Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Feb 2000 00:57:28 +0300 (MSK)
From:      jason@express.ru
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/16573: extensive fork()+mmap() causes 4.0 kernel to panic()
Message-ID:  <200002072157.AAA00553@jason.kmost.express.ru>
next in thread | raw e-mail | index | archive | help 

>Number:         16573
>Category:       kern
>Synopsis:       extensive fork()+mmap() causes 4.0 kernel to panic()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb  7 14:10:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Kim
>Release:        FreeBSD 4.0-20000127-CURRENT i386
>Organization:
BTU "Russian Express"
>Environment:

[jason@jsn jason]$ uname -a
FreeBSD jsn.kmost.express.ru 4.0-20000127-CURRENT FreeBSD 4.0-20000127-CURRENT #3: Mon Feb  7 23:31:48 MSK 2000     root@jsn.kmost.express.ru:/usr/src/sys/compile/JSN  i386

>Description:

on 4.0-20000127-CURRENT i386:
   when doing while(1) { if( !fork() { mmap(); exit() } }, after certain
  number of iteraions (probably ~10000), fork() ends up with kernel panic.

>How-To-Repeat:

file x.c

#include        <stdio.h>
#include        <sys/types.h>
#include	<unistd.h>
#include        <sys/stat.h>
#include        <sys/mman.h>
#include        <fcntl.h>

#define         MAX             1048576

int		fork_and_mmap( char *fname ) {
	int	pid = fork() ;

	if( pid == -1 ) {
	    perror( "fork()" ) ;
	    sleep( 1 ) ;
	} else if ( pid == 0 ) {
		int		fd ;
        	struct stat	s;
		caddr_t		this ;

                if ((fd = open(fname, O_RDONLY, 0)) < 0) {
                        perror(fname);
			exit( 1 ) ;
		}

		if (fstat(fd, &s) < 0) {
			perror("fstat") ;
			exit(0) ;
		}
		this = mmap((caddr_t) 0, s.st_size, PROT_READ,
				    MAP_PRIVATE, fd, (off_t) 0) ;
		if ((int) this == -1) {
			perror("mmap");
			sleep(1);
		}
		close( fd ) ;
		fprintf( stderr, "!" ) ;
		exit( 0 ) ;
	} else {
	    fprintf( stderr, "(" ) ;
	    /* wait(&pid) ; */
	    fprintf( stderr, ")" ) ;
	}
}

int main()
{
        int i = 0;
        int fd;
        char filename[2048];
        caddr_t this;

        while (i ++ < MAX) {
                if( gets(filename) == NULL ) {
		    fprintf( stderr, "end of file list reached\n" ) ;
		    break ;
		}
		fork_and_mmap( filename ) ;
                if (! (i % 512)) {
                        fprintf(stderr, "[%d] .. ", i);
                }

		if ( i > 200000 ) {
		    fprintf( stderr, "200000 reached, exiting\n" ) ;
		    return 0 ;
                }
        }
}

gcc -o x x.c
find / -type f -print > filelist
./x < filelist

>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002072157.AAA00553>