Here is an example that causes the crash, it is obviously longer that 512 ascii: [child0:1607] [31] utimensat(dfd=^[[1;36m497 , filename=^[[1;36m".//proc/4/task/4/cpusetd%s%d%d%d%d%s%s%s%d%d%s%d%d%d%d%s%s%d %s%s%d%s%d%s%s%d%d%s%d%d%d%d%s%d%d%s%s%s%d%s%d%d%s%d%d%s%d%s%d%s%d%d%d%s%s%s%s%s %d%s%s%d%s%d%d%d%d%d%s%d%s%s%d%s%d%d%d%d%d%d%s%d%d%s%s%s%d%d%d%d%d%d%s%s%d%s%s%d %s%s%s%s%d%s%d%d%d%d%d%d%s%s%d%s%d%d%s%d%d%s%s%d%s%d%d%d%s%s%d%s%d%s%d%s%s%d%s%s %d%d%s%s%s%s%s%d%s%d%d%d%s%s%d%s%s%d%s%s%d%s%d%d%s%d%s%d%d%s%s%d%s%d%d%d%s%s%d%s %s%s%s%d%d%s%s%d%d%d%s%d%d%s%d%s%s%d%s%s%s%d%s%d%d%s%d%s%d%s%d%s%d%s%d%d%s%s%d%s %d%s%s%d%d%s%s%s%s%d%d%d%d%d%d%d%s%s%s%d%d%d%s%d%s%s%d%d%s%s%s%s%d%d%s%s%d%d%d%s %d%s%d%d%s%d%d%d%s%s%d%s%s%d%s%s%s%d%s%d%s%s%s%s%s%d%d%s%d%s%s%d%d%s%d%s%s%d%s%s %d%d%d%s%d%d%d%s%d%d%d%s%s%s%d%d%d%s%d%d%d%s%s%d%d%s%s%s%d%d%d%d%d%s%s%d%s%d%d%s %d%d%d%s%s%d%s%s%s%s%d%s%d%s%s%d%d%d%d%d%s%d%d%s%s%d%d%d%d%d%s%d%d%s%s%s%d%d%s%s %d%s%s%d%d%d%s%d%s%s%s%d%s%s%s%s%s%s%s%s%s%s%s%s%d%d%s%d%s%d%d%s%s%s%s%s%s%d%s%d %s%d%d%s%d%d%d%s%s%s%s%s%d%d%d%s%s%s%s%d%s%s%s%d%d%d%s%d%s%s%d%d%s%s%s%s%s%s%s%d %s%d%s%s%d%d%d%s%s%d%s%s%s%d%s%d%s% [child1:1608] [0] setreuid(ruid=0x400000000000000, euid=0xffffffffffffffff) [child1:1608] = -1 (Operation not permitted) On Fri, Oct 4, 2013 at 8:29 AM, Dave Jones <davej@xxxxxxxxxx> wrote: > On Thu, Oct 03, 2013 at 06:53:08PM -0700, Ildar Muslukhov wrote: > > Hi, > > > > I've been looking through the strange behavior today, where I am > > getting lots of "stack smashing detected" and found that the most > > probable place is the mkcall function. Here is the call stack: > > [0x440545] (stack check related calls) > > [0x44050e] (stack check related calls) > > [0x408db4]<-stack canary check > > [0x412709]<-call mkcall > > [0x402228] > > [0x405586] > > [0x40185a] > > [0x412b44] > > [0x401db1]<-main() > > > > After looking into the code in mkcall: > > >long mkcall(int childno) > > >{ > > > unsigned long olda1, olda2, olda3, olda4, olda5, olda6; > > > unsigned int call = shm->syscallno[childno]; > > > unsigned long ret = 0; > > > int errno_saved; > > > char string[512], *sptr; > > ... > > I suspect that string[512] is the issue. The simple tests confirms > > that assumption (I've just commented out the block of color_arg > > function calls that fill the buffer with parameter values). > > If that's getting overrun, I'm really curious what the string is, > because that should only be holding a single line of text. > Even with all the ansi codes it should be plenty. > > Dave > -- To unsubscribe from this list: send the line "unsubscribe trinity" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html