Re: 2.6.current Oops: strace + waitpid()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> intrepid:~$ cat test.pl
> #!/usr/bin/perl
> 
> open my $fd, "-|", "/bin/true";
> 
> intrepid:~$ strace -f ./test.pl
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
>  printing eip:
> 00000000
> *pde = 00000000
> Oops: 0000 [#1]
> PREEMPT 
> Modules linked in: binfmt_misc ohci1394 ieee1394 pci200syn hdlc syncppp
> emu10k1_gp snd_cmipci gameport snd_opl3_lib snd_mpu401_uart epic100 sg
> sym53c8xx scsi_transport_spi evdev
> CPU:    0
> EIP:    0060:[<00000000>]    Not tainted VLI
> EFLAGS: 00010286   (2.6.12-rc3) 
> EIP is at 0x0
> eax: ca476000   ebx: 01200011   ecx: 00000000   edx: 00000000
> esi: cfbd3060   edi: 00000000   ebp: ca476000   esp: ca476fc4
> ds: 007b   es: 007b   ss: 0068
> Process test.pl (pid: 3168, threadinfo=ca476000 task=cfbd3060)
> Stack: 01202011 00000000 00000000 00000000 b7c9a708 bfea12cc 00000000 0000007b 
>        0000007b 00000078 ffffe410 00000073 00000282 bfea121c 0000007b 
> Call Trace:
> Code:  Bad EIP value.
> 
> 2.6.12-rc3 (current), gcc version 3.4.3 20050227 (Red Hat 3.4.3-22.fc3),
> Athlon XP.
> 
> The machine is still alive, oops is 100% reproducible.
> 
>  3174 ?        Ss     0:00 \_ xterm -rv
>  3176 pts/1    Ss     0:00     \_ bash
>  3210 pts/1    S+     0:00         \_ strace -f ./test.pl
>  3211 pts/1    T+     0:00             \_ /usr/bin/perl ./test.pl
>  3212 pts/1    Z+     0:00                 \_ [test.pl] <defunct>
> 
> Any idea?

Ok tested here, it's the ptrace scribbles the return address due to
incorrect esp0 at fork time (it's in -mm currently).

Could you please verify that this fixes it

Index: latest/arch/i386/kernel/process.c
===================================================================
--- latest.orig/arch/i386/kernel/process.c	2005-04-30 15:44:02.000000000 +0200
+++ latest/arch/i386/kernel/process.c	2005-05-03 12:54:16.000000000 +0200
@@ -400,11 +400,6 @@
 	int err;
 
 	childregs = ((struct pt_regs *) (THREAD_SIZE + (unsigned long) p->thread_info)) - 1;
-	*childregs = *regs;
-	childregs->eax = 0;
-	childregs->esp = esp;
-
-	p->thread.esp = (unsigned long) childregs;
 	/*
 	 * The below -8 is to reserve 8 bytes on top of the ring0 stack.
 	 * This is necessary to guarantee that the entire "struct pt_regs"
@@ -415,7 +410,13 @@
 	 * "struct pt_regs" is possible, but they may contain the
 	 * completely wrong values.
 	 */
-	p->thread.esp0 = (unsigned long) (childregs+1) - 8;
+	childregs = (struct pt_regs *) ((unsigned long) childregs - 8);
+	*childregs = *regs;
+	childregs->eax = 0;
+	childregs->esp = esp;
+
+	p->thread.esp = (unsigned long) childregs;
+	p->thread.esp0 = (unsigned long) (childregs+1);
 
 	p->thread.eip = (unsigned long) ret_from_fork;
 


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux