glibc-2.3.4-2.13 # ulimit -c unlimited # LD_PRELOAD=/usr/lib/libefence.so ls Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens <bruce> ls(24891): unaligned access to 0x200000000362bfdc, ip=0x20000000001411c1 ls(24891): unaligned access to 0x200000000362bfec, ip=0x20000000001411e1 ls(24891): unaligned access to 0x200000000362bfd4, ip=0x2000000000141450 ls(24891): unaligned access to 0x20000000037c3fec, ip=0x20000000002bbd50 Segmentation fault (core dumped) [root@rx4640 ichihi]# gdb /bin/ls core.24891 GNU gdb Red Hat Linux (6.3.0.0-1.63rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "ia64-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0xa000000000000000 Core was generated by `ls --color=tty'. Program terminated with signal 11, Segmentation fault. warning: svr4_current_sos: Can't read pathname for load map: Input/output error Reading symbols from /usr/lib/libefence.so...Reading symbols from /usr/lib/debug/usr/lib/libefence.so.0.0.debug...done. done. Loaded symbols for /usr/lib/libefence.so Reading symbols from /lib/tls/librt.so.1...Reading symbols from /usr/lib/debug/lib/tls/librt-2.3.4.so.debug...done. done. Loaded symbols for /lib/tls/librt.so.1 Reading symbols from /lib/libacl.so.1...done. Loaded symbols for /lib/libacl.so.1 Reading symbols from /lib/libselinux.so.1...done. Loaded symbols for /lib/libselinux.so.1 Reading symbols from /lib/tls/libc.so.6.1...Reading symbols from /usr/lib/debug/lib/tls/libc-2.3.4.so.debug...done. done. Loaded symbols for /lib/tls/libc.so.6.1 Reading symbols from /lib/tls/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/tls/libpthread-2.3.4.so.debug...done. done. Loaded symbols for /lib/tls/libpthread.so.0 Reading symbols from /lib/ld-linux-ia64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.3.4.so.debug...done. done. Loaded symbols for /lib/ld-linux-ia64.so.2 Reading symbols from /lib/libattr.so.1...done. Loaded symbols for /lib/libattr.so.1 Reading symbols from /lib/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib/libnss_files-2.3.4.so.debug...done. done. Loaded symbols for /lib/libnss_files.so.2 #0 _dl_make_fptr (map=Variable "map" is not available. ) at ../sysdeps/generic/dl-fptr.c:256 256 f->ip = (ElfW(Addr)) l->free_list; (gdb) bt #0 _dl_make_fptr (map=Variable "map" is not available. ) at ../sysdeps/generic/dl-fptr.c:256 #1 0x2000000000016510 in _dl_relocate_object (l=Variable "l" is not available. ) at ../sysdeps/ia64/dl-machine.h:560 #2 0x2000000000309f30 in dl_open_worker (a=Variable "a" is not available. ) at dl-open.c:343 #3 0x2000000000019d10 in _dl_catch_error (objname=Cannot access memory at address 0x9804c8a70033f ) at dl-error.c:161 #4 0x200000000030b840 in *__GI__dl_open (file=Variable "file" is not available.) at dl-open.c:577 #5 0x200000000030e9c0 in do_dlopen (ptr=0x60000fffffffaad0) at dl-libc.c:80 #6 0x2000000000019d10 in _dl_catch_error (objname=Cannot access memory at address 0x9804c8a70033f ) at dl-error.c:161 #7 0x200000000030eb60 in *__GI___libc_dlopen_mode ( name=0x60000fffffffab00 "libnss_files.so.2", mode=-2147483647) at dl-libc.c:42 #8 0x20000000002bb5f0 in *__GI___nss_lookup_function (ni=Variable "ni" is not available. ) at nsswitch.c:344 #9 0x20000000002bb980 in __nss_lookup (ni=0x60000fffffffab40, fct_name=0x200000000032b6b8 "getpwuid_r", fctp=0x60000fffffffab48) at nsswitch.c:150 #10 0x20000000002bf710 in __nss_passwd_lookup () at ../libio/bits/stdio.h:113 #11 0x2000000000218f50 in __getpwuid_r (uid=0, resbuf=0x2000000000362290, buffer=0x2000000003763c00 "", buflen=1024, result=0x60000fffffffab50) at ../nss/getXXbyYY_r.c:171 #12 0x2000000000217eb0 in getpwuid (uid=0) at ../nss/getXXbyYY.c:135 #13 0x4000000000018fb0 in getuser (uid=0) at idcache.c:74 #14 0x4000000000006900 in format_user_width (u=0) at ls.c:3141 #15 0x40000000000077d0 in gobble_file (name=0x2000000003750063 "README", type=normal, explicit_arg=0, dirname=0x2000000003747ffc ".") at ls.c:2609 #16 0x400000000000d2d0 in print_dir (name=0x2000000003747ffc ".", realname=0x0) at ls.c:2272 #17 0x4000000000010440 in main (argc=-18752, argv=0x60000fffffffb6c8) at ls.c:1230 #18 0x20000000001253f0 in __libc_start_main (main=Cannot access memory at address 0x1 ) at ../sysdeps/generic/libc-start.c:209 #19 0x4000000000003240 in _start () (gdb)
That is not a glibc bug, but an ElectricFence feature, see man efence. glibc relies on malloc etc. results being sufficiently aligned to satisfy alignment requirement of any standard C object (see e.g. http://www.opengroup.org/onlinepubs/009695399/functions/malloc.html ). On IA-64 that's long double with __alignof (long double) == 16. glibc malloc internally guarantees alignment of MALLOC_ALIGNMENT, which is 2 * sizeof (size_t). In dlopen code actually even 8 byte alignment is enough. But, as ElectricFence documents, it by default only returns sizeof (int) aligned memory to catch more beyond end of object accesses and if some app needs bigger alignment, users must use EF_ALIGNMENT=XX in environment to override it (make the checking more forgiving and at the same time satisfying program's alignment requirements). So, if you use EF_ALIGNMENT=8 LD_PRELOAD=libefence.so.0 /bin/ls -l on IA-64, it will work just fine.