* Wolfram Schlich <lists@xxxxxxxxxxxxxxxxxxx> [2008-11-14 16:09]: > Now I got a core, after more than a day, but it doesn't look good :( Here's the reply of the PaX team (I sent in the conntrackd binary along with the coredump): * pageexec@xxxxxxxxxxx <pageexec@xxxxxxxxxxx> [2008-11-14 16:48]: > ok, here's the rest of the story: > > (gdb) x/16x $sp > 0x7fffffffb398: 0xf7ba28b5 0x00007fff 0x00000001 0x00000000 > (gdb) x/8i 0x00007ffff7ba28b5-3 > 0x7ffff7ba28b2 <__build_protoinfo+450>: callq *(%rdx,%rax,8) > 0x7ffff7ba28b5 <__build_protoinfo+453>: mov $0x1,%eax > 0x7ffff7ba28ba <__build_protoinfo+458>: mov %ebp,%ecx > 0x7ffff7ba28bc <__build_protoinfo+460>: shl %cl,%rax > 0x7ffff7ba28bf <__build_protoinfo+463>: or %eax,(%r14,%rbx,4) > 0x7ffff7ba28c3 <__build_protoinfo+467>: cmp $0x37,%r12d > 0x7ffff7ba28c7 <__build_protoinfo+471>: jle 0xfffffffff7ba287f > 0x7ffff7ba28c9 <__build_protoinfo+473>: mov 0x10(%rsp),%rdx > (gdb) i r rdx rax > rdx 0x7ffff7db5000 140737351733248 > rax 0x37 55 > (gdb) x/8x $rdx+8*$rax > 0x7ffff7db51b8: 0x00000000 0x00000000 0xf7ba9468 0x00007fff > 0x7ffff7db51c8: 0xf7ba94b1 0x00007fff 0xf7ba9505 0x00007fff > > so that's a null function pointer in whatever structure __build_protoinfo dereferences > there. is it of any help to you or do you need me to dig out more? Pablo, is this sufficient information for you? -- Regards, Wolfram Schlich <wschlich@xxxxxxxxxx> Gentoo Linux * http://dev.gentoo.org/~wschlich/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
