Bug 169813
Summary: | getpwnam() randomly crashes with nscd running (invalid pointer) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Piotr Gackiewicz <gacek> | ||||
Component: | glibc | Assignee: | Jakub Jelinek <jakub> | ||||
Status: | CLOSED UPSTREAM | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-10-04 08:09:59 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Piotr Gackiewicz
2005-10-03 22:16:59 UTC
Can you please: 1) install glibc-debuginfo-2.3.5-10.3.x86_64.rpm 2) run one of the programs under valgrind to see where exactly the bug occurred Thanks. Sorry, valgrind complains about "Exec format error": [root@mail ~]# valgrind setquota valgrind: wrong executable class (eg. 32-bit instead valgrind: of 64-bit) valgrind: do_exec(/usr/sbin/setquota) failed: Exec format error [root@mail ~]# file /usr/sbin/setquota /usr/sbin/setquota: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), stripped Same with perl. Is there available 64bit valgrind version somewhere? I can only reproduce and track this bug with gdb: [root@mail ~]# gdb /usr/bin/perl GNU gdb Red Hat Linux (6.3.0.0-1.21rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib64/libthread_db.so.1". (gdb) run -e 'while (1) { getpwnam("gacek")}' Starting program: /usr/bin/perl -e 'while (1) { getpwnam("gacek")}' [Thread debugging using libthread_db enabled] [New Thread 46912510500896 (LWP 26002)] *** glibc detected *** /usr/bin/perl: free(): invalid pointer: 0x00002aaaae7d11e0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x2aaaab69571e] /lib64/libc.so.6(__libc_free+0x6e)[0x2aaaab695c4e] /lib64/libc.so.6[0x2aaaab72173d] /lib64/libc.so.6[0x2aaaab721866] /lib64/libc.so.6(getpwnam_r+0x168)[0x2aaaab6bc2a8] /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_gpwent+0x3f1)[0x2aaaaaca62bd] /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_debug+0x141)[0x2aaaaac453cd] /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x42e)[0x2aaaaabffdbe] /usr/bin/perl(main+0xf9)[0x401a01] /lib64/libc.so.6(__libc_start_main+0xef)[0x2aaaab6473cf] /usr/bin/perl[0x401879] ======= Memory map: ======== 00400000-00404000 r-xp 00000000 fd:03 32829 /usr/bin/perl 00503000-00504000 rw-p 00003000 fd:03 32829 /usr/bin/perl 00504000-00526000 rw-p 00504000 00:00 0 [heap] 2aaaaaaab000-2aaaaaac5000 r-xp 00000000 50:01 49176 /lib64/ld-2.3.5.so 2aaaaaac5000-2aaaaaac7000 rw-p 2aaaaaac5000 00:00 0 2aaaaabc4000-2aaaaabc5000 r--p 00019000 50:01 49176 /lib64/ld-2.3.5.so 2aaaaabc5000-2aaaaabc6000 rw-p 0001a000 50:01 49176 /lib64/ld-2.3.5.so 2aaaaabc6000-2aaaaad07000 r-xp 00000000 fd:03 229707 /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so 2aaaaad07000-2aaaaae07000 ---p 00141000 fd:03 229707 /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so 2aaaaae07000-2aaaaae16000 rw-p 00141000 fd:03 229707 /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so 2aaaaae16000-2aaaaae18000 rw-p 2aaaaae16000 00:00 0 2aaaaae27000-2aaaaae38000 r-xp 00000000 50:01 49272 /lib64/libresolv-2.3.5.so 2aaaaae38000-2aaaaaf38000 ---p 00011000 50:01 49272 /lib64/libresolv-2.3.5.so 2aaaaaf38000-2aaaaaf39000 r--p 00011000 50:01 49272 /lib64/libresolv-2.3.5.so 2aaaaaf39000-2aaaaaf3a000 rw-p 00012000 50:01 49272 /lib64/libresolv-2.3.5.so 2aaaaaf3a000-2aaaaaf3c000 rw-p 2aaaaaf3a000 00:00 0 2aaaaaf3c000-2aaaaaf50000 r-xp 00000000 50:01 49227 /lib64/libnsl-2.3.5.so 2aaaaaf50000-2aaaab04f000 ---p 00014000 50:01 49227 /lib64/libnsl-2.3.5.so 2aaaab04f000-2aaaab050000 r--p 00013000 50:01 49227 /lib64/libnsl-2.3.5.so 2aaaab050000-2aaaab051000 rw-p 00014000 50:01 49227 /lib64/libnsl-2.3.5.so 2aaaab051000-2aaaab053000 rw-p 2aaaab051000 00:00 0 2aaaab053000-2aaaab055000 r-xp 00000000 50:01 49215 /lib64/libdl-2.3.5.so 2aaaab055000-2aaaab155000 ---p 00002000 50:01 49215 /lib64/libdl-2.3.5.so 2aaaab155000-2aaaab156000 r--p 00002000 50:01 49215 /lib64/libdl-2.3.5.so 2aaaab156000-2aaaab157000 rw-p 00003000 50:01 49215 /lib64/libdl-2.3.5.so 2aaaab157000-2aaaab158000 rw-p 2aaaab157000 00:00 0 2aaaab158000-2aaaab1dc000 r-xp 00000000 50:01 49224 /lib64/libm-2.3.5.so 2aaaab1dc000-2aaaab2dc000 ---p 00084000 50:01 49224 /lib64/libm-2.3.5.so 2aaaab2dc000-2aaaab2dd000 r--p 00084000 50:01 49224 /lib64/libm-2.3.5.so 2aaaab2dd000-2aaaab2de000 rw-p 00085000 50:01 49224 /lib64/libm-2.3.5.so 2aaaab2de000-2aaaab2e3000 r-xp 00000000 50:01 49207 /lib64/libcrypt-2.3.5.so 2aaaab2e3000-2aaaab3e2000 ---p 00005000 50:01 49207 /lib64/libcrypt-2.3.5.so 2aaaab3e2000-2aaaab3e3000 r--p 00004000 50:01 49207 /lib64/libcrypt-2.3.5.so 2aaaab3e3000-2aaaab3e4000 rw-p 00005000 50:01 49207 /lib64/libcrypt-2.3.5.so 2aaaab3e4000-2aaaab412000 rw-p 2aaaab3e4000 00:00 0 2aaaab412000-2aaaab414000 r-xp 00000000 50:01 49248 /lib64/libutil-2.3.5.so 2aaaab414000-2aaaab513000 ---p 00002000 50:01 49248 /lib64/libutil-2.3.5.so 2aaaab513000-2aaaab514000 r--p 00001000 50:01 49248 /lib64/libutil-2.3.5.so 2aaaab514000-2aaaab515000 rw-p 00002000 50:01 49248 /lib64/libutil-2.3.5.so 2aaaab515000-2aaaab516000 rw-p 2aaaab515000 00:00 0 2aaaab516000-2aaaab525000 r-xp 00000000 50:01 49164 /lib64/libpthread-2.3.5.so 2aaaab525000-2aaaab625000 ---p 0000f000 50:01 49164 /lib64/libpthread-2.3.5.so 2aaaab625000-2aaaab626000 r--p 0000f000 50:01 49164 /lib64/libpthread-2.3.5.so 2aaaab626000-2aaaab627000 rw-p 00010000 50:01 49164 /lib64/libpthread-2.3.5.so 2aaaab627000-2aaaab62b000 rw-p 2aaaab627000 00:00 0 2aaaab62b000-2aaaab758000 r-xp 00000000 50:01 49159 /lib64/libc-2.3.5.so 2aaaab758000-2aaaab857000 ---p 0012d000 50:01 49159 /lib64/libc-2.3.5.so 2aaaab857000-2aaaab85b000 r--p 0012c000 50:01 49159 /lib64/libc-2.3.5.so 2aaaab85b000-2aaaab85d000 rw-p 00130000 50:01 49159 /lib64/libc-2.3.5.so 2aaaab85d000-2aaaab863000 rw-p 2aaaab85d000 00:00 0 2aaaab863000-2aaaae7b1000 r--p 00000000 fd:03 169013 /usr/lib/locale/locale-archive 