Description of problem: useradd crashes with "invalid pointer" Version-Release number of selected component (if applicable): shadow-utils-4.0.14-9.FC5 How reproducible: Always Steps to Reproduce: 1. useradd foo 2. 3. Actual results: [root@jerrya ~]# trace /usr/sbin/useradd foo > /tmp/u2 2>&1 *** glibc detected *** /usr/sbin/useradd: munmap_chunk(): invalid pointer: 0x08cc2de0 *** ======= Backtrace: ========= /lib/libc.so.6(__libc_free+0x179)[0x2664f0] /lib/libnss_nis.so.2(_nss_nis_getgrent_r+0x2c3)[0xd4021d] /lib/libc.so.6[0x2d911f] /lib/libc.so.6(getgrent_r+0xa6)[0x287b16] /lib/libc.so.6[0x2d8d57] /lib/libc.so.6(getgrent+0x6a)[0x287526] /usr/sbin/useradd[0x804b255] /usr/sbin/useradd[0x804d6dd] /lib/libc.so.6(__libc_start_main+0xdc)[0x214724] /usr/sbin/useradd[0x8049ee1] ======= Memory map: ======== 001ff000-0032c000 r-xp 00000000 fd:01 682877 /lib/libc-2.4.so 0032c000-0032e000 r-xp 0012d000 fd:01 682877 /lib/libc-2.4.so 0032e000-0032f000 rwxp 0012f000 fd:01 682877 /lib/libc-2.4.so 0032f000-00332000 rwxp 0032f000 00:00 0 00467000-0046a000 r-xp 00000000 fd:01 683186 /lib/libsetrans.so.0 0046a000-0046b000 rwxp 00002000 fd:01 683186 /lib/libsetrans.so.0 005b0000-005c2000 r-xp 00000000 fd:01 683241 /lib/libnsl-2.4.so 005c2000-005c3000 r-xp 00011000 fd:01 683241 /lib/libnsl-2.4.so 005c3000-005c4000 rwxp 00012000 fd:01 683241 /lib/libnsl-2.4.so 005c4000-005c6000 rwxp 005c4000 00:00 0 0076f000-0077e000 r-xp 00000000 fd:01 687016 /lib/libaudit.so.0.0.0 0077e000-00780000 rwxp 0000e000 fd:01 687016 /lib/libaudit.so.0.0.0 009fc000-00a34000 r-xp 00000000 fd:01 682854 /lib/libsepol.so.1 00a34000-00a35000 rwxp 00037000 fd:01 682854 /lib/libsepol.so.1 00a35000-00a3f000 rwxp 00a35000 00:00 0 00a41000-00a43000 r-xp 00000000 fd:01 683224 /lib/libdl-2.4.so 00a43000-00a44000 r-xp 00001000 fd:01 683224 /lib/libdl-2.4.so 00a44000-00a45000 rwxp 00002000 fd:01 683224 /lib/libdl-2.4.so 00a62000-00a6b000 r-xp 00000000 fd:01 687026 /lib/libnss_files-2.4.so 00a6b000-00a6c000 r-xp 00008000 fd:01 687026 /lib/libnss_files-2.4.so 00a6c000-00a6d000 rwxp 00009000 fd:01 687026 /lib/libnss_files-2.4.so 00aa5000-00aa6000 r-xp 00aa5000 00:00 0 [vdso] 00aa6000-00abf000 r-xp 00000000 fd:01 683187 /lib/ld-2.4.so 00abf000-00ac0000 r-xp 00018000 fd:01 683187 /lib/ld-2.4.so 00ac0000-00ac1000 rwxp 00019000 fd:01 683187 /lib/ld-2.4.so 00ac3000-00ad8000 r-xp 00000000 fd:01 683235 /lib/libselinux.so.1 00ad8000-00ada000 rwxp 00014000 fd:01 683235 /lib/libselinux.so.1 00baa000-00bb5000 r-xp 00000000 fd:01 683226 /lib/libgcc_s-4.1.1-20060525.so.1 00bb5000-00bb6000 rwxp 0000a000 fd:01 683226 /lib/libgcc_s-4.1.1-20060525.so.1 00d3c000-00d44000 r-xp 00000000 fd:01 687030 /lib/libnss_nis-2.4.so 00d44000-00d45000 r-xp 00007000 fd:01 687030 /lib/libnss_nis-2.4.so 00d45000-00d46000 rwxp 00008000 fd:01 687030 /lib/libnss_nis-2.4.so 00d71000-00d76000 r-xp 00000000 