From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 7E00F3857355; Sun, 25 Sep 2022 11:46:57 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7E00F3857355
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1664106417;
	bh=jyMm7600Lr2n8XdD6OAOUzx/CML8aN+2+mGOVf9GN6A=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=yecPTRXZw6n2/MdIOwzfnQXt/XmmaSiENlPC+4O6iAqQ8lDeRiIqY8I9CuEL33YU4
	 VVIcH6cPX+rSWTi8wZfmCY2BKvgDdcCx/Upe+v7yUkbpY1ZMDMX7IWx59mzKAX8e+M
	 Ih+RCRY0CIV/HMM2O9V6sV2tF2khZz/NKJpZDc90=
From: "holger@applied-asynchrony.com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nscd/29607] nscd repeatably crashes calling __strlen_avx2 when
 hosts cache is enabled
Date: Sun, 25 Sep 2022 11:46:57 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: nscd
X-Bugzilla-Version: 2.36
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: critical
X-Bugzilla-Who: holger@applied-asynchrony.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-29607-131-kkxNtZ53uH@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-29607-131@http.sourceware.org/bugzilla/>
References: <bug-29607-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D29607

--- Comment #5 from Holger Hoffst=C3=A4tte <holger@applied-asynchrony.com> =
---
Turns out the crash on strlen() is something else:

(gdb) bt full
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
No locals.
#1  0x00005555555672bd in addhstaiX (db=3Ddb@entry=3D0x555555577340 <dbs+70=
4>,
fd=3Dfd@entry=3D17, req=3Dreq@entry=3D0x7fffecdf9804, key=3Dkey@entry=3D0x7=
fffecdf9a90,=20
    uid=3Duid@entry=3D4294967295, he=3Dhe@entry=3D0x0, dh=3D<optimized out>=
) at
aicache.c:153
        atmem =3D {next =3D 0x0, name =3D 0x99c369cec67a4600 <error: Cannot=
 access
memory at address 0x99c369cec67a4600>, family =3D -402650048, addr =3D {327=
67,
4160332864, 32767, 0},=20
          scopeid =3D 0}
        at =3D 0x7fffecdf8af0
        addrs =3D <optimized out>
        family =3D <optimized out>
        status =3D {-1, -1}
        naddrs =3D 1
        canon =3D 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
        canonlen =3D <optimized out>
        cp =3D <optimized out>
        addrslen =3D 0
        fct4 =3D 0x7ffff7ef0730 <__GI__nss_dns_gethostbyname4_r>
        dataset =3D 0x0
        nip =3D 0x55555557c600
        no_more =3D 254
        rc6 =3D 0
        rc4 =3D 0
        herrno =3D 1
        ctx =3D 0x7fffe8000bb0
        tmpbuf6 =3D {data =3D 0x7fffecdf8b40, length =3D 1024, __space =3D =
{__align =3D
{__max_align_ll =3D 0, __max_align_ld =3D 1.05759510034850465873e-4932},=20
            __c =3D
"\000\000\000\000\000\000\000\000h\213\337\354\377\177\000\000\002\000\000\=
000P\236C(\000\000\000\000\000\000\000\000\n\000\062.\000\000\000\000www.te=
lekom.de\000lied-asynchrony.com\000lex\000\000\213\213\337\354\377\177\000\=
000\000\000\000\000\000\000\000\000\220\213\337\354\377\177\000\000\000\000=
\000\000\000\000\000\000\022\000\000\000\000\000\000\000\200\377\377\377\37=
7\377\377\377",
'\000' <repeats 16 times>, "Haven't found \"27\" in group
cache!\000\367\377\177\000\000\250\245\371\367\377\177\000\000P\214\337\354=
\377\177\000\000\000"...}}
        tmpbuf4 =3D {data =3D 0x7fffecdf8f50, length =3D 1024, __space =3D =
{__align =3D
{__max_align_ll =3D 140737353737120, __max_align_ld =3D <invalid float valu=
e>},=20
            __c =3D
"\240\343\371\367\377\177\000\000\340\220\337\354\377\177\000\000\351\032WU=
UU\000\000\340\222\337\354\377\177\000\000\340\217\337\354\377\177\000\000\=
337\063VUUU\000\000\340qWUUU\000\000+=3D0c\000\000\000\000\v\000\000\000$\0=
00\000\000\r\000\000\000\031\000\000\000\b\000\000\000z\000\000\000\000\000=
\000\000\v\001\000\000\001\000\000\000\000\000\000\000
\034\000\000\000\000\000\000\240\270WUUU\000\000\030\000\000\000\060\000\00=
0\000=D0=97\337\354\377\177\000\000\360\226\337\354\377\177\000\000Sun
Sep 25 13:36:11
2022\000Fz\306\316i=C3=99\000\000\000\000\000\000\000\000\a\t\200\363\377\1=
77\000\000\220\222\337\354\377\177\000\000\270\b"...}}
        canonbuf =3D {data =3D 0x7fffecdf9360, length =3D 1024, __space =3D=
 {__align =3D
{__max_align_ll =3D 0, __max_align_ld =3D 0}, __c =3D '\000' <repeats 216 t=
imes>...}}
        ttl =3D 14400
        total =3D 0
        key_copy =3D 0x0
        alloca_used =3D false
        timeout =3D 9223372036854775807
        __PRETTY_FUNCTION__ =3D "addhstaiX"

The address of "canon" looks suspicious, which means "at" is probably garba=
ge:

(gdb) print at
$20 =3D (struct gaih_addrtuple *) 0x7fffecdf8af0
(gdb) print at.addr=20
$21 =3D {32767, 4160332864, 32767, 0}
(gdb) print at.family=20
$22 =3D -402650048
(gdb) print at.name=20
$23 =3D 0x99c369cec67a4600 <error: Cannot access memory at address
0x99c369cec67a4600>
(gdb) print at.next=20
$24 =3D (struct gaih_addrtuple *) 0x0
(gdb) print at.scopeid=20
$25 =3D 0

--=20
You are receiving this mail because:
You are on the CC list for the bug.=