[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1037041: linux-image-6.1.0-9-amd64: Spurious failures from mmap(MAP_32BIT)

Control: forcemerge 1036755 -1 

Hi Alfred,

On Fri, Jun 02, 2023 at 03:51:53PM +0200, Alfred Agrell wrote:
> Package: src:linux
> Version: 6.1.27-1
> Severity: normal
> Tags: upstream
> X-Debbugs-Cc: blubban@gmail.com
> 
> Dear Maintainer,
> 
> Please run this program 20 times:
> 
> 
> #include <sys/mman.h>
> #include <errno.h>
> #include <stdio.h>
> 
> int main()
> {
>         for (int i=0;i<1000;i++)
>         {
>                 void* p = mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT, -1, 0);
>                 if (p != MAP_FAILED) printf(".");
>                 else if (errno == ENOMEM) printf("E");
>                 else printf("(%d)", errno);
>         }
>         puts("");
> }
> 
> 
> Expected behavior:
> 
> It should print 1000 dots. If 1000 is increased to 100000, it should print some dots, then some Es. It should never print a dot after an E; if it's out of address space, it shouldn't suddenly find new address space if the operation is retried.
> 
> 
> Actual behavior:
> 
> Kernel version 6.1.0-7-amd64:
> 
> On 13 of 20 runs, it prints 1000 dots. On some, it prints one to three randomly scattered Es (never an E before at least 155 dots), and the rest is dots.
> 
> Kernel version 6.1.0-9-amd64:
> 
> On 8 of 20 runs, it prints 1000 dots. On some, it prints one to four randomly scattered Es, first one after only 16 dots.
> 
> On some runs, there are long sequences of Es with a few dots interspersed; worst case, only 383 of 1000 mmap()s succeed.
> 
> 
> Additional information:
> 
> Running this on a few other computers, and asking some friends to run it, returns
> 
> - Ubuntu 22.04 (kernel 5.19.0-43-generic): 1000 dots, every time.
> - Debian 11 (kernel 5.10.0-21-amd64): 1000 dots, every time.
> - Arch (kernel 6.3.3-arch1-1): Same pattern as 6.1.0-9-amd64.
> - Arch (kernel 6.3.4-arch1-1): 1000 dots, every time.
> - Fedora 38 (kernel 6.2.15-300.fc38.x86_64): Same pattern as 6.1.0-9-amd64.
> 
> so I suspect it depends, at least partially, on kernel configuration.
> 
> 
> The more practical impact (and the context where I first encountered this bug) is that the game Creeper World 3 frequently (~85% of the time) segfaults at launch (after 437th line of strace output) under kernel 6.1.0-9-amd64, while it reliably launches under 6.1.0-7-amd64.
> 
> (Unfortunately, the game is closed source and commercial, so I'm not sure if you want a link in your bug tracker. The binary is freely available on the developer's website; it asks for a license key, but the crashing part is far before that.)
> 
> I'm happy to provide strace logs, kernel config, and whatever else; just tell me what you need.

I believe this is the same as #1036755 and will be fixed in the first
bookworm point release.

I will already merge as I'm relatively sure this is the same, but in
case you can confirm it is a different issue, please unmerge the bugs
again.

Regards,
Salvatore
Reply to: