Subject: kern/33152: write can trigger "bytes != 0" assertion in genfs_gop_write
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 03/26/2006 11:55:00
>Number: 33152
>Category: kern
>Synopsis: write can trigger "bytes != 0" assertion in genfs_gop_write
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 26 11:55:00 +0000 2006
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 3.99.16
>Organization:
>Environment:
System: NetBSD kaeru 3.99.16 NetBSD 3.99.16 (build.kaeru.xen.nodebug.work) #8: Fri Mar 24 18:41:22 JST 2006 takashi@kaeru:/home/takashi/work/kernel/build.kaeru.xen.nodebug.work i386
Architecture: i386
Machine: i386
>Description:
consider ffs_write extending a file but !extending.
it uses PGO_PASTEOF getpages and ends up to yield dirty pages past EOF.
if these pages are paged out by pagedaemon before ffs_write updates
the filesize by uvm_vnp_setsize, it can trigger "KASSERT(bytes != 0)"
in genfs_gop_write.
although i don't think it likely happens in the real world,
theoretically it can happen, depending on combination of
ubc window size, page size, block size.
>How-To-Repeat:
code inspection.
>Fix:
>Unformatted: