Re: segmentation fault when stepping multi-threaded application

Wed, 30 Apr 2025 06:20:54 -0700 



Le 28/04/2025 à 13:16, Tomas Alvarez Vanoli a écrit :

[Vous ne recevez pas souvent de courriers de 
tomas.alvarez-van...@hitachienergy.com. Découvrez pourquoi ceci est important à 
https://aka.ms/LearnAboutSenderIdentification ]

Hello, I am writing because I have a segmentation fault when remote-debugging a 
PPC 32-bit target with gdbserver.
This is the same platform described in 
'https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flinuxppc-dev%2Fdc38afe9-6b78-f3f5-666b-986939e40fc6%40keymile.com%2F&data=05%7C02%7Cchristophe.leroy2%40cs-soprasteria.com%7C92fc720d78d3418625be08dd864ab6c1%7C8b87af7d86474dc78df45f69a2011bb5%7C0%7C0%7C638814377658854956%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Vo%2BKA%2FAMnJajKrHxowApVvw1Rzp6bu3jDtC1sayJkQY%3D&reserved=0',
although the bug does not seem to be the same and the position of the thread 
struct does not affect it.

The segmentation fault message is the following:

tomcli[135]: User access of kernel address (dffbdf10) - exploit attempt? (uid: 
0)


gdbserver is sometimes unresponsive, although sometimes I am able to kill it 
with CTRL+C.
The code I use to reproduce this (tomcli) is the same as my colleague sent back 
in 2016:



This can be reproduced always by starting the debug session, stepping 5 times 
and then issuing a continue.
Sometimes just a continue will do.
This error is also happening sporadically when running our main application 
under gdbserver, we get a segmentation fault in dl_fixup.
It never happens during normal runtime.

The address that the kernel complains about is coming from pt_regs->gpr[3]. 
This value is put in the register in a call to PTRACE_SINGLESTEP (value 9).

I poked around the ptrace code a bit, seeing if there were any possible 
overflows but I could not find anything, so maybe I'm barking up the wrong 
tree, although it does seem to be related to ptrace.

I also added a dump_stack before the "exploit attempt" message:

CPU: 3 PID: 135 Comm: tomcli Not tainted 6.1.133-00564-g0c302b26a2c4-dirty #0
Hardware name: name,prodname e5500 0x80241021 CoreNet Generic



In the begining you say it is the same platform as the other report. 
When I follow the link I understand that platform is a 83xx.


Here it is a e5500.

Am I missing something ?

Christophe
























					Reply via email to