BUG: Glibc 'free(): invalid next size' in bbcmd on FC5

Japheth J.C. Cleaver cleaver at redwire.net
Fri Aug 4 21:33:37 CEST 2006


Running "bbcmd" after a clean install (default configuration, current 
allinone patch) results in a glibc free() error. This is on Fedora 
Core 5 with Glibc2.4-8. Running as "MALLOC_CHECK_=0 ./bbcmd" is a 
temporary workaround.


Attached is the STDERR output, an strace of bbcmd, and partial output 
from an "strace -vf" on a box where the config file it's trying to 
open exists. The problem *appears* to be lines 256-7 of 
lib/environ.c... (but I'm not certain).


Regards,

Japheth "J.C." Cleaver
cleaver at redwire.net
-------------- next part --------------
[root at alpha client]# ./bbcmd
2006-08-04 12:09:19 Using default environment file /usr/share/hobbit/client/etc/hobbitclient.cfg
2006-08-04 12:09:19 Cannot open env file /usr/share/hobbit/client/etc/hobbitclient.cfg - No such file or directory
*** glibc detected *** ./bbcmd: free(): invalid next size (fast): 0x08fbf228 ***
======= Backtrace: =========
/lib/libc.so.6[0x34cf18]
/lib/libc.so.6(__libc_free+0x78)[0x3503ef]
./bbcmd[0x8049a21]
/lib/libc.so.6(__libc_start_main+0xdc)[0x2fe724]
./bbcmd[0x80493c1]
======= Memory map: ========
002cb000-002cc000 r-xp 002cb000 00:00 0          [vdso]
002cc000-002e5000 r-xp 00000000 fd:00 2490370    /lib/ld-2.4.so
002e5000-002e6000 r-xp 00018000 fd:00 2490370    /lib/ld-2.4.so
002e6000-002e7000 rwxp 00019000 fd:00 2490370    /lib/ld-2.4.so
002e9000-00416000 r-xp 00000000 fd:00 2490386    /lib/libc-2.4.so
00416000-00418000 r-xp 0012d000 fd:00 2490386    /lib/libc-2.4.so
00418000-00419000 rwxp 0012f000 fd:00 2490386    /lib/libc-2.4.so
00419000-0041c000 rwxp 00419000 00:00 0 
0070b000-00716000 r-xp 00000000 fd:00 2490444    /lib/libgcc_s-4.1.1-20060525.so.1
00716000-00717000 rwxp 0000a000 fd:00 2490444    /lib/libgcc_s-4.1.1-20060525.so.1
08048000-08056000 r-xp 00000000 00:14 22991753   /vpopmail/mailinstall/rpmbuild/BUILD/hobbit-4.2-RC-20060712/client/bbcmd
08056000-08057000 rw-p 0000d000 00:14 22991753   /vpopmail/mailinstall/rpmbuild/BUILD/hobbit-4.2-RC-20060712/client/bbcmd
08fbe000-08fdf000 rw-p 08fbe000 00:00 0          [heap]
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7f8f000-b7f91000 rw-p b7f8f000 00:00 0 
bff02000-bff17000 rw-p bff02000 00:00 0          [stack]
Aborted
-------------- next part --------------
[root at alpha client]# strace ./bbcmd
execve("./bbcmd", ["./bbcmd"], [/* 24 vars */]) = 0
brk(0)                                  = 0x9f1e000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=35457, ...}) = 0
mmap2(NULL, 35457, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f31000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0J\350/\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1532536, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f30000
mmap2(0x2e9000, 1254780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2e9000
mmap2(0x416000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d) = 0x416000
mmap2(0x419000, 9596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x419000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2f000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f2f6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x416000, 8192, PROT_READ)     = 0
mprotect(0x2e5000, 4096, PROT_READ)     = 0
munmap(0xb7f31000, 35457)               = 0
brk(0)                                  = 0x9f1e000
brk(0x9f3f000)                          = 0x9f3f000
stat64("/usr/share/hobbit/client/etc/hobbitserver.cfg", 0xbf838148) = -1 ENOENT (No such file or directory)
time(NULL)                              = 1154718598
open("/etc/localtime", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f39000
read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) = 1017
close(3)                                = 0
munmap(0xb7f39000, 4096)                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
write(2, "2006-08-04 12:09:58 ", 202006-08-04 12:09:58 )    = 20
write(2, "Using default environment file /"..., 77Using default environment file /usr/share/hobbit/client/etc/hobbitclient.cfg
) = 77
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f2f708) = 19814
close(4)                                = 0
fstat64(3, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f39000
read(3, "alpha.postal.redwire.net\n", 4096) = 25
close(3)                                = 0
waitpid(19814, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 19814
--- SIGCHLD (Child exited) @ 0 (0) ---
munmap(0xb7f39000, 4096)                = 0
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f2f708) = 19815
--- SIGCHLD (Child exited) @ 0 (0) ---
close(4)                                = 0
fstat64(3, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f39000
read(3, "Linux\n", 4096)                = 6
close(3)                                = 0
waitpid(19815, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 19815
munmap(0xb7f39000, 4096)                = 0
open("/usr/share/hobbit/client/etc/hobbitclient.cfg", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
time(NULL)                              = 1154718598
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
write(2, "2006-08-04 12:09:58 ", 202006-08-04 12:09:58 )    = 20
write(2, "Cannot open env file /usr/share/"..., 95Cannot open env file /usr/share/hobbit/client/etc/hobbitclient.cfg - No such file or directory
) = 95
open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 3
writev(3, [{"*** glibc detected *** ", 23}, {"./bbcmd", 7}, {": ", 2}, {"free(): invalid next size (fast)", 32}, {": 0x", 4}, {"09f1f228", 8}, {" ***\n", 5}], 7*** glibc detected *** ./bbcmd: free(): invalid next size (fast): 0x09f1f228 ***
) = 81
open("/etc/ld.so.cache", O_RDONLY)      = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=35457, ...}) = 0
mmap2(NULL, 35457, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7f31000
close(4)                                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\307"..., 512) = 512
mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xb7d2f000
munmap(0xb7d2f000, 856064)              = 0
munmap(0xb7f00000, 192512)              = 0
mprotect(0xb7e00000, 135168, PROT_READ|PROT_WRITE) = 0
fstat64(4, {st_mode=S_IFREG|0755, st_size=46744, ...}) = 0
mmap2(0x70b000, 48324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x70b000
mmap2(0x716000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa) = 0x716000
close(4)                                = 0
munmap(0xb7f31000, 35457)               = 0
write(3, "======= Backtrace: =========\n", 29======= Backtrace: =========
) = 29
writev(3, [{"/lib/libc.so.6", 14}, {"[0x", 3}, {"34cf18", 6}, {"]\n", 2}], 4/lib/libc.so.6[0x34cf18]
) = 25
writev(3, [{"/lib/libc.so.6", 14}, {"(", 1}, {"__libc_free", 11}, {"+0x", 3}, {"78", 2}, {")", 1}, {"[0x", 3}, {"3503ef", 6}, {"]\n", 2}], 9/lib/libc.so.6(__libc_free+0x78)[0x3503ef]
) = 43
writev(3, [{"./bbcmd", 7}, {"[0x", 3}, {"8049a21", 7}, {"]\n", 2}], 4./bbcmd[0x8049a21]
) = 19
writev(3, [{"/lib/libc.so.6", 14}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"dc", 2}, {")", 1}, {"[0x", 3}, {"2fe724", 6}, {"]\n", 2}], 9/lib/libc.so.6(__libc_start_main+0xdc)[0x2fe724]
) = 49
writev(3, [{"./bbcmd", 7}, {"[0x", 3}, {"80493c1", 7}, {"]\n", 2}], 4./bbcmd[0x80493c1]
) = 19
write(3, "======= Memory map: ========\n", 29======= Memory map: ========
) = 29
open("/proc/self/maps", O_RDONLY)       = 4
read(4, "002cb000-002cc000 r-xp 002cb000 "..., 1024) = 1024
