Subject: kern/33152: write can trigger "bytes != 0" assertion in genfs_gop_write
To: None <,,>
From: None <>
List: netbsd-bugs
Date: 03/26/2006 11:55:00
>Number:         33152
>Category:       kern
>Synopsis:       write can trigger "bytes != 0" assertion in genfs_gop_write
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 26 11:55:00 +0000 2006
>Originator:     YAMAMOTO Takashi <>
>Release:        NetBSD 3.99.16

System: NetBSD kaeru 3.99.16 NetBSD 3.99.16 ( #8: Fri Mar 24 18:41:22 JST 2006 takashi@kaeru:/home/takashi/work/kernel/ i386
Architecture: i386
Machine: i386
	consider ffs_write extending a file but !extending.
	it uses PGO_PASTEOF getpages and ends up to yield dirty pages past EOF.
	if these pages are paged out by pagedaemon before ffs_write updates
	the filesize by uvm_vnp_setsize, it can trigger "KASSERT(bytes != 0)"
	in genfs_gop_write.

	although i don't think it likely happens in the real world,
	theoretically it can happen, depending on combination of
	ubc window size, page size, block size.

	code inspection.