This was fixed in yakkety’s libc6 2.23-1ubuntu1. We are still waiting for a xenial SRU.
** Description changed: - To reproduce: + [Impact] - sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf - cat > /etc/hesiod.conf <<EOF + The nss_hesiod nsswitch module, which worked in previous releases, does + not work at all in Ubuntu 16.04. Enabling it causes NULL pointer + dereferences in calls such as getpwuid(). + + [Test Case] + + # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf + # cat > /etc/hesiod.conf <<EOF lhs=.ns rhs=.athena.mit.edu EOF - id andersk + # id andersk + Segmentation fault (core dumped) - This is a bug in nss_hesiod. See - https://sourceware.org/bugzilla/show_bug.cgi?id=19573. + Expected output: uid=39270(andersk) gid=101(…) groups=101(…). + + [Regression Potential] + + I wrote a 6-line patch that conditionalizes an errant res_nclose call. + There is also a bigger upstream patch on the glibc 2.22 and 2.23 stable + branches that entirely removes the unused abstraction that necessitated + the res_nclose calls at all. Neither patch makes any changes outside of + the glibc hesiod directory, which as of now is so thoroughly broken that + there is nothing left to regress. + ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: coreutils 8.25-2ubuntu2 ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6 Uname: Linux 4.4.0-18-generic x86_64 NonfreeKernelModules: openafs ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Sun Apr 17 22:39:06 2016 EcryptfsInUse: Yes ExecutablePath: /usr/bin/id ExecutableTimestamp: 1455802667 InstallationDate: Installed on 2016-02-19 (58 days ago) InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218) ProcCmdline: id andersk ProcCwd: /home/anders SegvAnalysis: - Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>: cmp %dx,(%rax) - PC (0x7fef32217a88) ok - source "%dx" ok - destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)! + Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>: cmp %dx,(%rax) + PC (0x7fef32217a88) ok + source "%dx" ok + destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)! SegvReason: writing NULL VMA Signal: 11 SourcePackage: coreutils StacktraceTop: - sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584 - __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408 - __GI___res_nsend (statp=<optimized out>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=anssiz@entry=1024) at res_send.c:630 - get_txt_records (class=1, name=name@entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374 - hesiod_resolve (context=context@entry=0xff27e0, name=name@entry=0x7ffd88e81190 "39270", type=type@entry=0x7fef3242a486 "uid") at hesiod.c:240 + sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584 + __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408 + __GI___res_nsend (statp=<optimized out>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=anssiz@entry=1024) at res_send.c:630 + get_txt_records (class=1, name=name@entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374 + hesiod_resolve (context=context@entry=0xff27e0, name=name@entry=0x7ffd88e81190 "39270", type=type@entry=0x7fef3242a486 "uid") at hesiod.c:240 Title: id crashed with SIGSEGV in sock_eq() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark ** Description changed: [Impact] The nss_hesiod nsswitch module, which worked in previous releases, does not work at all in Ubuntu 16.04. Enabling it causes NULL pointer dereferences in calls such as getpwuid(). [Test Case] # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf # cat > /etc/hesiod.conf <<EOF lhs=.ns rhs=.athena.mit.edu EOF # id andersk Segmentation fault (core dumped) Expected output: uid=39270(andersk) gid=101(…) groups=101(…). [Regression Potential] I wrote a 6-line patch that conditionalizes an errant res_nclose call. There is also a bigger upstream patch on the glibc 2.22 and 2.23 stable branches that entirely removes the unused abstraction that necessitated the res_nclose calls at all. Neither patch makes any changes outside of the glibc hesiod directory, which as of now is so thoroughly broken that there is nothing left to regress. + [Other Info] ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: coreutils 8.25-2ubuntu2 ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6 Uname: Linux 4.4.0-18-generic x86_64 NonfreeKernelModules: openafs ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Sun Apr 17 22:39:06 2016 EcryptfsInUse: Yes ExecutablePath: /usr/bin/id ExecutableTimestamp: 1455802667 InstallationDate: Installed on 2016-02-19 (58 days ago) InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218) ProcCmdline: id andersk ProcCwd: /home/anders SegvAnalysis: Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>: cmp %dx,(%rax) PC (0x7fef32217a88) ok source "%dx" ok destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)! SegvReason: writing NULL VMA Signal: 11 SourcePackage: coreutils StacktraceTop: sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584 __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408 __GI___res_nsend (statp=<optimized out>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans@entry=0x7ffd88e80d10 " you want. Don't add spaces after the\n", anssiz=anssiz@entry=1024) at res_send.c:630 get_txt_records (class=1, name=name@entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374 hesiod_resolve (context=context@entry=0xff27e0, name=name@entry=0x7ffd88e81190 "39270", type=type@entry=0x7fef3242a486 "uid") at hesiod.c:240 Title: id crashed with SIGSEGV in sock_eq() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1571456 Title: id crashed with SIGSEGV in sock_eq() To manage notifications about this bug go to: https://bugs.launchpad.net/glibc/+bug/1571456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
