Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 May 2006 20:25:35 GMT
From:      Kirk Russell <kirk@ba23.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/98064: Crash with FIFOs (named pipes) and truncate()
Message-ID:  <200605282025.k4SKPZEs005750@www.freebsd.org>
Resent-Message-ID: <200605282030.k4SKUH4m042837@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         98064
>Category:       kern
>Synopsis:       Crash with FIFOs (named pipes) and truncate()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 28 20:30:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Kirk Russell
>Release:        6.1-RELEASE alpha
>Organization:
http://www.ba23.org/
>Environment:
FreeBSD as2100.on.kr 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 18:29:20 UTC 2006     root@ds10.freebie.xs4all.nl:/usr/obj/usr/src/sys/GENERIC  alpha
>Description:
I am guessing you can reproduce this issue on i386, so it should be
a generic kernel issue and not specific to the alpha.
 
When you call truncate() on a fifo, the kernel will crash.  

>How-To-Repeat:
$ cat bstg0001.c
#include <unistd.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <sys/stat.h>

int main()
{
    unlink("afifo");

    if (mkfifo("afifo", 0666) == -1) {
        errx(1, "%s: %s", "mkfifo", strerror(errno));
    }

    truncate("afifo", 16000);

    return 0;
}

$ cc -Wall bstg0001.c
$ ./a.out

No strategy for buffer at 0xfffffe000dbe8e28  
vnode
0xfffffc0027a001f0: tag ufs, type VFIFO
    usecount 1, writecount 0, refcount 2 mountedhere 0
    flags ()
     lock type ufs: EXCL (count 1) by thread 0xfffffc002aaaafc0 (pid 516)
        ino 306188, on dev da0f
fatal kernel trap:

    trap entry     = 0x2 (memory management fault)
    cpuid          = 1
    faulting va    = 0x10
    type           = access violation
    cause          = load instructon
    pc             = 0xfffffc00004b6af8
    ra             = 0xfffffc00007241cc
    sp             = 0xfffffe00188e95d0
    usp            = 0x11ffec20
    curthread      = 0xfffffc002aaaafc0
        pid = 516, comm = a.out

panic: trap
cpuid = 1
Uptime: 4m47s
Cannot dump. No dump device defined.
Automatic reboot in 15 seconds - press a key on the console to abort

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605282025.k4SKPZEs005750>