Package: ltrace
Version: 0.7.3
When trying to ltrace a process that prints a mmap()ed address,
the ltrace program dies, thereby taking the ltraced process down
with a SIGILL signal. The output just before crashing does not
look correct either:
printf("%p\n", 0x7ffff7ffa0000x7ffff7ffa000
I observe that this behavior only occurs when $sysconfdir/ltrace.conf
(e.g.: /etc/ltrace.conf) exists. Renaming this file and the crash
is gone. I compared the output of `-D 77` but I could not find any
differences, except:
- process ID (substituted by (PID) below) and some addresses.
- lines related to reading the config file (before the do_close_elf
debugging line, before the same line of text shared by the "working"
ltrace and the "crashing" ltrace).
- The "crashing" ltrace stops after printing the following:
...
DEBUG: events.c:144: next_event()
DEBUG: events.c:201: event from pid (PID)
DEBUG: events.c:335: event: BREAKPOINT: pid=(PID), addr=0x4005ee
DEBUG: handle_event.c:90: handle_event(pid=(PID), type=11)
DEBUG: handle_event.c:178: [(PID)] event: breakpoint 0x4005ee
DEBUG: handle_event.c:600: handle_breakpoint(pid=(PID), addr=0x4005ee)
DEBUG: handle_event.c:601: event: breakpoint (0x4005ee)
<... printf resumed> ) = 25
DEBUG: handle_event.c:742: callstack_pop(pid=(PID))
DEBUG: breakpoints.c:248: delete_breakpoint(pid=(PID), addr=0x4005ee)
DEBUG: dict.c:160: dict_find_entry()
DEBUG: breakpoint.c:133: disable_breakpoint: pid=(PID), addr=0x4005ee,
symbol=(null)
DEBUG: breakpoint.c:99: arch_disable_breakpoint: pid=(PID), addr=0x4005ee,
symbol=(null)
DEBUG: proc.c:941: proc_remove_breakpoint(pid=(PID), (null)@0x4005ee)
DEBUG: dict.c:132: dict_remove(0x4005ee)
A test program can be found below, the gdb backtrace follows.
/* gcc lmap.c -o lmap */
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/mman.h>
int main() {
int fd;
char *addr;
fd = open("/dev/zero", O_RDONLY);
addr = mmap(NULL, 1024, PROT_READ, MAP_SHARED, fd, 0);
printf("%p\n", addr);
return 0;
}
$ gdb -ex r -ex bt -ex q --args ltrace ./lmap
GNU gdb (GDB) 7.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /tmp/ltrace/ltrace-0.7.3/ltrace...done.
Starting program: /tmp/ltrace/ltrace ./lmap
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
__libc_start_main(0x400590, 1, 0x7fffffffe508, 0x400600 <unfinished ...>
open("/dev/zero", 0, 037777762430)
= 7
mmap(0, 1024, 1, 1)
= 0x7ffff7ffa000
printf("%p\n", 0x7ffff7ffa0000x7ffff7ffa000
)
= 15
*** Error in `/tmp/ltrace/ltrace': free(): invalid pointer: 0x0000000000643ba0
***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x72ecf)[0x7ffff758becf]
/usr/lib/libc.so.6(+0x7869e)[0x7ffff759169e]
/usr/lib/libc.so.6(+0x79377)[0x7ffff7592377]
/tmp/ltrace/ltrace[0x40be6a]
/tmp/ltrace/ltrace[0x40beda]
/tmp/ltrace/ltrace[0x40c6f3]
/tmp/ltrace/ltrace[0x40c7c6]
/tmp/ltrace/ltrace[0x40d4b1]
/tmp/ltrace/ltrace[0x40eab8]
/tmp/ltrace/ltrace[0x40da1b]
/tmp/ltrace/ltrace[0x41e28e]
/tmp/ltrace/ltrace[0x41dc8d]
/tmp/ltrace/ltrace[0x41cb31]
/tmp/ltrace/ltrace[0x40379c]
/tmp/ltrace/ltrace[0x403175]
/usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7ffff753abc5]
/tmp/ltrace/ltrace[0x403089]
======= Memory map: ========
00400000-0043f000 r-xp 00000000 00:1d 5346196
/tmp/ltrace/ltrace-0.7.3/ltrace
0063f000-00643000 rw-p 0003f000 00:1d 5346196
/tmp/ltrace/ltrace-0.7.3/ltrace
00643000-006a7000 rw-p 00000000 00:00 0 [heap]
7ffff7000000-7ffff7015000 r-xp 00000000 fe:00 1057764
