Description of problem: On an attempt to join AD domain (see below), glibc caught krb5 calling free() with an invalid pointer. Version-Release number of selected component (if applicable): 1.4-3 How reproducible: Sometimes. Steps to Reproduce: 1. Attempt to join and AD domain (see below). Additional info: This is what happens: ----------------------------------------- [root@bspc samba]# net ads join -U the_admin_account builde's password: [2005/06/20 11:34:12, 0] libads/ldap.c:ads_add_machine_acct(1512) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- SOMEDOMAIN Joined 'BSPC' to realm 'SOMEDOMAIN.SOME.WHERE' *** glibc detected *** net: free(): invalid pointer: 0x00002aaaab2a8580 *** ======= Backtrace: ========= /lib64/libc.so.6[0x2aaaab99694e] /lib64/libc.so.6(__libc_free+0x6e)[0x2aaaab996e7e] /lib64/libcom_err.so.2(remove_error_table+0x43)[0x2aaaab4d0db6] /usr/lib64/libkrb5.so.3[0x2aaaab14bd66] /usr/lib64/libkrb5.so.3[0x2aaaab14bb72] ======= Memory map: ======== 2aaaaaaab000-2aaaaaac5000 r-xp 00000000 fd:00 590055 /lib64/ ld-2.3.5.so 2aaaaaac5000-2aaaaaac6000 rw-p 2aaaaaac5000 00:00 0 2aaaaaae5000-2aaaaaae6000 rw-p 2aaaaaae5000 00:00 0 2aaaaabc4000-2aaaaabc5000 r--p 00019000 fd:00 590055 /lib64/ ld-2.3.5.so 2aaaaabc5000-2aaaaabc6000 rw-p 0001a000 fd:00 590055 /lib64/ ld-2.3.5.so 2aaaaabc6000-2aaaaabcb000 r-xp 00000000 fd:00 590074 /lib64/ libcrypt-2.3.5.so 2aaaaabcb000-2aaaaacca000 ---p 00005000 fd:00 590074 /lib64/ libcrypt-2.3.5.so 2aaaaacca000-2aaaaaccb000 r--p 00004000 fd:00 590074 /lib64/ libcrypt-2.3.5.so 2aaaaaccb000-2aaaaaccc000 rw-p 00005000 fd:00 590074 /lib64/ libcrypt-2.3.5.so 2aaaaaccc000-2aaaaacfa000 rw-p 2aaaaaccc000 00:00 0 2aaaaacfa000-2aaaaad0e000 r-xp 00000000 fd:00 590067 /lib64/ libnsl-2.3.5.so 2aaaaad0e000-2aaaaae0d000 ---p 00014000 fd:00 590067 /lib64/ libnsl-2.3.5.so 2aaaaae0d000-2aaaaae0e000 r--p 00013000 fd:00 590067 /lib64/ libnsl-2.3.5.so 2aaaaae0e000-2aaaaae0f000 rw-p 00014000 fd:00 590067 /lib64/ libnsl-2.3.5.so 2aaaaae0f000-2aaaaae11000 rw-p 2aaaaae0f000 00:00 0 2aaaaae11000-2aaaaae13000 r-xp 00000000 fd:00 590058 /lib64/ libdl-2.3.5.so 2aaaaae13000-2aaaaaf13000 ---p 00002000 fd:00 590058 /lib64/ libdl-2.3.5.so 2aaaaaf13000-2aaaaaf14000 r--p 00002000 fd:00 590058 /lib64/ libdl-2.3.5.so 2aaaaaf14000-2aaaaaf15000 rw-p 00003000 fd:00 590058 /lib64/ libdl-2.3.5.so 2aaaaaf15000-2aaaaaf16000 rw-p 2aaaaaf15000 00:00 0 2aaaaaf16000-2aaaaaf1d000 r-xp 00000000 fd:00 1420588 /usr/li b64/libpopt.so.0.0.0 2aaaaaf1d000-2aaaab01d000 ---p 00007000 fd:00 1420588 /usr/li b64/libpopt.so.0.0.0 2aaaab01d000-2aaaab01e000 rw-p 00007000 fd:00 1420588 /usr/li b64/libpopt.so.0.0.0 2aaaab01e000-2aaaab034000 r-xp 00000000 fd:00 1425320 /usr/li b64/libgssapi_krb5.so.2.2 2aaaab034000-2aaaab133000 ---p 00016000 fd:00 1425320 /usr/li b64/libgssapi_krb5.so.2.2 2aaaab133000-2aaaab135000 rw-p 00015000 fd:00 1425320 /usr/li b64/libgssapi_krb5.so.2.2 2aaaab135000-2aaaab1a5000 r-xp 00000000 fd:00 1425319 /usr/li b64/libkrb5.so.3.2 2aaaab1a5000-2aaaab2a4000 ---p 00070000 fd:00 1425319 /usr/li b64/libkrb5.so.3.2 2aaaab2a4000-2aaaab2a9000 rw-p 0006f000 fd:00 1425319 /usr/li b64/libkrb5.so.3.2 2aaaab2a9000-2aaaab2aa000 rw-p 2aaaab2a9000 00:00 0 2aaaab2aa000-2aaaab2cc000 r-xp 00000000 fd:00 1425318 /usr/li b64/libk5crypto.so.3.0 2aaaab2cc000-2aaaab3cb000 ---p 00022000 fd:00 1425318 /usr/li b64/libk5crypto.so.3.0 2aaaab3cb000-2aaaab3cd000 rw-p 00021000 fd:00 1425318 /usr/li b64/libk5crypto.so.3.0 2aaaab3cd000-2aaaab3cf000 r-xp 00000000 fd:00 1421931 /usr/li ----------------------------------------- Maybe Kerberos bug 3087?
The Kerberos ticket is actually here: http://krbdev.mit.edu/rt/Ticket/Display.html?id=3087
Ditto here on a x86 32bit install.
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
Hmm, the ticket was never closed upstream... I can give it a try again, but it's going to be in a completely different environment, as I don't have access to the computers where this occurred any more.
This should have been fixed by updating e2fsprogs to version 1.38, which avoided crashes due to earlier versions of e2fsprogs libcom_err not conforming to expectations of krb5 1.4 and later. Closing as next-release because FC5 incorporated these versions (the e2fsprogs update was also released for FC4).