Bug 160948 - double free/corrupt free in strace -ff
double free/corrupt free in strace -ff
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: strace (Show other bugs)
3
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-19 02:45 EDT by Dan Hollis
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 4.5.14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-03 04:45:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
exact binary used to crash strace on FC3 x86_64 (215.26 KB, application/octet-stream)
2005-07-05 00:54 EDT, Dan Hollis
no flags Details
init script (1.66 KB, application/octet-stream)
2005-07-05 00:56 EDT, Dan Hollis
no flags Details
/etc/mail/greylist.conf (2.91 KB, application/octet-stream)
2005-07-05 00:59 EDT, Dan Hollis
no flags Details

  None (edit)
Description Dan Hollis 2005-06-19 02:45:42 EDT
Description of problem:
if you strace -ff a task which forks/threads a lot, you get all sorts of
warnings and panics.

Version-Release number of selected component (if applicable):
strace-4.5.8-1

How reproducible:
Always

Steps to Reproduce:
1. strace -o file.trace -f -ff -p (pid)
2. 
3.
  
Actual results:
# strace -o greylist.trace -f -ff -p 7589
Process 6213 attached with 9 threads - interrupt to quit
Process 4876 attached
Process 25850 attached
Process 10890 attached
Process 20381 detached
*** glibc detected *** free(): invalid pointer: 0x00002f5697c4a000 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 11 threads - interrupt to quit
PANIC: attached pid 6213 exited
PANIC: handle_group_exit: 6213 leader 7589
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 12732 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ae10 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 10 threads - interrupt to quit
Process 12186 attached
Process 22321 attached
Process 4876 detached
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 25850 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ef20 ***
Aborted

Expected results:
It shouldn't crash.

Additional info:
Without the -ff parameter it works fine.
Comment 1 Roland McGrath 2005-07-04 19:18:13 EDT
This report needs a test program to attach strace to.
Comment 2 Dan Hollis 2005-07-04 23:20:00 EDT
milter-greylist is what i used. http://hcpnet.free.fr/milter-greylist/

i suspect any threaded program will experience the problem though.
Comment 3 Roland McGrath 2005-07-04 23:28:58 EDT
A proper test case supplies a particular program on a particular execution
environment with precise instructions for running commands that produce the problem.
Comment 4 Dan Hollis 2005-07-05 00:54:16 EDT
Created attachment 116338 [details]
exact binary used to crash strace on FC3 x86_64
Comment 5 Dan Hollis 2005-07-05 00:55:52 EDT
in /etc/sendmail.cf:

# Input mail filters
#O InputMailFilters
O InputMailFilters=greylist
Xgreylist, S=local:/var/milter-greylist/milter-greylist.sock
Comment 6 Dan Hollis 2005-07-05 00:56:44 EDT
Created attachment 116339 [details]
init script
Comment 7 Dan Hollis 2005-07-05 00:59:16 EDT
Created attachment 116340 [details]
/etc/mail/greylist.conf
Comment 8 Dan Hollis 2005-07-05 01:02:26 EDT
100% exact operating environment:
1) FC3 x86_64, exact 100% current (as of Mon Jul  4 21:59:45 PDT 2005) yum updates.
2) sendmail 8.13.1

100% exact steps:
1) install bug #160948 attachment files.
2) start milter-greylist and sendmail.
3) ps -auwx | grep milter-greylist
4) strace -o file.trace -f -ff (pid of milter-greylist)
5) send a bunch of email to the server.
6) watch strace crash.
Comment 9 Dan Hollis 2005-07-05 01:06:42 EDT
it is also very simple to build milter-greylist:

100% exact steps:
wget ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.0.tgz
rpmbuild -ta milter-greylist-2.0.tgz
rpm -Uvh /usr/src/redhat/RPMS/x86_64/milter-greylist*-2.0-1.x86_64.rpm
Comment 10 Dan Hollis 2005-07-05 15:28:47 EDT
please let me know if you need anything else.
Comment 11 Roland McGrath 2006-04-03 04:45:30 EDT
Similar bugs have been fixed in strace since this version.
The fc4 update and fc5 versions of strace should be fine.
If not, file a fresh report against the current version.

Note You need to log in before you can comment on or make changes to this bug.