/usr/lib/libgcc_s.so.1
7ffff7015000-7ffff7215000 ---p 00015000 fe:00 1057764
/usr/lib/libgcc_s.so.1
7ffff7215000-7ffff7216000 rw-p 00015000 fe:00 1057764
/usr/lib/libgcc_s.so.1
7ffff7216000-7ffff7318000 r-xp 00000000 fe:00 1072116
/usr/lib/libm-2.18.so
7ffff7318000-7ffff7517000 ---p 00102000 fe:00 1072116
/usr/lib/libm-2.18.so
7ffff7517000-7ffff7518000 r--p 00101000 fe:00 1072116
/usr/lib/libm-2.18.so
7ffff7518000-7ffff7519000 rw-p 00102000 fe:00 1072116
/usr/lib/libm-2.18.so
7ffff7519000-7ffff76bb000 r-xp 00000000 fe:00 1072117
/usr/lib/libc-2.18.so
7ffff76bb000-7ffff78ba000 ---p 001a2000 fe:00 1072117
/usr/lib/libc-2.18.so
7ffff78ba000-7ffff78be000 r--p 001a1000 fe:00 1072117
/usr/lib/libc-2.18.so
7ffff78be000-7ffff78c0000 rw-p 001a5000 fe:00 1072117
/usr/lib/libc-2.18.so
7ffff78c0000-7ffff78c4000 rw-p 00000000 00:00 0
7ffff78c4000-7ffff78d8000 r-xp 00000000 fe:00 1066817
/usr/lib/libelf-0.155.so
7ffff78d8000-7ffff7ad7000 ---p 00014000 fe:00 1066817
/usr/lib/libelf-0.155.so
7ffff7ad7000-7ffff7ad8000 r--p 00013000 fe:00 1066817
/usr/lib/libelf-0.155.so
7ffff7ad8000-7ffff7ad9000 rw-p 00014000 fe:00 1066817
/usr/lib/libelf-0.155.so
7ffff7ad9000-7ffff7bbf000 r-xp 00000000 fe:00 1056929
/usr/lib/libstdc++.so.6.0.18
7ffff7bbf000-7ffff7dbe000 ---p 000e6000 fe:00 1056929
/usr/lib/libstdc++.so.6.0.18
7ffff7dbe000-7ffff7dc6000 r--p 000e5000 fe:00 1056929
/usr/lib/libstdc++.so.6.0.18
7ffff7dc6000-7ffff7dc8000 rw-p 000ed000 fe:00 1056929
/usr/lib/libstdc++.so.6.0.18
7ffff7dc8000-7ffff7ddd000 rw-p 00000000 00:00 0
7ffff7ddd000-7ffff7dfd000 r-xp 00000000 fe:00 1057744
/usr/lib/ld-2.18.so
7ffff7fbd000-7ffff7fc3000 rw-p 00000000 00:00 0
7ffff7ffa000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 0001f000 fe:00 1057744
/usr/lib/ld-2.18.so
7ffff7ffd000-7ffff7ffe000 rw-p 00020000 fe:00 1057744
/usr/lib/ld-2.18.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff754e3d9 in raise () from /usr/lib/libc.so.6
#0 0x00007ffff754e3d9 in raise () from /usr/lib/libc.so.6
#1 0x00007ffff754f7d8 in abort () from /usr/lib/libc.so.6
#2 0x00007ffff758bed4 in __libc_message () from /usr/lib/libc.so.6
#3 0x00007ffff759169e in malloc_printerr () from /usr/lib/libc.so.6
#4 0x00007ffff7592377 in _int_free () from /usr/lib/libc.so.6
#5 0x000000000040be6a in type_pointer_destroy (info=0x693790) at type.c:214
#6 0x000000000040beda in type_destroy (info=0x693790) at type.c:234
#7 0x000000000040c6f3 in value_set_type (value=0x6930a0, type=0x0, own_type=0)
at value.c:64
#8 0x000000000040c7c6 in value_destroy (val=0x6930a0) at value.c:97
#9 0x000000000040d4b1 in value_dtor (val=0x6930a0, data=0x0) at value_dict.c:51
#10 0x000000000040eab8 in vect_destroy (vec=0x693020, dtor=0x40d495
<value_dtor>, data=0x0) at vect.c:147
#11 0x000000000040da1b in val_dict_destroy (dict=0x693020) at value_dict.c:146
#12 0x000000000041e28e in callstack_pop (proc=0x68ef50) at handle_event.c:751
#13 0x000000000041dc8d in handle_breakpoint (event=0x643c40 <event>) at
handle_event.c:620
#14 0x000000000041cb31 in handle_event (event=0x643c40 <event>) at
handle_event.c:179
#15 0x000000000040379c in ltrace_main () at libltrace.c:193
#16 0x0000000000403175 in main (argc=2, argv=0x7fffffffe4d8) at main.c:55
A debugging session is active.
Inferior 1 [process 32736] will be killed.
Quit anyway? (y or n) y
Distribution: Arch Linux x86_64
Kernel: 3.11-rc7
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
