Bug#815974: Segmentation fault in libresolv triggered by php5-fpm
Am Samstag, den 27.02.2016, 23:59 +0100 schrieb Aurelien Jarno: > On 2016-02-26 22:03, Fabian Niepelt wrote: > > > > > > > > IMHO making sure that programs are restarted after applying the > > > security > > > update should be enough, but I am not fully sure about my > > > analysis, so a > > > confirmation would be nice to have. > > The machines in question have been rebooted a few times after > > upgrading. > Ok then my scenario might be wrong. > > > > > I will try to get a full backtrace next week. Sadly, I won't have > > access to the systems over the weekend. > Ok, no problem. > > > > > > > > > It wonder if it could be that the process is started with the > > > old libc and is later dlopening the new nss libraries. > > Going to investigate if there are old libs lying around somewhere > > in the system on monday. > I am able to trigger similar (but slightly different) segmentation > fault > by doing name resolving with the new libc (ie 2.13-38+deb7u10) but > with > the old /lib/x86_64-linux-gnu/libnss_dns.so.2 (ie from 2.13- > 38+deb7u9). > Do you have any nss modules which do not come from the libc6 package > installed (either from another package or manually installed)? > Yep, this was it. Searching for the lib yielded an old version of it that is not managed by package management... Thank you for giving me the hint. > Thanks for your help in debugging. Thank you all for your time and sorry for the noise! Greetings
Bug#815974: Segmentation fault in libresolv triggered by php5-fpm
> IMHO making sure that programs are restarted after applying the security > update should be enough, but I am not fully sure about my analysis, so a > confirmation would be nice to have. The machines in question have been rebooted a few times after upgrading. I will try to get a full backtrace next week. Sadly, I won't have access to the systems over the weekend. > It wonder if it could be that the process is started with the > old libc and is later dlopening the new nss libraries. Going to investigate if there are old libs lying around somewhere in the system on monday. Greetings
Bug#815974: Segmentation fault in libresolv triggered by php5-fpm
This is the correct output, the older one contains a test I thought was in an endless loop but succeeded after a few minutes. Greetingsroot@linux-6sir:~/glibc_tests > ./bug18665-tcp info: old timeout value: 1 info: old retry attempt value: 4 info: old _res.options: 0x802c1 info: old _res.nscount value: 1 info: old _res.ndots value: 1 info: new timeout value: 1 info: new retry attempt value: 4 info: new _res.options: 0x802c1 info: new _res.nscount value: 3 info: new _res.ndots value: 1 info: server 0: 127.0.0.1/51085 info: server 1: 127.0.0.1/40189 info: server 2: 127.0.0.1/41315 error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: 3 errors detected Aborted (core dumped) root@linux-6sir:~/glibc_tests > ./tst-basic info: old timeout value: 1 info: old retry attempt value: 4 info: old _res.options: 0x802c1 info: old _res.nscount value: 1 info: old _res.ndots value: 1 info: new timeout value: 1 info: new retry attempt value: 4 info: new _res.options: 0x802c1 info: new _res.nscount value: 3 info: new _res.ndots value: 1 info: server 0: 127.0.0.1/53644 info: server 1: 127.0.0.1/35595 info: server 2: 127.0.0.1/36343 error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 192.0.2.17 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 192.0.2.17 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 192.0.2.17 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 192.0.2.17 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 192.0.2.18 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 192.0.2.18 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 192.0.2.18 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 192.0.2.18 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 2001:db8::1 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: www.example -address: 2001:db8::1 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 2001:db8::2 +error: HOST_NOT_FOUND error: hostent comparison failure --- expected +++ actual @@ -1,3 +1 @@ -name: www.example -alias: alias.example -address: 2001:db8::2 +error: HOST_NOT_FOUND error: addrinfo comparison failure --- expected +++ actual @@ -1,6 +1 @@ -address: STREAM/TCP 192.0.2.17 80 -address: DGRAM/UDP 192.0.2.17 80 -address: RAW/IP 192.0.2.17 80 -address: STREAM/TCP 2001:db8::1 80 -address: DGRAM/UDP 2001:db8::1 80 -address: RAW/IP 2001:db8::1 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,6 +1 @@ -address: STREAM/TCP 192.0.2.18 80 -address: DGRAM/UDP 192.0.2.18 80 -address: