public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
@ 2022-09-23 15:39 holger@applied-asynchrony.com
  2022-09-23 17:19 ` [Bug nscd/29607] " holger@applied-asynchrony.com
                   ` (23 more replies)
  0 siblings, 24 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-23 15:39 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

            Bug ID: 29607
           Summary: nscd repeatably crashes calling __strlen_avx2 when
                    hosts cache is enabled
           Product: glibc
           Version: 2.36
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: nscd
          Assignee: unassigned at sourceware dot org
          Reporter: holger@applied-asynchrony.com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Gentoo Linux recently enabled use of glibc-2.36 and I quickly found a
repeatable crashing regression with nscd, which was rock-solid reliable with
glibc-2.35.

Initial analysis of the bug is at: https://bugs.gentoo.org/872401

The bug does not occur with hosts cache disabled. Reducing the number of
threads does not help, i.e. it also crashes when run with a single thread and
in -d mode, e.g. in gdb.

With enabled hosts cache nscd quickly crashes, repeatably so with a quick
series of requests which happens e.g. when using mtr (multi-trace-route).

Initial analysis points to aicache:153 being passed a NULL value; this theory
seems to have merit because the crash also happens also on a different platform
where it crashes in __strlen_sse2 - pointing to the same pattern.

The NULL value seems to originate from nss's file-hosts.c:459.

A quick-fix attempt at checking for NULL and using 0 as value for strlen (like
in aicache.c:324) did not help; instead nscd returns odd results (e.g. mtr
says: Packet type unsupported: Invalid argument) and still crashes, so the NULL
pointer being passed to strlen() just seems to be the messenger.

A quick check of the nscd tree shows no major changes recently, so the real
problem is likely somewhere else (nss?). Unfortunately I do not know enough
about glibc's resolver internals to go on a hunt, and can therefore only
report.
I can however gladly and easily test patches.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
@ 2022-09-23 17:19 ` holger@applied-asynchrony.com
  2022-09-24  1:17 ` sam at gentoo dot org
                   ` (22 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-23 17:19 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #1 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
It's probably important to mention that Gentoo's glibc carries additional
patches from glibc after a release. This list of patches can be found here:
https://gitweb.gentoo.org/fork/glibc.git/log/?h=gentoo/2.36

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
  2022-09-23 17:19 ` [Bug nscd/29607] " holger@applied-asynchrony.com
@ 2022-09-24  1:17 ` sam at gentoo dot org
  2022-09-24  1:18 ` sam at gentoo dot org
                   ` (21 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: sam at gentoo dot org @ 2022-09-24  1:17 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sam at gentoo dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
  2022-09-23 17:19 ` [Bug nscd/29607] " holger@applied-asynchrony.com
  2022-09-24  1:17 ` sam at gentoo dot org
@ 2022-09-24  1:18 ` sam at gentoo dot org
  2022-09-25 10:50 ` holger@applied-asynchrony.com
                   ` (20 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: sam at gentoo dot org @ 2022-09-24  1:18 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |toolchain at gentoo dot org
                URL|                            |https://bugs.gentoo.org/872
                   |                            |401

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (2 preceding siblings ...)
  2022-09-24  1:18 ` sam at gentoo dot org
@ 2022-09-25 10:50 ` holger@applied-asynchrony.com
  2022-09-25 11:09 ` schwab@linux-m68k.org
                   ` (19 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-25 10:50 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #2 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
Created attachment 14358
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14358&action=edit
Add null check to strlen

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (3 preceding siblings ...)
  2022-09-25 10:50 ` holger@applied-asynchrony.com
@ 2022-09-25 11:09 ` schwab@linux-m68k.org
  2022-09-25 11:13 ` holger@applied-asynchrony.com
                   ` (18 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: schwab@linux-m68k.org @ 2022-09-25 11:09 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #3 from Andreas Schwab <schwab@linux-m68k.org> ---
A sucessful lookup cannot have a NULL name.  Where does it come from?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (4 preceding siblings ...)
  2022-09-25 11:09 ` schwab@linux-m68k.org
@ 2022-09-25 11:13 ` holger@applied-asynchrony.com
  2022-09-25 11:46 ` holger@applied-asynchrony.com
                   ` (17 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-25 11:13 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #4 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
(In reply to Andreas Schwab from comment #3)
> A sucessful lookup cannot have a NULL name.  Where does it come from?

That's a good question - I understand that sprinkling NULL checks for
supposedly-non-NULL values can mask unrelated problems. Two more observations
as they just happened a minute ago:

1) the real bug seems to be related to #29605
2) even with this patch I still see segfaults in strlen() at that call site
(though not right away), so maybe it's not a NULL value at all.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (5 preceding siblings ...)
  2022-09-25 11:13 ` holger@applied-asynchrony.com
@ 2022-09-25 11:46 ` holger@applied-asynchrony.com
  2022-09-25 12:16 ` holger@applied-asynchrony.com
                   ` (16 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-25 11:46 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #5 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
Turns out the crash on strlen() is something else:

(gdb) bt full
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
No locals.
#1  0x00005555555672bd in addhstaiX (db=db@entry=0x555555577340 <dbs+704>,
fd=fd@entry=17, req=req@entry=0x7fffecdf9804, key=key@entry=0x7fffecdf9a90, 
    uid=uid@entry=4294967295, he=he@entry=0x0, dh=<optimized out>) at
aicache.c:153
        atmem = {next = 0x0, name = 0x99c369cec67a4600 <error: Cannot access
memory at address 0x99c369cec67a4600>, family = -402650048, addr = {32767,
4160332864, 32767, 0}, 
          scopeid = 0}
        at = 0x7fffecdf8af0
        addrs = <optimized out>
        family = <optimized out>
        status = {-1, -1}
        naddrs = 1
        canon = 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
        canonlen = <optimized out>
        cp = <optimized out>
        addrslen = 0
        fct4 = 0x7ffff7ef0730 <__GI__nss_dns_gethostbyname4_r>
        dataset = 0x0
        nip = 0x55555557c600
        no_more = 254
        rc6 = 0
        rc4 = 0
        herrno = 1
        ctx = 0x7fffe8000bb0
        tmpbuf6 = {data = 0x7fffecdf8b40, length = 1024, __space = {__align =
{__max_align_ll = 0, __max_align_ld = 1.05759510034850465873e-4932}, 
            __c =
"\000\000\000\000\000\000\000\000h\213\337\354\377\177\000\000\002\000\000\000P\236C(\000\000\000\000\000\000\000\000\n\000\062.\000\000\000\000www.telekom.de\000lied-asynchrony.com\000lex\000\000\213\213\337\354\377\177\000\000\000\000\000\000\000\000\000\000\220\213\337\354\377\177\000\000\000\000\000\000\000\000\000\000\022\000\000\000\000\000\000\000\200\377\377\377\377\377\377\377",
'\000' <repeats 16 times>, "Haven't found \"27\" in group
cache!\000\367\377\177\000\000\250\245\371\367\377\177\000\000P\214\337\354\377\177\000\000\000"...}}
        tmpbuf4 = {data = 0x7fffecdf8f50, length = 1024, __space = {__align =
{__max_align_ll = 140737353737120, __max_align_ld = <invalid float value>}, 
            __c =
"\240\343\371\367\377\177\000\000\340\220\337\354\377\177\000\000\351\032WUUU\000\000\340\222\337\354\377\177\000\000\340\217\337\354\377\177\000\000\337\063VUUU\000\000\340qWUUU\000\000+=0c\000\000\000\000\v\000\000\000$\000\000\000\r\000\000\000\031\000\000\000\b\000\000\000z\000\000\000\000\000\000\000\v\001\000\000\001\000\000\000\000\000\000\000
\034\000\000\000\000\000\000\240\270WUUU\000\000\030\000\000\000\060\000\000\000З\337\354\377\177\000\000\360\226\337\354\377\177\000\000Sun
Sep 25 13:36:11
2022\000Fz\306\316iÙ\000\000\000\000\000\000\000\000\a\t\200\363\377\177\000\000\220\222\337\354\377\177\000\000\270\b"...}}
        canonbuf = {data = 0x7fffecdf9360, length = 1024, __space = {__align =
{__max_align_ll = 0, __max_align_ld = 0}, __c = '\000' <repeats 216 times>...}}
        ttl = 14400
        total = 0
        key_copy = 0x0
        alloca_used = false
        timeout = 9223372036854775807
        __PRETTY_FUNCTION__ = "addhstaiX"

