[Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is enabled

["holger@applied-asynchrony.com" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=29607

--- Comment #5 from Holger Hoffstätte <holger@applied-asynchrony.com> ---
Turns out the crash on strlen() is something else:

(gdb) bt full
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
No locals.
#1  0x00005555555672bd in addhstaiX (db=db@entry=0x555555577340 <dbs+704>,
fd=fd@entry=17, req=req@entry=0x7fffecdf9804, key=key@entry=0x7fffecdf9a90, 
    uid=uid@entry=4294967295, he=he@entry=0x0, dh=<optimized out>) at
aicache.c:153
        atmem = {next = 0x0, name = 0x99c369cec67a4600 <error: Cannot access
memory at address 0x99c369cec67a4600>, family = -402650048, addr = {32767,
4160332864, 32767, 0}, 
          scopeid = 0}
        at = 0x7fffecdf8af0
        addrs = <optimized out>
        family = <optimized out>
        status = {-1, -1}
        naddrs = 1
        canon = 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
        canonlen = <optimized out>
        cp = <optimized out>
        addrslen = 0
        fct4 = 0x7ffff7ef0730 <__GI__nss_dns_gethostbyname4_r>
        dataset = 0x0
        nip = 0x55555557c600
        no_more = 254
        rc6 = 0
        rc4 = 0
        herrno = 1
        ctx = 0x7fffe8000bb0
        tmpbuf6 = {data = 0x7fffecdf8b40, length = 1024, __space = {__align =
{__max_align_ll = 0, __max_align_ld = 1.05759510034850465873e-4932}, 
            __c =
"\000\000\000\000\000\000\000\000h\213\337\354\377\177\000\000\002\000\000\000P\236C(\000\000\000\000\000\000\000\000\n\000\062.\000\000\000\000www.telekom.de\000lied-asynchrony.com\000lex\000\000\213\213\337\354\377\177\000\000\000\000\000\000\000\000\000\000\220\213\337\354\377\177\000\000\000\000\000\000\000\000\000\000\022\000\000\000\000\000\000\000\200\377\377\377\377\377\377\377",
'\000' <repeats 16 times>, "Haven't found \"27\" in group
cache!\000\367\377\177\000\000\250\245\371\367\377\177\000\000P\214\337\354\377\177\000\000\000"...}}
        tmpbuf4 = {data = 0x7fffecdf8f50, length = 1024, __space = {__align =
{__max_align_ll = 140737353737120, __max_align_ld = <invalid float value>}, 
            __c =
"\240\343\371\367\377\177\000\000\340\220\337\354\377\177\000\000\351\032WUUU\000\000\340\222\337\354\377\177\000\000\340\217\337\354\377\177\000\000\337\063VUUU\000\000\340qWUUU\000\000+=0c\000\000\000\000\v\000\000\000$\000\000\000\r\000\000\000\031\000\000\000\b\000\000\000z\000\000\000\000\000\000\000\v\001\000\000\001\000\000\000\000\000\000\000
\034\000\000\000\000\000\000\240\270WUUU\000\000\030\000\000\000\060\000\000\000З\337\354\377\177\000\000\360\226\337\354\377\177\000\000Sun
Sep 25 13:36:11
2022\000Fz\306\316iÙ\000\000\000\000\000\000\000\000\a\t\200\363\377\177\000\000\220\222\337\354\377\177\000\000\270\b"...}}
        canonbuf = {data = 0x7fffecdf9360, length = 1024, __space = {__align =
{__max_align_ll = 0, __max_align_ld = 0}, __c = '\000' <repeats 216 times>...}}
        ttl = 14400
        total = 0
        key_copy = 0x0
        alloca_used = false
        timeout = 9223372036854775807
        __PRETTY_FUNCTION__ = "addhstaiX"

The address of "canon" looks suspicious, which means "at" is probably garbage:

(gdb) print at
$20 = (struct gaih_addrtuple *) 0x7fffecdf8af0
(gdb) print at.addr 
$21 = {32767, 4160332864, 32767, 0}
(gdb) print at.family 
$22 = -402650048
(gdb) print at.name 
$23 = 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
(gdb) print at.next 
$24 = (struct gaih_addrtuple *) 0x0
(gdb) print at.scopeid 
$25 = 0

-- 
You are receiving this mail because:
You are on the CC list for the bug.