RAW/IP 192.0.2.18 80 -address: STREAM/TCP 2001:db8::2 80 -address: DGRAM/UDP 2001:db8::2 80 -address: RAW/IP 2001:db8::2 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,3 +1 @@ -address: STREAM/TCP 192.0.2.17 80 -address: DGRAM/UDP 192.0.2.17 80 -address: RAW/IP 192.0.2.17 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,3 +1 @@ -address: STREAM/TCP 192.0.2.18 80 -address: DGRAM/UDP 192.0.2.18 80 -address: RAW/IP 192.0.2.18 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,3 +1 @@ -address: STREAM/TCP 2001:db8::1 80 -address: DGRAM/UDP 2001:db8::1 80 -address: RAW/IP 2001:db8::1 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,3 +1 @@ -address: STREAM/TCP 2001:db8::2 80 -address: DGRAM/UDP 2001:db8::2 80 -address: RAW/IP 2001:db8::2 80 +error: Name or service not known error: hostent comparison failure --- expected +++ actual @@ -1,2 +1 @@ -name: t.www.example -address: 192.0.2.19 +error: HOST_NOT_FOUND error: hostent comparison failure
Bug#815974: Segmentation fault in libresolv triggered by php5-fpm
Am Freitag, den 26.02.2016, 05:01 -0500 schrieb Carlos O'Donell: > On Fri, Feb 26, 2016 at 3:57 AM, Fabian Niepelt <F.Niepelt@mittwald.d > e> wrote: > > > > I'll be gladly providing additional info if you require it. > > Program received signal SIGSEGV, Segmentation fault. > > 0x7f146545e4fa in *__GI___libc_res_nsearch > > (statp=0x7f14659f7300, > > name=, class=, type=, > > answer=0x7fff6d6c0df0 "2", anslen=, > > answerp=0x7fff6d6c1660, > > answerp2=0x7fff6d6c1658, nanswerp2=0x7fff6d6c167c, > > resplen2=0x7fff6d6c1678, answerp2_malloced=0x20032) at > > res_query.c:393 > > 393 res_query.c: No such file or directory. > 1) Download the tarball from the official CVE-2015-7547 tests here: > https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html > > 2) Comment out BUILDDIR (to build against your system libraries) > > 3) Run 'make' to build the test, and run them all one-by-one. > > Do any of them fail on your system? > > Cheers, > Carlos. > Hello, indeed most of them fail. I attached a text file with the output of the failed tests. If a test is not included in the text file it is because it didn't throw any errors. I tried them on the system in question, another updated system and out of curiosity on two opensuse systems, the results were the same. Is there another prerequisite to running these tests? Greetingsroot@linux-6sir:~/glibc_tests > ./bug18665-tcp info: old timeout value: 1 info: old retry attempt value: 4 info: old _res.options: 0x802c1 info: old _res.nscount value: 1 info: old _res.ndots value: 1 info: new timeout value: 1 info: new retry attempt value: 4 info: new _res.options: 0x802c1 info: new _res.nscount value: 3 info: new _res.ndots value: 1 info: server 0: 127.0.0.1/51085 info: server 1: 127.0.0.1/40189 info: server 2: 127.0.0.1/41315 error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: addrinfo comparison failure --- expected +++ actual @@ -1,2 +1 @@ -address: STREAM/TCP 10.0.3.6 80 -address: STREAM/TCP 2001:db8::4:6 80 +error: Name or service not known error: 3 errors detected Aborted (core dumped) root@linux-6sir:~/glibc_tests > ./bug18665-tcp-2 info: old timeout value: 1 info: old retry attempt value: 4 info: old _res.options: 0x802c1 info: old _res.nscount value: 1 info: old _res.ndots value: 1 info: new timeout value: 1 info: new retry attempt value: 4 info: new _res.options: 0x802c1 info: new _res.nscount value: 3 info: new _res.ndots value: 1 info: server 0: 127.0.0.1/52584 info: server 1: 127.0.0.1/39059 info: server 2: 127.0.0.1/55518 info: name: www.example info: initial_address_count: 2 info: subsequent_address_count: 3 info: name: www.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www1.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www12.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www123.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www.example info: initial_address_count: 2 info: subsequent_address_count: 3 info: name: www.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www1.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www12.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www123.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www.example info: initial_address_count: 2 info: subsequent_address_count: 3 info: name: www.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www1.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www12.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www123.example info: initial_address_count: 124 info: subsequent_address_count: 2000 info: name: www.example info: initial_address_count: 2 info: subsequent_address_count: 3 [...] ^C root@linux-6sir:~/glibc_tests > ./tst-basic info: old timeout value: 1 info: old retry attempt value: 4 info: old _res.options: 0x802c1 info: old _res.nscount value: 1 info: old _res.ndots value: 1 info: new timeout value: 1 info: new retry attempt value: 4 info: new _res.options: 0x802c1 info: new _res.nscount value: 3 info: new _res.ndots value: 1 info: server 0: 127.0.0.1/53644 info: server 1: 127.0.0.1/35595 info: server 2: 127.0.0.1/36343 error: hostent comparison failure --- expected +++ ac
Bug#815974: Segmentation fault in libresolv triggered by php5-fpm
Package: libc6 Version: 2.13-38+deb7u10 Dear maintainer, since the latest update for glibc we keep observing occasional segmentation faults in libresolv [1]. They are triggered (for us) by php5-fpm which runs an Owncloud instance when logging in. After the segfault happens, I can relogin successfuly for about 20 minutes at which point the segfault happens again. Restarting php5-fpm or rebooting also does not influence the occurence of it. We were using the 5.5 packages from the dotdeb repository, but the segfaults persist in the 5.6 packages and the official wheezy 5.4 packages. Attaching to the php5-fpm worker process with GDB yields [2] at segfault time. (for debugging purposes I set the amount of pool workers to 1 so I would not attach to the wrong process) Ubuntu seems to have a similar problem since the update: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1546459 I'll be gladly providing additional info if you require it. Thank you for your time. Greetings [1] [57348.111866] php5-fpm[20421]: segfault at 20001 ip 7fd339eb74fa sp 7fff9f055700 error 4 in libresolv- 2.13.so[7fd339eaf000+13000] [62889.617877] php5-fpm[20420]: segfault at 270752f65 ip 7fd339eb74fa sp 7fff9f055700 error 4 in libresolv- 2.13.so[7fd339eaf000+13000] [64717.111099] php5-fpm[20753]: segfault at 270752f65 ip 7ff6819ef4fa sp 7fff0d576a90 error 4 in libresolv- 2.13.so[7ff6819e7000+13000] [66684.547776] php5-fpm[21385]: segfault at 270752f65 ip 7fd55be4f4fa sp 7fffe6a3dcd0 error 4 in libresolv- 2.13.so[7fd55be47000+13000] [2] [many symbols being loaded messages] 82 ../sysdeps/unix/syscall-template.S: No such file or directory. Traceback (most recent call last): File "/usr/lib/debug/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17- gdb.py", line 62, in from libstdcxx.v6.printers import register_libstdcxx_printers ImportError: No module named libstdcxx.v6.printers (gdb) continue Continuing. warning: Could not load shared library symbols for /lib/libnss_dns.so.2. Do you need "set solib-search-path" or "set sysroot"? Program received signal SIGSEGV, Segmentation fault. 0x7f146545e4fa in *__GI___libc_res_nsearch (statp=0x7f14659f7300, name=, class=, type=, answer=0x7fff6d6c0df0 "2", anslen=, answerp=0x7fff6d6c1660, answerp2=0x7fff6d6c1658, nanswerp2=0x7fff6d6c167c, resplen2=0x7fff6d6c1678, answerp2_malloced=0x20032) at res_query.c:393 393 res_query.c: No such file or directory.
Bug#778325: sgdisk --new changes given end sector parameter when using a unit for the start sector
Package: gdisk Version: 0.8.5-1 I am trying to create 3 partitions on a 7.5 TiB RAID60 device (/dev/sda, handed to the OS by a hardware raid controller). Status before: --- % sgdisk -p /dev/sda Creating new GPT entries. Disk /dev/sda: 16002748592 sectors, 7.5 TiB Logical sector size: 512 bytes Disk identifier (GUID): F6924DB1-0783-4AC2-8499-EBA2F951CE07 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 16002748558 Partitions will be aligned on 2048-sector boundaries Total free space is 16002748525 sectors (7.5 TiB) Number Start (sector)End (sector) Size Code Name --- Creating the first two partitions succeeds: --- % sgdisk -p /dev/sda Disk /dev/sda: 16002748592 sectors, 7.5 TiB Logical sector size: 512 bytes Disk identifier (GUID): 12C31C64-F48E-4D2B-AE58-FE34289BE587 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 16002748558 Partitions will be aligned on 2048-sector boundaries Total free space is 16002209899 sectors (7.5 TiB) Number Start (sector)End (sector) Size Code Name 12048 20480 9.0 MiB 8300 2 22528 542720 254.0 MiB 8300 --- However, trying to create a third one that contains the remaining space fails: --- % sgdisk -g --new=3:266M:16002748558 /dev/sda Could not create partition 3 from 544768 to 32773629046784 Error encountered; not saving changes --- Strangely, 32773629046784 is the sector I specified multiplied with the current sector-alignment (2048). Specifying 0 for the start sector will make it work, though. --- % sgdisk -g --new=3:0:16002748558 /dev/sda Information: Moved requested sector from 542721 to 544768 in order to align on 2048-sector boundaries. The operation has completed successfully. --- I'm on Debian 7.0, amd64. Greetings.
