unscd segfaults regularly

Bug #1376274 reported by Tamas Papp on 2014-10-01
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
unscd (Ubuntu)
Medium
Bryan Quigley
Trusty
Medium
Unassigned

Bug Description

[Impact]

 * It's causing a crash.

[Test Case]

 * detailed instructions how to reproduce the bug

[Regression Potential]

 * The fix just checks for one NULL pointer, and it's been in 16.04 and above since release, per comment #3.

Original Report:
kern.log:Oct 1 11:34:51 camel kernel: [1715974.313870] nscd[11501]: segfault at 0 ip 0000000000403b71 sp 00007fff8ba4def0 error 4 in nscd[400000+8000]

unscd is getting died after a not very long time.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unscd 0.51-1build2
ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic x86_64
NonfreeKernelModules: vhost_net vhost macvtap macvlan ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp ip6table_filter ip6_tables iptable_filter ip_tables x_tables veth bridge stp llc gpio_ich x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd sb_edac joydev edac_core mei_me mei lpc_ich ipmi_si wmi ioatdma mac_hid lp parport zfs zunicode zavl zcommon znvpair spl btrfs libcrc32c raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor igb raid6_pq i2c_algo_bit raid1 isci mpt2sas hid_generic dca raid0 libsas usbhid raid_class ptp ahci multipath hid libahci scsi_transport_sas pps_core linear
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
Date: Wed Oct 1 15:49:48 2014
Dependencies:
 gcc-4.9-base 4.9.1-0ubuntu1
 libc6 2.19-0ubuntu6.3
 libgcc1 1:4.9.1-0ubuntu1
 multiarch-support 2.19-0ubuntu6.3
SourcePackage: unscd
UpgradeStatus: Upgraded to trusty on 2014-06-04 (119 days ago)

Tamas Papp (tomposmiko) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unscd (Ubuntu):
status: New → Confirmed
summary: - unscd segfault
+ unscd segfaults regularly
Florian Löffler (loe-florian) wrote :

I have the same problem.
After starting unscd it segfaults after a short time.
If many requests occur virtually immediatly.

The attached output of valgrind supports this claim:
valgrind -v --leak-check=full --show-leak-kinds=all --trace-children=yes nscd -d 2>&1 | tee /tmp/valgrind.log

...
==2487== Process terminating with default action of signal 11 (SIGSEGV)
==2487== Access not within mapped region at address 0x0
==2487== at 0x403B71: free_refcounted_ureq (nscd.c:1220)
==2487== by 0x403C72: close_client (nscd.c:808)
==2487== by 0x402544: handle_client (nscd.c:1602)
==2487== by 0x402544: main_loop (nscd.c:2027)
==2487== by 0x402544: main (nscd.c:2654)
...

This points to line 1220 in nscd.c as the source of the problem.
Problem appears to be fixed in unscd_0.52-1 (there was a NULL check added at exactly this code position).
Also installing a manually build package of unscd_0.52-1 fixes the problem.

Obvious resolution would be to provide an official unscd_0.52-1 package for 14.04

Hi,

I can confirm this behavior on all our servers running ubuntu 14.04.
If we are going to continue to use uncsd, we really need this fix backported to 14.04.

I'm new here, but who decides if this is going to be fixed in 14.04 or not ?
And when is that decision being made ?

Best regards,
Patrik Martinsson,
Sweden

Tamas Papp (tomposmiko) wrote :

You better switch to sssd.

Scott Moser (smoser) wrote :

Tamas,
Please correct me if I'm wrong, but it does not look to me like sssd supports dns/hosts caching.

Changed in unscd (Ubuntu):
assignee: nobody → Bryan Quigley (bryanquigley)
Bryan Quigley (bryanquigley) wrote :

Here is a debdiff that backports the single NULL check (which is all of 0.52) to Trusty.

Bryan Quigley (bryanquigley) wrote :

I've created a debdiff to backport the fix to 14.04. We could use more details on both the impact and a step-by-step way (from a fresh cloud image) to reproduce the bug.

description: updated

The attachment "unscd_0.51-1ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Mathew Hodson (mhodson) on 2016-10-28
Changed in unscd (Ubuntu):
importance: Undecided → Medium
Jeremy Bicha (jbicha) on 2016-10-29
Changed in unscd (Ubuntu):
status: Confirmed → Fix Released
Changed in unscd (Ubuntu Trusty):
importance: Undecided → Medium
status: New → Triaged
Daniel Holbach (dholbach) wrote :

I uploaded the change. Can you please add a test-case for the ubuntu-sru team to the description to the bug?

Changed in unscd (Ubuntu Trusty):
status: Triaged → Fix Committed
Bryan Quigley (bryanquigley) wrote :

Thanks Daniel!

I unfortunately don't have a test case. Anyone else who has this bug, please provide one so we can get this fixed.

Sebastien Bacher (seb128) wrote :

the debdiff has been uploaded, unsubscribing the sponsors

Hello Tamas, or anyone else affected,

Accepted unscd into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unscd/0.51-1ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for trusty for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Tamas Papp (tomposmiko) wrote :

Sorry, I have already switched to sssd, cannot test the fix.

Bryan Quigley (bryanquigley) wrote :

I've asked for testing privately with no luck. I think this will have to be removed.

Stephen A. Zarkos (stevez) wrote :

I've tested unscd with the patch and saw no issues, but unfortunately there is no simple repro script that generates the failure. Customers just see this issue appear after some time of running the service.

The customer in comment #3 also confirmed that unscd_0.52-1 fixes the issue for them, and this null pointer check is the only change in that release. To me this seems low risk to keep the null pointer check and release this.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unscd - 0.51-1ubuntu1

---------------
unscd (0.51-1ubuntu1) trusty-proposed; urgency=medium

  * Backport of full 0.52 release which just contains one NULL
    pointer check. (LP: #1376274)

 -- Bryan Quigley <email address hidden> Thu, 27 Oct 2016 18:44:09 +0000

Changed in unscd (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unscd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers