Ubuntu
ltrace package

ltrace crashes with -f (follow fork) option

Bug #891686 reported by James Hunt
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ltrace (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

$ ltrace -o /dev/null -f /bin/bash
*** glibc detected *** ltrace: malloc(): smallbin double linked list corrupted: 0x095be2e8 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x6ebc2)[0xb764abc2]
/lib/i386-linux-gnu/libc.so.6(+0x70cf3)[0xb764ccf3]
/lib/i386-linux-gnu/libc.so.6(__libc_malloc+0x68)[0xb764e498]
ltrace[0x804d791]
ltrace[0x804db99]
ltrace[0x804e19b]
ltrace[0x804aaf6]
ltrace[0x804d1f9]
ltrace[0x8049bb4]
ltrace[0x8049750]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb75f5113]
======= Memory map: ========
08048000-08063000 r-xp 00000000 08:01 5767833 /usr/bin/ltrace
08063000-08064000 r--p 0001a000 08:01 5767833 /usr/bin/ltrace
08064000-08065000 rw-p 0001b000 08:01 5767833 /usr/bin/ltrace
08065000-08066000 rw-p 00000000 00:00 0
095be000-09604000 rw-p 00000000 00:00 0 [heap]
b7400000-b7421000 rw-p 00000000 00:00 0
b7421000-b7500000 ---p 00000000 00:00 0
b75da000-b75dc000 rw-p 00000000 00:00 0
b75dc000-b7752000 r-xp 00000000 08:01 6032114 /lib/i386-linux-gnu/libc-2.13.so
b7752000-b7754000 r--p 00176000 08:01 6032114 /lib/i386-linux-gnu/libc-2.13.so
b7754000-b7755000 rw-p 00178000 08:01 6032114 /lib/i386-linux-gnu/libc-2.13.so
b7755000-b7758000 rw-p 00000000 00:00 0
b7758000-b776d000 r-xp 00000000 08:01 5774297 /usr/lib/libelf-0.152.so
b776d000-b776e000 r--p 00014000 08:01 5774297 /usr/lib/libelf-0.152.so
b776e000-b776f000 rw-p 00015000 08:01 5774297 /usr/lib/libelf-0.152.so
b7770000-b778c000 r-xp 00000000 08:01 6034536 /lib/i386-linux-gnu/libgcc_s.so.1
b778c000-b778d000 r--p 0001b000 08:01 6034536 /lib/i386-linux-gnu/libgcc_s.so.1
b778d000-b778e000 rw-p 0001c000 08:01 6034536 /lib/i386-linux-gnu/libgcc_s.so.1
b778e000-b7791000 rw-p 00000000 00:00 0
b7791000-b77af000 r-xp 00000000 08:01 6032111 /lib/i386-linux-gnu/ld-2.13.so
b77af000-b77b0000 r--p 0001d000 08:01 6032111 /lib/i386-linux-gnu/ld-2.13.so
b77b0000-b77b1000 rw-p 0001e000 08:01 6032111 /lib/i386-linux-gnu/ld-2.13.so
bf9e4000-bfa05000 rw-p 00000000 00:00 0 [stack]
Aborted (core dumped)
$ gdb `which ltrace` core.3607
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/bin/ltrace...(no debugging symbols found)...done.
[New LWP 3607]
Core was generated by `ltrace -o /dev/null -f /bin/bash'.
Program terminated with signal 6, Aborted.
#0 0xb77920c2 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0xb77920c2 in ?? () from /lib/ld-linux.so.2
#1 0xb7609c8f in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb760d2b5 in __GI_abort () at abort.c:92
#3 0xb763fdfc in __libc_message (do_abort=2, fmt=0xb7719080 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4 0xb764abc2 in malloc_printerr (action=<optimized out>, str=<optimized out>, ptr=0x95be2e8) at malloc.c:6283
#5 0xb764ccf3 in _int_malloc (av=0xb7755400, bytes=7) at malloc.c:4308
#6 0xb764e498 in __GI___libc_malloc (bytes=7) at malloc.c:3660
#7 0x0804d791 in ?? ()
#8 0x0804db99 in ?? ()
#9 0x0804e19b in ?? ()
#10 0x0804aaf6 in ?? ()
#11 0x0804d1f9 in ?? ()
#12 0x08049bb4 in ?? ()
#13 0x08049750 in ?? ()
#14 0xb75f5113 in __libc_start_main (main=0x8049730, argc=5, ubp_av=0xbfa021e4, init=0x805cc20, fini=0x805cc10, rtld_fini=0xb779fbc0, stack_end=0xbfa021dc) at libc-start.c:226
#15 0x08049691 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further
(gdb) quit
$

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ltrace 0.5.3-2.1ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
Uname: Linux 3.0.0-12-generic-pae i686
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Thu Nov 17 15:59:53 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: ltrace
UpgradeStatus: Upgraded to oneiric on 2011-09-25 (53 days ago)

Revision history for this message
James Hunt (jamesodhunt) wrote :
Revision history for this message
James Hunt (jamesodhunt) wrote :

/bin/bash is just an example - I found the problem running something else. However, behaviour is pretty strange:

# crashes
ltrace -o /dev/null /bin/bash
ltrace -o /dev/null /bin/sh -l

# does *NOT* crash
ltrace -o /dev/null /bin/sh

Note too that it take a few seconds to crash. If you send a stream of SIGINTs to the process, you see the following message repreated:

Error: call nesting too deep!

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ltrace (Ubuntu):
status: New → Confirmed
Revision history for this message
Heinrich Schuchardt (xypron) wrote :

On Ubuntu 21.04. x86_64 the problem is not reproducible. Ubuntu 11.10 is not maintained anymore.

Closing as "Invalid".

Changed in ltrace (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.