The address of "canon" looks suspicious, which means "at" is probably garbage:

(gdb) print at
$20 = (struct gaih_addrtuple *) 0x7fffecdf8af0
(gdb) print at.addr 
$21 = {32767, 4160332864, 32767, 0}
(gdb) print at.family 
$22 = -402650048
(gdb) print at.name 
$23 = 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
(gdb) print at.next 
$24 = (struct gaih_addrtuple *) 0x0
(gdb) print at.scopeid 
$25 = 0

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (6 preceding siblings ...)
  2022-09-25 11:46 ` holger@applied-asynchrony.com
@ 2022-09-25 12:16 ` holger@applied-asynchrony.com
  2022-09-26 18:03 ` sam at gentoo dot org
                   ` (15 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-25 12:16 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #6 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
(In reply to Holger Hoffstätte from comment #5)
> Turns out the crash on strlen() is something else:

More precisely, it's garbage that is sometimes NULL - e.g. after a fresh start.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (7 preceding siblings ...)
  2022-09-25 12:16 ` holger@applied-asynchrony.com
@ 2022-09-26 18:03 ` sam at gentoo dot org
  2022-09-26 19:13 ` holger@applied-asynchrony.com
                   ` (14 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: sam at gentoo dot org @ 2022-09-26 18:03 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://sourceware.org/bugz
                   |                            |illa/show_bug.cgi?id=29605

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (8 preceding siblings ...)
  2022-09-26 18:03 ` sam at gentoo dot org
@ 2022-09-26 19:13 ` holger@applied-asynchrony.com
  2022-09-26 19:20 ` holger@applied-asynchrony.com
                   ` (13 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-26 19:13 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #7 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
So this crash indeed turned out to be caused by post-2.36 release patches from
the backport branch, presumably the resolver rewrite. Building a completely
vanilla 2.36 made everything work again, and nscd runs just fine with enabled
host cache.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (9 preceding siblings ...)
  2022-09-26 19:13 ` holger@applied-asynchrony.com
@ 2022-09-26 19:20 ` holger@applied-asynchrony.com
  2022-09-26 19:34 ` holger@applied-asynchrony.com
                   ` (12 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-26 19:20 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #8 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
As suspected the attached null check patch is also a dud and not necessary.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (10 preceding siblings ...)
  2022-09-26 19:20 ` holger@applied-asynchrony.com
@ 2022-09-26 19:34 ` holger@applied-asynchrony.com
  2022-09-26 19:34 ` sam at gentoo dot org
                   ` (11 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-26 19:34 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Holger Hoffstätte <holger@applied-asynchrony.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #9 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
Closing since it's not a problem with the 2.36 release.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (11 preceding siblings ...)
  2022-09-26 19:34 ` holger@applied-asynchrony.com
@ 2022-09-26 19:34 ` sam at gentoo dot org
  2022-09-26 19:49 ` holger@applied-asynchrony.com
                   ` (10 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: sam at gentoo dot org @ 2022-09-26 19:34 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #10 from Sam James <sam at gentoo dot org> ---
(In reply to Holger Hoffstätte from comment #9)
> Closing since it's not a problem with the 2.36 release.

If it's an issue on the backport branch, it's still valid.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (12 preceding siblings ...)
  2022-09-26 19:34 ` sam at gentoo dot org
@ 2022-09-26 19:49 ` holger@applied-asynchrony.com
  2022-09-26 20:11 ` holger@applied-asynchrony.com
                   ` (9 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-26 19:49 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Holger Hoffstätte <holger@applied-asynchrony.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |---
             Status|RESOLVED                    |UNCONFIRMED

--- Comment #11 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
Reopening so that we can figure out what's going on with the backports branch.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (13 preceding siblings ...)
  2022-09-26 19:49 ` holger@applied-asynchrony.com
@ 2022-09-26 20:11 ` holger@applied-asynchrony.com
  2022-09-26 20:22 ` siddhesh at sourceware dot org
                   ` (8 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-26 20:11 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #12 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
i just built glibc HEAD (22f4ab2d200f605441c) and the problem reproduces.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (14 preceding siblings ...)
  2022-09-26 20:11 ` holger@applied-asynchrony.com
@ 2022-09-26 20:22 ` siddhesh at sourceware dot org
  2022-09-27  5:33 ` holger@applied-asynchrony.com
                   ` (7 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: siddhesh at sourceware dot org @ 2022-09-26 20:22 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |siddhesh at sourceware dot org

--- Comment #13 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
It would be nice if someone who can reproduce this can point out to the commit
that actually breaks this.  Given that it's likely not nscd, identifying the
offending patch could maybe even help come up with an independent reproducer
that doesn't need nscd.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (15 preceding siblings ...)
  2022-09-26 20:22 ` siddhesh at sourceware dot org
@ 2022-09-27  5:33 ` holger@applied-asynchrony.com
  2022-09-29 23:25 ` sam at gentoo dot org
                   ` (6 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: holger@applied-asynchrony.com @ 2022-09-27  5:33 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #14 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
(In reply to Siddhesh Poyarekar from comment #13)
> It would be nice if someone who can reproduce this can point out to the
> commit that actually breaks this.  Given that it's likely not nscd,
> identifying the offending patch could maybe even help come up with an
> independent reproducer that doesn't need nscd.

I removed "nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces"
(https://sourceware.org/git/?p=glibc.git;a=commit;h=1d495912a746e2a1ffb780c9a81fd234ec2464e8)

from my set of patches and the crash is gone.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (16 preceding siblings ...)
  2022-09-27  5:33 ` holger@applied-asynchrony.com
@ 2022-09-29 23:25 ` sam at gentoo dot org
  2022-09-30 18:03 ` siddhesh at sourceware dot org
                   ` (5 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: sam at gentoo dot org @ 2022-09-29 23:25 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (17 preceding siblings ...)
  2022-09-29 23:25 ` sam at gentoo dot org
@ 2022-09-30 18:03 ` siddhesh at sourceware dot org
  2022-10-04 22:40 ` cvs-commit at gcc dot gnu.org
                   ` (4 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: siddhesh at sourceware dot org @ 2022-09-30 18:03 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
     Ever confirmed|0                           |1
           Assignee|unassigned at sourceware dot org   |siddhesh at sourceware dot org
   Last reconfirmed|                            |2022-09-30

--- Comment #15 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Thanks for the pointer.  I was beating around the bush in Fedora because the
systemd resolve module overshadows the nss_dns module, thus masking the crash
in Fedora.  I can reproduce the crash reliably now.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (18 preceding siblings ...)
  2022-09-30 18:03 ` siddhesh at sourceware dot org
@ 2022-10-04 22:40 ` cvs-commit at gcc dot gnu.org
  2022-10-04 22:44 ` cvs-commit at gcc dot gnu.org
                   ` (3 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-10-04 22:40 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #16 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6e33e5c4b73cea7b8aa3de0947123db16200fb65

commit 6e33e5c4b73cea7b8aa3de0947123db16200fb65
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Tue Oct 4 18:40:25 2022 -0400

    nscd: Drop local address tuple variable [BZ #29607]

    When a request needs to be resent (e.g. due to insufficient buffer
    space), the references to subsequent tuples in the local variable are
    stale and should not be used.  This used to work by accident before, but
    since 1d495912a it no longer does.  Instead of trying to reset it, just
    let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a
    consistent state at all times.  This is now consistent with what is done
    in gaih_inet for getaddrinfo.

    Resolves: BZ #29607
    Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (19 preceding siblings ...)
  2022-10-04 22:40 ` cvs-commit at gcc dot gnu.org
@ 2022-10-04 22:44 ` cvs-commit at gcc dot gnu.org
  2022-10-04 22:45 ` siddhesh at sourceware dot org
                   ` (2 subsequent siblings)
  23 siblings, 0 replies; 25+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-10-04 22:44 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #17 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2bd815d8347851212b9a91dbdca8053f4dbdac87

commit 2bd815d8347851212b9a91dbdca8053f4dbdac87
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Tue Oct 4 18:43:50 2022 -0400

    nscd: Drop local address tuple variable [BZ #29607]

    When a request needs to be resent (e.g. due to insufficient buffer
    space), the references to subsequent tuples in the local variable are
    stale and should not be used.  This used to work by accident before, but
    since 1d495912a it no longer does.  Instead of trying to reset it, just
    let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a
    consistent state at all times.  This is now consistent with what is done
    in gaih_inet for getaddrinfo.

    Resolves: BZ #29607
    Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
    (cherry picked from commit 6e33e5c4b73cea7b8aa3de0947123db16200fb65)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (20 preceding siblings ...)
  2022-10-04 22:44 ` cvs-commit at gcc dot gnu.org
@ 2022-10-04 22:45 ` siddhesh at sourceware dot org
  2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
  2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
  23 siblings, 0 replies; 25+ messages in thread
From: siddhesh at sourceware dot org @ 2022-10-04 22:45 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
   Target Milestone|---                         |2.37
             Status|ASSIGNED                    |RESOLVED

--- Comment #18 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed on main and 2.36 branches.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (21 preceding siblings ...)
  2022-10-04 22:45 ` siddhesh at sourceware dot org
@ 2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
  2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
  23 siblings, 0 replies; 25+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-10-07 14:34 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #19 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Arjun Shankar
<arjun@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bca80a916e1a7fda51d0f30e9cfb5b111f8a2a7a

commit bca80a916e1a7fda51d0f30e9cfb5b111f8a2a7a
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Tue Oct 4 18:40:25 2022 -0400

    nscd: Drop local address tuple variable [BZ #29607]

    When a request needs to be resent (e.g. due to insufficient buffer
    space), the references to subsequent tuples in the local variable are
    stale and should not be used.  This used to work by accident before, but
    since 1d495912a it no longer does.  Instead of trying to reset it, just
    let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a
    consistent state at all times.  This is now consistent with what is done
    in gaih_inet for getaddrinfo.

    Resolves: BZ #29607
    Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
    (cherry picked from commit 6e33e5c4b73cea7b8aa3de0947123db16200fb65)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

* [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled
  2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
                   ` (22 preceding siblings ...)
  2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
@ 2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
  23 siblings, 0 replies; 25+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-10-07 14:34 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #20 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Arjun Shankar
<arjun@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3976287b22422787f3cc6fc9adda58304b55bd9

commit e3976287b22422787f3cc6fc9adda58304b55bd9
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Tue Oct 4 18:40:25 2022 -0400

    nscd: Drop local address tuple variable [BZ #29607]

    When a request needs to be resent (e.g. due to insufficient buffer
    space), the references to subsequent tuples in the local variable are
    stale and should not be used.  This used to work by accident before, but
    since 1d495912a it no longer does.  Instead of trying to reset it, just
    let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a
    consistent state at all times.  This is now consistent with what is done
    in gaih_inet for getaddrinfo.

    Resolves: BZ #29607
    Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
    (cherry picked from commit 6e33e5c4b73cea7b8aa3de0947123db16200fb65)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 25+ messages in thread

end of thread, other threads:[~2022-10-07 14:34 UTC | newest]

Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-23 15:39 [Bug nscd/29607] New: nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled holger@applied-asynchrony.com
2022-09-23 17:19 ` [Bug nscd/29607] " holger@applied-asynchrony.com
2022-09-24  1:17 ` sam at gentoo dot org
2022-09-24  1:18 ` sam at gentoo dot org
2022-09-25 10:50 ` holger@applied-asynchrony.com
2022-09-25 11:09 ` schwab@linux-m68k.org
2022-09-25 11:13 ` holger@applied-asynchrony.com
2022-09-25 11:46 ` holger@applied-asynchrony.com
2022-09-25 12:16 ` holger@applied-asynchrony.com
2022-09-26 18:03 ` sam at gentoo dot org
2022-09-26 19:13 ` holger@applied-asynchrony.com
2022-09-26 19:20 ` holger@applied-asynchrony.com
2022-09-26 19:34 ` holger@applied-asynchrony.com
2022-09-26 19:34 ` sam at gentoo dot org
2022-09-26 19:49 ` holger@applied-asynchrony.com
2022-09-26 20:11 ` holger@applied-asynchrony.com
2022-09-26 20:22 ` siddhesh at sourceware dot org
2022-09-27  5:33 ` holger@applied-asynchrony.com
2022-09-29 23:25 ` sam at gentoo dot org
2022-09-30 18:03 ` siddhesh at sourceware dot org
2022-10-04 22:40 ` cvs-commit at gcc dot gnu.org
2022-10-04 22:44 ` cvs-commit at gcc dot gnu.org
2022-10-04 22:45 ` siddhesh at sourceware dot org
2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org
2022-10-07 14:34 ` cvs-commit at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).