Bug#1037041: linux-image-6.1.0-9-amd64: Spurious failures from mmap(MAP_32BIT)
Control: forcemerge 1036755 -1
Hi Alfred,
On Fri, Jun 02, 2023 at 03:51:53PM +0200, Alfred Agrell wrote:
> Package: src:linux
> Version: 6.1.27-1
> Severity: normal
> Tags: upstream
> X-Debbugs-Cc: blubban@gmail.com
>
> Dear Maintainer,
>
> Please run this program 20 times:
>
>
> #include <sys/mman.h>
> #include <errno.h>
> #include <stdio.h>
>
> int main()
> {
> for (int i=0;i<1000;i++)
> {
> void* p = mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT, -1, 0);
> if (p != MAP_FAILED) printf(".");
> else if (errno == ENOMEM) printf("E");
> else printf("(%d)", errno);
> }
> puts("");
> }
>
>
> Expected behavior:
>
> It should print 1000 dots. If 1000 is increased to 100000, it should print some dots, then some Es. It should never print a dot after an E; if it's out of address space, it shouldn't suddenly find new address space if the operation is retried.
>
>
> Actual behavior:
>
> Kernel version 6.1.0-7-amd64:
>
> On 13 of 20 runs, it prints 1000 dots. On some, it prints one to three randomly scattered Es (never an E before at least 155 dots), and the rest is dots.
>
> Kernel version 6.1.0-9-amd64:
>
> On 8 of 20 runs, it prints 1000 dots. On some, it prints one to four randomly scattered Es, first one after only 16 dots.
>
> On some runs, there are long sequences of Es with a few dots interspersed; worst case, only 383 of 1000 mmap()s succeed.
>
>
> Additional information:
>
> Running this on a few other computers, and asking some friends to run it, returns
>
> - Ubuntu 22.04 (kernel 5.19.0-43-generic): 1000 dots, every time.
> - Debian 11 (kernel 5.10.0-21-amd64): 1000 dots, every time.
> - Arch (kernel 6.3.3-arch1-1): Same pattern as 6.1.0-9-amd64.
> - Arch (kernel 6.3.4-arch1-1): 1000 dots, every time.
> - Fedora 38 (kernel 6.2.15-300.fc38.x86_64): Same pattern as 6.1.0-9-amd64.
>
> so I suspect it depends, at least partially, on kernel configuration.
>
>
> The more practical impact (and the context where I first encountered this bug) is that the game Creeper World 3 frequently (~85% of the time) segfaults at launch (after 437th line of strace output) under kernel 6.1.0-9-amd64, while it reliably launches under 6.1.0-7-amd64.
>
> (Unfortunately, the game is closed source and commercial, so I'm not sure if you want a link in your bug tracker. The binary is freely available on the developer's website; it asks for a license key, but the crashing part is far before that.)
>
> I'm happy to provide strace logs, kernel config, and whatever else; just tell me what you need.
I believe this is the same as #1036755 and will be fixed in the first
bookworm point release.
I will already merge as I'm relatively sure this is the same, but in
case you can confirm it is a different issue, please unmerge the bugs
again.
Regards,
Salvatore
Reply to: