From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
Subject: bug#30396: nscd segfaults on attempt to ssh to .local host
Date: Thu, 08 Feb 2018 23:59:10 +0100
Message-ID: <87mv0jrsu9.fsf@gnu.org>
References: <86inb71h38.fsf@gmail.com> <87shabru5x.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56296)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ejvAr-00063o-AC
	for bug-guix@gnu.org; Thu, 08 Feb 2018 18:00:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ejvAh-0002sJ-06
	for bug-guix@gnu.org; Thu, 08 Feb 2018 18:00:13 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:54786)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1ejvAg-0002s1-Sk
	for bug-guix@gnu.org; Thu, 08 Feb 2018 18:00:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ejvAg-0000Vj-Ib
	for bug-guix@gnu.org; Thu, 08 Feb 2018 18:00:02 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.30396.B30396.15181307641889@debbugs.gnu.org>
In-Reply-To: <87shabru5x.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Thu, 08 Feb 2018 23:30:34 +0100")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: George myglc2 Clemmer <myglc2@gmail.com>
Cc: 30396@debbugs.gnu.org

ludo@gnu.org (Ludovic Court=C3=A8s) skribis:

> George myglc2 Clemmer <myglc2@gmail.com> skribis:
>
>> g1@g1 /root/con/30$  ssh e3a.local ; date
>> ssh: Could not resolve hostname e3a.local: Name or service not known

Perhaps =E2=80=9Cssh -6 e3a.local=E2=80=9D works?

>> g1@g1 /root/con/30$ cat /var/log/messages | tail
>> Feb  8 13:06:00 localhost dhclient: DHCPDISCOVER on enp4s0 to 255.255.25=
5.255 port 67 interval 5
>> Feb  8 13:06:05 localhost dhclient: No DHCPOFFERS received.
>> Feb  8 13:06:05 localhost dhclient: No working leases in persistent data=
base - sleeping.
>> Feb  8 13:06:23 localhost vmunix: [52360.780268] nscd[23423]: segfault a=
t 0 ip 00007fb14a3c1606 sp 00007fb1446d82d8 error 4 in libc-2.25.so[7fb14a3=
41000+196000]
>
> =E2=80=98nss-mdns=E2=80=99 was upgraded two weeks ago from 0.10 to 0.11. =
 I can
> reproduce the crash with 0.11 on x86_64.

Stack trace below.

It may be that =E2=80=9Cgethostbyname4_r=E2=80=9D in nss-mdns returns an en=
try with a
NULL name.  =E2=80=9Cgetent hosts something.local=E2=80=9D works, so the ge=
taddrinfo
part of nss-mdns works correctly, I think.

Ludo=E2=80=99.

