Re: malloc() error; coredump
Neal P. Murphy
Fri May 27 05:22:28 2016
Now using an unstripped ld-2.18.so. And got this. The forked child continued to run.
May be getting somewhere.
----
timed out
forking to background
forked to background, child pid 19223
*** Error in `./dhcpcd': double free or corruption (!prev): 0x0966bdd0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x726e7)[0xb75dc6e7]
/lib/libc.so.6(+0x7a699)[0xb75e4699]
./dhcpcd[0x8080a08]
./dhcpcd[0x8080b34]
./dhcpcd[0x8052b90]
./dhcpcd[0x8051555]
/lib/libc.so.6(__libc_start_main+0xf5)[0xb7583a85]
./dhcpcd[0x804a401]
======= Memory map: ========
08048000-08097000 r-xp 00000000 08:04 76305 /root/dhcpcd-6.11.0/dhcpcd
08097000-08098000 rw-p 0004e000 08:04 76305 /root/dhcpcd-6.11.0/dhcpcd
08098000-08099000 rw-p 00000000 00:00 0
09653000-096b3000 rw-p 00000000 00:00 0 [heap]
b7514000-b7530000 r-xp 00000000 08:04 7456 /usr/lib/libgcc_s.so.1
b7530000-b7531000 rw-p 0001b000 08:04 7456 /usr/lib/libgcc_s.so.1
b7531000-b7548000 r-xp 00000000 08:04 352 /lib/libpthread-2.18.so
b7548000-b7549000 r--p 00016000 08:04 352 /lib/libpthread-2.18.so
b7549000-b754a000 rw-p 00017000 08:04 352 /lib/libpthread-2.18.so
b754a000-b754c000 rw-p 00000000 00:00 0
b754c000-b7553000 r-xp 00000000 08:04 2356 /lib/librt-2.18.so
b7553000-b7554000 r--p 00006000 08:04 2356 /lib/librt-2.18.so
b7554000-b7555000 rw-p 00007000 08:04 2356 /lib/librt-2.18.so
b7555000-b7562000 r-xp 00000000 08:04 3638 /usr/lib/libudev.so.1.1.6
b7562000-b7563000 rw-p 0000d000 08:04 3638 /usr/lib/libudev.so.1.1.6
b7569000-b756a000 rw-p 00000000 00:00 0
b756a000-b76ee000 r-xp 00000000 08:04 350 /lib/libc-2.18.so
b76ee000-b76ef000 ---p 00184000 08:04 350 /lib/libc-2.18.so
b76ef000-b76f1000 r--p 00184000 08:04 350 /lib/libc-2.18.so
b76f1000-b76f2000 rw-p 00186000 08:04 350 /lib/libc-2.18.so
b76f2000-b76f5000 rw-p 00000000 00:00 0
b76f5000-b76f8000 r-xp 00000000 08:04 2339 /lib/libdl-2.18.so
b76f8000-b76f9000 r--p 00002000 08:04 2339 /lib/libdl-2.18.so
b76f9000-b76fa000 rw-p 00003000 08:04 2339 /lib/libdl-2.18.so
b76fc000-b76fd000 rw-p 00000000 00:00 0
b76fd000-b76fe000 r-xp 00000000 08:04 3526 /usr/lib/dhcpcd/dev/udev.so
b76fe000-b76ff000 rw-p 00001000 08:04 3526 /usr/lib/dhcpcd/dev/udev.so
b76ff000-b7701000 rw-p 00000000 00:00 0
b7701000-b7702000 r-xp 00000000 00:00 0 [vdso]
b7702000-b7723000 r-xp 00000000 08:04 22904 /lib/ld-2.18.so
b7723000-b7724000 r--p 00020000 08:04 22904 /lib/ld-2.18.so
b7724000-b7725000 rw-p 00021000 08:04 22904 /lib/ld-2.18.so
bf84c000-bf86d000 rw-p 00000000 00:00 0 [stack]
Aborted (core dumped)
----
A 'bt full' from the coredump:
----
#0 0xb759a195 in raise () from /lib/libc.so.6
No symbol table info available.
#1 0xb759baf3 in abort () from /lib/libc.so.6
No symbol table info available.
#2 0xb75dc6ec in ?? () from /lib/libc.so.6
No symbol table info available.
#3 0xb75e4699 in ?? () from /lib/libc.so.6
No symbol table info available.