fd:01 683236 /lib/libcrypt-2.4.so 00d76000-00d77000 r-xp 00004000 fd:01 683236 /lib/libcrypt-2.4.so 00d77000-00d78000 rwxp 00005000 fd:01 683236 /lib/libcrypt-2.4.so 00d78000-00d9f000 rwxp 00d78000 00:00 0 08047000-08058000 r-xp 00000000 fd:01 852635 /usr/sbin/useradd 08058000-0805a000 rw-p 00010000 fd:01 852635 /usr/sbin/useradd 0805a000-08062000 rw-p 0805a000 00:00 0 08cae000-08ccf000 rw-p 08cae000 00:00 0 [heap] b7d51000-b7d99000 rw-p b7d51000 00:00 0 b7d99000-b7f99000 r--p 00000000 fd:01 848422 /usr/lib/locale/locale-archive b7f99000-b7f9c000 rw-p b7f99000 00:00 0 b7fb4000-b7fb5000 r--p 0081b000 fd:01 848422 /usr/lib/locale/locale-archive bf8a1000-bf8b7000 rw-p bf8a1000 00:00 0 [stack] Expected results: A new user in the systems Additional info:
Created attachment 131667 [details] strace -tfqvx -s 0
I can not reproduce it. Could you send output of: #strace -f useradd foo and backtrace from gdb will be good.(shadow-utils-debuginfo installed) Is your nscd service running?
Created attachment 131755 [details] strace -f (with/without nscd)
Created attachment 131756 [details] gdb session
Jakub, don't u know what might be reason of this useradd invalid pointer crash? #useradd foo Program received signal SIGABRT, Aborted. 0x00aa5402 in __kernel_vsyscall () (gdb) bt #0 0x00aa5402 in __kernel_vsyscall () #1 0x00227069 in raise () from /lib/libc.so.6 #2 0x00228671 in abort () from /lib/libc.so.6 #3 0x0025ba4b in __libc_message () from /lib/libc.so.6 #4 0x002664f0 in free () from /lib/libc.so.6 #5 0x00c8421d in _nss_nis_getgrent_r () from /lib/libnss_nis.so.2 #6 0x002d911f in __nss_getent_r () from /lib/libc.so.6 #7 0x00287b16 in getgrent_r@@GLIBC_2.1.2 () from /lib/libc.so.6 #8 0x002d8d57 in __nss_getent () from /lib/libc.so.6 #9 0x00287526 in getgrent () from /lib/libc.so.6 #10 0x0804b255 in find_new_gid () at useradd.c:965 #11 0x0804d6dd in main (argc=2, argv=0xbfce0f54) at useradd.c:1822 #12 0x00214724 in __libc_start_main () from /lib/libc.so.6 #13 0x08049ee1 in _start ()
I'm sorry, but I'm not able to reproduce it.
Jerry: a friend of mine ran into something similar at work. Out of curiosity, do you use NIS? This may be part of the repro conditions.
(In reply to comment #7) > Jerry: a friend of mine ran into something similar at work. Out of curiosity, > do you use NIS? This may be part of the repro conditions. Yes, I'm using NIS. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
This looks like it may actually be inside libnss_nis. The call that adduser.c makes (getgrent()) doesn't even pass any data. Any way you could re-run the gdb session with glibc-debuginfo installed? I'm trying to find out NIS info at work to try to repro this on Fedora.
What is the correct fedora version this bug belongs to? Does it occur on a supported version of Fedora? FC5 is no longer supported. Thanks, John
No response. Closing.