thr3ads.net - rsync - DO NOT REPLY [Bug 4912] New: rsync crashes with a double free or corrupted memory detection in glibc [Aug 2007]

If this information is useful, please help other people find it:
Share via:

samba-bugs@samba.org

2007-Aug-22 21:33 UTC

DO NOT REPLY [Bug 4912] New: rsync crashes with a double free or corrupted memory detection in glibc

https://bugzilla.samba.org/show_bug.cgi?id=4912

           Summary: rsync crashes with a double free or corrupted memory
                    detection in glibc
           Product: rsync
           Version: 2.6.9
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P3
         Component: core
        AssignedTo: wayned@samba.org
        ReportedBy: Richard.Brittain@dartmouth.edu
         QAContact: rsync-qa@samba.org


Running rsync 2.6.9 on Fedora Core 6, 32-bit x86 architecture, I get frequent 
aborts due to a free() error detected by glibc.  Error message is appended.
The error is reproducible if I run with the exact same set of arguments, but if
the file list to be transferred changes, it may work correctly.

Running with $MALLOC_CHECK_=1 works around the problem.  As far as I can tell,
the errors come from the receiving rsync, not the sending one.

Richard Brittain


*** glibc detected *** rsync: double free or corruption (fasttop): 0x08b30d68
***
======= Backtrace: ========/lib/libc.so.6[0xa6fa96]
/lib/libc.so.6(cfree+0x90)[0xa72fb0]
rsync[0x804b721]
rsync[0x804b9bb]
rsync[0x804f3dd]
rsync[0x80588f5]
rsync[0x80590e0]
rsync[0x805998e]
/lib/libc.so.6(__libc_start_main+0xdc)[0xa1edec]
rsync[0x804a811]
======= Memory map: =======00691000-00697000 r-xp 00000000 fd:00 17006780  
/lib/libacl.so.1.1.0
00697000-00698000 rwxp 00005000 fd:00 17006780   /lib/libacl.so.1.1.0
00871000-00875000 r-xp 00000000 fd:00 17006647   /lib/libattr.so.1.1.0
00875000-00876000 rwxp 00003000 fd:00 17006647   /lib/libattr.so.1.1.0
009ec000-00a05000 r-xp 00000000 fd:00 17006631   /lib/ld-2.5.so
00a05000-00a06000 r-xp 00019000 fd:00 17006631   /lib/ld-2.5.so
00a06000-00a07000 rwxp 0001a000 fd:00 17006631   /lib/ld-2.5.so
00a09000-00b43000 r-xp 00000000 fd:00 17006683   /lib/libc-2.5.so
00b43000-00b45000 r-xp 0013a000 fd:00 17006683   /lib/libc-2.5.so
00b45000-00b46000 rwxp 0013c000 fd:00 17006683   /lib/libc-2.5.so
00b46000-00b49000 rwxp 00b46000 00:00 0
00b8f000-00b90000 r-xp 00b8f000 00:00 0          [vdso]
00f8e000-00f97000 r-xp 00000000 fd:00 17006632   /lib/libnss_files-2.5.so
00f97000-00f98000 r-xp 00008000 fd:00 17006632   /lib/libnss_files-2.5.so
00f98000-00f99000 rwxp 00009000 fd:00 17006632   /lib/libnss_files-2.5.so
0565b000-05662000 r-xp 00000000 fd:00 5834125    /usr/lib/libpopt.so.0.0.0
05662000-05663000 rwxp 00006000 fd:00 5834125    /usr/lib/libpopt.so.0.0.0
05725000-05730000 r-xp 00000000 fd:00 17006682  
/lib/libgcc_s-4.1.2-20070626.so.1
05730000-05731000 rwxp 0000a000 fd:00 17006682  
/lib/libgcc_s-4.1.2-20070626.so.1
08047000-08093000 r-xp 00000000 fd:00 5845875    /usr/bin/rsync
08093000-08095000 rw-p 0004c000 fd:00 5845875    /usr/bin/rsync
08095000-080a5000 rw-p 08095000 00:00 0
08b2b000-08b92000 rw-p 08b2b000 00:00 0
b7c00000-b7c21000 rw-p b7c00000 00:00 0
b7c21000-b7d00000 ---p b7c21000 00:00 0
b7d22000-b7d63000 rw-p b7d22000 00:00 0
b7d63000-b7f63000 r--p 00000000 fd:00 5859512    /usr/lib/locale/locale-archive
b7f63000-b7f65000 rw-p b7f63000 00:00 0
bfd01000-bfd17000 rw-p bfd01000 00:00 0          [stack]
rsync: connection unexpectedly closed (8 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(453) [sender=2.6.9]


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2007-Aug-22 22:47 UTC

head link

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

https://bugzilla.samba.org/show_bug.cgi?id=4912





------- Comment #1 from hashproduct+rsync@gmail.com  2007-08-22 17:48 CST
-------
Well, could you show us the crashing command line and the file list (unless
it's secret)?  Could you reproduce the problem in a copy of rsync 2.6.9 that
has debug info in order to get a backtrace containing function names?


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2007-Aug-23 01:31 UTC

head link

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

https://bugzilla.samba.org/show_bug.cgi?id=4912





------- Comment #2 from Richard.Brittain@dartmouth.edu  2007-08-22 20:31 CST
-------
Created an attachment (id=2877)
 --> (https://bugzilla.samba.org/attachment.cgi?id=2877&action=view)
Example file list which exhibits the problem

Removing either /etc/mail or /usr/lib/httpd/modules from the list makes the
error go away.  
The actual command line is (part of a script, with obvious substitutions)

rsync --files-from system-sync-list --delete -avr
--rsync-path=/usr/local/etc/rsync-debug -F / $targetuser@$targethost:/  


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2007-Aug-23 01:54 UTC

head link

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

https://bugzilla.samba.org/show_bug.cgi?id=4912





------- Comment #3 from Richard.Brittain@dartmouth.edu  2007-08-22 20:54 CST
-------
Created an attachment (id=2878)
 --> (https://bugzilla.samba.org/attachment.cgi?id=2878&action=view)
strace output from receiving rsync process


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2007-Nov-09 04:09 UTC

head link

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

https://bugzilla.samba.org/show_bug.cgi?id=4912


wayned@samba.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #4 from wayned@samba.org  2007-11-08 22:09 CST -------
This appears to be the same crash as bug 4855, caused by the combination of -R
(implied by --files-from) and -F and some uninitialized memory in the filter
handling.  That bug report has a quick fix for 2.6.9, and development version
has this fixed.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

rsync - Aug 2007 - DO NOT REPLY [Bug 4912] New: rsync crashes with a double free or corrupted memory detection in glibc

DO NOT REPLY [Bug 4912] New: rsync crashes with a double free or corrupted memory detection in glibc

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

DO NOT REPLY [Bug 4912] rsync crashes with a double free or corrupted memory detection in glibc

Apparently Analagous Threads