On Thu, Feb 08, 2007 at 09:04:37AM +1100, Russell Coker wrote: > Package: libc6 > Version: 2.3.6.ds1-10 > Severity: normal > > I had a system that (for unknown reasons) got a 0 byte mtab file. When > running "mount / -o remount" to fix this I got a glibc error. The mount > version is 2.12r-16. This is repeatable in the latest etch with the > following commands: > # echo -n > /etc/mtab > # mount / -o remount > *** glibc detected *** double free or corruption (!prev): 0x0805d7d0 *** > Aborted
ok, with a debug run, I had the attached valgrind check, and the gdb backtrace. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
[root hades] gdb ./mount
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) r -o remount /
Starting program: /home/madcoder/debian/tmp/util-linux-2.12r/mount/mount -o
remount /
Program exited normally.
(gdb) bt
No stack.
(gdb) r -o remount /
Starting program: /home/madcoder/debian/tmp/util-linux-2.12r/mount/mount -o
remount /
*** glibc detected *** double free or corruption (!prev): 0x0000000000516ed0 ***
Program received signal SIGABRT, Aborted.
0x00002aadd74fa07b in raise () from /lib/libc.so.6
(gdb) bt full
#0 0x00002aadd74fa07b in raise () from /lib/libc.so.6
No symbol table info available.
#1 0x00002aadd74fb84e in abort () from /lib/libc.so.6
No symbol table info available.
#2 0x00002aadd7530629 in __libc_message () from /lib/libc.so.6
No symbol table info available.
#3 0x00002aadd7537193 in _int_free () from /lib/libc.so.6
No symbol table info available.
#4 0x00002aadd753721e in free () from /lib/libc.so.6
No symbol table info available.
#5 0x0000000000402dfa in my_free (s=0x35ce) at mount.c:249
No locals.
#6 0x00000000004048f7 in try_mount_one (spec0=0x516e30 "/dev/hda1",
node0=0x517070 "/", types0=0x516de0 "ext3", opts0=0x516e50
"data=ordered,commit=300,errors=remount-ro,remount", freq=0, pass=0, bg=0, ro=0)
at mount.c:1096
res = 0
status = <value optimized out>
mnt5_res = <value optimized out>
mnt_err = <value optimized out>
flags = 32
extra_opts = 0x516f30 ""
mount_opts = 0x516f30 ""
opts = <value optimized out>
spec = 0x516e90 "\220oQ"
types = 0x516ed0 "�oQ"
user = 0x0
loop = 0
loopdev = 0x0
loopfile = 0x516e90 "\220oQ"
statbuf = {st_dev = 4257401, st_ino = 5337520, st_nlink = 5336512,
st_mode = 5336544, st_uid = 0, st_gid = 0, pad0 = 0, st_rdev = 46926128735889,
st_size = 1, st_blksize = 0, st_blocks = 5336512, st_atim = {tv_sec = 5336544,
tv_nsec = 46926129866896}, st_mtim = {tv_sec = 5336656, tv_nsec = 5337520},
st_ctim = {tv_sec = 46926128735138, tv_nsec = 5336656}, __unused =
{46926132166880, 5337520, 4257401}}
nfs_mount_version = 0
opts1 = 0x5171b0 "poQ"
spec1 = 0x516e90 "\220oQ"
node1 = 0x516eb0 "\200nQ"
types1 = 0x516ed0 "�oQ"
extra_opts1 = 0x516f30 ""
#7 0x0000000000404ade in mount_one (spec=0x516e30 "/dev/hda1", node=0x517070
"/", types=0x516de0 "ext3", opts=0x516e50
"data=ordered,commit=300,errors=remount-ro,remount", cmdlineopts=0x516dc0
"remount", freq=0, pass=0) at mount.c:1193
status = <value optimized out>
status2 = <value optimized out>
nspec = 0x0
#8 0x00000000004058ce in main (argc=<value optimized out>, argv=<value
optimized out>) at mount.c:1682
fstype = <value optimized out>
c = <value optimized out>
result = <value optimized out>
specseen = <value optimized out>
options = 0x516dc0 "remount"
test_opts = 0x0
node = <value optimized out>
spec = <value optimized out>
volumelabel = 0x0
uuid = 0x0
types = 0x0
mc = (struct mntentchn *) 0x5171f0
fd = <value optimized out>
