Bug 197072 - useradd crash : invalid pointer
useradd crash : invalid pointer
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: shadow-utils (Show other bugs)
5
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-28 09:42 EDT by Jerry Amundson
Modified: 2009-07-14 12:03 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-14 12:03:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
strace -tfqvx -s 0 (32.77 KB, text/plain)
2006-06-28 09:42 EDT, Jerry Amundson
no flags Details
strace -f (with/without nscd) (58.28 KB, text/plain)
2006-06-29 11:58 EDT, Jerry Amundson
no flags Details
gdb session (4.80 KB, text/x-diff)
2006-06-29 12:03 EDT, Jerry Amundson
no flags Details

  None (edit)
Description Jerry Amundson 2006-06-28 09:42:14 EDT
Description of problem:
useradd crashes with "invalid pointer"

Version-Release number of selected component (if applicable):
shadow-utils-4.0.14-9.FC5

How reproducible:
Always

Steps to Reproduce:
1. useradd foo
2.
3.
  
Actual results:
[root@jerrya ~]# trace /usr/sbin/useradd foo > /tmp/u2 2>&1
*** glibc detected *** /usr/sbin/useradd: munmap_chunk(): invalid pointer: 
0x08cc2de0 ***
======= Backtrace: =========
/lib/libc.so.6(__libc_free+0x179)[0x2664f0]
/lib/libnss_nis.so.2(_nss_nis_getgrent_r+0x2c3)[0xd4021d]
/lib/libc.so.6[0x2d911f]
/lib/libc.so.6(getgrent_r+0xa6)[0x287b16]
/lib/libc.so.6[0x2d8d57]
/lib/libc.so.6(getgrent+0x6a)[0x287526]
/usr/sbin/useradd[0x804b255]
/usr/sbin/useradd[0x804d6dd]
/lib/libc.so.6(__libc_start_main+0xdc)[0x214724]
/usr/sbin/useradd[0x8049ee1]
======= Memory map: ========
001ff000-0032c000 r-xp 00000000 fd:01 682877     /lib/libc-2.4.so
0032c000-0032e000 r-xp 0012d000 fd:01 682877     /lib/libc-2.4.so
0032e000-0032f000 rwxp 0012f000 fd:01 682877     /lib/libc-2.4.so
0032f000-00332000 rwxp 0032f000 00:00 0
00467000-0046a000 r-xp 00000000 fd:01 683186     /lib/libsetrans.so.0
0046a000-0046b000 rwxp 00002000 fd:01 683186     /lib/libsetrans.so.0
005b0000-005c2000 r-xp 00000000 fd:01 683241     /lib/libnsl-2.4.so
005c2000-005c3000 r-xp 00011000 fd:01 683241     /lib/libnsl-2.4.so
005c3000-005c4000 rwxp 00012000 fd:01 683241     /lib/libnsl-2.4.so
005c4000-005c6000 rwxp 005c4000 00:00 0
0076f000-0077e000 r-xp 00000000 fd:01 687016     /lib/libaudit.so.0.0.0
0077e000-00780000 rwxp 0000e000 fd:01 687016     /lib/libaudit.so.0.0.0
009fc000-00a34000 r-xp 00000000 fd:01 682854     /lib/libsepol.so.1
00a34000-00a35000 rwxp 00037000 fd:01 682854     /lib/libsepol.so.1
00a35000-00a3f000 rwxp 00a35000 00:00 0
00a41000-00a43000 r-xp 00000000 fd:01 683224     /lib/libdl-2.4.so
00a43000-00a44000 r-xp 00001000 fd:01 683224     /lib/libdl-2.4.so
00a44000-00a45000 rwxp 00002000 fd:01 683224     /lib/libdl-2.4.so
00a62000-00a6b000 r-xp 00000000 fd:01 687026     /lib/libnss_files-2.4.so
00a6b000-00a6c000 r-xp 00008000 fd:01 687026     /lib/libnss_files-2.4.so
00a6c000-00a6d000 rwxp 00009000 fd:01 687026     /lib/libnss_files-2.4.so
00aa5000-00aa6000 r-xp 00aa5000 00:00 0          [vdso]
00aa6000-00abf000 r-xp 00000000 fd:01 683187     /lib/ld-2.4.so
00abf000-00ac0000 r-xp 00018000 fd:01 683187     /lib/ld-2.4.so
00ac0000-00ac1000 rwxp 00019000 fd:01 683187     /lib/ld-2.4.so
00ac3000-00ad8000 r-xp 00000000 fd:01 683235     /lib/libselinux.so.1
00ad8000-00ada000 rwxp 00014000 fd:01 683235     /lib/libselinux.so.1
00baa000-00bb5000 r-xp 00000000 fd:01 
683226     /lib/libgcc_s-4.1.1-20060525.so.1
00bb5000-00bb6000 rwxp 0000a000 fd:01 
683226     /lib/libgcc_s-4.1.1-20060525.so.1
00d3c000-00d44000 r-xp 00000000 fd:01 687030     /lib/libnss_nis-2.4.so
00d44000-00d45000 r-xp 00007000 fd:01 687030     /lib/libnss_nis-2.4.so
00d45000-00d46000 rwxp 00008000 fd:01 687030     /lib/libnss_nis-2.4.so
00d71000-00d76000 r-xp 00000000 fd:01 683236     /lib/libcrypt-2.4.so
00d76000-00d77000 r-xp 00004000 fd:01 683236     /lib/libcrypt-2.4.so
00d77000-00d78000 rwxp 00005000 fd:01 683236     /lib/libcrypt-2.4.so
00d78000-00d9f000 rwxp 00d78000 00:00 0
08047000-08058000 r-xp 00000000 fd:01 852635     /usr/sbin/useradd
08058000-0805a000 rw-p 00010000 fd:01 852635     /usr/sbin/useradd
0805a000-08062000 rw-p 0805a000 00:00 0
08cae000-08ccf000 rw-p 08cae000 00:00 0          [heap]
b7d51000-b7d99000 rw-p b7d51000 00:00 0
b7d99000-b7f99000 r--p 00000000 fd:01 
848422     /usr/lib/locale/locale-archive
b7f99000-b7f9c000 rw-p b7f99000 00:00 0
b7fb4000-b7fb5000 r--p 0081b000 fd:01 
848422     /usr/lib/locale/locale-archive
bf8a1000-bf8b7000 rw-p bf8a1000 00:00 0          [stack]


Expected results:
A new user in the systems

Additional info:
Comment 1 Jerry Amundson 2006-06-28 09:42:14 EDT
Created attachment 131667 [details]
strace -tfqvx -s 0
Comment 2 Peter Vrabec 2006-06-29 09:23:23 EDT
I can not reproduce it.

Could you send output of:
#strace -f useradd foo
and 
backtrace from gdb will be good.(shadow-utils-debuginfo installed)

Is your nscd service running?
Comment 3 Jerry Amundson 2006-06-29 11:58:08 EDT
Created attachment 131755 [details]
strace -f (with/without nscd)
Comment 4 Jerry Amundson 2006-06-29 12:03:20 EDT
Created attachment 131756 [details]
gdb session
Comment 5 Peter Vrabec 2006-08-24 04:23:47 EDT
Jakub, don't u know what might be reason of this useradd invalid pointer crash?

#useradd foo

Program received signal SIGABRT, Aborted.
0x00aa5402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00aa5402 in __kernel_vsyscall ()
#1  0x00227069 in raise () from /lib/libc.so.6
#2  0x00228671 in abort () from /lib/libc.so.6
#3  0x0025ba4b in __libc_message () from /lib/libc.so.6
#4  0x002664f0 in free () from /lib/libc.so.6
#5  0x00c8421d in _nss_nis_getgrent_r () from /lib/libnss_nis.so.2
#6  0x002d911f in __nss_getent_r () from /lib/libc.so.6
#7  0x00287b16 in getgrent_r@@GLIBC_2.1.2 () from /lib/libc.so.6
#8  0x002d8d57 in __nss_getent () from /lib/libc.so.6
#9  0x00287526 in getgrent () from /lib/libc.so.6
#10 0x0804b255 in find_new_gid () at useradd.c:965
#11 0x0804d6dd in main (argc=2, argv=0xbfce0f54) at useradd.c:1822
#12 0x00214724 in __libc_start_main () from /lib/libc.so.6
#13 0x08049ee1 in _start ()
Comment 6 Peter Vrabec 2007-03-28 08:49:23 EDT
I'm sorry, but I'm not able to reproduce it.
Comment 7 Kyle VanderBeek 2009-04-08 22:08:43 EDT
Jerry: a friend of mine ran into something similar at work.  Out of curiosity, do you use NIS?  This may be part of the repro conditions.
Comment 8 Jerry Amundson 2009-04-10 09:03:28 EDT
(In reply to comment #7)
> Jerry: a friend of mine ran into something similar at work.  Out of curiosity,
> do you use NIS?  This may be part of the repro conditions.  

Yes, I'm using NIS.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 9 Kyle VanderBeek 2009-04-13 13:00:25 EDT
This looks like it may actually be inside libnss_nis.  The call that adduser.c makes (getgrent()) doesn't even pass any data.  Any way you could re-run the gdb session with glibc-debuginfo installed?

I'm trying to find out NIS info at work to try to repro this on Fedora.
Comment 10 John Poelstra 2009-06-08 19:55:41 EDT
What is the correct fedora version this bug belongs to?  Does it occur on a supported version of Fedora? FC5 is no longer supported.

Thanks,
John
Comment 11 John Poelstra 2009-07-14 12:03:00 EDT
No response.  Closing.

Note You need to log in before you can comment on or make changes to this bug.