendfile(2)
X-Send-Pr-Version: 3.2

>Number:         19389
>Category:       kern
>Synopsis:       Panic caused by sendfile(2)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 19 16:50:01 PDT 2000
>Closed-Date:    Sat Jul 21 20:57:06 PDT 2001
>Last-Modified:  Sat Jul 21 20:57:27 PDT 2001
>Originator:     Richard Steenbergen
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
>Environment:

	

>Description:

	Deleting a file while doing a sendfile(2) on it results in
	kernel panic. Non-priv'd users can panic box.

>How-To-Repeat:

	figure it out :P

>Fix:

	

>Release-Note:
>Audit-Trail:

From: David Greenman <dg@root.com>
To: ras@e-gerbil.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/19389: sendfile(2) 
Date: Mon, 19 Jun 2000 16:48:20 -0700

 >	Deleting a file while doing a sendfile(2) on it results in
 >	kernel panic. Non-priv'd users can panic box.
 
    This is a case that I've specifically tested for in the past, so I'm a bit
 surprised to see this bug report. sendfile(2) holds a vnode reference to the
 file (via the open file descriptor), which should prevent bad things from
 happening when the file is unlinked (the actual deletion is defered until
 all internal references have been dropped). Is it possible that there is more
 involved than just deleting the file? Can you provide a traceback?
 
 -DG
 
 David Greenman
 Co-founder, The FreeBSD Project - http://www.freebsd.org
 Manufacturer of high-performance Internet servers - http://www.terasolutions.com
 Pave the road of life with opportunities.
 

From: "Richard A. Steenbergen" <ras@e-gerbil.net>
To: David Greenman <dg@root.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/19389: sendfile(2) 
Date: Mon, 19 Jun 2000 19:59:30 -0400 (EDT)

 On Mon, 19 Jun 2000, David Greenman wrote:
 
 > >	Deleting a file while doing a sendfile(2) on it results in
 > >	kernel panic. Non-priv'd users can panic box.
 > 
 >    This is a case that I've specifically tested for in the past, so I'm a bit
 > surprised to see this bug report. sendfile(2) holds a vnode reference to the
 > file (via the open file descriptor), which should prevent bad things from
 > happening when the file is unlinked (the actual deletion is defered until
 > all internal references have been dropped). Is it possible that there is more
 > involved than just deleting the file? Can you provide a traceback?
 
 I wish I had let the coredump go. Kernel panic from ncftpd sendfile,
 immediately after I rm -rf'd the files in another console.
 
 -- 
 Richard A Steenbergen <ras@e-gerbil.net>   http://www.e-gerbil.net/humble
 PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)
 
 

From: Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: FreeBSD Gnats <freebsd-gnats-submit@freebsd.org>, dg@freebsd.org
Subject: Re: kern/19389: sendfile(2)
Date: Wed, 21 Jun 2000 07:36:27 +0200

 -On [20000620 02:02], Richard A. Steenbergen (ras@e-gerbil.net) wrote:
 > I wish I had let the coredump go. Kernel panic from ncftpd sendfile,
 > immediately after I rm -rf'd the files in another console.
 
 But since you can reproduce it reliably, please get another crashdump.
 =)
 
 -- 
 Jeroen Ruigrok van der Werven          Network- and systemadministrator
 <jruigrok@via-net-works.nl>            VIA Net.Works The Netherlands
 BSD: Technical excellence at its best  http://www.via-net-works.nl
 Knowledge is power...
 
State-Changed-From-To: open->feedback 
State-Changed-By: dd 
State-Changed-When: Sat Jun 9 18:25:09 PDT 2001 
State-Changed-Why:  
Waiting for the kernel core dump. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19389 
State-Changed-From-To: feedback->closed 
State-Changed-By: mike 
State-Changed-When: Sat Jul 21 20:57:06 PDT 2001 
State-Changed-Why:  

Timeout; no response from originator. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19389 
>Unformatted:
