Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 228397 - PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Summary: PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: i386
OS: Linux
Target Milestone: ---
: ---
Assignee: Roland McGrath
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2007-02-12 21:21 UTC by Roland McGrath
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-11-07 19:40:04 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0959 normal SHIPPED_LIVE Updated kernel packages for Red Hat Enterprise Linux 5 Update 1 2007-11-08 00:47:37 UTC

Description Roland McGrath 2007-02-12 21:21:31 UTC
Description of problem:

ptrace_peekusr fails with EIO for some calls that would just return a zero
result before.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
2.gcc -m32 -o badsys badsys.c
3.strace ./badsys
Actual results:

ends with an error that ptrace failed with I/O error (EIO).

Expected results:

end of output should show:
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, ...
exit_group(0) ...

Additional info:

Fixed in upstream utrace.

Comment 1 Roland McGrath 2007-02-12 21:22:29 UTC
This is a regression from RHEL4 and all prior kernels (except some FC6 kernels
with the same utrace bug).

Comment 2 Roland McGrath 2007-02-12 21:24:24 UTC
I didn't actually test on x86_64, but the problem is the same there both for a
native -m64 compile of badsys, and for either 64-bit or 32-bit strace tracing
the -m32 compile.

Comment 3 RHEL Product and Program Management 2007-02-12 21:25:19 UTC
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.

Comment 6 RHEL Product and Program Management 2007-06-20 12:31:47 UTC
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.

Comment 7 Don Zickus 2007-06-27 15:51:54 UTC
in 2.6.18-32.el5
You can download this test kernel from

Comment 10 Mike Gahagan 2007-08-28 18:20:18 UTC
I can confirm the -EIO error on exit with the GA kernel, however with -43 kernel
I get slightly different output (I get an exit_group with a -1 rather than 0) 

[root@test183 ~]# echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
[root@test183 ~]# gcc -m32 -o badsys badsys.c
[root@test183 ~]# strace ./badsys
execve("./badsys", ["./badsys"], [/* 24 vars */]) = 0
brk(0)                                  = 0x81c5000
access("/etc/", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=56206, ...}) = 0
mmap2(NULL, 56206, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f78000
close(3)                                = 0
open("/lib/", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\177:\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1585788, ...}) = 0
mmap2(0x392000, 1308068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
mmap2(0x4cc000, 12288, PROT_READ|PROT_WRITE,
-1, 0) = 0x4cf000
close(3)                                = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f766c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x4cc000, 8192, PROT_READ)     = 0
mprotect(0x38e000, 4096, PROT_READ)     = 0
munmap(0xb7f78000, 56206)               = 0
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xffffffda, 0x7b, 0x7b, 0, 0x33,
0x270f, 0xd34402, 0x73, 0x246, 0xbff71118, 0x7b, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0) = -1 (errno 38)
exit_group(-1)                          = ?

Can someone confirm this is correct behavior or do we have another bug here?

Comment 11 Roland McGrath 2007-08-29 07:04:27 UTC
The test case lets main return a random stack value, so the exit_group argument
you see could be anything.  It doesn't matter.  You are testing that strace
itself gets no errors and prints the "syscall_9999" line.

Comment 13 errata-xmlrpc 2007-11-07 19:40:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.