[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936 Konstantin Belousov changed: What|Removed |Added CC||k...@freebsd.org --- Comment #5 from Konstantin Belousov --- https://reviews.freebsd.org/D45305 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936
--- Comment #4 from Ricardo Branco ---
The command for creating mq's above:
$ for i in {1..101} ; do posixmqcontrol create -q /$i -s 1 -d 1; done
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936
--- Comment #3 from Ricardo Branco ---
I managed to crash -STABLE (didn't try -RELEASE) like this:
$ sudo mount -t mqueuefs none /mnt
$ touch /mnt/{1..101} # Needs Bash I think
touch: /mnt/101: Resource temporarily unavailable
$ sysctl kern.mqueue
kern.mqueue.curmq: 100
kern.mqueue.maxmq: 100
kern.mqueue.maxmsgsize: 16384
kern.mqueue.maxmsg: 100
$ rm -f /mnt/*
$ sysctl kern.mqueue
kern.mqueue.curmq: 0
kern.mqueue.maxmq: 100
kern.mqueue.maxmsgsize: 16384
kern.mqueue.maxmsg: 100
$ for i in {1..101} ; do posixmqcontrol create -d /$i -s 1 -d 1; done
posixmqcontrol: mq_open(create): Too many open files in system
$ rm -f /mnt/*
POSIX message queues seem broken on FreeBSD. There's no limit per-user. I tried
this on Linux and it only allowed me to create only 10 messages queues as user,
without limiting root.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936 --- Comment #2 from Ricardo Branco --- The crash doesn't happen when I include "std.nodebug" in my kernel config. But I also tried by removing taskqueue_enqueue call, not seen in synthetic filesystems, and it works. PR at https://github.com/freebsd/freebsd-src/pull/1249 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936 --- Comment #1 from Ricardo Branco --- *** Bug 278937 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278936] mqueuefs: Crashes when removing queue as user
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278936 Bug ID: 278936 Summary: mqueuefs: Crashes when removing queue as user Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: rbra...@suse.com A mounted mqueuefs crashes when removing queue as user. To reproduce: $ sudo mount -t mqueuefs none /mnt $ sudo touch /mnt/queue1 $ sudo rm -f /mnt/queue1 This only seems to crash on -CURRENT as I couldn't reproduce on -RELEASE or -STABLE. You can use the QEMU VM at https://download.freebsd.org/snapshots/VM-IMAGES/15.0-CURRENT/amd64/Latest/FreeBSD-15.0-CURRENT-amd64-ufs.qcow2.xz dmesg log: Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0x80ba8aae stack pointer = 0x28:0xfe0068c12e50 frame pointer = 0x28:0xfe0068c12ec0 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 0 (thread taskq) rdi: deadc0dedeadc0de rsi: c0de rdx: rcx: 0001 r8: 0001 r9: rax: 0001 rbx: f800034f6400 rbp: fe0068c12ec0 r10: 0001 r11: 0001 r12: 0001 r13: c0de r14: f800034f6458 r15: f80104001020 trap number = 9 panic: general protection fault cpuid = 1 time = 1715530856 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe0068c12b90 vpanic() at vpanic+0x13f/frame 0xfe0068c12cc0 panic() at panic+0x43/frame 0xfe0068c12d20 trap_fatal() at trap_fatal+0x40b/frame 0xfe0068c12d80 calltrap() at calltrap+0x8/frame 0xfe0068c12d80 --- trap 0x9, rip = 0x80ba8aae, rsp = 0xfe0068c12e50, rbp = 0xfe0068c12ec0 --- taskqueue_run_locked() at taskqueue_run_locked+0x1be/frame 0xfe0068c12ec0 taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfe0068c12ef0 fork_exit() at fork_exit+0x82/frame 0xfe0068c12f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfe0068c12f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic -- You are receiving this mail because: You are the assignee for the bug.
