mmap fails with ENOMEM if provided addr, MAP_PRIVATE, fd and offset not a multiple of 0x10000

[msbit]

Version

Microsoft Windows [Version 10.0.19041.1237]

WSL Version

• WSL 2
• WSL 1

Kernel Version

Linux version 4.4.0-19041-Microsoft (Microsoft@Microsoft.com) (gcc version 5.4.0 (GCC) ) #1237-Microsoft Sat Sep 11 14:32:00 PST 2021

Distro Version

Ubuntu 20.04.3 LTS

Other Software

No response

Repro Steps

This came to light due to a recent update of the dart-sdk tools that a call to mmap that previously looked like:

mmap(NULL, 682736, PROT_READ|PROT_EXEC, MAP_PRIVATE, fd, 0x1cac000);

now looks like:

mmap(&Dart_Initialize, 682736, PROT_READ|PROT_EXEC, MAP_PRIVATE, fd, 0x1cac000);

and fails with ENOMEM

Note that the provided offset of 0x1cac000 is a multiple of the value provided by sysconf(_SC_PAGE_SIZE). It appears that using an offset that is a multiple of 0x10000 (16 times the reported page size) will work.

Reproduction

dd if=/dev/urandom of=test count=1024 bs=1024

cat << EOF > repro.c
#include <assert.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <unistd.h>

int main(int argc, char **argv) {
  if (argc == 1) { return 0; }
  long offset = sysconf(_SC_PAGE_SIZE) << atoi(argv[1]);
  size_t length = 0x100000 - offset;
  int fd = open("test", O_RDONLY|O_CLOEXEC);
  assert(mmap(&main, length, PROT_READ|PROT_EXEC, MAP_PRIVATE, fd, offset) != MAP_FAILED);
}
EOF

cc -o repro repro.c

./repro 0
./repro 4

Expected Behavior

mmap to map the file to the available page nearest to main

Actual Behavior

mmap fails, setting errno to ENOMEM

Diagnostic Logs

Some information related to the Dart sdk issue can be found here, and traces of the repro provided above follow:

execve("./repro", ["./repro", "0"], 0x7fffe95b1eb8 /* 20 vars */) = 0
brk(NULL)                               = 0x7fffbe716000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fffc54bb3d0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=100550, ...}) = 0
mmap(NULL, 100550, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f29c79f7000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2029224, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29c7a40000
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68
mmap(NULL, 2036952, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f29c7800000
mprotect(0x7f29c7825000, 1847296, PROT_NONE) = 0
mmap(0x7f29c7825000, 1540096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f29c7825000
mmap(0x7f29c799d000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19d000) = 0x7f29c799d000
mmap(0x7f29c79e8000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f29c79e8000
mmap(0x7f29c79ee000, 13528, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f29c79ee000
close(3)                                = 0
arch_prctl(ARCH_SET_FS, 0x7f29c7a41340) = 0
mprotect(0x7f29c79e8000, 12288, PROT_READ) = 0
mprotect(0x7f29c7a4a000, 4096, PROT_READ) = 0
mprotect(0x7f29c7a3d000, 4096, PROT_READ) = 0
munmap(0x7f29c79f7000, 100550)          = 0
openat(AT_FDCWD, "test", O_RDONLY|O_CLOEXEC) = 3
mmap(0x7f29c7a481c9, 1044480, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0x1000) = -1 ENOMEM (Cannot allocate memory)
brk(NULL)                               = 0x7fffbe716000
brk(0x7fffbe737000)                     = 0x7fffbe737000
write(2, "repro: repro.c:12: main: Asserti"..., 125) = 125
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29c7a00000
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid()                                = 28530
gettid()                                = 28530
tgkill(28530, 28530, SIGABRT)           = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=28530, si_uid=1000} ---
+++ killed by SIGABRT (core dumped) +++

execve("./repro", ["./repro", "4"], 0x7fffd0adfab8 /* 20 vars */) = 0
brk(NULL)                               = 0x7fffec723000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffff52f7b70) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=100550, ...}) = 0
mmap(NULL, 100550, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f564c897000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2029224, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f564c8e0000
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68
mmap(NULL, 2036952, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f564c6a0000
mprotect(0x7f564c6c5000, 1847296, PROT_NONE) = 0
mmap(0x7f564c6c5000, 1540096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f564c6c5000
mmap(0x7f564c83d000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19d000) = 0x7f564c83d000
mmap(0x7f564c888000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f564c888000
mmap(0x7f564c88e000, 13528, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f564c88e000
close(3)                                = 0
arch_prctl(ARCH_SET_FS, 0x7f564c8e1340) = 0
mprotect(0x7f564c888000, 12288, PROT_READ) = 0
mprotect(0x7f564c8e6000, 4096, PROT_READ) = 0
mprotect(0x7f564c8dd000, 4096, PROT_READ) = 0
munmap(0x7f564c897000, 100550)          = 0
openat(AT_FDCWD, "test", O_RDONLY|O_CLOEXEC) = 3
mmap(0x7f564c8e41c9, 983040, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0x10000) = 0x7f564c5b0000
exit_group(0)                           = ?
+++ exited with 0 +++

[m-hennig]

also buggy on WSL2 (32GB RAM)

Microsoft Windows 10 Pro 10.0.19043
Linux version 4.4.0-19041-Microsoft (Microsoft@Microsoft.com) (gcc version 5.4.0 (GCC) ) #1237-Microsoft Sat Sep 11 14:32:00 PST 2021

../../runtime/bin/snapshot_utils.cc: 143: error: Failed to memory map snapshot: /home/mh/flutter/bin/cache/dart-sdk/bin/snapshots/dartdev.dart.snapshot

version=2.15.0-178.1.beta (beta) (Tue Oct 12 11:11:28 2021 +0200) on "linux_x64"
pid=16097, thread=16100, isolate_group=(nil)((nil)), isolate=(nil)((nil))
isolate_instructions=0, vm_instructions=7f75bd3e4f20
pc 0x00007f75bd64923c fp 0x00007f75bab5fba0 dart::Profiler::DumpStackTrace(void*)+0x7c
pc 0x00007f75bd3e50d4 fp 0x00007f75bab5fc80 dart::Assert::Fail(char const*, ...) const+0x84
pc 0x00007f75bd3bea06 fp 0x00007f75bab5fd20 dart::bin::Snapshot::TryReadAppSnapshot(char const*, bool)+0x256
pc 0x00007f75bd3c2274 fp 0x00007f75bab5fdc0 /home/mh/flutter/bin/cache/dart-sdk/bin/dart+0x1d78274
pc 0x00007f75bd3bfca2 fp 0x00007f75bab5fe40 dart::bin::DartDevIsolate::DartDevRunner::RunCallback(unsigned long)+0x62
pc 0x00007f75bd5030e0 fp 0x00007f75bab5fe70 /home/mh/flutter/bin/cache/dart-sdk/bin/dart+0x1eb90e0
-- End of DumpStackTrace
/home/mh/flutter/bin/internal/shared.sh: line 24: 16097 Aborted (core dumped) "$DART" __deprecated_pub upgrade "$VERBOSITY" --no-precompile
Error: Unable to 'pub upgrade' flutter tool. Retrying in five seconds... (9 tries left)

[microsoft-github-policy-service]

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!