#4 0x080795c7 in dhcp6_makemessage (ifp=0x9669ce0) at dhcp6.c:502
state = 0x966b8c8
m = 0x2
o = 0x93
so = 0x0
eo = 0x0
si = 0x966b8c8
unicast = 0x966b488
l = 157725840
n = 0
len = 0
ml = 157727032
u8 = 0 '\000'
type = 8 '\b'
u16 = 13108
n_options = 42775
auth_len = 49030
ifo = 0x0
opt = 0x0
opt2 = 0x0
IA = 0 '\000'
p = 0x93 <Address 0x93 out of bounds>
pp = 0x5 <Address 0x5 out of bounds>
ap = 0x74
hbuf = '\000' <repeats 25 times>, "ED`\267\000\000\000\000\223\000\000\000\340\a\000\000\340\a\000\000\335\001\000\000%?^\267\374\250\206\277(\251\206\277\001\000\000\000\364\017o\267\000\000\000\000\000\000\000\000X\251\206\277\344\334`\267\030\177\b\b\374\250\206\277_\250\206\277\200\030o\267\001Mf\t\000\000\000\000\000\000\000\000\000\024o\267{Bk\267\000\000\000\000\001\000\000\000\300\ao\267\364\017o\267\000\000\000\000\000\000\000\000\320u^\267\004\000\000\000%\177\b\b\250\250\206\277", '\000' <repeats 12 times>"\310, \250\206\277I\037\a\b", '\000' <repeats 12 times>, "P\274f\t\004\000\000\000%\177\b\b\330\250\206\277\300\ao\267\000\000\000\000\000\000\000\000(\251\206\277k!\a\bP\274f\t%\177\b\b\234\251\206\277May 27 00:"
hostname = 0x0
fqdn = 0
iap = 0x2036353a
pdp = 0x0
#5 0x0807b9fb in dhcp6_startdiscover (arg=0x9669ce0) at dhcp6.c:1376
ifp = 0x9669ce0
state = 0x966b8c8
#6 0x0807bab4 in dhcp6_failrequest (arg=0x9669ce0) at dhcp6.c:1408
ifp = 0x9669ce0
#7 0x08052971 in eloop_start (eloop=0x9664bd8, signals=0xbf86abf4) at eloop.c:873
n = 0
e = 0x9664cc0
t = 0x966b420
now = {tv_sec = 21533, tv_nsec = 66983932}
ts = {tv_sec = 0, tv_nsec = 916822236}
tsp = 0xbf86a9f8
t0 = 0x0
epe = {events = 1, data = {ptr = 0x9664cc0, fd = 157699264, u32 = 157699264, u64 = 157699264}}
timeout = 917
#8 0x08051491 in main (argc=4, argv=0xbf86ade4) at dhcpcd.c:1926
ctx = {pidfile = "/var/run/dhcpcd.pid", '\000' <repeats 23 times>, cffile = 0xbf86ce0c "/root/dhcpcd6.conf",
options = 308637754430511145, logfile = 0x9664ef0 "/var/log/dhcpcd6.log", log_fd = 4, argc = 4, argv = 0xbf86ade4,
ifac = 3, ifav = 0x9664e80, ifdc = 3, ifdv = 0x9664ec0, ifc = 0, ifv = 0xbf86adf4, ifcc = 1, ifcv = 0x9664f10,
duid = 0x966be90 "", duid_len = 14, ifaces = 0x96721f0, pf_inet_fd = 7, priv = 0x9664c30, link_fd = 5, seq = 71,
sseq = 71, sigset = {__val = {0 <repeats 32 times>}}, eloop = 0x9664bd8, control_fd = 9, control_unpriv_fd = 10,
control_fds = {tqh_first = 0x0, tqh_last = 0xbf86ac80}, control_sock = "/var/run/dhcpcd.sock", '\000' <repeats 20 times>,
control_group = 0, vivso = 0x0, vivso_len = 0, randomstate = 0x0, ppid = 18907, pseq = 30, dhcp_opts = 0x96635a0,
dhcp_opts_len = 123, ipv4_routes = 0x0, ipv4_kroutes = 0x0, udp_fd = -1, opt_buffer = 0x0, opt_buffer_len = 0,
secret = 0x0, secret_len = 0, nd_opts = 0x9664ac8, nd_opts_len = 6, dhcp6_opts = 0x9668a68, dhcp6_opts_len = 70,
ipv6 = 0x966a910, dev_load = 0x0, dev_fd = 13, dev = 0x9665790, dev_handle = 0x9665400}
ifo = 0x0
ifp = 0x0
family = 10
opt = 1
oi = 0
i = 0
t = 30
len = 134837276
pid = 0
sig = 0
siga = 0x0
__func__ = "main"
----
Archive administrator: postmaster@marples.name