From nobody@FreeBSD.org  Thu Mar  8 12:35:21 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 78E3337B71B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  8 Mar 2001 12:35:21 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f28KZLi52527;
	Thu, 8 Mar 2001 12:35:21 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200103082035.f28KZLi52527@freefall.freebsd.org>
Date: Thu, 8 Mar 2001 12:35:21 -0800 (PST)
From: albowicz@cs.ucr.edu
To: freebsd-gnats-submit@FreeBSD.org
Subject: aio_read crashes system.
X-Send-Pr-Version: www-1.0

>Number:         25617
>Category:       kern
>Synopsis:       aio_read crashes system.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    alc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 08 12:40:01 PST 2001
>Closed-Date:    Sun Mar 18 13:00:50 PST 2001
>Last-Modified:  Sun Mar 18 13:04:29 PST 2001
>Originator:     Joe Albowicz
>Release:        4.2-STABLE
>Organization:
>Environment:
FreeBSD cd8.corp124.com 4.2-STABLE FreeBSD 4.2-STABLE #2: Wed Feb  7 19:13:39 PST 2001     nigelc@cd14.corp124.com:/usr/src/sys/compile/CDs-BSD-STABLE  i386
>Description:

Issuing two aio_reads for 131K blocks on a raw scsi device crashes the system.  Other block sizes do not crash the system.  Also using a normal file (e.g. "/tmp/foo.txt") does not crash the system.
>How-To-Repeat:
Run this program. as "a.out /dev/rda2"

#include <aio.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <string.h>


void do_aio_stuff(char * fname, int sector_size, int num_aiocbs)
{
  char buffs[num_aiocbs * sector_size];

  int fh = open(fname, O_RDONLY);
  assert(fh >= 0);
  
  aiocb iocbs[num_aiocbs];
  int cb_index;

  memset(iocbs, '\0', sizeof(aiocb) * num_aiocbs);

  for(cb_index = 0; cb_index < 2; cb_index++)
  {
      off_t pos = (long long) cb_index * sector_size +16384;
      
      iocbs[cb_index].aio_fildes = fh;
      iocbs[cb_index].aio_offset = pos;
      iocbs[cb_index].aio_buf = &buffs[cb_index*sector_size];
      iocbs[cb_index].aio_nbytes = sector_size;

      int ret_val = aio_read(&iocbs[cb_index]);
      if(ret_val == -1)
      {
          printf("aio_read error == %s\n", strerror(errno));
          exit(0);
      }
  }


  printf("Going to sleep\n");
  sleep(5);
  
  close(fh);
}


int main(int argc, char * argv[])
{
  char partition_name[1000];
  strcpy(partition_name, argv[1]);
  
  //int ss = 16384; // WORKS!!
  int ss = 131072;
  //int ss = 262144; // WORKS!!
  
  do_aio_stuff(partition_name, ss, 10);
  
  return 0;

}



>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->alc 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Thu Mar 8 14:22:19 PST 2001 
Responsible-Changed-Why:  
Alan has been looking at aio stuff recently (and less recently too! ;-) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25617 
State-Changed-From-To: open->closed 
State-Changed-By: alc 
State-Changed-When: Sun Mar 18 13:00:50 PST 2001 
State-Changed-Why:  
This problem is fixed in revisions 1.97 and 1.70.2.9 of kern/vfs_aio.c. 
(The fix will appear in 4.3-RELEASE.) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25617 
>Unformatted:
