bug#30396: nscd segfaults on attempt to ssh to .local host

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: ludo@gnu.org (Ludovic Courtès)
To: George myglc2 Clemmer <myglc2@gmail.com>
Cc: 30396@debbugs.gnu.org
Subject: bug#30396: nscd segfaults on attempt to ssh to .local host
Date: Thu, 08 Feb 2018 23:59:10 +0100	[thread overview]
Message-ID: <87mv0jrsu9.fsf@gnu.org> (raw)
In-Reply-To: <87shabru5x.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 08 Feb 2018 23:30:34 +0100")

ludo@gnu.org (Ludovic Courtès) skribis:

> George myglc2 Clemmer <myglc2@gmail.com> skribis:
>
>> g1@g1 /root/con/30$  ssh e3a.local ; date
>> ssh: Could not resolve hostname e3a.local: Name or service not known

Perhaps “ssh -6 e3a.local” works?

>> g1@g1 /root/con/30$ cat /var/log/messages | tail
>> Feb  8 13:06:00 localhost dhclient: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 5
>> Feb  8 13:06:05 localhost dhclient: No DHCPOFFERS received.
>> Feb  8 13:06:05 localhost dhclient: No working leases in persistent database - sleeping.
>> Feb  8 13:06:23 localhost vmunix: [52360.780268] nscd[23423]: segfault at 0 ip 00007fb14a3c1606 sp 00007fb1446d82d8 error 4 in libc-2.25.so[7fb14a341000+196000]
>
> ‘nss-mdns’ was upgraded two weeks ago from 0.10 to 0.11.  I can
> reproduce the crash with 0.11 on x86_64.

Stack trace below.

It may be that “gethostbyname4_r” in nss-mdns returns an entry with a
NULL name.  “getent hosts something.local” works, so the getaddrinfo
part of nss-mdns works correctly, I think.

Ludo’.

--8<---------------cut here---------------start------------->8---
Core was generated by `/gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd -f /gnu/store/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
106	../sysdeps/x86_64/strlen.S: Dosiero aŭ dosierujo ne ekzistas.
[Current thread is 1 (Thread 0x7fee65a4b700 (LWP 32659))]
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x000055a0e3263883 in addhstaiX (db=db@entry=0x55a0e3472340 <dbs+704>, 
    fd=fd@entry=13, req=req@entry=0x7fee65a4a8c0, key=key@entry=0x7fee65a4ab10, 
    uid=uid@entry=4294967295, he=he@entry=0x0, dh=0x0) at aicache.c:174
#2  0x000055a0e326432e in addhstai (db=db@entry=0x55a0e3472340 <dbs+704>, 
    fd=fd@entry=13, req=req@entry=0x7fee65a4a8c0, key=key@entry=0x7fee65a4ab10, 
    uid=uid@entry=4294967295) at aicache.c:571
#3  0x000055a0e325857a in handle_request (uid=4294967295, pid=<optimized out>, 
    key=0x7fee65a4ab10, req=0x7fee65a4a8c0, fd=13) at connections.c:1275
#4  nscd_run_worker (p=<optimized out>) at connections.c:1762
#5  0x00007fee6b66e454 in start_thread (arg=0x7fee65a4b700) at pthread_create.c:456
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb) bt full
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1  0x000055a0e3263883 in addhstaiX (db=db@entry=0x55a0e3472340 <dbs+704>, fd=fd@entry=13, req=req@entry=0x7fee65a4a8c0, key=key@entry=0x7fee65a4ab10, uid=uid@entry=4294967295, 
    he=he@entry=0x0, dh=0x0) at aicache.c:174
        atmem = {next = 0x55a0e3472800 <readylist_lock>, name = 0x0, family = 1801920929, addr = {32750, 0, 2, 1801929696}, scopeid = 32750}
        at = 0x7fee65a4a7e0
        addrs = <optimized out>
        family = <optimized out>
        status = {-1, -1}
        naddrs = 2
        canon = 0x0
        canonlen = <optimized out>
        cp = <optimized out>
        addrslen = 0
        fct4 = <optimized out>
        dataset = 0x0
        hosts_database = 0x55a0e42025d0
        nip = 0x55a0e4202610
        no_more = 0
        rc6 = 0
        rc4 = 0
        herrno = 0
        old_res_options = 705
        tmpbuf6len = 1024
        tmpbuf6 = 0x7fee65a4a2e0 "pluto.local"
        tmpbuf4len = <optimized out>
        tmpbuf4 = <optimized out>
        ttl = 2147483647
        total = 0
        key_copy = 0x0
        alloca_used = false
        timeout = 9223372036854775807
        __PRETTY_FUNCTION__ = "addhstaiX"
#2  0x000055a0e326432e in addhstai (db=db@entry=0x55a0e3472340 <dbs+704>, fd=fd@entry=13, req=req@entry=0x7fee65a4a8c0, key=key@entry=0x7fee65a4ab10, uid=uid@entry=4294967295)
    at aicache.c:571
No locals.
#3  0x000055a0e325857a in handle_request (uid=4294967295, pid=<optimized out>, key=0x7fee65a4ab10, req=0x7fee65a4a8c0, fd=13) at connections.c:1275
        db = 0x55a0e3472340 <dbs+704>
#4  nscd_run_worker (p=<optimized out>) at connections.c:1762
        keybuf = "pluto.local", '\000' <repeats 1013 times>
        fd = 13
        pid = <optimized out>
        it = <optimized out>
        req = {version = 2, type = GETAI, key_len = 12}
        uid = 4294967295
        buf = '\000' <repeats 255 times>
#5  0x00007fee6b66e454 in start_thread (arg=0x7fee65a4b700) at pthread_create.c:456
        __res = <optimized out>
        pd = 0x7fee65a4b700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140661884237568, -461186331514265124, 140724270282382, 140724270282383, 0, 140661884237568, 451840114903196124, 
                451872565911724508}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
--8<---------------cut here---------------end--------------->8---

Valgrind output:

--8<---------------cut here---------------start------------->8---
==532== Thread 4:
==532== Conditional jump or move depends on uninitialised value(s)
==532==    at 0x11B865: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Conditional jump or move depends on uninitialised value(s)
==532==    at 0x11B859: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x11B85B: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x11B848: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Invalid read of size 1
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==532== 
==532== 
==532== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==532==  Access not within mapped region at address 0x0
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
--8<---------------cut here---------------end--------------->8---

next prev parent reply	other threads:[~2018-02-08 23:00 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-08 18:17 bug#30396: nscd segfaults on attempt to ssh to .local host George myglc2 Clemmer
2018-02-08 20:00 ` Ricardo Wurmus
2018-02-08 22:30 ` Ludovic Courtès
2018-02-08 22:59   ` Ludovic Courtès [this message]
2018-02-09 10:36     ` Ludovic Courtès
2018-02-09 14:18     ` Ludovic Courtès
2018-02-09 17:29       ` George myglc2 Clemmer
2018-02-09 19:53       ` George myglc2 Clemmer
2018-02-09 21:56         ` Ludovic Courtès
2018-02-10 15:36           ` myglc2
2018-02-15  9:38             ` Ludovic Courtès
2018-02-08 23:22   ` George myglc2 Clemmer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mv0jrsu9.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=30396@debbugs.gnu.org \
    --cc=myglc2@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).