Bug#755053: nscd backtrace
retitle -1 'libnss-myhostname: causes nscd to crash'
reassign -1 libnss-myhhostname
found -1 0.3-5~deb7u1
severity -1 important
thanks
This is triggered by the cache miss that occurs when I try to resolve
the machine's hostname (e.g., getent ahosts oxylus).
$ gdb --args ./nscd -d
...
Tue 22 Jul 2014 12:27:48 BST - 21522: Haven't found "oxylus" in hosts cache!
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0c11700 (LWP 21529)]
addhstaiX (db=<optimized out>, fd=<optimized out>, req=<optimized out>, key=<optimized out>,
uid=<optimized out>, he=<optimized out>, dh=0x0) at aicache.c:165
165 if (at2->family == AF_INET)
(gdb) where
#0 addhstaiX (db=<optimized out>, fd=<optimized out>, req=<optimized out>, key=<optimized out>,
uid=<optimized out>, he=<optimized out>, dh=0x0) at aicache.c:165
#1 0x0000000000411d34 in addhstai (db=0x7ffff779ce80, fd=0, req=0x10, key=0x2, uid=88)
at aicache.c:561
#2 0x00000000004083a4 in handle_request (key=<optimized out>, req=<optimized out>,
fd=<optimized out>, uid=<optimized out>, pid=<optimized out>) at connections.c:1229
#3 nscd_run_worker (p=<optimized out>) at connections.c:1709
#4 0x00007ffff79bfb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#5 0x00007ffff74f220d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6 0x0000000000000000 in ?? ()
(gdb) l
160 {
161 ++naddrs;
162 /* We do not handle anything other than IPv4 and IPv6
163 addresses. The getaddrinfo implementation does not
164 either so it is not worth trying to do more. */
165 if (at2->family == AF_INET)
166 addrslen += INADDRSZ;
167 else if (at2->family == AF_INET6)
168 addrslen += IN6ADDRSZ;
169 }
(gdb) p at2
$1 = (const struct gaih_addrtuple *) 0x54552e42475f0043
(gdb) l 155
150
151 if (rc6 != 0 && herrno == NETDB_INTERNAL)
152 goto out;
153
154 if (status[1] != NSS_STATUS_SUCCESS)
155 goto next_nip;
156
157 /* We found the data. Count the addresses and the size. */
158 for (const struct gaih_addrtuple *at2 = at = &atmem; at2 != NULL;
159 at2 = at2->next)
(gdb) p &atmem
$2 = (struct gaih_addrtuple *) 0x7ffff0c106f0
(gdb) p atmem->next
$3 = (struct gaih_addrtuple *) 0x7ffff0c10670
(gdb) p atmem->next->next
$4 = (struct gaih_addrtuple *) 0x54552e42475f0043
So the gaih_addrtuple linked list is corrupted somehow.
I removed 'myhostname' from the 'hosts' definition in
/etc/nsswitch.conf, and having restarted nscd and invalidating the hosts
cache, I could no longer reproduce the crash. Re-enabling 'myhostname',
invalidating the cache and restarting nscd causes the crash to re-occur.
--
Sam Morris <https://robots.org.uk/>
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Reply to: