segmentation fault when stepping multi-threaded application
Christophe Leroy
christophe.leroy at csgroup.eu
Wed Apr 30 22:51:35 AEST 2025
Le 28/04/2025 à 13:16, Tomas Alvarez Vanoli a écrit :
> [Vous ne recevez pas souvent de courriers de tomas.alvarez-vanoli at hitachienergy.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
>
> Hello, I am writing because I have a segmentation fault when remote-debugging a PPC 32-bit target with gdbserver.
> This is the same platform described in 'https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flinuxppc-dev%2Fdc38afe9-6b78-f3f5-666b-986939e40fc6%40keymile.com%2F&data=05%7C02%7Cchristophe.leroy2%40cs-soprasteria.com%7C92fc720d78d3418625be08dd864ab6c1%7C8b87af7d86474dc78df45f69a2011bb5%7C0%7C0%7C638814377658854956%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Vo%2BKA%2FAMnJajKrHxowApVvw1Rzp6bu3jDtC1sayJkQY%3D&reserved=0',
> although the bug does not seem to be the same and the position of the thread struct does not affect it.
>
> The segmentation fault message is the following:
>
> tomcli[135]: User access of kernel address (dffbdf10) - exploit attempt? (uid: 0)
>
>
> gdbserver is sometimes unresponsive, although sometimes I am able to kill it with CTRL+C.
> The code I use to reproduce this (tomcli) is the same as my colleague sent back in 2016:
>
>
>
> This can be reproduced always by starting the debug session, stepping 5 times and then issuing a continue.
> Sometimes just a continue will do.
> This error is also happening sporadically when running our main application under gdbserver, we get a segmentation fault in dl_fixup.
> It never happens during normal runtime.
>
> The address that the kernel complains about is coming from pt_regs->gpr[3]. This value is put in the register in a call to PTRACE_SINGLESTEP (value 9).
>
> I poked around the ptrace code a bit, seeing if there were any possible overflows but I could not find anything, so maybe I'm barking up the wrong tree, although it does seem to be related to ptrace.
>
> I also added a dump_stack before the "exploit attempt" message:
>
> CPU: 3 PID: 135 Comm: tomcli Not tainted 6.1.133-00564-g0c302b26a2c4-dirty #0
> Hardware name: name,prodname e5500 0x80241021 CoreNet Generic
In the begining you say it is the same platform as the other report.
When I follow the link I understand that platform is a 83xx.
Here it is a e5500.
Am I missing something ?
Christophe
More information about the Linuxppc-dev
mailing list