Bug 732857

Summary: "__libc_res_nquery: Assertion `hp != hp2' failed." crashes many apps on particular failed DNS queries
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: glibcAssignee: Andreas Schwab <schwab>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 16CC: fweimer, jakub, schwab
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-23 23:41:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 713565, 713568    
Attachments:
Description Flags
Proposed fix (from Aurelien Jarno, Debian) none

Description Adam Williamson 2011-08-23 23:38:27 UTC
As discussed in various places - devel list, https://bugs.archlinux.org/task/24615 , and http://sourceware.org/bugzilla/show_bug.cgi?id=13013 - current glibc contains a bug which can cause any app to crash if a DNS lookup fails in a particular way (so far as I can tell). Usually the bug is hard to reliably reproduce - just trying to browse to a garbage domain doesn't do it - but https://bugs.archlinux.org/task/24615#comment78282 claims this as a reliable reproducer:

# iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited
# wget http://google.com/
--2011-06-08 12:13:58-- http://google.com/
Resolving google.com... zsh: segmentation fault (core dumped)

http://sourceware.org/bugzilla/show_bug.cgi?id=13013 has a proposed patch, which I will attach to this report. Kevin Fenzi did a scratch build - http://koji.fedoraproject.org/koji/taskinfo?taskID=3289243 - with the patch, which he says seems to resolve the issue for him. That report also suggests that the condition to cause the crash is "When the first answer is a SERVFAIL, NOTIMP or REFUSED".

Comment 1 Adam Williamson 2011-08-23 23:39:15 UTC
Created attachment 519536 [details]
Proposed fix (from Aurelien Jarno, Debian)

Comment 2 Adam Williamson 2011-08-23 23:40:05 UTC
proposing as Beta NTH and final release blocker, this is a bit icky of a bug to ship with.

Comment 3 Adam Williamson 2011-08-23 23:41:26 UTC
holy cow, it's groundhog day. I already reported this one and promptly forgot. sigh.

*** This bug has been marked as a duplicate of bug 730856 ***