Bug 118690 - (VM EXECSHIELD PATCH) ftruncate()/mmap() results in hard crash at filemap.c:2253: bad pmd 000001e3
(VM EXECSHIELD PATCH) ftruncate()/mmap() results in hard crash at filemap.c:2...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
1
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-18 17:38 EST by Bill Rugolsky, Jr.
Modified: 2015-01-04 17:05 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-29 16:12:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Source code for a test program to illustrate the mmap()-related crash. (7.36 KB, text/plain)
2004-03-18 17:41 EST, Bill Rugolsky, Jr.
no flags Details

  None (edit)
Description Bill Rugolsky, Jr. 2004-03-18 17:38:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
The attached test program appends data to a file by using a moving
window constructed via combination of ftruncate() and mmap().  When
run on FC1 (uniprocessor) kernels 2.4.22-1.2115.nptl.i686 through
2.4.22-1.2174.ntpl.i686, the kernel crashes hard with the message:

    filemap.c:2253: bad pmd 000001e3

The (more-or-less mainline) 2.4.24 kernel on the ADIOS 3.0.1 live CD,
and the FC2 test 2.6 kernels do not crash.  I will be pursuing further
testing with other kernels, but it looks as if this is probably
specific to the FC1 kernels.



Version-Release number of selected component (if applicable):
kernel-2.4.22-1.2174.ntpl

How reproducible:
Always

Steps to Reproduce:
1. gcc -o test-mmap test-mmap.c
2. ./test-mmap 128 150000 0 wmap.test 4194304


Actual Results:  open("wmap.test",(O_RDWR | O_CREAT), 0666)
fstat(ws->fd(3),...)
ftruncate(ws->fd(3),ws->offset(0)+ws->len(4198400)==4198400)
mmap((caddr_t)0,ws->len(4198400),PROT_WRITE|PROT_READ,MAP_SHARED,ws->fd(3),ws->offset(0))
munmap(ws->addr(0xbf128000),ws->len(4198400))
ftruncate(ws->fd(3),ws->offset(4198400)+ws->len(4198400)==8396800)
mmap((caddr_t)0,ws->len(4198400),PROT_WRITE|PROT_READ,MAP_SHARED,ws->fd(3),ws->offset(4198400))
munmap(ws->addr(0xbf128000),ws->len(4198400))
ftruncate(ws->fd(3),ws->offset(8396800)+ws->len(4198400)==12595200)
mmap((caddr_t)0,ws->len(4198400),PROT_WRITE|PROT_READ,MAP_SHARED,ws->fd(3),ws->offset(8396800))
munmap(ws->addr(0xbf128000),ws->len(4198400))
ftruncate(ws->fd(3),ws->offset(12595200)+ws->len(4198400)==16793600)
mmap((caddr_t)0,ws->len(4198400),PROT_WRITE|PROT_READ,MAP_SHARED,ws->fd(3),ws->offset(12595200))
filemap.c:2253: bad pmd 000001e3.

Then the kernel locks hard.

Expected Results:  wmap.test should be a 150000 line file of 128-byte
records.

Additional info:

The bad pmd 000001e3 is always the same.
Comment 1 Bill Rugolsky, Jr. 2004-03-18 17:41:07 EST
Created attachment 98667 [details]
Source code for a test program to illustrate the mmap()-related crash.
Comment 2 Bill Rugolsky, Jr. 2004-04-29 14:42:55 EDT
The bug is in Exec-Shield.  Removing the patch fixes from problem.
Comment 3 David Lawrence 2004-09-29 16:12:36 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.