nscd crashed with SIGSEGV in _nss_files_init()

StacktraceTop:
 ?? ()
 _nss_files_init (cb=0x1) at nss_files/files-init.c:47
 nss_load_library (ni=<optimized out>) at nsswitch.c:412
 nss_load_all_libraries (def=0x7f03dd560b74 "dns [!UNAVAIL=return] files", service=0x7f03dd560b90 "hosts") at nsswitch.c:875
 __nss_disable_nscd (cb=<optimized out>) at nsswitch.c:895

Status changed to 'Confirmed' because the bug affects multiple users.

Adding src:eglibc due to this:

(gdb) bt
#0 0x0000000000000001 in ?? ()
#1 0x00007ffff73f697f in _nss_files_init () from /lib/x86_64-linux-gnu/libnss_files.so.2
#2 0x00007ffff7b212f9 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff7b2201d in __nss_disable_nscd () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000000000401c9e in main (argc=1, argv=0x7fffffffe598) at nscd.c:2410

# dpkg -S /lib/x86_64-linux-gnu/libnss_files.so.2
libc6: /lib/x86_64-linux-gnu/libnss_files.so.2

Please fix with high urgency.

Same on i386:

Program received signal SIGSEGV, Segmentation fault.
0xffffd33c in ?? ()
(gdb) bt
#0 0xffffd33c in ?? ()
#1 0xf7f27173 in ?? () from /lib/i386-linux-gnu/libc.so.6
#2 0xf7f2764d in __nss_disable_nscd () from /lib/i386-linux-gnu/libc.so.6
#3 0x08049409 in ?? ()
#4 0xf7e444d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#5 0x0804ad65 in ?? ()

Rebuilding unscd from source and running an unstripped binary, we see it crashing in libc's nsswitch.c:875.

#if __OPTION_EGLIBC_INET
/* Called by nscd and nscd alone. */
void
__nss_disable_nscd (void (*cb) (size_t, struct traced_file *))
{
# ifdef PTR_MANGLE
  PTR_MANGLE (cb); <---- NULL ptr deref
# endif
  nscd_init_cb = cb;
  is_nscd = true;

The 'cb' init callback function pointer is apparently optional; the definition of PTR_DEMANGLE in sysdep.h doesn't say so.

Status changed to 'Confirmed' because the bug affects multiple users.

Upgrading it from 0.47 to 0.48 would bring the bugfix into precise. I've hand compiled 0.48, and it fixes the problem.

unscd 0.48-2 is already in, so it needs to be published for 12.04 Precise:
http://archive.ubuntu.com/ubuntu/pool/universe/u/unscd/

http://archive.ubuntu.com/ubuntu/pool/universe/u/unscd/unscd_0.48-2_amd64.deb
http://archive.ubuntu.com/ubuntu/pool/universe/u/unscd/unscd_0.48-2_i386.deb

It works well here. SRU justification:
[Impact] unscd-0.47 crashes each time it is started, thus is useless and obtrusive
[Test Case] start unscd-0.47: sudo /etc/init.d/unscd start
[Regression Potential] None due to existing crasher

Based on feedback from Ubuntu developers, we see that unscd-0.48 was released only to fix this issue [1]. On that basis, I feel it is suitable as a pure backport to avoid introduction of other issues.

--- [1]

$ bzr branch lp:ubuntu/precise/unscd && mv unscd unscd-precise
$ bzr branch lp:ubuntu/quantal/unscd && mv unscd unscd-quantal
$ diff -ur --exclude 'debian' unscd-precise/nscd.c unscd-quantal/nscd.c
--- unscd-precise/nscd.c 2012-07-09 22:37:10.781166000 +0800
+++ unscd-quantal/nscd.c 2012-07-09 22:41:19.204361000 +0800
@@ -139,8 +139,9 @@
  * thanks to Sebastian Krahmer (krahmer AT suse.de)
  * 0.46 fix a case when we forgot to remove a future entry on worker failure
  * 0.47 fix nscd without -d to not bump debug level
+ * 0.48 fix for changes in __nss_disable_nscd API in glibc-2.15
  */
-#define PROGRAM_VERSION "0.47"
+#define PROGRAM_VERSION "0.48"

 #define DEBUG_BUILD 1

@@ -2097,7 +2098,7 @@
 };

 static const char *const help[] = {
- "Do not daemonize; log to stderr",
+ "Do not daemonize; log to stderr (-dd: more verbosity)",
  "File to read configuration from",
  "Invalidate cache",
  "Shut the server down",
@@ -2347,6 +2348,7 @@

 /* not static - don't inline me, compiler! */
+void readlink_self_exe(void);
 void readlink_self_exe(void)
 {
  char buf[PATH_MAX + 1];
@@ -2389,15 +2391,32 @@
   reqdata.req.key_len = arg_len;
   memcpy(reqdata.arg, arg, arg_len);
   xfull_write(sock, &reqdata, arg_len + sizeof(ureq));
- printf("sent invalidate(%s) request, exiting\n", arg);
+ if (debug) {
+ printf("sent invalidate(%s) request, exiting\n", arg);
+ }
  }
  exit(0);
 }

+/* Callback for glibc-2.15 */
+struct traced_file;
+static void do_nothing(size_t dbidx, struct traced_file *finfo)
+{
+ /* nscd from glibc-2.15 does something like this:
+ if (!dbs[dbidx].enabled || !dbs[dbidx].check_file)
+ return;
+ add_file_to_watch_list(finfo->fname);
+ */
+}
+
 /* This internal glibc function is called to disable trying to contact nscd.
- * We _are_ nscd, so we need to do the lookups, and not recurse. */
-void __nss_disable_nscd(void);
+ * We _are_ nscd, so we need to do the lookups, and not recurse.
+ * Until 2.14, this function was taking no parameters.
+ * In 2.15, it takes a function pointer from hell.
+ */
+void __nss_disable_nscd(void (*hell)(size_t, struct traced_file*));
+

 int main(int argc, char **argv)
 {
@@ -2407,7 +2426,7 @@
  const char *conffile;

  /* make sure we don't get recursive calls */
- __nss_disable_nscd();
+ __nss_disable_nscd(do_nothing);

  if (argv[0][0] == 'w') /* "worker_nscd" */
   worker(argv[1]);

Status changed to 'Confirmed' because the bug affects multiple users.

Better, I followed [https://wiki.ubuntu.com/Bugs/HowToFix] and prepared and backported the minimal fix as suggested by Alessandro Menti and attached the bzr branch:

https://code.launchpad.net/~inquisitor/ubuntu/precise/unscd/fix-for-958305/

The updated build via pbuilder passed my testing here.

Uploaded.

Hello Daniel, or anyone else affected,

Accepted into precise-proposed. The package will build now and be available in a few hours in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Tested from -proposed and it addresses the issue and works well.

This bug was fixed in the package unscd - 0.47-2build2.1

---------------
unscd (0.47-2build2.1) precise-proposed; urgency=low

  * Backport startup crash fix from 0.48 (LP: #958305).
 -- Daniel J Blueman <email address hidden> Mon, 09 Jul 2012 23:02:31 +0800