From: Kieran G. <kie...@gm...> - 2012-12-26 01:13:46
|
Just a continuation of my previous email, I have since compiled UML with v3.7 from Linux-next, the bug appears there too. The dumped process still exists as a zombie process as long as the rest of the UML session is running. It doesn't have anything to do with my Debian based UML environment it was booting, it occurred even with a UML BusyBox file-system. My config for the v3.7 is attached, did I stuff up my config somewhere? Some more info Core was generated by `./Linux-3.7.0-uml mem=512M eth0=tuntap,tap0 ubd0=BusyBox-1.13.2-amd64-root_fs'. Program terminated with signal 11, Segmentation fault. #0 0x0000000060053b8a in sigsuspend (set=0x807bef28) at kernel/signal.c:3264 Registers: rax 0x0 0 rbx 0x10 16 rcx 0x6034a330 1614062384 rdx 0x0 0 rsi 0x807befb7 2155605943 rdi 0x807bef28 2155605800 rbp 0x807bef18 0x807bef18 rsp 0x807bef08 0x807bef08 r8 0x1e2d8 123608 r9 0x807befe8 2155605992 r10 0x807bee78 2155605624 r11 0x246 582 r12 0x6034a380 1614062464 r13 0x60053b60 1610955616 r14 0x603a196c 1614420332 r15 0x60f7c840 1626851392 rip 0x60053b8a 0x60053b8a <sigsuspend+42> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x63 99 gs 0x0 0 Disassemble: 3264 current->saved_sigmask = current->blocked; 0x0000000060053b76 <+22>: 48 8b 10 mov (%rax),%rdx (rdx becomes zero, not a good sign) 0x0000000060053b87 <+39>: 48 8b 00 mov (%rax),%rax (the same zero gets loaded into rax) => 0x0000000060053b8a <+42>: 48 8b 80 38 07 00 00 mov 0x738(%rax),%rax (and we dereference it) 0x0000000060053b91 <+49>: 48 89 82 48 07 00 00 mov %rax,0x748(%rdx) Yay, a NULL pointer dereference bug :/ From, Kieran Grant |