Date: Wed, 17 Jan 2007 08:03:10 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Scot Hetzel <swhetzel@gmail.com> Cc: emulation@freebsd.org Subject: Re: linuxolator: fatal trap 12 when compiling libX11 Message-ID: <20070117080310.jhbtrvl1c0c04k8k@webmail.leidinger.net> In-Reply-To: <790a9fff0701162000s5f48d51fk2e5a4a74bd7021f9@mail.gmail.com> References: <790a9fff0701151314x6dd48ecbg90a54729813e84e@mail.gmail.com> <20070116080015.8dus0vamssso0sww@webmail.leidinger.net> <790a9fff0701161005t75222f2l439e8c0c1153ffd2@mail.gmail.com> <20070116181839.GA80994@stud.fit.vutbr.cz> <790a9fff0701161317q74b28955jf61b6e9651168a36@mail.gmail.com> <20070116221150.GA9429@stud.fit.vutbr.cz> <790a9fff0701162000s5f48d51fk2e5a4a74bd7021f9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Scot Hetzel <swhetzel@gmail.com> (from Tue, 16 Jan 2007 =20
22:00:21 -0600):
> On 1/16/07, Divacky Roman <xdivac02@stud.fit.vutbr.cz> wrote:
>> please test this patch:
>>
>> Index: linux_emul.c
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> RCS file: /home/ncvs/src/sys/compat/linux/linux_emul.c,v
>> retrieving revision 1.12
>> diff -u -r1.12 linux_emul.c
>> --- linux_emul.c 7 Jan 2007 19:09:20 -0000 1.12
>> +++ linux_emul.c 16 Jan 2007 22:11:06 -0000
>> @@ -170,7 +170,8 @@
>> EMUL_UNLOCK(&emul_lock);
>>
>> EMUL_SHARED_WLOCK(&emul_shared_lock);
>> - LIST_REMOVE(em, threads);
>> + if (!LIST_EMPTY(em->shared->threads)
I didn't had a look at the code, but my first impression about this =20
was, that it is trying to hide the problem. Currently I think it is =20
either memory corruption, a race (inappropriate locking), or keeping a =20
pointer when it should be cleaned/removed, or some memory is not =20
initialized before inserting/using it somewhere.
> Wouldn't compile as shown above (complained about '->' when
> compiling), changed it to:
>
> if (!LIST_EMPTY(&em->shared->threads))
>
> but now I'm getting:
> #10 0xffffffffa2cb3b2c in linux_proc_init (td=3D0xffffff002d1d9290,
> child=3D0x4f5c, flags=3D0x0)
> at /usr/src/7x/sys-orig/modules/linux/../../compat/linux/linux_emul.c:1=
38
> 138 LIST_INSERT_HEAD(&em->shared->threads, em, threads=
);
> (kgdb) p &em->shared->threads
> $1 =3D (struct {...} *) 0xdeadc0dedeadc0e6
> (kgdb) p *em
> $3 =3D {
> pid =3D 0xdeadc0de,
> child_set_tid =3D 0x0,
> child_clear_tid =3D 0x0,
> shared =3D 0xdeadc0dedeadc0de,
> pdeath_signal =3D 0xdeadc0de,
> threads =3D {
> le_next =3D 0xdeadc0dedeadc0de,
> le_prev =3D 0xdeadc0dedeadc0de
> }
> }
deadc0de means that the memory was freed before use.
Bye,
Alexander.
--=20
Lord, what fools these mortals be!
=09=09-- William Shakespeare, "A Midsummer-Night's Dream"
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070117080310.jhbtrvl1c0c04k8k>