2012-06-11 08:27:17 |
Björn Jacke |
bug |
|
|
added bug |
2012-06-11 08:27:17 |
Björn Jacke |
attachment added |
|
strace -f of the cron-apt call https://bugs.launchpad.net/bugs/1011477/+attachment/3184606/+files/cron-apt.strace-f |
|
2012-06-11 08:57:54 |
Björn Jacke |
affects |
cron-apt (Ubuntu) |
liblockfile (Ubuntu) |
|
2012-06-11 11:34:58 |
Stefan Metzmacher |
bug |
|
|
added subscriber Stefan Metzmacher |
2013-01-09 01:55:32 |
Tyler Hicks |
liblockfile (Ubuntu): importance |
Undecided |
Medium |
|
2013-01-09 01:55:34 |
Tyler Hicks |
liblockfile (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
2013-01-09 01:55:37 |
Tyler Hicks |
liblockfile (Ubuntu): status |
New |
In Progress |
|
2013-01-09 21:37:17 |
Tyler Hicks |
description |
on our system (Ubuntu-Server 10.04) we set "sysctl -w kernel.pid_max = 4194304". When the pid counter is high, currently >3000000, then cron-apt terminates with a buffer overflow message:
root@sn:~# cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2ae90547e7]
/lib/libc.so.6(+0xfe6a0)[0x7f2ae90536a0]
/lib/libc.so.6(+0xfdb09)[0x7f2ae9052b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2ae8fcaf6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2ae8f9aa10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f2ae9052ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f2ae9052aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2ae8f73c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01f80000-01fa1000 rw-p 00000000 00:00 0 [heap]
7f2ae8503000-7f2ae8519000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8519000-7f2ae8718000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8718000-7f2ae8719000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8719000-7f2ae871a000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae871a000-7f2ae8726000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8726000-7f2ae8925000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8925000-7f2ae8926000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8926000-7f2ae8927000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8927000-7f2ae8931000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8931000-7f2ae8b30000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b30000-7f2ae8b31000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b31000-7f2ae8b32000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b32000-7f2ae8b49000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8b49000-7f2ae8d48000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d48000-7f2ae8d49000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d49000-7f2ae8d4a000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d4a000-7f2ae8d4c000 rw-p 00000000 00:00 0
7f2ae8d4c000-7f2ae8d54000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8d54000-7f2ae8f53000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f53000-7f2ae8f54000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f54000-7f2ae8f55000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f55000-7f2ae90cf000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae90cf000-7f2ae92ce000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92ce000-7f2ae92d2000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d2000-7f2ae92d3000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d3000-7f2ae92d8000 rw-p 00000000 00:00 0
7f2ae92d8000-7f2ae92f8000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94eb000-7f2ae94ee000 rw-p 00000000 00:00 0
7f2ae94f5000-7f2ae94f7000 rw-p 00000000 00:00 0
7f2ae94f7000-7f2ae94f8000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f8000-7f2ae94f9000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f9000-7f2ae94fa000 rw-p 00000000 00:00 0
7fff43082000-7fff430a3000 rw-p 00000000 00:00 0 [stack]
7fff431ff000-7fff43200000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
root@sn:~# uname -a
Linux sn 2.6.35-32-server #68~lucid1-Ubuntu SMP Wed Mar 28 18:33:00 UTC 2012 x86_64 GNU/Linux
root@sn:~# ps
PID TTY TIME CMD
3722057 pts/5 00:00:00 bash
3925974 pts/5 00:00:00 ps
root@sn:~# strace -f -o out cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f27661f27e7]
/lib/libc.so.6(+0xfe6a0)[0x7f27661f16a0]
/lib/libc.so.6(+0xfdb09)[0x7f27661f0b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2766168f6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2766138a10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f27661f0ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f27661f0aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2766111c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01a13000-01a34000 rw-p 00000000 00:00 0 [heap]
7f27656a1000-7f27656b7000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f27656b7000-7f27658b6000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b6000-7f27658b7000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b7000-7f27658b8000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b8000-7f27658c4000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f27658c4000-7f2765ac3000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac3000-7f2765ac4000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac4000-7f2765ac5000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac5000-7f2765acf000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765acf000-7f2765cce000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cce000-7f2765ccf000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765ccf000-7f2765cd0000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cd0000-7f2765ce7000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ce7000-7f2765ee6000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee6000-7f2765ee7000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee7000-7f2765ee8000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee8000-7f2765eea000 rw-p 00000000 00:00 0
