Re: solaris nscd cores

["j.e.r.k. ROCKS" <jerkrock () yahoo com>]

  Actually, this trace is a bit better:

Core was generated by `/usr/sbin/nscd'.
Program terminated with signal 9, Killed.
Reading symbols from /usr/lib/libdoor.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libresolv.so.2...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libpthread.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libthread.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libc.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols
found)...done.
Reading symbols from /usr/platform/SUNW,Ultra-80/lib/libc_psr.so.1...
(no debugging symbols found)...done.
Reading symbols from /usr/lib/nss_files.so.1...(no debugging symbols
found)...done.
Reading symbols from /usr/lib/nss_dns.so.1...(no debugging symbols
found)...done.
#0  0xef7663d8 in ns_name_unpack ()
(gdb) bt
#0  0xef7663d8 in ns_name_unpack ()
#1  0xef7667bc in ns_name_uncompress ()
#2  0xef765b40 in dn_expand ()
#3  0xef76a6f4 in getanswer ()
#4  0xef76b2e8 in res_gethostbyaddr ()
#5  0xef4c0bf0 in _gethostbyaddr ()
#6  0xef4c0d98 in getbyaddr ()
#7  0xef5d5244 in nss_search ()
#8  0xef6b0a84 in _switch_gethostbyaddr_r ()
#9  0xef6af64c in _uncached_gethostbyaddr_r ()
#10 0x1655c in gethost_lookup ()
#11 0x133d8 in switcher ()


--- mikeDOTd <mikedotd () nexthop net> wrote:
>       I saw a number of nscd crashes thursday-friday on my sun.
>
>       I have a full core, and initially I see this:
>
> Core was generated by `/usr/sbin/nscd'.
> Program terminated with signal 9, Killed.
> #0  0xef7563d8 in ?? ()
>
>       If I find anything else I'll post to the list.
>
>
> --mikeDOTd
> mikedotd () nexthop net
> http://www.nexthop.net/~mikedotd
>
> pub DH/DSS http://www.nexthop.net/~mikedotd/0xC8D39AC8.asc
> Key fingerprint: 355D E9FA 2C25 93A9 877F  D9F3 6925 E0A9 C8D3 9AC8
>
> On Fri, 30 Nov 2001, j.e.r.k. ROCKS wrote:
>
> >   Has anyone else seen core dumps from their Solaris nscd process
> > recently?  At 11:07 CST yesterday, two different Internet-facing
> > machines in my network saw their nscd processes dump core.  The
> file
> > system filled up in both cases, so I actually didn't get a full
> core
> > file.  GDB tells me:
> >
> > Core was generated by `/usr/sbin/nscd'.
> > Program terminated with signal 9, Killed.
> > Cannot access memory at address 0xef7efdec.
> > #0  0xef7663d8 in ?? ()Cannot access memory at address 0xef7efdec.
> > (gdb) bt
> > #0  0xef7663d8 in ?? ()Cannot access memory at address 0xef7efdec.
> >
> >
> > I am running with patch 109339-01, which fixes a mysterious buffer
> > overflow bug in nscd (Sun released a proactive advisory back in
> > November 2000, along with this patch), but this definitely makes me
> > nervous.  Has anyone else encountered this issue?
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! GeoCities - quick and easy web site hosting, just
> $8.95/month.
> > http://geocities.yahoo.com/ps/info1
----------------------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com


__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com