[Bug 477061] New: glibc crash in _nsl_default_nss

https://bugzilla.novell.com/show_bug.cgi?id=477061 Summary: glibc crash in _nsl_default_nss Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: koenig@linux.de QAContact: qa@suse.de Found By: --- both glibc-2.9-2.9 and glibc-2.9-2.10.1 crash (both 32 and 64 bit) when trying to expand user names by typing e.g. ls ~koeni<TAB> in bash when using our own bash binaries (we're still using bash-3.2.25 on all plattforms). this crash does not happen with bash binaries from suse 11.1/10.1/9.0 running on 11.1 -- hmmm?!? note 1: we're using NIS! (call trace shows _nss_nis_setpwent) note 2: 32 vs. 64 bit shows differnt abort messages ("double free or corruption" vs. "munmap_chunk(): invalid pointer" for 64 bit: koenig@lrrr:/scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64> less ~eye*** glibc detected *** /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash: munmap_chunk(): invalid pointer: 0x00000000005ff708 *** ======= Backtrace: ========= /lib64/libc.so.6[0x7ffff76af118] /lib64/libnsl.so.1[0x7ffff701bc89] /lib64/libnsl.so.1(_nsl_default_nss+0x3b)[0x7ffff701be0b] /lib64/libnss_nis.so.2(_nss_nis_setpwent+0x21)[0x7ffff7229b51] /lib64/libc.so.6[0x7ffff771e670] /lib64/libc.so.6(getpwent_r+0xad)[0x7ffff76db70d] /lib64/libc.so.6[0x7ffff771e0aa] /lib64/libc.so.6(getpwent+0x52)[0x7ffff76db302] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(rl_username_completion_function+0x7b)[0x475b8b] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(rl_completion_matches+0x51)[0x4755a1] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(bash_default_completion+0x215)[0x450175] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x45057c] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x475669] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(rl_complete_internal+0xb8)[0x475758] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(_rl_dispatch_subseq+0x230)[0x46f0f0] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(readline_internal_char+0xa0)[0x46f4d0] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(readline+0x45)[0x46f9d5] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x41b694] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x41d785] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x41ea41] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(yyparse+0x450)[0x4219f0] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(parse_command+0x57)[0x41b077] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(read_command+0x66)[0x41b136] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(reader_loop+0xad)[0x41b2ad] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash(main+0xcac)[0x41a43c] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7ffff7659586] /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash[0x418bc9] ======= Memory map: ======== 00400000-004b7000 r-xp 00000000 00:1f 47411248 /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash 005b6000-005c2000 rw-p 000b6000 00:1f 47411248 /scr/os2-sles10/koenig/bash-3.2.25-3/ARENA/64/bash 005c2000-00894000 rw-p 005c2000 00:00 0 [heap] 7ffff6bf1000-7ffff6c07000 r-xp 00000000 08:03 16495 /lib64/libgcc_s.so.1 7ffff6c07000-7ffff6e07000 ---p 00016000 08:03 16495 /lib64/libgcc_s.so.1 7ffff6e07000-7ffff6e08000 r--p 00016000 08:03 16495 /lib64/libgcc_s.so.1 7ffff6e08000-7ffff6e09000 rw-p 00017000 08:03 16495 /lib64/libgcc_s.so.1 7ffff6e09000-7ffff6e0b000 r-xp 00000000 08:03 1377521 /usr/lib64/gconv/ISO8859-1.so 7ffff6e0b000-7ffff700a000 ---p 00002000 08:03 1377521 /usr/lib64/gconv/ISO8859-1.so 7ffff700a000-7ffff700b000 r--p 00001000 08:03 1377521 /usr/lib64/gconv/ISO8859-1.so 7ffff700b000-7ffff700c000 rw-p 00002000 08:03 1377521 /usr/lib64/gconv/ISO8859-1.so 7ffff700c000-7ffff7021000 r-xp 00000000 08:03 16401 /lib64/libnsl-2.9.so 7ffff7021000-7ffff7220000 ---p 00015000 08:03 16401 /lib64/libnsl-2.9.so 7ffff7220000-7ffff7221000 r--p 00014000 08:03 16401 /lib64/libnsl-2.9.so 7ffff7221000-7ffff7222000 rw-p 00015000 08:03 16401 /lib64/libnsl-2.9.so 7ffff7222000-7ffff7224000 rw-p 7ffff7222000 00:00 0 7ffff7224000-7ffff722e000 r-xp 00000000 08:03 16544 /lib64/libnss_nis-2.9.so 7ffff722e000-7ffff742d000 ---p 0000a000 08:03 16544 /lib64/libnss_nis-2.9.so 7ffff742d000-7ffff742e000 r--p 00009000 08:03 16544 /lib64/libnss_nis-2.9.so 7ffff742e000-7ffff742f000 rw-p 0000a000 08:03 16544 /lib64/libnss_nis-2.9.so 7ffff742f000-7ffff743a000 r-xp 00000000 08:03 16542 /lib64/libnss_files-2.9.so 7ffff743a000-7ffff7639000 ---p 0000b000 08:03 16542 /lib64/libnss_files-2.9.so 7ffff7639000-7ffff763a000 r--p 0000a000 08:03 16542 /lib64/libnss_files-2.9.so 7ffff763a000-7ffff763b000 rw-p 0000b000 08:03 16542 /lib64/libnss_files-2.9.so 7ffff763b000-7ffff778a000 r-xp 00000000 08:03 16534 /lib64/libc-2.9.so 7ffff778a000-7ffff798a000 ---p 0014f000 08:03 16534 /lib64/libc-2.9.so 7ffff798a000-7ffff798e000 r--p 0014f000 08:03 16534 /lib64/libc-2.9.so 7ffff798e000-7ffff798f000 rw-p 00153000 08:03 16534 /lib64/libc-2.9.so 7ffff798f000-7ffff7994000 rw-p 7ffff798f000 00:00 0 7ffff7994000-7ffff7996000 r-xp 00000000 08:03 16537 /lib64/libdl-2.9.so 7ffff7996000-7ffff7b96000 ---p 00002000 08:03 16537 /lib64/libdl-2.9.so 7ffff7b96000-7ffff7b97000 r--p 00002000 08:03 16537 /lib64/libdl-2.9.so 7ffff7b97000-7ffff7b98000 rw-p 00003000 08:03 16537 /lib64/libdl-2.9.so 7ffff7b98000-7ffff7bd6000 r-xp 00000000 08:03 16415 /lib64/libncurses.so.5.6 7ffff7bd6000-7ffff7dd6000 ---p 0003e000 08:03 16415 /lib64/libncurses.so.5.6 7ffff7dd6000-7ffff7dda000 r--p 0003e000 08:03 16415 /lib64/libncurses.so.5.6 7ffff7dda000-7ffff7de0000 rw-p 00042000 08:03 16415 /lib64/libncurses.so.5.6 7ffff7de0000-7ffff7dfe000 r-xp 00000000 08:03 16583 /lib64/ld-2.9.so 7ffff7f8d000-7ffff7fc4000 r--p 00000000 08:03 1370900 /usr/lib/locale/de_DE/LC_CTYPE 7ffff7fc4000-7ffff7fc7000 rw-p 7ffff7fc4000 