7f2765eea000-7f2765ef2000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2765ef2000-7f27660f1000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f1000-7f27660f2000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f2000-7f27660f3000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f3000-7f276626d000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f276626d000-7f276646c000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f276646c000-7f2766470000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2766470000-7f2766471000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2766471000-7f2766476000 rw-p 00000000 00:00 0
7f2766476000-7f2766496000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2766689000-7f276668c000 rw-p 00000000 00:00 0
7f2766693000-7f2766695000 rw-p 00000000 00:00 0
7f2766695000-7f2766696000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2766696000-7f2766697000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2766697000-7f2766698000 rw-p 00000000 00:00 0
7fff3660b000-7fff3662c000 rw-p 00000000 00:00 0 [stack]
7fff36765000-7fff36766000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
When we switch back to a small pid number e.g. by "sysctl -w kernel.pid_max = 32768" cron-apt works again. The Problem also just occurs if the pid counter reached high values. If pid_max is set high but the counter is still low the problem doesn't show up. |
on our system (Ubuntu-Server 10.04) we set "sysctl -w kernel.pid_max = 4194304". When the pid counter is high, currently >3000000, then cron-apt terminates with a buffer overflow message:
root@sn:~# cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2ae90547e7]
/lib/libc.so.6(+0xfe6a0)[0x7f2ae90536a0]
/lib/libc.so.6(+0xfdb09)[0x7f2ae9052b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2ae8fcaf6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2ae8f9aa10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f2ae9052ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f2ae9052aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2ae8f73c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01f80000-01fa1000 rw-p 00000000 00:00 0 [heap]
7f2ae8503000-7f2ae8519000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8519000-7f2ae8718000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8718000-7f2ae8719000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8719000-7f2ae871a000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae871a000-7f2ae8726000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8726000-7f2ae8925000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8925000-7f2ae8926000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8926000-7f2ae8927000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8927000-7f2ae8931000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8931000-7f2ae8b30000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b30000-7f2ae8b31000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b31000-7f2ae8b32000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b32000-7f2ae8b49000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8b49000-7f2ae8d48000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d48000-7f2ae8d49000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d49000-7f2ae8d4a000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d4a000-7f2ae8d4c000 rw-p 00000000 00:00 0
7f2ae8d4c000-7f2ae8d54000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8d54000-7f2ae8f53000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f53000-7f2ae8f54000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f54000-7f2ae8f55000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f55000-7f2ae90cf000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae90cf000-7f2ae92ce000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92ce000-7f2ae92d2000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d2000-7f2ae92d3000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d3000-7f2ae92d8000 rw-p 00000000 00:00 0
7f2ae92d8000-7f2ae92f8000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94eb000-7f2ae94ee000 rw-p 00000000 00:00 0
7f2ae94f5000-7f2ae94f7000 rw-p 00000000 00:00 0
7f2ae94f7000-7f2ae94f8000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f8000-7f2ae94f9000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f9000-7f2ae94fa000 rw-p 00000000 00:00 0
7fff43082000-7fff430a3000 rw-p 00000000 00:00 0 [stack]
7fff431ff000-7fff43200000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
root@sn:~# uname -a
Linux sn 2.6.35-32-server #68~lucid1-Ubuntu SMP Wed Mar 28 18:33:00 UTC 2012 x86_64 GNU/Linux
root@sn:~# ps
PID TTY TIME CMD
3722057 pts/5 00:00:00 bash
3925974 pts/5 00:00:00 ps
root@sn:~# strace -f -o out cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f27661f27e7]
/lib/libc.so.6(+0xfe6a0)[0x7f27661f16a0]
/lib/libc.so.6(+0xfdb09)[0x7f27661f0b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2766168f6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2766138a10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f27661f0ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f27661f0aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2766111c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01a13000-01a34000 rw-p 00000000 00:00 0 [heap]
