Bug 172125

Summary: cat: double free or corruption
Product: [Fedora] Fedora Reporter: Stephen Hemminger <shemminger>
Component: coreutilsAssignee: Tim Waugh <twaugh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-16 23:27:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Hemminger 2005-10-31 17:29:15 UTC
Description of problem:
 I received the following error from a test script.
This was on AMD 64 running FC4 with custom kernel (2.6.14).

Version-Release number of selected component (if applicable):
  cat (coreutils) 5.2.1

How reproducible:
   Happened sporadically through out 3 day test

Steps to Reproduce:
1. cat was being used to take data from a /proc file to file for analysis

2.
3.
  
Actual results:


Expected results:


Additional info:
 cat: double free or corruption (!prev): 0x0000000000506030 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3d49a6a71e]
/lib64/libc.so.6(__libc_free+0x6e)[0x3d49a6ac4e]
cat[0x40186f]
/lib64/libc.so.6(__libc_start_main+0xef)[0x3d49a1c3cf]
cat[0x401179]
======= Memory map: ========
00400000-00405000 r-xp 00000000 08:02 358034                             /bin/cat
00504000-00505000 rw-p 00004000 08:02 358034                             /bin/cat
00505000-00526000 rw-p 00505000 00:00 0                                  [heap]
3d49800000-3d4981a000 r-xp 00000000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d49919000-3d4991a000 r--p 00019000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d4991a000-3d4991b000 rw-p 0001a000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d49a00000-3d49b2d000 r-xp 00000000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49b2d000-3d49c2c000 ---p 0012d000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c2c000-3d49c30000 r--p 0012c000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c30000-3d49c32000 rw-p 00130000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c32000-3d49c36000 rw-p 3d49c32000 00:00 0
3d4ff00000-3d4ff0d000 r-xp 00000000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
3d4ff0d000-3d5000c000 ---p 0000d000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
3d5000c000-3d5000d000 rw-p 0000c000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0
2aaaaaac0000-2aaaaaac2000 rw-p 2aaaaaac0000 00:00 0
2aaaaaac2000-2aaaada14000 r--p 00000000 08:02 3750938                   
/usr/lib/locale/locale-archive
2aaaadb00000-2aaaadb21000 rw-p 2aaaadb00000 00:00 0
2aaaadb21000-2aaaadc00000 ---p 2aaaadb21000 00:00 0
7fffff866000-7fffff87b000 rw-p 7fffff866000 00:00 0                     
[stack]ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0

Comment 1 Tim Waugh 2005-11-07 09:39:14 UTC
Do you know which /proc file?  This could also be a kernel bug.

Comment 2 Stephen Hemminger 2005-11-16 23:27:59 UTC
it is a proc file from one of my kprobes based modules.  I think the count
return is not valid, so cat dies. 

Please close this bug.