Ptrace mprotect debugging trouble

Question

I'm having trouble with an research project. What i am trying to is to use ptrace to watch the execution of a target process. With the help of ptrace i am injecting a mprotect syscall into the targets code segment (similar to a breakpoint) and set the stack protection to PROT_NONE. After that i restore the original instructions and let the target continue. When i get an invalid permisson segfault i again inject the syscall to unprotect the stack again and afterwards i execute the instruction which caused the segfault and protect the stack again.

(This does indeed work for simple programs.)

My problem now is, that with this setup the target (pretty) randomly crashes in library function calls (no matter whether i use dynamic or static linking). By crashing i mean, it either tries to access memory which for some reason is not mapped, or it just keeps hanging in the function __lll_lock_wait_private (that was following a malloc call).

Let me emphasis again, that the crashes don't always happen and don't always happen at the same positions.

It kind of sounds like an synchronisation problem but as far as i can tell (meaning i looked into /proc/pid/tasks/) there is only one thread running.

So do you have any clue what could be the reason for this? Please tell me your suggestions even if you are not sure, i am running out of ideas here ...

Answer 1

It's also possible the non-determinism is created by address space randomization. You may want to disable that to try and make the problem more deterministic.

EDIT:

Given that turning ASR off 'fixes' the problem then maybe the under-lying problem might be:

1. Somewhere thinking 0 is invalid when it should be valid, or visaversa. (What I had).
2. Using addresses from one run against a different run?