| Summary: | sys-auth/nss-mdns: segv when resolving .local addresses | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
| Component: | Current packages | Assignee: | Amy Liffey <amynka> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | amynka, gart |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Portage 2.3.2 (python 3.5.2-final-0, default/linux/amd64/13.0/desktop, gcc-5.4.0, glibc-2.23-r3, 4.8.0-pf6-pomiocik+ x86_64)
=================================================================
System Settings
=================================================================
System uname: Linux-4.8.0-pf6-pomiocik+-x86_64-Intel-R-_Core-TM-_i3-3217U_CPU_@_1.80GHz-with-gentoo-2.3
Timestamp of repository gentoo: Sun, 20 Nov 2016 07:02:46 +0000
sh bash 4.4_p5
ld GNU ld (Gentoo 2.27 p1.0) 2.27
distcc 3.2rc1 x86_64-pc-linux-gnu [enabled]
app-shells/bash: 4.4_p5::gentoo
dev-java/java-config: 2.2.0-r3::gentoo
dev-lang/perl: 5.24.0-r2::gentoo
dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo, 3.5.2::gentoo
dev-util/cmake: 3.7.0::gentoo
dev-util/pkgconfig: 0.29.1::gentoo
sys-apps/baselayout: 2.3::gentoo
sys-apps/openrc: 0.22.4::gentoo
sys-apps/sandbox: 2.10-r2::gentoo
sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake: 1.11.6-r2::gentoo, 1.12.6-r1::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils: 2.27::gentoo
sys-devel/gcc: 4.9.3::gentoo, 4.9.4::gentoo, 5.4.0::gentoo, 6.2.0-r1::gentoo
sys-devel/gcc-config: 1.8-r1::gentoo
sys-devel/libtool: 2.4.6-r2::gentoo
sys-devel/make: 4.2.1::gentoo
sys-kernel/linux-headers: 4.8::gentoo (virtual/os-headers)
sys-libs/glibc: 2.23-r3::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: git
sync-umask: 027
sync-uri: https://github.com/swegener/gentoo-portage
priority: -1000
gentoo-cvs
location: /usr/src/gentoo-x86
sync-umask: 027
masters: gentoo
priority: 9999
mgorny
location: /home/mgorny/mgorny-repo
sync-umask: 027
masters: gentoo
priority: 10000
Installed sets: @mg_cb_agent, @mg_gamebot, @mg_qanalytics
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CC="x86_64-pc-linux-gnu-gcc-5.4.0"
CFLAGS="-O2 -pipe -march=core-avx-i --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=3072"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXX="x86_64-pc-linux-gnu-g++-5.4.0"
CXXFLAGS="-O2 -pipe -march=core-avx-i --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=3072"
DISTDIR="/var/cache/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --keep-going --ask"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs binpkg-multi-instance buildpkg ccache cgroup collision-protect config-protect-if-modified distcc distlocks ebuild-locks fixlafiles ipc-sandbox lmirror merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms sign strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://pomiot.local/ http://mirror.netcologne.de/gentoo/ http://gentoo.mirror.web4u.cz/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://gentoo.mirror.pw.edu.pl/ http://ftp.vectranet.pl/gentoo/ http://ftp.fi.muni.cz/pub/linux/gentoo/"
LANG="pl_PL.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed"
MAKEOPTS="-j12"
PKGDIR="/var/cache/portage/packages"
PORTAGE_COMPRESS="lzip"
PORTAGE_COMPRESS_FLAGS="-9"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi adns alsa amd64 amr avx bash-completion berkdb bluetooth branding bzip2 cairo caps cdda cdr cli cracklib crypt cups cxx dbus djvu dri dts dvd dvdr emboss encode exif fam fftw firefox flac fortran gd gdbm gif glamor gmp gnome-keyring gnutls gphoto2 gtk hdri iconv icu id3tag idn imagemagick ipv6 jbig jit jpeg jpeg2k lapack lcms libedit liblockfile libnotify libsecret lzma lzo mad mmx mmxext mng modules mp3 mp4 mpeg mpfr mtp multilib ncurses nls nptl ogg openexr opengl openmp opus pam pango pcre pdf png policykit ppds pulseaudio qt3support qt4 readline schroedinger sctp sdl seccomp session smp sndfile speex spell sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg systemd tcpd theora threads tiff truetype udev udisks unicode upnp upower usb v4l vaapi vdpau vim-syntax vorbis vpx webp wmf wxwidgets x264 xattr xcb xcomposite xml xpm xv xvid zeroconf zlib" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="pl" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="pl" LLVM_TARGETS="*" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4 python3_5 pypy pypy3" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="nouveau intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
=================================================================
Package Settings
=================================================================
sys-libs/glibc-2.23-r3::gentoo was built with the following:
USE="caps gd (multilib) rpc -audit -debug (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" ABI_X86="64"
CFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"
CXXFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"
$ cat /etc/nsswitch.conf # /etc/nsswitch.conf: # $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $ passwd: compat shadow: compat group: compat # passwd: db files nis # shadow: db files nis # group: db files nis hosts: files mdns_minimal [NOTFOUND=return] dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files is this new to 2.23-r3 ? did 2.23-r2 crash ? does 2.24 work any better ? what if you drop nss-mdns from your look up ? (In reply to SpanKY from comment #3) > is this new to 2.23-r3 ? did 2.23-r2 crash ? I don't know. I investigated it with -r3 but it might have happened with -r2 already. The glibc ebuild doesn't allow downgrades, so can't test. > does 2.24 work any better ? I can try it later today. Should I expect it to make my system unbootable or can I try it on the live system? > what if you drop nss-mdns from your look up ? Then I get NXDOMAIN, obviously. A few random Internet domains resolve fine, if that's what you're asking. But then, it might be mdns, it might be nss, it might be a generic problem with local Ethernet addresses (fe80::). (In reply to Michał Górny from comment #4) glibc versions don't get added to the tree if they're known to eat systems nss-mdns is known to have issues. you could also try the latest git: https://github.com/lathiat/nss-mdns (In reply to SpanKY from comment #5) > (In reply to Michał Górny from comment #4) > > glibc versions don't get added to the tree if they're known to eat systems Ok, I'll try it today. > nss-mdns is known to have issues. you could also try the latest git: > https://github.com/lathiat/nss-mdns Oh, I see it's been forked. Also, I see that the whole local IPv6 addresses support is a custom, undocumented patch that's not upstream (in the fork) and does not apply anymore... We decided with upstream that they will apply another ipv6 patch which was already as pull request in the upstream. https://github.com/lathiat/nss-mdns/issues/4 (In reply to Amy Winston from comment #7) > We decided with upstream that they will apply another ipv6 patch which was > already as pull request in the upstream. > > https://github.com/lathiat/nss-mdns/issues/4 Ok, I'll try that patch instead, thanks. So, update: 2.24 segvs the same, and (as replied upstream) the alternative IPv6 patch does not fill in scopes correctly. Ok, I have a suspicion where the segv might be coming from. The ipv6 patch used by Gentoo appends scope to the IPv6 address struct that is afterwards passed to glibc in the 'old' APIs. I guess glibc obviously doesn't expect that. I don't know why it exactly used to work. It's possible that glibc used to use gethostbyname4_r() internally more often in the past, and for some reason prefers gethostbyname2_r() now. For the little random testing I've done locally, it seems that _nss_mdns_gethostbyname4_r() is called by my little test example but e.g. ping6 calls _nss_mdns_gethostbyname2_r() instead for some reason (even though AFAICS it also calls getaddrinfo()). It's also possible that it just called *2_r() as well but it gained some checks. I suppose it could've worked if it just passed through the (wrong) address length from _nss_mdns_gethostbyname2_r() and people used it to construct sockaddr_in6. The resulting overflow would have caused the additional 32 bits corresponding to scope id land in sin6_scope_id. Anyway, I think switching to the new upstream IPv6 patch sounds like the way to go for nss-mdns. However, we still need to determine why glibc doesn't want to call gethostbyname4_r() when used by most tools... i think it's safe to say that it's not a bug in glibc. it'd be nice if we could isolate glibc code from buggy nss modules, but i don't think that's feasible considering the nss API where everything is in-process and dlopened modules. @Amynka, would you mind me adding a live ebuild for it (the fork)? This should be resolved with the inclusion upstream of https://github.com/lathiat/nss-mdns/pull/23 This is included in the new release: https://github.com/lathiat/nss-mdns/releases/tag/v0.11 Sorry, I am not sure if that pull request in the previous comment was the correct one, but the bug may have been fixed regardless. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5adf255b5716f5b9c2b28dcb9898d3bafa732ea9 commit 5adf255b5716f5b9c2b28dcb9898d3bafa732ea9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-01-23 08:27:28 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-01-23 08:28:08 +0000 sys-auth/nss-mdns: Bump to 0.11 Bump to the first release from the new upstream. Big thanks to Adam Goode for merging our patches and working on the code! Closes: https://bugs.gentoo.org/590968 Closes: https://bugs.gentoo.org/600282 Closes: https://bugs.gentoo.org/627770 sys-auth/nss-mdns/Manifest | 1 + sys-auth/nss-mdns/nss-mdns-0.11.ebuild | 54 ++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) |
sys-libs/glibc-2.23-r3::gentoo was built with the following: USE="caps gd (multilib) rpc -audit -debug (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" ABI_X86="64" CFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector" CXXFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector" (gdb) run Starting program: /bin/ping6 pomiot.local Program received signal SIGSEGV, Segmentation fault. 0x00007ffff70841b0 in gaih_inet (name=name@entry=0x7fffffffe88a "pomiot.local", service=<optimized out>, req=req@entry=0x7fffffffe4c0, pai=pai@entry=0x7fffffffe368, naddrs=naddrs@entry=0x7fffffffe364) at ../sysdeps/posix/getaddrinfo.c:1052 1052 status = NSS_STATUS_TRYAGAIN; (gdb) bt #0 0x00007ffff70841b0 in gaih_inet (name=name@entry=0x7fffffffe88a "pomiot.local", service=<optimized out>, req=req@entry=0x7fffffffe4c0, pai=pai@entry=0x7fffffffe368, naddrs=naddrs@entry=0x7fffffffe364) at ../sysdeps/posix/getaddrinfo.c:1052 #1 0x00007ffff70848fe in __GI_getaddrinfo (name=<optimized out>, name@entry=0x7fffffffe88a "pomiot.local", service=service@entry=0x0, hints=hints@entry=0x7fffffffe4c0, pai=pai@entry=0x7fffffffe4b0) at ../sysdeps/posix/getaddrinfo.c:2425 #2 0x00000000004032fe in main (argc=<optimized out>, argv=0x7fffffffe660) at ping6.c:932