2aaaae7b1000-2aaaae7d2000 rw-p 2aaaae7b1000 00:00 0 2aaaae800000-2aaaae821000 rw-p 2aaaae800000 00:00 0 2aaaae821000-2aaaae900000 ---p 2aaaae821000 00:00 0 2aaaae900000-2aaaae90d000 r-xp 00000000 50:01 49230 /lib64/libgcc_s-4.0.1-20050727.so.1 2aaaae90d000-2aaaaea0c000 ---p 0000d000 50:01 49230 /lib64/libgcc_s-4.0.1-20050727.so.1 2aaaaea0c000-2aaaaea0d000 rw-p 0000c000 50:01 49230 /lib64/libgcc_s-4.0.1-20050727.so.1 7fffff998000-7fffff9ae000 rw-p 7fffff998000 00:00 0 [stack] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso] Program received signal SIGABRT, Aborted. [Switching to Thread 46912510500896 (LWP 26002)] 0x00002aaaab65a280 in *__GI_raise (sig=Variable "sig" is not available. ) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67 67 int res = INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) where #0 0x00002aaaab65a280 in *__GI_raise (sig=Variable "sig" is not available. ) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67 #1 0x00002aaaab65b750 in *__GI_abort () at ../sysdeps/generic/abort.c:88 #2 0x00002aaaab68fa7f in __libc_message (do_abort=Variable "do_abort" is not available. ) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00002aaaab69571e in _int_free (av=0x2aaaab85d680, mem=Variable "mem" is not available. ) at malloc.c:5578 #4 0x00002aaaab695c4e in *__GI___libc_free (mem=Variable "mem" is not available. ) at malloc.c:3419 #5 0x00002aaaab72173d in nscd_getpw_r (key=0x523950 "gacek", keylen=6, type=GETPWBYNAME, resultbuf=0x2aaaae7d11e0, buffer=0x50eaf0 "gacek", buflen=4096, result=0x2aaaae7d1220) at nscd_getpw_r.c:230 #6 0x00002aaaab721866 in __nscd_getpwnam_r (name=0x523950 "gacek", resultbuf=0x2aaaae7d11e0, buffer=0x50eaf0 "gacek", buflen=4096, result=0x2aaaae7d1220) at nscd_getpw_r.c:52 #7 0x00002aaaab6bc2a8 in __getpwnam_r (name=0x523950 "gacek", resbuf=0x2aaaae7d11e0, buffer=0x50eaf0 "gacek", buflen=4096, result=0x2aaaae7d1220) at ../nss/getXXbyYY_r.c:162 #8 0x00002aaaaaca62bd in Perl_pp_gpwent () from /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so #9 0x00002aaaaac453cd in Perl_runops_debug () from /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so #10 0x00002aaaaabffdbe in perl_run () from /usr/lib64/perl5/5.8.6/x86_64-linux-thread-multi/CORE/libperl.so #11 0x0000000000401a01 in main () Valgrind supporting x86-64 is in rawhide. Just rpmbuild --rebuild the src.rpm on FC4, so that you can use it there as well. Created attachment 119578 [details]
valgrind output
This is valgrind output
I have included requested valgrind output as attachment in this bug report. This is upstream BZ#1363, already fixed on the trunk. http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&r1=1.9536&r2=1.9537 http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/nscd/nscd_getpw_r.c.diff?cvsroot=glibc&r1=1.30&r2=1.31 It will be included in the next FC4 glibc update, whenever it happens. |