00:00 0 7ffff7ff1000-7ffff7ff3000 rw-p 7ffff7ff1000 00:00 0 7ffff7ff3000-7ffff7ffa000 r--s 00000000 08:03 1377577 /usr/lib64/gconv/gconv-modules.cache 7ffff7ffa000-7ffff7ffc000 rw-p 7ffff7ffa000 00:00 0 7ffff7ffc000-7ffff7ffd000 r-xp 7ffff7ffc000 00:00 0 [vdso] 7ffff7ffd000-7ffff7ffe000 r--p 0001d000 08:03 16583 /lib64/ld-2.9.so 7ffff7ffe000-7ffff7fff000 rw-p 0001e000 08:03 16583 /lib64/ld-2.9.so 7ffffffea000-7ffffffff000 rw-p 7ffffffea000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. gdb traceback: Program received signal SIGABRT, Aborted. 0x00007ffff766d645 in raise () from /lib64/libc.so.6 (gdb) where #0 0x00007ffff766d645 in raise () from /lib64/libc.so.6 #1 0x00007ffff766ec33 in abort () from /lib64/libc.so.6 #2 0x00007ffff76a98e8 in ?? () from /lib64/libc.so.6 #3 0x00007ffff76af118 in ?? () from /lib64/libc.so.6 #4 0x00007ffff701bc89 in ?? () from /lib64/libnsl.so.1 #5 0x00007ffff701be0b in _nsl_default_nss () from /lib64/libnsl.so.1 #6 0x00007ffff7229b51 in _nss_nis_setpwent () from /lib64/libnss_nis.so.2 #7 0x00007ffff771e670 in ?? () from /lib64/libc.so.6 #8 0x00007ffff76db70d in getpwent_r () from /lib64/libc.so.6 #9 0x00007ffff771e0aa in ?? () from /lib64/libc.so.6 #10 0x00007ffff76db302 in getpwent () from /lib64/libc.so.6 #11 0x0000000000475b8b in rl_username_completion_function (text=0x6d7c48 "~eye", state=23036) at complete.c:1862 #12 0x00000000004755a1 in rl_completion_matches (text=0x6d7c48 "~eye", entry_function=0x475b10 <rl_username_completion_function>) at complete.c:1814 #13 0x0000000000450175 in bash_default_completion (text=0x6d7c48 "~eye", start=5, end=9, qc=-1, compflags=0) at bashline.c:1149 #14 0x000000000045057c in attempt_shell_completion (text=0x6d7c48 "~eye", start=5, end=9) at bashline.c:1122 #15 0x0000000000475669 in gen_completion_matches (text=0x6d7c48 "~eye", start=23036, end=6, our_func=0x475c40 <rl_filename_completion_function>, found_quote=-143308864, quote_char=8) at complete.c:965 #16 0x0000000000475758 in rl_complete_internal (what_to_do=9) at complete.c:1671 #17 0x000000000046f0f0 in _rl_dispatch_subseq (key=9, map=0x5beb40, got_subseq=0) at readline.c:742 #18 0x000000000046f4d0 in readline_internal_char () at readline.c:519 #19 0x000000000046f9d5 in readline (prompt=0x59fc <Address 0x59fc out of bounds>) at readline.c:545 #20 0x000000000041b694 in yy_readline_get () at ./parse.y:1213 #21 0x000000000041d785 in shell_getc (remove_quoted_newline=1) at /parse.y:1942 #22 0x000000000041ea41 in read_token (command=23036) at ./parse.y:2562 #23 0x00000000004219f0 in yyparse () at ./parse.y:2208 #24 0x000000000041b077 in parse_command () at eval.c:222 #25 0x000000000041b136 in read_command () at eval.c:266 #26 0x000000000041b2ad in reader_loop () at eval.c:132 #27 0x000000000041a43c in main (argc=1, argv=0x7fffffffdd78, env=0x7fffffffdd88) at shell.c:715 (gdb) and for 32 bit: lrrr 32 > less ~koenig*** glibc detected *** ./bash: double free or corruption (out): 0x08238608 *** ======= Backtrace: ========= /lib/libc.so.6[0xf7e1d654] /lib/libc.so.6(cfree+0x9c)[0xf7e1ef3c] /lib/libnsl.so.1[0xf7d58e2c] /lib/libnsl.so.1(_nsl_default_nss+0x4f)[0xf7d58fdf] /lib/libnss_nis.so.2(_nss_nis_setpwent+0x3e)[0xf7d6757e] /lib/libc.so.6[0xf7e93925] /lib/libc.so.6(getpwent_r+0xb4)[0xf7e49934] /lib/libc.so.6[0xf7e93366] /lib/libc.so.6(getpwent+0x78)[0xf7e49588] /bash(rl_username_completion_function+0x85)[0x80be025] /bash(rl_completion_matches+0x4b)[0x80bda2b] /bash(bash_default_completion+0x26d)[0x80966ed] /bash[0x8096ab4] /bash[0x80bdade] /bash(rl_complete_internal+0x9d)[0x80bdb9d] /bash(_rl_dispatch_subseq+0x1f7)[0x80b7827] /bash(_rl_dispatch+0x23)[0x80b7a53] /bash(readline_internal_char+0xa6)[0x80b7c26] /bash(readline+0x55)[0x80b8195] /bash[0x805f114] /bash[0x8061515] /bash[0x806280b] /bash(yyparse+0x3fb)[0x806581b] /bash(parse_command+0x6d)[0x805eb1d] /bash(read_command+0x58)[0x805ebd8] /bash(reader_loop+0xb9)[0x805ed79] /bash(main+0xe4f)[0x805de7f] /lib/libc.so.6(__libc_start_main+0xe5)[0xf7dc7705] /bash[0x805c2d1] ======= Memory map: ======== 08048000-080ea000 r-xp 00000000 00:22 54849490 /scr/os-sles10/koenig/bash-3.2.25-3/ARENA/32/bash 080ea000-080f0000 rwxp 000a2000 00:22 54849490 /scr/os-sles10/koenig/bash-3.2.25-3/ARENA/32/bash 080f0000-082de000 rwxp 080f0000 00:00 0 [heap] f7d07000-f7d14000 r-xp 00000000 08:03 51908 /lib/libgcc_s.so.1 f7d14000-f7d15000 r-xp 0000c000 08:03 51908 /lib/libgcc_s.so.1 f7d15000-f7d16000 rwxp 0000d000 08:03 51908 /lib/libgcc_s.so.1 f7d49000-f7d5e000 r-xp 00000000 08:03 51864 /lib/libnsl-2.9.so f7d5e000-f7d5f000 r-xp 00014000 08:03 51864 /lib/libnsl-2.9.so f7d5f000-f7d60000 rwxp 00015000 08:03 51864 /lib/libnsl-2.9.so f7d60000-f7d62000 rwxp f7d60000 00:00 0 f7d62000-f7d6b000 r-xp 00000000 08:03 51874 /lib/libnss_nis-2.9.so f7d6b000-f7d6c000 r-xp 00008000 08:03 51874 /lib/libnss_nis-2.9.so f7d6c000-f7d6d000 rwxp 00009000 08:03 51874 /lib/libnss_nis-2.9.so f7d6d000-f7d77000 r-xp 00000000 08:03 51870 /lib/libnss_files-2.9.so f7d77000-f7d78000 r-xp 00009000 08:03 51870 /lib/libnss_files-2.9.so f7d78000-f7d79000 rwxp 0000a000 08:03 51870 /lib/libnss_files-2.9.so f7d79000-f7db0000 r-xp 00000000 08:03 1370900 /usr/lib/locale/de_DE/LC_CTYPE f7db0000-f7db1000 rwxp f7db0000 00:00 0 f7db1000-f7f06000 r-xp 00000000 08:03 51853 /lib/libc-2.9.so f7f06000-f7f07000 ---p 00155000 08:03 51853 /lib/libc-2.9.so f7f07000-f7f09000 r-xp 00155000 08:03 51853 /lib/libc-2.9.so f7f09000-f7f0a000 rwxp 00157000 08:03 51853 /lib/libc-2.9.so f7f0a000-f7f0d000 rwxp f7f0a000 00:00 0 f7f0d000-f7f10000 r-xp 00000000 08:03 51859 /lib/libdl-2.9.so f7f10000-f7f11000 r-xp 00002000 08:03 51859 /lib/libdl-2.9.so f7f11000-f7f12000 rwxp 00003000 08:03 51859 /lib/libdl-2.9.so f7f12000-f7f49000 r-xp 00000000 08:03 49279 /lib/libncurses.so.5.6 f7f49000-f7f4b000 r-xp 00036000 08:03 49279 /lib/libncurses.so.5.6 