172125 – cat: double free or corruption

Bug 172125 - cat: double free or corruption

Summary: cat: double free or corruption

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coreutils
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-10-31 17:29 UTC by Stephen Hemminger
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-11-16 23:27:59 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stephen Hemminger 2005-10-31 17:29:15 UTC

Description of problem:
 I received the following error from a test script.
This was on AMD 64 running FC4 with custom kernel (2.6.14).

Version-Release number of selected component (if applicable):
  cat (coreutils) 5.2.1

How reproducible:
   Happened sporadically through out 3 day test

Steps to Reproduce:
1. cat was being used to take data from a /proc file to file for analysis

2.
3.
  
Actual results:


Expected results:


Additional info:
 cat: double free or corruption (!prev): 0x0000000000506030 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3d49a6a71e]
/lib64/libc.so.6(__libc_free+0x6e)[0x3d49a6ac4e]
cat[0x40186f]
/lib64/libc.so.6(__libc_start_main+0xef)[0x3d49a1c3cf]
cat[0x401179]
======= Memory map: ========
00400000-00405000 r-xp 00000000 08:02 358034                             /bin/cat
00504000-00505000 rw-p 00004000 08:02 358034                             /bin/cat
00505000-00526000 rw-p 00505000 00:00 0                                  [heap]
3d49800000-3d4981a000 r-xp 00000000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d49919000-3d4991a000 r--p 00019000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d4991a000-3d4991b000 rw-p 0001a000 08:02 1822466                       
/lib64/ld-2.3.5.so
3d49a00000-3d49b2d000 r-xp 00000000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49b2d000-3d49c2c000 ---p 0012d000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c2c000-3d49c30000 r--p 0012c000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c30000-3d49c32000 rw-p 00130000 08:02 1822490                       
/lib64/libc-2.3.5.so
3d49c32000-3d49c36000 rw-p 3d49c32000 00:00 0
3d4ff00000-3d4ff0d000 r-xp 00000000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
3d4ff0d000-3d5000c000 ---p 0000d000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
3d5000c000-3d5000d000 rw-p 0000c000 08:02 1822605                       
/lib64/libgcc_s-4.0.1-20050727.so.1
2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0
2aaaaaac0000-2aaaaaac2000 rw-p 2aaaaaac0000 00:00 0
2aaaaaac2000-2aaaada14000 r--p 00000000 08:02 3750938                   
/usr/lib/locale/locale-archive
2aaaadb00000-2aaaadb21000 rw-p 2aaaadb00000 00:00 0
2aaaadb21000-2aaaadc00000 ---p 2aaaadb21000 00:00 0
7fffff866000-7fffff87b000 rw-p 7fffff866000 00:00 0                     
[stack]ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0

Comment 1 Tim Waugh 2005-11-07 09:39:14 UTC

Do you know which /proc file?  This could also be a kernel bug.

Comment 2 Stephen Hemminger 2005-11-16 23:27:59 UTC

it is a proc file from one of my kprobes based modules.  I think the count
return is not valid, so cat dies. 

Please close this bug.

Note You need to log in before you can comment on or make changes to this bug.