ltrace crashes with -f (follow fork) option
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ltrace (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
$ ltrace -o /dev/null -f /bin/bash
*** glibc detected *** ltrace: malloc(): smallbin double linked list corrupted: 0x095be2e8 ***
======= Backtrace: =========
/lib/i386-
/lib/i386-
/lib/i386-
ltrace[0x804d791]
ltrace[0x804db99]
ltrace[0x804e19b]
ltrace[0x804aaf6]
ltrace[0x804d1f9]
ltrace[0x8049bb4]
ltrace[0x8049750]
/lib/i386-
======= Memory map: ========
08048000-08063000 r-xp 00000000 08:01 5767833 /usr/bin/ltrace
08063000-08064000 r--p 0001a000 08:01 5767833 /usr/bin/ltrace
08064000-08065000 rw-p 0001b000 08:01 5767833 /usr/bin/ltrace
08065000-08066000 rw-p 00000000 00:00 0
095be000-09604000 rw-p 00000000 00:00 0 [heap]
b7400000-b7421000 rw-p 00000000 00:00 0
b7421000-b7500000 ---p 00000000 00:00 0
b75da000-b75dc000 rw-p 00000000 00:00 0
b75dc000-b7752000 r-xp 00000000 08:01 6032114 /lib/i386-
b7752000-b7754000 r--p 00176000 08:01 6032114 /lib/i386-
b7754000-b7755000 rw-p 00178000 08:01 6032114 /lib/i386-
b7755000-b7758000 rw-p 00000000 00:00 0
b7758000-b776d000 r-xp 00000000 08:01 5774297 /usr/lib/
b776d000-b776e000 r--p 00014000 08:01 5774297 /usr/lib/
b776e000-b776f000 rw-p 00015000 08:01 5774297 /usr/lib/
b7770000-b778c000 r-xp 00000000 08:01 6034536 /lib/i386-
b778c000-b778d000 r--p 0001b000 08:01 6034536 /lib/i386-
b778d000-b778e000 rw-p 0001c000 08:01 6034536 /lib/i386-
b778e000-b7791000 rw-p 00000000 00:00 0
b7791000-b77af000 r-xp 00000000 08:01 6032111 /lib/i386-
b77af000-b77b0000 r--p 0001d000 08:01 6032111 /lib/i386-
b77b0000-b77b1000 rw-p 0001e000 08:01 6032111 /lib/i386-
bf9e4000-bfa05000 rw-p 00000000 00:00 0 [stack]
Aborted (core dumped)
$ gdb `which ltrace` core.3607
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://
Reading symbols from /usr/bin/
[New LWP 3607]
Core was generated by `ltrace -o /dev/null -f /bin/bash'.
Program terminated with signal 6, Aborted.
#0 0xb77920c2 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0xb77920c2 in ?? () from /lib/ld-linux.so.2
#1 0xb7609c8f in __GI_raise (sig=6) at ../nptl/
#2 0xb760d2b5 in __GI_abort () at abort.c:92
#3 0xb763fdfc in __libc_message (do_abort=2, fmt=0xb7719080 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/
#4 0xb764abc2 in malloc_printerr (action=<optimized out>, str=<optimized out>, ptr=0x95be2e8) at malloc.c:6283
#5 0xb764ccf3 in _int_malloc (av=0xb7755400, bytes=7) at malloc.c:4308
#6 0xb764e498 in __GI___libc_malloc (bytes=7) at malloc.c:3660
#7 0x0804d791 in ?? ()
#8 0x0804db99 in ?? ()
#9 0x0804e19b in ?? ()
#10 0x0804aaf6 in ?? ()
#11 0x0804d1f9 in ?? ()
#12 0x08049bb4 in ?? ()
#13 0x08049750 in ?? ()
#14 0xb75f5113 in __libc_start_main (main=0x8049730, argc=5, ubp_av=0xbfa021e4, init=0x805cc20, fini=0x805cc10, rtld_fini=
#15 0x08049691 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further
(gdb) quit
$
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ltrace 0.5.3-2.1ubuntu1
ProcVersionSign
Uname: Linux 3.0.0-12-
NonfreeKernelMo
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Thu Nov 17 15:59:53 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
ProcEnviron:
PATH=(custom, user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: ltrace
UpgradeStatus: Upgraded to oneiric on 2011-09-25 (53 days ago)
/bin/bash is just an example - I found the problem running something else. However, behaviour is pretty strange:
# crashes
ltrace -o /dev/null /bin/bash
ltrace -o /dev/null /bin/sh -l
# does *NOT* crash
ltrace -o /dev/null /bin/sh
Note too that it take a few seconds to crash. If you send a stream of SIGINTs to the process, you see the following message repreated:
Error: call nesting too deep!