[Unionfs] Bug: open+unlink+ftruncate crashes unionfs
pascal at pabr.org
pascal at pabr.org
Wed May 20 00:03:23 EDT 2009
Hi,
[Bugzilla seems to be down; I will try to file this again later.]
Tested with unionfs-2.5.1_for_2.6.29-rc2 on linux-2.6.29.
When an application calls ftruncate() on a file which has been
unlink()ed, unionfs causes a NULL pointer dereference (and the
system needs to be rebooted, presumably due to dangling locks).
This happens especially when starting openoffice with a home
directory on a union.
See also:
https://bugs.launchpad.net/moblin-kernel/+bug/210581
https://bugs.launchpad.net/moblin-kernel/+bug/209547
(Though I am not sure their fix is appropriate.)
How to reproduce:
#/bin/sh
D=/tmp
mkdir $D/b0 $D/union
mount -t unionfs -o dirs=$D/b0 none $D/union
gcc -Wall -o $D/ftruncate -xc - <<EOF
#include <unistd.h>
#include <fcntl.h>
int main(int argc, char *argv[]) {
int fd = open(argv[1], O_RDWR|O_CREAT|O_EXCL,0600);
unlink(argv[1]);
ftruncate(fd, 0);
return 0;
}
EOF
$D/ftruncate $D/union/test
umount $D/union
#rm -r $D/ftruncate $D/b0 $D/union
More information about the unionfs
mailing list