7f27656a1000-7f27656b7000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f27656b7000-7f27658b6000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b6000-7f27658b7000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b7000-7f27658b8000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b8000-7f27658c4000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f27658c4000-7f2765ac3000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac3000-7f2765ac4000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac4000-7f2765ac5000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac5000-7f2765acf000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765acf000-7f2765cce000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cce000-7f2765ccf000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765ccf000-7f2765cd0000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cd0000-7f2765ce7000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ce7000-7f2765ee6000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee6000-7f2765ee7000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee7000-7f2765ee8000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee8000-7f2765eea000 rw-p 00000000 00:00 0
7f2765eea000-7f2765ef2000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2765ef2000-7f27660f1000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f1000-7f27660f2000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f2000-7f27660f3000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f3000-7f276626d000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f276626d000-7f276646c000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f276646c000-7f2766470000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2766470000-7f2766471000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2766471000-7f2766476000 rw-p 00000000 00:00 0
7f2766476000-7f2766496000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2766689000-7f276668c000 rw-p 00000000 00:00 0
7f2766693000-7f2766695000 rw-p 00000000 00:00 0
7f2766695000-7f2766696000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2766696000-7f2766697000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2766697000-7f2766698000 rw-p 00000000 00:00 0
7fff3660b000-7fff3662c000 rw-p 00000000 00:00 0 [stack]
7fff36765000-7fff36766000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
When we switch back to a small pid number e.g. by "sysctl -w kernel.pid_max = 32768" cron-apt works again. The Problem also just occurs if the pid counter reached high values. If pid_max is set high but the counter is still low the problem doesn't show up.
[Test Case]
The overflow occurs when the decimal representation of the PID value is 7 characters or higher. So, set pid_max to a value that is 7 characters long, run through PIDs until we get one that is at least 7 characters (the while loop may take a long time), then create a lock file containing the PID (building the string containing the PID is where the overflow occurs). Watch for the `echo $BASHPID` and `cat ${lock}.lock` to print out the same PID number and make sure that it is at least 7 characters long.
Note that this test case obviously depends on a bash'ism, so use bash or adjust it as necessary. :)
$ lock=/var/lock/lockfile-create-test
$ lockfile-remove $lock
$ sudo sysctl -w kernel.pid_max=4194304
$ while ([ $BASHPID -lt 1000000 ]); do continue; done
$ (echo $BASHPID; lockfile-create $lock --use-pid; cat ${lock}.lock) |
|
2013-01-14 17:32:58 |
Tyler Hicks |
bug |
|
|
added subscriber Tyler Hicks |
2013-01-24 21:11:19 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/raring-proposed/liblockfile |
|
2013-01-24 23:25:17 |
Launchpad Janitor |
liblockfile (Ubuntu): status |
In Progress |
Fix Released |
|
2013-06-02 16:24:09 |
Launchpad Janitor |
branch linked |
|
lp:debian/liblockfile |
|
2013-06-20 19:48:46 |
Launchpad Janitor |
branch linked |
|
lp:~gandelman-a/ubuntu/precise/liblockfile/lp941968 |
|
2013-06-21 02:20:47 |
Adam Gandelman |
nominated for series |
|
Ubuntu Precise |
|
2013-06-21 06:22:11 |
Adam Gandelman |
nominated for series |
|
Ubuntu Quantal |
|
2013-06-24 05:53:50 |
Launchpad Janitor |
branch linked |
|
lp:~gandelman-a/ubuntu/quantal/liblockfile/lp941968 |
|
2013-06-24 05:55:19 |
Adam Gandelman |
summary |
cron-apt buffer overflow with high pid numbers |
[SRU] liblockfile buffer overflow with high pid numbers |
|
2013-06-24 05:55:29 |
Adam Gandelman |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-06-24 05:58:05 |
Adam Gandelman |
description |
on our system (Ubuntu-Server 10.04) we set "sysctl -w kernel.pid_max = 4194304". When the pid counter is high, currently >3000000, then cron-apt terminates with a buffer overflow message:
root@sn:~# cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2ae90547e7]
/lib/libc.so.6(+0xfe6a0)[0x7f2ae90536a0]
/lib/libc.so.6(+0xfdb09)[0x7f2ae9052b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2ae8fcaf6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2ae8f9aa10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f2ae9052ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f2ae9052aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2ae8f73c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01f80000-01fa1000 rw-p 00000000 00:00 0 [heap]
