Package: psmisc
Version: 22.21-2
Severity: normal
Tags: upstream

Dear Maintainer,

we use `fuser /run/fail2ban/fail2ban.sock` in a script to determine if
fail2ban is still running, and if not, to restart it. On some servers
(just a few, so far I've seen this problem on 3 servers out of ~1800)
this didn't work for some reason - fuser didn't list the fail2ban
process, although it was listening on the socket:

affected-server ~ # fuser /run/fail2ban/fail2ban.sock
affected-server ~ #

affected-server ~ # lsof -n /var/run/fail2ban/fail2ban.sock
COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF       NODE NAME
fail2ban- 21295 root    3u  unix 0xffff88010eb610c0      0t0 3098423561 
/var/run/fail2ban/fail2ban.sock

The expected output would have been something like this:

working-server ~ # fuser /run/fail2ban/fail2ban.sock
/run/fail2ban/fail2ban.sock: 13164

I found some debug code in fuser.c and added some of my own to track this down,
and I think I finally figured it out: the affected servers have socket inode
numbers > 2^31-1, and fill_unix_cache() in fuser.c fails to parse this:

affected-server ~ # ./fuser /run/fail2ban/fail2ban.sock 2>&1 | grep fail2ban
fill_unix_cache: scanned_inode:2147483647 
scanned_path:/var/run/fail2ban/fail2ban.sock
        /run/fail2ban/fail2ban.sock
  Dev:7 Inode:(2147483647) 0x7fffffff => /run/fail2ban/fail2ban.sock
  Dev:f Inode:(-1196543734) 0xb8ae310a => /run/fail2ban/fail2ban.sock
adding file /run/fail2ban/fail2ban.sock F B8AE310A
adding socket /run/fail2ban/fail2ban.sock 7 7FFFFFFF

Replacing the %d in the sscanf line with %lld seems to fix the problem:

affected-server ~ # ./fuser /run/fail2ban/fail2ban.sock
[...]
fill_unix_cache: scanned_inode:3098423561 
scanned_path:/var/run/fail2ban/fail2ban.sock
[...]
adding file /run/fail2ban/fail2ban.sock F B8AE310A
adding socket /run/fail2ban/fail2ban.sock 7 B8AE3109
Specified Names:
        /run/fail2ban/fail2ban.sock

Inodes:
  Dev:7 Inode:(-1196543735) 0xb8ae3109 => /run/fail2ban/fail2ban.sock
  Dev:f Inode:(-1196543734) 0xb8ae310a => /run/fail2ban/fail2ban.sock

Devices:
Cannot open /proc/fs/nfs/exports
/run/fail2ban/fail2ban.sock: 21295

I've attached a patch with my changes. Please beware though that my C knowledge
is rudimentary at best, so the necessary changes should probably be
reimplemented by someone who knows what he's doing :)
There are probably several other places in the code that have to be modified
for proper 64 bit inode support.

-- System Information:
Debian Release: 8.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages psmisc depends on:
ii  libc6      2.19-18+deb8u10
ii  libtinfo5  5.9+20140913-1+b1

psmisc recommends no packages.

psmisc suggests no packages.

-- no debconf information

Reply via email to