GNU bug report logs - #30396
nscd segfaults on attempt to ssh to .local host

Previous Next

Package: guix;

Reported by: George myglc2 Clemmer <myglc2 <at> gmail.com>

Date: Thu, 8 Feb 2018 18:18:02 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: George myglc2 Clemmer <myglc2 <at> gmail.com>
Cc: 30396 <at> debbugs.gnu.org
Subject: bug#30396: nscd segfaults on attempt to ssh to .local host
Date: Thu, 08 Feb 2018 23:59:10 +0100

ludo <at> gnu.org (Ludovic Courtès) skribis:

> George myglc2 Clemmer <myglc2 <at> gmail.com> skribis:
>
>> g1 <at> g1 /root/con/30$  ssh e3a.local ; date
>> ssh: Could not resolve hostname e3a.local: Name or service not known

Perhaps “ssh -6 e3a.local” works?

>> g1 <at> g1 /root/con/30$ cat /var/log/messages | tail
>> Feb  8 13:06:00 localhost dhclient: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 5
>> Feb  8 13:06:05 localhost dhclient: No DHCPOFFERS received.
>> Feb  8 13:06:05 localhost dhclient: No working leases in persistent database - sleeping.
>> Feb  8 13:06:23 localhost vmunix: [52360.780268] nscd[23423]: segfault at 0 ip 00007fb14a3c1606 sp 00007fb1446d82d8 error 4 in libc-2.25.so[7fb14a341000+196000]
>
> ‘nss-mdns’ was upgraded two weeks ago from 0.10 to 0.11.  I can
> reproduce the crash with 0.11 on x86_64.

Stack trace below.

It may be that “gethostbyname4_r” in nss-mdns returns an entry with a
NULL name.  “getent hosts something.local” works, so the getaddrinfo
part of nss-mdns works correctly, I think.

Ludo’.

--8<---------------cut here---------------start------------->8---
Core was generated by `/gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd -f /gnu/store/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
106	../sysdeps/x86_64/strlen.S: Dosiero aŭ dosierujo ne ekzistas.
[Current thread is 1 (Thread 0x7fee65a4b700 (LWP 32659))]
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x000055a0e3263883 in addhstaiX (db=db <at> entry=0x55a0e3472340 <dbs+704>, 
    fd=fd <at> entry=13, req=req <at> entry=0x7fee65a4a8c0, key=key <at> entry=0x7fee65a4ab10, 
    uid=uid <at> entry=4294967295, he=he <at> entry=0x0, dh=0x0) at aicache.c:174
#2  0x000055a0e326432e in addhstai (db=db <at> entry=0x55a0e3472340 <dbs+704>, 
    fd=fd <at> entry=13, req=req <at> entry=0x7fee65a4a8c0, key=key <at> entry=0x7fee65a4ab10, 
    uid=uid <at> entry=4294967295) at aicache.c:571
#3  0x000055a0e325857a in handle_request (uid=4294967295, pid=<optimized out>, 
    key=0x7fee65a4ab10, req=0x7fee65a4a8c0, fd=13) at connections.c:1275
#4  nscd_run_worker (p=<optimized out>) at connections.c:1762
#5  0x00007fee6b66e454 in start_thread (arg=0x7fee65a4b700) at pthread_create.c:456
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb) bt full
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1  0x000055a0e3263883 in addhstaiX (db=db <at> entry=0x55a0e3472340 <dbs+704>, fd=fd <at> entry=13, req=req <at> entry=0x7fee65a4a8c0, key=key <at> entry=0x7fee65a4ab10, uid=uid <at> entry=4294967295, 
    he=he <at> entry=0x0, dh=0x0) at aicache.c:174
        atmem = {next = 0x55a0e3472800 <readylist_lock>, name = 0x0, family = 1801920929, addr = {32750, 0, 2, 1801929696}, scopeid = 32750}
        at = 0x7fee65a4a7e0
        addrs = <optimized out>
        family = <optimized out>
        status = {-1, -1}
        naddrs = 2
        canon = 0x0
        canonlen = <optimized out>
        cp = <optimized out>
        addrslen = 0
        fct4 = <optimized out>
        dataset = 0x0
        hosts_database = 0x55a0e42025d0
        nip = 0x55a0e4202610
        no_more = 0
        rc6 = 0
        rc4 = 0
        herrno = 0
        old_res_options = 705
        tmpbuf6len = 1024
        tmpbuf6 = 0x7fee65a4a2e0 "pluto.local"
        tmpbuf4len = <optimized out>
        tmpbuf4 = <optimized out>
        ttl = 2147483647
        total = 0
        key_copy = 0x0
        alloca_used = false
        timeout = 9223372036854775807
        __PRETTY_FUNCTION__ = "addhstaiX"
#2  0x000055a0e326432e in addhstai (db=db <at> entry=0x55a0e3472340 <dbs+704>, fd=fd <at> entry=13, req=req <at> entry=0x7fee65a4a8c0, key=key <at> entry=0x7fee65a4ab10, uid=uid <at> entry=4294967295)
    at aicache.c:571
No locals.
#3  0x000055a0e325857a in handle_request (uid=4294967295, pid=<optimized out>, key=0x7fee65a4ab10, req=0x7fee65a4a8c0, fd=13) at connections.c:1275
        db = 0x55a0e3472340 <dbs+704>
#4  nscd_run_worker (p=<optimized out>) at connections.c:1762
        keybuf = "pluto.local", '\000' <repeats 1013 times>
        fd = 13
        pid = <optimized out>
        it = <optimized out>
        req = {version = 2, type = GETAI, key_len = 12}
        uid = 4294967295
        buf = '\000' <repeats 255 times>
#5  0x00007fee6b66e454 in start_thread (arg=0x7fee65a4b700) at pthread_create.c:456
        __res = <optimized out>
        pd = 0x7fee65a4b700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140661884237568, -461186331514265124, 140724270282382, 140724270282383, 0, 140661884237568, 451840114903196124, 
                451872565911724508}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#6  0x00007fee6b1987cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
--8<---------------cut here---------------end--------------->8---

Valgrind output:

--8<---------------cut here---------------start------------->8---
==532== Thread 4:
==532== Conditional jump or move depends on uninitialised value(s)
==532==    at 0x11B865: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Conditional jump or move depends on uninitialised value(s)
==532==    at 0x11B859: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x11B85B: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x11B848: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Use of uninitialised value of size 8
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532== 
==532== Invalid read of size 1
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
==532==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==532== 
==532== 
==532== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==532==  Access not within mapped region at address 0x0
==532==    at 0x4C2D932: strlen (in /gnu/store/4zm43sqyiffcmpkyv7j9lmxxsby6c9mk-valgrind-3.13.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==532==    by 0x11B882: addhstaiX (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x11C32D: addhstai (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x110579: nscd_run_worker (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/sbin/nscd)
==532==    by 0x4E3D453: start_thread (in /gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/lib/libpthread-2.25.so)
--8<---------------cut here---------------end--------------->8---
This bug report was last modified 7 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.