Bug 138880

Summary: [linux] munmap segfaults after linux_mmap2 stresstest
Product: Base System Reporter: Alexander Best <alexbestms>
Component: kernAssignee: Dmitry Chagin <dchagin>
Status: Closed Unable to Reproduce    
Severity: Affects Only Me CC: dchagin, emaste, trasz
Priority: Normal    
Version: 9.0-CURRENT   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 247219    
Attachments:
Description Flags
file.txt none

Description Alexander Best 2009-09-16 16:00:14 UTC 
the linux test project (ltp) is a set of small scripts and binaries to test if an environment meets all the criteria necessary to be 100% compatible with linux.

testcases/kernel/mem/mmapstress/mmapstress08 performs a mmap2 stress test. the source has been attached. upon munmap a segfault gets triggered.

if munmap gets called by a linux app the args are directly passed to the freebsd version of munmap. either the problem lies in the freebsd munmap function or the linux and freebsd of munmap behave differently. this would require a new linux_munmap function to map a linux munmap call appropriately to freebsd's munmap function.

here's a snipped truss output:

linux_mmap2(0x3bc00000,0x1000,0x3,0x22,0x0,0x6)  = 1002438656 (0x3bc00000)
linux_mmap2(0x3c000000,0x1000,0x3,0x22,0x0,0x6)  = 1006632960 (0x3c000000)
linux_mmap2(0x3c400000,0x1000,0x3,0x22,0x0,0x6)  = 1010827264 (0x3c400000)
linux_mmap2(0x3c800000,0x1000,0x3,0x22,0x0,0x6)  = 1015021568 (0x3c800000)
linux_mmap2(0x3cc00000,0x1000,0x3,0x22,0x0,0x6)  = 1019215872 (0x3cc00000)
linux_mmap2(0x3d000000,0x1000,0x3,0x22,0x0,0x6)  = 1023410176 (0x3d000000)
linux_mmap2(0x3d400000,0x1000,0x3,0x22,0x0,0x6)  = 1027604480 (0x3d400000)
linux_mmap2(0x3d800000,0x1000,0x3,0x22,0x0,0x6)  = 1031798784 (0x3d800000)
linux_mmap2(0x3dc00000,0x1000,0x3,0x22,0x0,0x6)  = 1035993088 (0x3dc00000)
linux_mmap2(0x3e000000,0x1000,0x3,0x22,0x0,0x6)  = 1040187392 (0x3e000000)
linux_mmap2(0x3e400000,0x1000,0x3,0x22,0x0,0x6)  = 1044381696 (0x3e400000)
linux_mmap2(0x3e800000,0x1000,0x3,0x22,0x0,0x6)  = 1048576000 (0x3e800000)
linux_mmap2(0x3ec00000,0x1000,0x3,0x22,0x0,0x6)  = 1052770304 (0x3ec00000)
linux_mmap2(0x3f000000,0x1000,0x3,0x22,0x0,0x6)  = 1056964608 (0x3f000000)
linux_mmap2(0x3f400000,0x1000,0x3,0x22,0x0,0x6)  = 1061158912 (0x3f400000)
linux_mmap2(0x3f800000,0x1000,0x3,0x22,0x0,0x6)  = 1065353216 (0x3f800000)
linux_mmap2(0x3fc00000,0x1000,0x3,0x22,0x0,0x6)  = 1069547520 (0x3fc00000)
munmap(0x8050000,939196416)                      = 0 (0x0)
SIGNAL 11 (SIGSEGV)
process exit, rval = 0

cheers.
alex

Fix: Patch attached with submission follows:
How-To-Repeat: cd /usr/ports/emulators/linux_dist-gentoo-stage3 && make install
cd /usr/local/gentoo-stage3
cvs -d:pserver:anonymous@ltp.cvs.sourceforge.net:/cvsroot/ltp login
cvs -z3 -d:pserver:anonymous@ltp.cvs.sourceforge.net:/cvsroot/ltp co ltp
chroot /usr/local/gentoo-stage3 bash
cd ltp && ./configure && make all install
cd testcases/kernel/mem/mmapstress
./mmapstress08
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-09-16 22:54:34 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-emulation

Over to maintainer(s).
Comment 2 Alexander Best 2009-11-03 16:01:23 UTC 
here's a linux_kdump which might show more details than truss:

  1478 mmapstress08 CALL  linux_mmap2(0x3e800000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1048576000/0x3e800000
  1478 mmapstress08 CALL  linux_mmap2(0x3ec00000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1052770304/0x3ec00000
  1478 mmapstress08 CALL  linux_mmap2(0x3f000000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1056964608/0x3f000000
  1478 mmapstress08 CALL  linux_mmap2(0x3f400000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1061158912/0x3f400000
  1478 mmapstress08 CALL  linux_mmap2(0x3f800000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1065353216/0x3f800000
  1478 mmapstress08 CALL  linux_mmap2(0x3fc00000,0x1000,0x3,0x22,0,0)
  1478 mmapstress08 RET   linux_mmap2 1069547520/0x3fc00000
  1478 mmapstress08 CALL  munmap(0x8050000,0x37fb0000)
  1478 mmapstress08 RET   munmap 0
  1478 mmapstress08 PSIG  SIGSEGV SIG_DFL
  1478 mmapstress08 NAMI  "mmapstress08.core"

alex
Comment 3 Dmitry Chagin freebsd_committer freebsd_triage 2016-07-18 08:58:10 UTC 
take
Comment 4 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:40:44 UTC 
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 5 Edward Tomasz Napierala freebsd_committer freebsd_triage 2020-02-18 17:19:37 UTC 
Can you still reproduce it?