Re: Crash in 'system' while executing '__clone'

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Markus Wichmann <nullplan@gmx.net>
To: musl@lists.openwall.com
Subject: Re: Crash in 'system' while executing '__clone'
Date: Wed, 22 Feb 2017 16:27:39 +0100	[thread overview]
Message-ID: <20170222152739.yzscpa6ckyjdldwy@voyager> (raw)
In-Reply-To: <AM3PR01MB063212D7E2BC38992CB1AB2789500@AM3PR01MB0632.eurprd01.prod.exchangelabs.com>

On Wed, Feb 22, 2017 at 11:44:12AM +0000, Tobias Koch wrote:
>     16syscall
>     (gdb)
>     17test %eax,%eax
>     (gdb) backup    git       pkgs      repo      spool     temp.txt  test      test.c    test.txt
> 

OK, so the clone call was successful. Good. In system() we clone with
vfork() semantics, so the caller is blocked until the child exec()s.

BTW, what's with the line numbers? Why are they doubled (up in the
single digits)?

>     18jnz 1f
>     (gdb)
>     __clone () at src/thread/x86_64/clone.s:27
>     271:271ret(gdb)
>     0x0000000000000000 in ?? ()
> 
> Any ideas what might be wrong or what I can do to investigate further?
> 
> Tobias

So the last few steps mean that the ret instruction loaded a zero into
RIP. Which means that [rsp] has been replaced with a zero byte.

I'd probably debug this again, setting a watchpoint on the value RSP is
pointing to. Then set the debugger to follow a created child (set
follow-fork-mode child) and run this snippet again. As I said, vfork()
semantics are in use, i.e. the child process might clobber the return
address of its parent.

Ciao,
Markus

next prev parent reply	other threads:[~2017-02-22 15:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-22 11:44 Tobias Koch
2017-02-22 15:27 ` Markus Wichmann [this message]
2017-02-22 16:00   ` Rich Felker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170222152739.yzscpa6ckyjdldwy@voyager \
    --to=nullplan@gmx.net \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).