--8<---------------cut here---------------start------------->8---
Core was generated by `/gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.=
25/sbin/nscd -f /gnu/store/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
106	../sysdeps/x86_64/strlen.S: Dosiero a=C5=AD dosierujo ne ekzistas.
[Current thread is 1 (Thread 0x7fee65a4b700 (LWP 32659))]
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x000055a0e3263883 in addhstaiX (db=3Ddb@entry=3D0x55a0e3472340 <dbs+70=
4>,=20
    fd=3Dfd@entry=3D13, req=3Dreq@entry=3D0x7fee65a4a8c0, key=3Dkey@entry=
=3D0x7fee65a4ab10,=20
    uid=3Duid@entry=3D4294967295, he=3Dhe@entry=3D0x0, dh=3D0x0) at aicache=
.c:174
#2  0x000055a0e326432e in addhstai (db=3Ddb@entry=3D0x55a0e3472340 <dbs+704=
>,=20
    fd=3Dfd@entry=3D13, req=3Dreq@entry=3D0x7fee65a4a8c0, key=3Dkey@entry=
=3D0x7fee65a4ab10,=20
    uid=3Duid@entry=3D4294967295) at aicache.c:571
#3  0x000055a0e325857a in handle_request (uid=3D4294967295, pid=3D<optimize=
d out>,=20
    key=3D0x7fee65a4ab10, req=3D0x7fee65a4a8c0, fd=3D13) at connections.c:1=
275
#4  nscd_run_worker (p=3D<optimized out>) at connections.c:1762
#5  0x00007fee6b66e454 in start_thread (arg=3D0x7fee65a4b700) at pthread_cr=
eate.c:456
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:97
(gdb) bt full
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1  0x000055a0e3263883 in addhstaiX (db=3Ddb@entry=3D0x55a0e3472340 <dbs+70=
4>, fd=3Dfd@entry=3D13, req=3Dreq@entry=3D0x7fee65a4a8c0, key=3Dkey@entry=
=3D0x7fee65a4ab10, uid=3Duid@entry=3D4294967295,=20
    he=3Dhe@entry=3D0x0, dh=3D0x0) at aicache.c:174
        atmem =3D {next =3D 0x55a0e3472800 <readylist_lock>, name =3D 0x0, =
family =3D 1801920929, addr =3D {32750, 0, 2, 1801929696}, scopeid =3D 3275=
0}
        at =3D 0x7fee65a4a7e0
        addrs =3D <optimized out>
        family =3D <optimized out>
        status =3D {-1, -1}
        naddrs =3D 2
        canon =3D 0x0
        canonlen =3D <optimized out>
        cp =3D <optimized out>
        addrslen =3D 0
        fct4 =3D <optimized out>
        dataset =3D 0x0
        hosts_database =3D 0x55a0e42025d0
        nip =3D 0x55a0e4202610
        no_more =3D 0
        rc6 =3D 0
        rc4 =3D 0
        herrno =3D 0
        old_res_options =3D 705
        tmpbuf6len =3D 1024
        tmpbuf6 =3D 0x7fee65a4a2e0 "pluto.local"
        tmpbuf4len =3D <optimized out>
        tmpbuf4 =3D <optimized out>
        ttl =3D 2147483647
        total =3D 0
        key_copy =3D 0x0
        alloca_used =3D false
        timeout =3D 9223372036854775807
        __PRETTY_FUNCTION__ =3D "addhstaiX"
#2  0x000055a0e326432e in addhstai (db=3Ddb@entry=3D0x55a0e3472340 <dbs+704=
>, fd=3Dfd@entry=3D13, req=3Dreq@entry=3D0x7fee65a4a8c0, key=3Dkey@entry=3D=
0x7fee65a4ab10, uid=3Duid@entry=3D4294967295)
    at aicache.c:571
No locals.
#3  0x000055a0e325857a in handle_request (uid=3D4294967295, pid=3D<optimize=
d out>, key=3D0x7fee65a4ab10, req=3D0x7fee65a4a8c0, fd=3D13) at connections=
.c:1275
        db =3D 0x55a0e3472340 <dbs+704>
#4  nscd_run_worker (p=3D<optimized out>) at connections.c:1762
        keybuf =3D "pluto.local", '\000' <repeats 1013 times>
        fd =3D 13
        pid =3D <optimized out>
        it =3D <optimized out>
        req =3D {version =3D 2, type =3D GETAI, key_len =3D 12}
        uid =3D 4294967295
        buf =3D '\000' <repeats 255 times>
#5  0x00007fee6b66e454 in start_thread (arg=3D0x7fee65a4b700) at pthread_cr=
eate.c:456
        __res =3D <optimized out>
        pd =3D 0x7fee65a4b700
        now =3D <optimized out>
        unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {140661884237568, =
-461186331514265124, 140724270282382, 140724270282383, 0, 140661884237568, =
451840114903196124,=20
                451872565911724508}, mask_was_saved =3D 0}}, priv =3D {pad =
=3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =3D 0x0, cancelty=
pe =3D 0}}}
        not_first_call =3D <optimized out>
        pagesize_m1 =3D <optimized out>
        sp =3D <optimized out>
        freesize =3D <optimized out>
        __PRETTY_FUNCTION__ =3D "start_thread"
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:97
No locals.
--8<---------------cut here---------------end--------------->8---

Valgrind output:

--8<---------------cut here---------------start------------->8---
=3D=3D532=3D=3D Thread 4:
=3D=3D532=3D=3D Conditional jump or move depends on uninitialised value(s)
=3D=3D532=3D=3D    at 0x11B865: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Conditional jump or move depends on uninitialised value(s)
=3D=3D532=3D=3D    at 0x11B859: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Use of uninitialised value of size 8
=3D=3D532=3D=3D    at 0x11B85B: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Use of uninitialised value of size 8
=3D=3D532=3D=3D    at 0x11B848: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Use of uninitialised value of size 8
=3D=3D532=3D=3D    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9=
lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
=3D=3D532=3D=3D    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Invalid read of size 1
=3D=3D532=3D=3D    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9=
lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
=3D=3D532=3D=3D    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
=3D=3D532=3D=3D  Address 0x0 is not stack'd, malloc'd or (recently) free'd
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D=20
=3D=3D532=3D=3D Process terminating with default action of signal 11 (SIGSE=
GV): dumping core
=3D=3D532=3D=3D  Access not within mapped region at address 0x0
=3D=3D532=3D=3D    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9=
lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
=3D=3D532=3D=3D    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp=
3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3=
qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg5=
2da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
=3D=3D532=3D=3D    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52d=
a5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
--8<---------------cut here---------------end--------------->8---