mmap(2) segaults with certain len values and MAP_ANON|MAP_FIXED

Nate Eldredge nate at
Wed Oct 21 02:38:26 UTC 2009

On Wed, 21 Oct 2009, Alexander Best wrote:

> hi there,

This is on a 32-bit platform I take it?

> just a little mmap(2) related question. running the following code causes a
> segfault:
> mmap( (void*)0x1000, 0x80047000, PROT_NONE, MAP_ANON|MAP_FIXED, -1, 0 );

I don't doubt it.  You mapped over a big chunk of your address space with 
memory that's inaccessible (PROT_NONE).  This probably includes your 
program's code.  So when the mmap call returns from the kernel and tries 
to execute the next instruction of your program, it finds that the 
instruction pointer is pointing to inaccessible memory.  Result: segfault. 
This is quite normal.

What are you actually trying to accomplish with this?

> while the following doesn't:
> mmap( (void*)0x1000, 0xffffffff, PROT_NONE, MAP_ANON|MAP_FIXED, -1, 0 );

Did you check whether the mmap actually succeeded?  I bet it didn't.  You 
have a length that isn't a multiple of the page size and wraps around 32 
bits.  I bet you got an EINVAL, and the mmap call didn't actually do 

> is this a known problem? seems reproducible on all branches.

Not a problem at all, I suspect.


Nate Eldredge
nate at

More information about the freebsd-hackers mailing list