f7f4b000-f7f4f000 rwxp 00038000 08:03 49279 /lib/libncurses.so.5.6 f7f75000-f7f77000 rwxp f7f75000 00:00 0 f7f77000-f7f79000 r-xp 00000000 08:03 1196319 /usr/lib/gconv/ISO8859-1.so f7f79000-f7f7a000 r-xp 00001000 08:03 1196319 /usr/lib/gconv/ISO8859-1.so f7f7a000-f7f7b000 rwxp 00002000 08:03 1196319 /usr/lib/gconv/ISO8859-1.so f7f7b000-f7f82000 r-xs 00000000 08:03 1196375 /usr/lib/gconv/gconv-modules.cache f7f82000-f7f83000 rwxp f7f82000 00:00 0 f7f83000-f7fa1000 r-xp 00000000 08:03 51846 /lib/ld-2.9.so f7fa1000-f7fa2000 r-xp 0001d000 08:03 51846 /lib/ld-2.9.so f7fa2000-f7fa3000 rwxp 0001e000 08:03 51846 /lib/ld-2.9.so ffd8d000-ffda2000 rw-p 7ffffffea000 00:00 0 [stack] ffffe000-fffff000 r-xp ffffe000 00:00 0 [vdso] Aborted (core dumped) gdb: (gdb) where #0 0xffffe430 in __kernel_vsyscall () #1 0xf7e36990 in raise () from /lib/libc.so.6 #2 0xf7e382c8 in abort () from /lib/libc.so.6 #3 0xf7e726c5 in ?? () from /lib/libc.so.6 #4 0xf7e78654 in ?? () from /lib/libc.so.6 #5 0xf7e79f3c in free () from /lib/libc.so.6 #6 0xf7db3e2c in ?? () from /lib/libnsl.so.1 #7 0xf7db3fdf in _nsl_default_nss () from /lib/libnsl.so.1 #8 0xf7dc257e in _nss_nis_setpwent () from /lib/libnss_nis.so.2 #9 0xf7eee925 in ?? () from /lib/libc.so.6 #10 0xf7ea4934 in getpwent_r () from /lib/libc.so.6 #11 0xf7eee366 in ?? () from /lib/libc.so.6 #12 0xf7ea4588 in getpwent () from /lib/libc.so.6 #13 0x080be025 in rl_username_completion_function (text=0x81e5888 "~koenig", state=0) at complete.c:1862 #14 0x080bda2b in rl_completion_matches (text=0x81e5888 "~koenig", entry_function=0x80bdfa0 <rl_username_completion_function>) at complete.c:1814 #15 0x080966ed in bash_default_completion (text=0x81e5888 "~koenig", start=0, end=12, qc=-1, compflags=0) at bashline.c:1149 #16 0x08096ab4 in attempt_shell_completion (text=0x81e5888 "~koenig", start=5, end=12) at bashline.c:1122 #17 0x080bdade in gen_completion_matches (text=0x81e5888 "~koenig", start=6, end=23840, our_func=0x80be0e0 <rl_filename_completion_function>, found_quote=0, quote_char=0) at complete.c:965 #18 0x080bdb9d in rl_complete_internal (what_to_do=9) at complete.c:1671 #19 0x080b7827 in _rl_dispatch_subseq (key=9, map=0x80ee680, got_subseq=0) at readline.c:742 #20 0x080b7a53 in _rl_dispatch (key=0, map=0x0) at readline.c:692 #21 0x080b7c26 in readline_internal_char () at readline.c:519 #22 0x080b8195 in readline (prompt=0x0) at readline.c:545 #23 0x0805f114 in yy_readline_get () at ./parse.y:1213 #24 0x08061515 in shell_getc (remove_quoted_newline=1) at ./parse.y:1942 #25 0x0806280b in read_token (command=0) at ./parse.y:2562 #26 0x0806581b in yyparse () at ./parse.y:2208 #27 0x0805eb1d in parse_command () at eval.c:222 #28 0x0805ebd8 in read_command () at eval.c:266 #29 0x0805ed79 in reader_loop () at eval.c:132 #30 0x0805de7f in main (argc=1, argv=0xffffcfa4, env=0xffffcfac) at shell.c:715 (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.