From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11072 Path: news.gmane.org!.POSTED!not-for-mail From: Markus Wichmann Newsgroups: gmane.linux.lib.musl.general Subject: Re: Crash in 'system' while executing '__clone' Date: Wed, 22 Feb 2017 16:27:39 +0100 Message-ID: <20170222152739.yzscpa6ckyjdldwy@voyager> References: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: blaine.gmane.org 1487777279 30169 195.159.176.226 (22 Feb 2017 15:27:59 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 22 Feb 2017 15:27:59 +0000 (UTC) User-Agent: NeoMutt/20170113 (1.7.2) To: musl@lists.openwall.com Original-X-From: musl-return-11087-gllmg-musl=m.gmane.org@lists.openwall.com Wed Feb 22 16:27:56 2017 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1cgYpd-0007QU-7J for gllmg-musl@m.gmane.org; Wed, 22 Feb 2017 16:27:53 +0100 Original-Received: (qmail 19872 invoked by uid 550); 22 Feb 2017 15:27:56 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 19847 invoked from network); 22 Feb 2017 15:27:56 -0000 Content-Disposition: inline In-Reply-To: X-Provags-ID: V03:K0:GDyUX5IsqxUAglPKz46sVSv4cLuD0eANsfxmZMeCYFjxZlx7elg S3jwrBQGBhefvs2ASy3MOqd1p6Ef8sKq0K+ISI9L9JtB15GTD87nXti/zbzkAoESDhTQ/vf E8pxPJFIQIwqNL4+EUnXjpQUARegmppcdfIbT2xhghXC8TthjsLN1mFXBh2eOkBFs5VfQWX 8Mt8BHWvgrcgTr5xjdx5A== X-UI-Out-Filterresults: notjunk:1;V01:K0:/0Dp65YQIjU=:5RNWvBZXihwrTXj2uf1E4M O5tBM/OOGWDTCKEqTr2Wzu1/J7ShyqkcdMvuhzdpaqY9tkE0ouhMznxAanXVlKHtG6XhgMTqn mx2J1FExzoIRYXutLYblfLdDAh6bSO+VZyKSi+L49K+oOdzUZTOs/rs1Z3Vi+ZkPqmZk5lqIz JTamABbNKUsKrK2K6WTyPcDLWL3LFhSC/j7qO65hF2TiSgQlKNMQWxD75LqSgWL0sWalZgois 8vtNM66iJ0IYyBU8WMZaICZp3wS0m1qxElfhi/0WXxx5wBzv4c7rFTJkCizRsmLhO58MNz1yG j25WdvxJheUXdt7y8Sl/bFTjoou6sasDR/WaTbE+lzw+PhTD77VDOryM4kFwcnf42nksV8MEr Kbbl6SkMkwt5auLQ0PN/lhUBDZbKyDA2dLqcsZe+zWdE2lj/rf4VRjXFmQcdEGCwA3uTUq4ov yzkkaiaGJry1mZvQzdF05LArmafb/HlaxgT1nTuukgR8gE4wq/1Rm3iT8oZRdo5G5N33q4vtu 7mrjk5tgVVDjGopJjTxyHKDShD6xM3NZfTYKz6zFyYrgKPHDE8tpc9Qno8tiiAjacXlxnaqq4 9CM6xcPmfnMcmDfYN1VF0ibqcPyMCxhG8e/Q/0DlnvGAXeAVpFi/mEN1MU8+lrskUTSLNg+vY Nc6647dOXZn3unt+A9tFUV17MMr7CiLrbsxRzBvMOhHz9q1KdMB/SYGFqgqWCAw8aZnhO2Nrq An3RerROzAgBhME3QEbLtM9LDZi1IGWOIE1dGL9lVE9sp5s9dkCNSR5rGPkNLB3jsiOv23Jy Xref: news.gmane.org gmane.linux.lib.musl.general:11072 Archived-At: On Wed, Feb 22, 2017 at 11:44:12AM +0000, Tobias Koch wrote: > 16syscall > (gdb) > 17test %eax,%eax > (gdb) backup git pkgs repo spool temp.txt test test.c test.txt > OK, so the clone call was successful. Good. In system() we clone with vfork() semantics, so the caller is blocked until the child exec()s. BTW, what's with the line numbers? Why are they doubled (up in the single digits)? > 18jnz 1f > (gdb) > __clone () at src/thread/x86_64/clone.s:27 > 271:271ret(gdb) > 0x0000000000000000 in ?? () > > Any ideas what might be wrong or what I can do to investigate further? > > Tobias So the last few steps mean that the ret instruction loaded a zero into RIP. Which means that [rsp] has been replaced with a zero byte. I'd probably debug this again, setting a watchpoint on the value RSP is pointing to. Then set the debugger to follow a created child (set follow-fork-mode child) and run this snippet again. As I said, vfork() semantics are in use, i.e. the child process might clobber the return address of its parent. Ciao, Markus