write(3, "002cb000-002cc000 r-xp 002cb000 "..., 1024002cb000-002cc000 r-xp 002cb000 00:00 0          [vdso]
002cc000-002e5000 r-xp 00000000 fd:00 2490370    /lib/ld-2.4.so
002e5000-002e6000 r-xp 00018000 fd:00 2490370    /lib/ld-2.4.so
002e6000-002e7000 rwxp 00019000 fd:00 2490370    /lib/ld-2.4.so
002e9000-00416000 r-xp 00000000 fd:00 2490386    /lib/libc-2.4.so
00416000-00418000 r-xp 0012d000 fd:00 2490386    /lib/libc-2.4.so
00418000-00419000 rwxp 0012f000 fd:00 2490386    /lib/libc-2.4.so
00419000-0041c000 rwxp 00419000 00:00 0 
0070b000-00716000 r-xp 00000000 fd:00 2490444    /lib/libgcc_s-4.1.1-20060525.so.1
00716000-00717000 rwxp 0000a000 fd:00 2490444    /lib/libgcc_s-4.1.1-20060525.so.1
08048000-08056000 r-xp 00000000 00:14 22991753   /vpopmail/mailinstall/rpmbuild/BUILD/hobbit-4.2-RC-20060712/client/bbcmd
08056000-08057000 rw-p 0000d000 00:14 22991753   /vpopmail/mailinstall/rpmbuild/BUILD/hobbit-4.2-RC-20060712/client/bbcmd
09f1e000-09f3f000 rw-p 09f1e000 00:00 0          [heap]
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e2100) = 1024
read(4, "0 00:00 0 \nb7f2f000-b7f31000 rw-"..., 1024) = 109
write(3, "0 00:00 0 \nb7f2f000-b7f31000 rw-"..., 1090 00:00 0 
b7f2f000-b7f31000 rw-p b7f2f000 00:00 0 
bf824000-bf839000 rw-p bf824000 00:00 0          [stack]
) = 109
read(4, "", 1024)                       = 0
close(4)                                = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
gettid()                                = 19813
tgkill(19813, 19813, SIGABRT)           = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
Process 19813 detached
-------------- next part --------------
[pid 26621] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb5000
[pid 26621] write(1, "Linux\n", 6)      = 6
[pid 26619] <... read resumed> "Linux\n", 4096) = 6
[pid 26621] close(1 <unfinished ...>
[pid 26619] close(3 <unfinished ...>
[pid 26621] <... close resumed> )       = 0
[pid 26619] <... close resumed> )       = 0
[pid 26621] munmap(0xb7fb5000, 4096 <unfinished ...>
[pid 26619] waitpid(26621, Process 26619 suspended
 <unfinished ...>
[pid 26621] <... munmap resumed> )      = 0
[pid 26621] exit_group(0)               = ?
Process 26619 resumed
Process 26621 detached
<... waitpid resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 26621
--- SIGCHLD (Child exited) @ 0 (0) ---
munmap(0xb7fb0000, 4096)                = 0
open("/usr/share/hobbit/client/etc/hobbitclient.cfg", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_dev=makedev(8, 2), st_ino=1572940, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=1644, st_atime=2006/08/04-12:14:29, st_mtime=2006/07/25-18:43:04, st_ctime=2006/07/25-19:18:43}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb0000
read(3, "# Environment settings for the H"..., 4096) = 1644
read(3, "", 4096)                       = 0
open("/var/run/hobbit/client-runtime.cfg", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_dev=makedev(253, 1), st_ino=1736734, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=36, st_atime=2006/08/04-12:14:29, st_mtime=2006/07/31-06:10:24, st_ctime=2006/07/31-06:10:24}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7faf000
read(4, "BBDISP=\"64.186.XXX.YYY\"\nBBDISPLAYS"..., 4096) = 36
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7faf000, 4096)                = 0
close(3)                                = 0
munmap(0xb7fb0000, 4096)                = 0
open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 3
writev(3, [{"*** glibc detected *** ", 23}, {"./bbcmd", 7}, {": ", 2}, {"free(): invalid next size (fast)", 32}, {": 0x", 4}, {"083a7218", 8}, {" ***\n", 5}], 7*** glibc detected *** ./bbcmd: free(): invalid next size (fast): 0x083a7218 ***
) = 81


More information about the Xymon mailing list