ls aborts due to free()ing an invalid pointer
Hello everyone,
I'm having a rather strange error while trying to ls a large directory.
The setup is as follows:
/home is nfs-mounted from a BSD box
nsswitch is set to use LDAP for passwd, shadow, and group info
nscd is running to cache the responses from LDAP
I try to run ls -l /home, and get the error
steven@soda:~$ ls -l /home
*** glibc detected *** free(): invalid pointer: 0xa7f9ad38 ***
Aborted
Strace reveals:
...lots and lots and lots of lookups...
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(4, [{"\2\0\0\0\1\0\0\0\5\0\0\0", 12}, {"9954\0", 5}], 2) = 17
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN|POLLHUP}], 1,
5000) = 1
read(4, "\2\0\0\0\1\0\0\0\10\0\0\0\2\0\0\0\342&\0\0\350\3\0\0\17"...,
36) = 36
read(4, "joeshaw\0*\0Joseph C. Shaw\0/home/a"..., 70) = 70
close(4) = 0
lstat64("joew", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
getxattr("joew", "system.posix_acl_access", 0x0, 0) = -1 EOPNOTSUPP
(Operation not supported)
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(4, [{"\2\0\0\0\1\0\0\0\6\0\0\0", 12}, {"10182\0", 6}], 2) = 18
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN}], 1, 5000) = 1
read(4, "\2\0\0\0\1\0\0\0\5\0\0\0\2\0\0\0\306\'\0\0\350\3\0\0\17"...,
36) = 36
read(4, "joew\0*\0Joe Wahrhaftig\0/home/apol"..., 64) = 64
close(4) = 0
open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 4
writev(4, [{"*** glibc detected *** ", 23}, {"free(): invalid pointer",
23}, {": 0x", 4}, {"a7f37d38", 8}, {" ***\n", 5}], 5*** glibc detected
*** free(): invalid pointer: 0xa7f37d38 ***
) = 63
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(25993, 25993, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
Process 25993 detached
And finally the trace
steven@soda:~$ gdb ls
(gdb) r -l /home
Starting program: /bin/ls -l /home
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1478838592 (LWP 26984)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
*** glibc detected *** free(): invalid pointer: 0xa7f36d38 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread -1478838592 (LWP 26984)]
0xffffe410 in __kernel_vsyscall ()
(gdb) where
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xa7e30811 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xa7e31fb9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xa7e65d3a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4 0xa7e6d5cf in mallopt () from /lib/tls/i686/cmov/libc.so.6
#5 0xa7e6d672 in free () from /lib/tls/i686/cmov/libc.so.6
#6 0xa7f032f1 in xdr_uint8_t () from /lib/tls/i686/cmov/libc.so.6
#7 0xa7f033a7 in xdr_uint8_t () from /lib/tls/i686/cmov/libc.so.6
#8 0xa7e94a73 in getpwuid_r () from /lib/tls/i686/cmov/libc.so.6
#9 0xa7e943da in getpwuid () from /lib/tls/i686/cmov/libc.so.6
#10 0x080520e5 in ?? ()
#11 0x000004a6 in ?? ()
#12 0xafa81ae3 in ?? ()
#13 0xafa81778 in ?? ()
#14 0x000004a6 in ?? ()
#15 0x08082aa0 in ?? ()
#16 0xafa81ae3 in ?? ()
#17 0xafa81778 in ?? ()
#18 0x0804aa2c in ?? ()
#19 0x000004a6 in ?? ()
#20 0x00000200 in ?? ()
#21 0xafa81b08 in ?? ()
#22 0x0804ba68 in ?? ()
#23 0xafa81a7b in ?? ()
#24 0x00000000 in ?? ()
Sorry about the rather verbose debugging information, I don't really
know where to proceed from here. Any help would be much appreciated!
Thanks,
Steven Schlansker
Reply to: