Bug#533040: Segementation fault on strace when doing a cp -a
Package: libc6
Version: 2.7-18
Hi,
I get a segmentation fault, when trying to do strace on a cp -a
command. For example:
# strace -o cp.strace cp -a /usr/src/linux-2.6.30/Documentation .
Segmentation fault
# dmesg | tail -1
strace[14189] general protection ip:7f0bc23b3a47 sp:7fff20eef1c0
error:0 in libc-2.7.so[7f0bc2340000+14a000]
#uname -r
2.6.30
I did a small analysis to find the bug, but I'm not sure if it's correct:
# export LD_LIBRARY_PATH=/usr/lib/debug/
# gdb -q
(gdb) file strace
Reading symbols from /usr/bin/strace...(no debugging symbols found)...done.
(gdb) directory /usr/src/debian/glibc-2.7/glibc-2.7/malloc/ # <---
apt-get source and untar
Source directories searched:
/usr/src/debian/glibc-2.7/glibc-2.7/malloc:$cdir:$cwd
(gdb) run -o 1 cp -a /usr/src/linux-2.6.30/Documentation .
Starting program: /usr/bin/strace -o 1 cp -a
/usr/src/linux-2.6.30/Documentation .
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
malloc_consolidate (av=0x7fa23bb309e0) at malloc.c:4834
4834 unlink(p, bck, fwd);
(gdb) list
4829
4830 if (!prev_inuse(p)) {
4831 prevsize = p->prev_size;
4832 size += prevsize;
4833 p = chunk_at_offset(p, -((long) prevsize));
4834 unlink(p, bck, fwd);
4835 }
4836
4837 if (nextchunk != av->top) {
4838 nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
(gdb) print fwd
$1 = (mchunkptr) 0x1
Of course, it could be either cp or strace that have the bug (e.g.
memory corruption).
ii coreutils 6.10-6
The GNU core utilities
ii strace 4.5.17+cvs080723-2
A system call tracer
Thanks,
Reply to: