mtrace triggers SIGBUS at first malloc

[Marcus Brinkmann]

Package: libc0.2
Version: 2.2.2-1

Hi,

mtrace() triggers SIGBUS on a server binary.
I tested the following patch to ext2fs:

--- gnu/cvs/hurd/ext2fs/ext2fs.c        Mon Jan  8 23:27:01 2001
+++ gnu/hurd/hurd/hurd-20010111/ext2fs/ext2fs.c Tue Mar  6 03:57:38 2001
@@ -28,6 +28,7 @@
 #include <error.h>
 #include <argz.h>
 #include <argp.h>
+#include <mcheck.h>
 #include <hurd/store.h>
 #include <version.h>
 #include "ext2fs.h"
@@ -166,6 +167,9 @@
 {
   error_t err;
   mach_port_t bootstrap;
+
+  setenv("MALLOC_TRACE", "/tmp/mtrace", 1);
+  mtrace();
 
   /* Initialize the diskfs library, parse arguments, and open the store.
      This starts the first diskfs thread for us.  */

The below transcript is the result. Note that this doesn't happen for a very
simple test case that only calls setenv/mtrace/malloc.

Thanks,
Marcus

Script started on Tue Mar  6 04:08:15 2001
hurd:~# gdb /hurd/ext2fs.mtrace
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-gnu0.2"...
(gdb) run
Starting program: /hurd/ext2fs.mtrace 

Program received signal SIGBUS, Bus error.
0x11e4910 in _dl_addr (address=0x804cce9, info=0x124fc4c) at dl-addr.c:67
67      dl-addr.c: No such file or directory.
(gdb) bt full
#0  0x11e4910 in _dl_addr (address=0x804cce9, info=0x124fc4c) at dl-addr.c:67
        l = (struct link_map *) 0x124fc4c
        match = (struct link_map *) 0x207c8
        symtab = (Elf32_Sym *) 0x207c8
        matchsym = (Elf32_Sym *) 0x8048034
        strtab = 0x8 <Address 0x8 out of bounds>
#1  0x1143c75 in tr_where (caller=0x804cce9) at mtrace.c:99
        info = {dli_fname = 0x169cb "", dli_fbase = 0x0, 
  dli_sname = 0x8 <Address 0x8 out of bounds>, dli_saddr = 0xddc9}
#2  0x1144074 in tr_mallochook (size=8, caller=0x804cce9) at mtrace.c:171
        size = 8
        hdr = (void *) 0x8056e30
#3  0x1140516 in __libc_malloc (bytes=8) at malloc.c:2701
        result = (void *) 0x1021c40
        bytes = 133064
        ar_ptr = (arena *) 0x124fe20
        nb = 133064
        victim = 0x8056a08
#4  0x804cce9 in parse_opt (key=16777219, arg=0x0, state=0x124fe20)
    at ../../ext2fs/ext2fs.c:106
        key = 16915520
        state = (struct argp_state *) 0x124fe20
        values = (struct {...} *) 0x0
#5  0x11c32bc in group_parse (group=0x8056a08, state=0x124fe20, key=16777219, 
---Type <return> to continue, or q <return> to quit---
    arg=0x0) at argp-parse.c:279
        group = (struct group *) 0x8056a08
        state = (struct argp_state *) 0x124fe20
#6  0x11c382d in parser_init (parser=0x124fe04, argp=0x124fd84, argc=1, 
    argv=0x124ff64, flags=8, input=0x124fea0) at argp-parse.c:566
        argp = (struct argp *) 0x124fe20
        argc = 16915520
        input = (void *) 0x1021c40
        err = 0
        group = (struct group *) 0x8056a08
        szs = {short_len = 115, long_len = 38, num_groups = 7, 
  num_child_inputs = 7}
#7  0x11c3fdd in __argp_parse (argp=0x124fd84, argc=1, argv=0x124ff64, 
    flags=8, end_index=0x0, input=0x124fea0) at argp-parse.c:931
        err = 16915520
        parser = {argp = 0x124fd84, 
  short_opts = 0x8056db4 "-DS:C:rws::nSEAT:mI:L?V", long_opts = 0x8056b44, 
  groups = 0x8056a08, egroup = 0x8056b04, child_inputs = 0x8056b28, 
  try_getopt = 1, state = {root_argp = 0x124fd84, argc = 1, argv = 0x124ff64, 
    next = 0, flags = 8, arg_num = 0, quoted = 0, input = 0x124fea0, 
    child_inputs = 0x8056b28, hook = 0x0, name = 0x0, err_stream = 0x80568b0, 
    out_stream = 0x8056858, pstate = 0x124fe04}, storage = 0x8056a08}
        arg_ebadkey = 0
#8  0x103eb24 in diskfs_init_main () from /lib/libdiskfs.so.0.2
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#9  0x804cadf in main (argc=1, argv=0x124ff64) at ../../ext2fs/ext2fs.c:176
        argc = 1
        argv = (char **) 0x124ff64
        err = 16915520
        bootstrap = 19201816
#10 0x10f7720 in __libc_start_main (main=0x804caa0 <main>, argc=1, 
    ubp_av=0x124ff64, init=0x804a1c4 <_init>, fini=0x8052a5c <_fini>, 
    rtld_fini=0xe6a0 <_dl_fini>, stack_end=0x124ff5c)
    at ../sysdeps/generic/libc-start.c:129
        fini = (void (*)()) 0x20700 <_dl_debug_impcalls>
        rtld_fini = (void (*)()) 0x124fc4c
        ubp_ev = (char **) 0x1021c40
(gdb) x/5i $pc
0x11e4910 <_dl_addr+176>:       mov    (%eax),%eax
0x11e4912 <_dl_addr+178>:       mov    %eax,(%ecx)
0x11e4914 <_dl_addr+180>:       mov    0x14c(%edx),%eax
0x11e491a <_dl_addr+186>:       mov    %eax,0x4(%ecx)
0x11e491d <_dl_addr+189>:       mov    0xfffffff4(%ebp),%edx
(gdb) i reg
eax            0x1021c40        16915520
ecx            0x124fc4c        19201100
edx            0x207c8  133064
ebx            0x12014b8        18879672
esp            0x124fb64        0x124fb64
ebp            0x124fb8c        0x124fb8c
esi            0x8048034        134512692
edi            0x8      8
eip            0x11e4910        0x11e4910
eflags         0x10246  66118
cs             0x17     23
ss             0x1f     31
ds             0x1f     31
es             0x1f     31
fs             0x1f     31
gs             0x1f     31
fctrl          0x0      0
fstat          0x0      0
ftag           0x0      0
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
(gdb) The program is running.  Exit anyway? (y or n) y
hurd:~# exit

Script done on Tue Mar  6 04:09:04 2001


-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de