==13659== Memcheck, a memory error detector. ==13659== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==13659== Using LibVEX rev 1732, a library for dynamic binary translation. ==13659== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==13659== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework. ==13659== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==13659== For more details, rerun with: -v ==13659== ==13659== Warning: ignored attempt to set SIGKILL handler in sigaction(); ==13659== the SIGKILL signal is uncatchable ==13659== Invalid free() / delete / delete[] ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x402DF9: my_free (mount.c:249) ==13659== by 0x403F2B: try_mount_one (mount.c:685) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== Address 0x4D60060 is 0 bytes inside a block of size 10 free'd ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x40597F: my_free (fstab.c:102) ==13659== by 0x4068A5: update_mtab (fstab.c:111) ==13659== by 0x403E8D: try_mount_one (mount.c:664) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== ==13659== Invalid free() / delete / delete[] ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x402DF9: my_free (mount.c:249) ==13659== by 0x403F38: try_mount_one (mount.c:686) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== Address 0x4D600A0 is 0 bytes inside a block of size 2 free'd ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x40597F: my_free (fstab.c:102) ==13659== by 0x4068AE: update_mtab (fstab.c:112) ==13659== by 0x403E8D: try_mount_one (mount.c:664) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== ==13659== Invalid free() / delete / delete[] ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x402DF9: my_free (mount.c:249) ==13659== by 0x4048F6: try_mount_one (mount.c:1096) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== Address 0x4D5FE48 is 0 bytes inside a block of size 5 free'd ==13659== at 0x4A1B66A: free (vg_replace_malloc.c:233) ==13659== by 0x40597F: my_free (fstab.c:102) ==13659== by 0x4068B7: update_mtab (fstab.c:113) ==13659== by 0x403E8D: try_mount_one (mount.c:664) ==13659== by 0x404ADD: mount_one (mount.c:1193) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== ==13659== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 8 from 1) ==13659== malloc/free: in use at exit: 5,226 bytes in 86 blocks. ==13659== malloc/free: 139 allocs, 56 frees, 11,519 bytes allocated. ==13659== For counts of detected errors, rerun with: -v ==13659== searching for pointers to 86 not-freed blocks. ==13659== checked 79,816 bytes. ==13659== ==13659== ==13659== 23 bytes in 3 blocks are definitely lost in loss record 2 of 6 ==13659== at 0x4A1BA55: malloc (vg_replace_malloc.c:149) ==13659== by 0x4B91311: strdup (in /usr/lib/debug/libc-2.3.6.so) ==13659== by 0x407255: xstrdup (xmalloc.c:62) ==13659== by 0x404D8F: main (mount.c:1525) ==13659== ==13659== ==13659== 50 bytes in 1 blocks are definitely lost in loss record 3 of 6 ==13659== at 0x4A1BA55: malloc (vg_replace_malloc.c:149) ==13659== by 0x40728B: xmalloc (xmalloc.c:39) ==13659== by 0x406FDD: xstrconcat3 (sundries.c:55) ==13659== by 0x404A04: mount_one (mount.c:1166) ==13659== by 0x4058CD: main (mount.c:1682) ==13659== ==13659== ==13659== 4,485 (376 direct, 4,109 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 6 ==13659== at 0x4A1BA55: malloc (vg_replace_malloc.c:149) ==13659== by 0x409C9E: initproctitle (setproctitle.c:45) ==13659== by 0x404CAE: main (mount.c:1491) ==13659== ==13659== LEAK SUMMARY: ==13659== definitely lost: 449 bytes in 5 blocks. ==13659== indirectly lost: 4,109 bytes in 46 blocks. ==13659== possibly lost: 0 bytes in 0 blocks. ==13659== still reachable: 668 bytes in 35 blocks. ==13659== suppressed: 0 bytes in 0 blocks. ==13659== Reachable blocks (those to which a pointer was found) are not shown. ==13659== To see them, rerun with: --leak-check=full --show-reachable=yes
pgpnnxNLx95Rk.pgp
Description: PGP signature
