Bug 60785 - 3.11rc6 results in SIGSEGV fatal error in program. 3.11rc5 O.K.
Summary: 3.11rc6 results in SIGSEGV fatal error in program. 3.11rc5 O.K.
Status: RESOLVED DUPLICATE of bug 60774
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Other (show other bugs)
Hardware: x86-64 Linux
: P1 normal
Assignee: other_other
Depends on:
Reported: 2013-08-23 19:38 UTC by Doug Smythies
Modified: 2013-09-06 05:46 UTC (History)
0 users

See Also:
Kernel Version: 3.11rc6
Tree: Mainline
Regression: No

One of the program crash logs (29.53 KB, text/plain)
2013-08-23 19:41 UTC, Doug Smythies
My kernel config (158.38 KB, text/plain)
2013-08-23 19:43 UTC, Doug Smythies

Description Doug Smythies 2013-08-23 19:38:28 UTC
Sorry, but it not clear to me what product or component to file this under.

I get a fatal error with 3.11rc6 while compiling the non-english Ubuntu PDF serverguide. The crash creates a log file, and I'll attach one shortly. I have not figured out a simpler test for the issue, such that it would be easy for someone else to re-create.

This problem does not occur with 3.11RC5.
Also this problem does not occur with 3.10.7, but does occur with 3.10.8 and 3.10.9

I have bisected the kernel and got it to this:

doug@s15:~/temp-k-git-3.10rc4/linux$ git bisect good
df54d6fa54275ce59660453e29d1228c2b45a826 is the first bad commit
commit df54d6fa54275ce59660453e29d1228c2b45a826
Author: Radu Caragea <sinaelgl@gmail.com>
Date:   Tue Aug 13 16:00:59 2013 -0700

    x86 get_unmapped_area(): use proper mmap base for bottom-up direction

    When the stack is set to unlimited, the bottomup direction is used for
    mmap-ings but the mmap_base is not used and thus effectively renders
    ASLR for mmapings along with PIE useless.

    Cc: Michel Lespinasse <walken@google.com>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Reviewed-by: Rik van Riel <riel@redhat.com>
    Acked-by: Ingo Molnar <mingo@kernel.org>
    Cc: Adrian Sendroiu <molecula2788@gmail.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

:040000 040000 9d054e9ab380db34b08997eedad425cbe9a141d7 a58a8eb56de71e8274a27138ad954cffa00530cd M      arch
:040000 040000 8b30c6461199a89c2f758c714c0bb6571a332821 a42a205de2ee8760bbca2d4df5c31bd20fac8760 M      include

Conceivably the kernel change merely reveals a problem in openjdk that was always there, but I do not how how to prove it one way or the other.
Comment 1 Doug Smythies 2013-08-23 19:41:20 UTC
Created attachment 107293 [details]
One of the program crash logs
Comment 2 Doug Smythies 2013-08-23 19:43:59 UTC
Created attachment 107294 [details]
My kernel config
Comment 3 Doug Smythies 2013-08-24 08:07:47 UTC
As a sanity check, I compiled a 3.11RC6 Kernel with only sys_x86_64.c (1 of 3 files in the original commit) reverted. The issue did not occur. A control sample 3.11RC6 was also compiled again, and the issue occurred (as expected).

doug@s15:~/temp-k-git-3.10rc4/linux/arch/x86/kernel$ diff -u sys_x86_64.c sys_x86_64.c.original
--- sys_x86_64.c        2013-08-24 01:03:03.413481124 -0700
+++ sys_x86_64.c.original       2013-08-23 23:55:39.947039089 -0700
@@ -101,7 +101,7 @@
                                *begin = new_begin;
        } else {
-               *begin = TASK_UNMAPPED_BASE;
+               *begin = mmap_legacy_base();
                *end = TASK_SIZE;
Comment 4 Doug Smythies 2013-08-26 07:29:34 UTC
The issue of this bug report has been fixed in 3.11RC7.
I observe that the single code line mentioned in post 3 above has been changed again:

doug@s15:~/temp-k-git-3.10rc4/linux/arch/x86/kernel$ diff -u sys_x86_64.c.original sys_x86_64.c
--- sys_x86_64.c.original       2013-08-23 23:55:39.947039089 -0700
+++ sys_x86_64.c        2013-08-25 23:46:04.401893263 -0700
@@ -101,7 +101,7 @@
                                *begin = new_begin;
        } else {
-               *begin = mmap_legacy_base();
+               *begin = current->mm->mmap_legacy_base;
                *end = TASK_SIZE;
Comment 5 Doug Smythies 2013-08-26 14:40:44 UTC

*** This bug has been marked as a duplicate of bug 60774 ***
Comment 6 Doug Smythies 2013-09-06 05:46:52 UTC
Also, fixed in 3.10.10.

Note You need to log in before you can comment on or make changes to this bug.