Bug 160948

Summary: double free/corrupt free in strace -ff
Product: [Fedora] Fedora Reporter: Dan Hollis <goemon>
Component: straceAssignee: Roland McGrath <roland>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: ldv, olivier.baudron
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 4.5.14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-03 08:45:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
exact binary used to crash strace on FC3 x86_64
none
init script
none
/etc/mail/greylist.conf none

Description Dan Hollis 2005-06-19 06:45:42 UTC 
Description of problem:
if you strace -ff a task which forks/threads a lot, you get all sorts of
warnings and panics.

Version-Release number of selected component (if applicable):
strace-4.5.8-1

How reproducible:
Always

Steps to Reproduce:
1. strace -o file.trace -f -ff -p (pid)
2. 
3.
  
Actual results:
# strace -o greylist.trace -f -ff -p 7589
Process 6213 attached with 9 threads - interrupt to quit
Process 4876 attached
Process 25850 attached
Process 10890 attached
Process 20381 detached
*** glibc detected *** free(): invalid pointer: 0x00002f5697c4a000 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 11 threads - interrupt to quit
PANIC: attached pid 6213 exited
PANIC: handle_group_exit: 6213 leader 7589
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 12732 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ae10 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 10 threads - interrupt to quit
Process 12186 attached
Process 22321 attached
Process 4876 detached
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 25850 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ef20 ***
Aborted

Expected results:
It shouldn't crash.

Additional info:
Without the -ff parameter it works fine.
Comment 1 Roland McGrath 2005-07-04 23:18:13 UTC 
This report needs a test program to attach strace to.
Comment 2 Dan Hollis 2005-07-05 03:20:00 UTC 
milter-greylist is what i used. http://hcpnet.free.fr/milter-greylist/

i suspect any threaded program will experience the problem though.
Comment 3 Roland McGrath 2005-07-05 03:28:58 UTC 
A proper test case supplies a particular program on a particular execution
environment with precise instructions for running commands that produce the problem.
Comment 4 Dan Hollis 2005-07-05 04:54:16 UTC 
Created attachment 116338 [details]
exact binary used to crash strace on FC3 x86_64
Comment 5 Dan Hollis 2005-07-05 04:55:52 UTC 
in /etc/sendmail.cf:

# Input mail filters
#O InputMailFilters
O InputMailFilters=greylist
Xgreylist, S=local:/var/milter-greylist/milter-greylist.sock
Comment 6 Dan Hollis 2005-07-05 04:56:44 UTC 
Created attachment 116339 [details]
init script
Comment 7 Dan Hollis 2005-07-05 04:59:16 UTC 
Created attachment 116340 [details]
/etc/mail/greylist.conf
Comment 8 Dan Hollis 2005-07-05 05:02:26 UTC 
100% exact operating environment:
1) FC3 x86_64, exact 100% current (as of Mon Jul  4 21:59:45 PDT 2005) yum updates.
2) sendmail 8.13.1

100% exact steps:
1) install bug #160948 attachment files.
2) start milter-greylist and sendmail.
3) ps -auwx | grep milter-greylist
4) strace -o file.trace -f -ff (pid of milter-greylist)
5) send a bunch of email to the server.
6) watch strace crash.
Comment 9 Dan Hollis 2005-07-05 05:06:42 UTC 
it is also very simple to build milter-greylist:

100% exact steps:
wget ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.0.tgz
rpmbuild -ta milter-greylist-2.0.tgz
rpm -Uvh /usr/src/redhat/RPMS/x86_64/milter-greylist*-2.0-1.x86_64.rpm
Comment 10 Dan Hollis 2005-07-05 19:28:47 UTC 
please let me know if you need anything else.
Comment 11 Roland McGrath 2006-04-03 08:45:30 UTC 
Similar bugs have been fixed in strace since this version.
The fc4 update and fc5 versions of strace should be fine.
If not, file a fresh report against the current version.