Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160948 - double free/corrupt free in strace -ff
Summary: double free/corrupt free in strace -ff
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: strace
Version: 3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Roland McGrath
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-19 06:45 UTC by Dan Hollis
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: 4.5.14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-04-03 08:45:30 UTC


Attachments (Terms of Use)
exact binary used to crash strace on FC3 x86_64 (deleted)
2005-07-05 04:54 UTC, Dan Hollis
no flags Details
init script (deleted)
2005-07-05 04:56 UTC, Dan Hollis
no flags Details
/etc/mail/greylist.conf (deleted)
2005-07-05 04:59 UTC, Dan Hollis
no flags Details

Description Dan Hollis 2005-06-19 06:45:42 UTC
Description of problem:
if you strace -ff a task which forks/threads a lot, you get all sorts of
warnings and panics.

Version-Release number of selected component (if applicable):
strace-4.5.8-1

How reproducible:
Always

Steps to Reproduce:
1. strace -o file.trace -f -ff -p (pid)
2. 
3.
  
Actual results:
# strace -o greylist.trace -f -ff -p 7589
Process 6213 attached with 9 threads - interrupt to quit
Process 4876 attached
Process 25850 attached
Process 10890 attached
Process 20381 detached
*** glibc detected *** free(): invalid pointer: 0x00002f5697c4a000 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 11 threads - interrupt to quit
PANIC: attached pid 6213 exited
PANIC: handle_group_exit: 6213 leader 7589
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 12732 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ae10 ***
Aborted

# strace -o greylist.trace -f -ff -p 7589
Process 10890 attached with 10 threads - interrupt to quit
Process 12186 attached
Process 22321 attached
Process 4876 detached
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
greylist.trace: Bad file descriptor
Process 25850 detached
*** glibc detected *** double free or corruption (!prev): 0x000000000064ef20 ***
Aborted

Expected results:
It shouldn't crash.

Additional info:
Without the -ff parameter it works fine.

Comment 1 Roland McGrath 2005-07-04 23:18:13 UTC
This report needs a test program to attach strace to.

Comment 2 Dan Hollis 2005-07-05 03:20:00 UTC
milter-greylist is what i used. http://hcpnet.free.fr/milter-greylist/

i suspect any threaded program will experience the problem though.

Comment 3 Roland McGrath 2005-07-05 03:28:58 UTC
A proper test case supplies a particular program on a particular execution
environment with precise instructions for running commands that produce the problem.

Comment 4 Dan Hollis 2005-07-05 04:54:16 UTC
Created attachment 116338 [details]
exact binary used to crash strace on FC3 x86_64

Comment 5 Dan Hollis 2005-07-05 04:55:52 UTC
in /etc/sendmail.cf:

# Input mail filters
#O InputMailFilters
O InputMailFilters=greylist
Xgreylist, S=local:/var/milter-greylist/milter-greylist.sock

Comment 6 Dan Hollis 2005-07-05 04:56:44 UTC
Created attachment 116339 [details]
init script

Comment 7 Dan Hollis 2005-07-05 04:59:16 UTC
Created attachment 116340 [details]
/etc/mail/greylist.conf

Comment 8 Dan Hollis 2005-07-05 05:02:26 UTC
100% exact operating environment:
1) FC3 x86_64, exact 100% current (as of Mon Jul  4 21:59:45 PDT 2005) yum updates.
2) sendmail 8.13.1

100% exact steps:
1) install bug #160948 attachment files.
2) start milter-greylist and sendmail.
3) ps -auwx | grep milter-greylist
4) strace -o file.trace -f -ff (pid of milter-greylist)
5) send a bunch of email to the server.
6) watch strace crash.

Comment 9 Dan Hollis 2005-07-05 05:06:42 UTC
it is also very simple to build milter-greylist:

100% exact steps:
wget ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.0.tgz
rpmbuild -ta milter-greylist-2.0.tgz
rpm -Uvh /usr/src/redhat/RPMS/x86_64/milter-greylist*-2.0-1.x86_64.rpm

Comment 10 Dan Hollis 2005-07-05 19:28:47 UTC
please let me know if you need anything else.

Comment 11 Roland McGrath 2006-04-03 08:45:30 UTC
Similar bugs have been fixed in strace since this version.
The fc4 update and fc5 versions of strace should be fine.
If not, file a fresh report against the current version.


Note You need to log in before you can comment on or make changes to this bug.