7f2ae8503000-7f2ae8519000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8519000-7f2ae8718000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8718000-7f2ae8719000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8719000-7f2ae871a000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae871a000-7f2ae8726000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8726000-7f2ae8925000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8925000-7f2ae8926000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8926000-7f2ae8927000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8927000-7f2ae8931000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8931000-7f2ae8b30000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b30000-7f2ae8b31000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b31000-7f2ae8b32000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b32000-7f2ae8b49000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8b49000-7f2ae8d48000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d48000-7f2ae8d49000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d49000-7f2ae8d4a000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d4a000-7f2ae8d4c000 rw-p 00000000 00:00 0
7f2ae8d4c000-7f2ae8d54000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8d54000-7f2ae8f53000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f53000-7f2ae8f54000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f54000-7f2ae8f55000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f55000-7f2ae90cf000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae90cf000-7f2ae92ce000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92ce000-7f2ae92d2000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d2000-7f2ae92d3000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d3000-7f2ae92d8000 rw-p 00000000 00:00 0
7f2ae92d8000-7f2ae92f8000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94eb000-7f2ae94ee000 rw-p 00000000 00:00 0
7f2ae94f5000-7f2ae94f7000 rw-p 00000000 00:00 0
7f2ae94f7000-7f2ae94f8000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f8000-7f2ae94f9000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f9000-7f2ae94fa000 rw-p 00000000 00:00 0
7fff43082000-7fff430a3000 rw-p 00000000 00:00 0 [stack]
7fff431ff000-7fff43200000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
root@sn:~# uname -a
Linux sn 2.6.35-32-server #68~lucid1-Ubuntu SMP Wed Mar 28 18:33:00 UTC 2012 x86_64 GNU/Linux
root@sn:~# ps
PID TTY TIME CMD
3722057 pts/5 00:00:00 bash
3925974 pts/5 00:00:00 ps
root@sn:~# strace -f -o out cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f27661f27e7]
/lib/libc.so.6(+0xfe6a0)[0x7f27661f16a0]
/lib/libc.so.6(+0xfdb09)[0x7f27661f0b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2766168f6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2766138a10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f27661f0ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f27661f0aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2766111c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01a13000-01a34000 rw-p 00000000 00:00 0 [heap]
7f27656a1000-7f27656b7000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f27656b7000-7f27658b6000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b6000-7f27658b7000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b7000-7f27658b8000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b8000-7f27658c4000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f27658c4000-7f2765ac3000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac3000-7f2765ac4000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac4000-7f2765ac5000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac5000-7f2765acf000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765acf000-7f2765cce000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cce000-7f2765ccf000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765ccf000-7f2765cd0000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cd0000-7f2765ce7000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ce7000-7f2765ee6000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee6000-7f2765ee7000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee7000-7f2765ee8000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee8000-7f2765eea000 rw-p 00000000 00:00 0
7f2765eea000-7f2765ef2000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2765ef2000-7f27660f1000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f1000-7f27660f2000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f2000-7f27660f3000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f3000-7f276626d000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f276626d000-7f276646c000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f276646c000-7f2766470000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2766470000-7f2766471000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2766471000-7f2766476000 rw-p 00000000 00:00 0
7f2766476000-7f2766496000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2766689000-7f276668c000 rw-p 00000000 00:00 0
7f2766693000-7f2766695000 rw-p 00000000 00:00 0
7f2766695000-7f2766696000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2766696000-7f2766697000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2766697000-7f2766698000 rw-p 00000000 00:00 0
7fff3660b000-7fff3662c000 rw-p 00000000 00:00 0 [stack]
7fff36765000-7fff36766000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
When we switch back to a small pid number e.g. by "sysctl -w kernel.pid_max = 32768" cron-apt works again. The Problem also just occurs if the pid counter reached high values. If pid_max is set high but the counter is still low the problem doesn't show up.
[Test Case]
The overflow occurs when the decimal representation of the PID value is 7 characters or higher. So, set pid_max to a value that is 7 characters long, run through PIDs until we get one that is at least 7 characters (the while loop may take a long time), then create a lock file containing the PID (building the string containing the PID is where the overflow occurs). Watch for the `echo $BASHPID` and `cat ${lock}.lock` to print out the same PID number and make sure that it is at least 7 characters long.
Note that this test case obviously depends on a bash'ism, so use bash or adjust it as necessary. :)
$ lock=/var/lock/lockfile-create-test
$ lockfile-remove $lock
$ sudo sysctl -w kernel.pid_max=4194304
$ while ([ $BASHPID -lt 1000000 ]); do continue; done
$ (echo $BASHPID; lockfile-create $lock --use-pid; cat ${lock}.lock) |
on our system (Ubuntu-Server 10.04) we set "sysctl -w kernel.pid_max = 4194304". When the pid counter is high, currently >3000000, then cron-apt terminates with a buffer overflow message:
root@sn:~# cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2ae90547e7]
/lib/libc.so.6(+0xfe6a0)[0x7f2ae90536a0]
/lib/libc.so.6(+0xfdb09)[0x7f2ae9052b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2ae8fcaf6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2ae8f9aa10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f2ae9052ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f2ae9052aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2ae8f73c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01f80000-01fa1000 rw-p 00000000 00:00 0 [heap]
7f2ae8503000-7f2ae8519000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8519000-7f2ae8718000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8718000-7f2ae8719000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae8719000-7f2ae871a000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f2ae871a000-7f2ae8726000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8726000-7f2ae8925000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8925000-7f2ae8926000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8926000-7f2ae8927000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2ae8927000-7f2ae8931000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8931000-7f2ae8b30000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b30000-7f2ae8b31000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b31000-7f2ae8b32000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2ae8b32000-7f2ae8b49000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8b49000-7f2ae8d48000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d48000-7f2ae8d49000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d49000-7f2ae8d4a000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2ae8d4a000-7f2ae8d4c000 rw-p 00000000 00:00 0
7f2ae8d4c000-7f2ae8d54000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8d54000-7f2ae8f53000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f53000-7f2ae8f54000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f54000-7f2ae8f55000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2ae8f55000-7f2ae90cf000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae90cf000-7f2ae92ce000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92ce000-7f2ae92d2000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d2000-7f2ae92d3000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2ae92d3000-7f2ae92d8000 rw-p 00000000 00:00 0
7f2ae92d8000-7f2ae92f8000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94eb000-7f2ae94ee000 rw-p 00000000 00:00 0
7f2ae94f5000-7f2ae94f7000 rw-p 00000000 00:00 0
7f2ae94f7000-7f2ae94f8000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f8000-7f2ae94f9000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2ae94f9000-7f2ae94fa000 rw-p 00000000 00:00 0
7fff43082000-7fff430a3000 rw-p 00000000 00:00 0 [stack]
7fff431ff000-7fff43200000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
root@sn:~# uname -a
Linux sn 2.6.35-32-server #68~lucid1-Ubuntu SMP Wed Mar 28 18:33:00 UTC 2012 x86_64 GNU/Linux
root@sn:~# ps
PID TTY TIME CMD
3722057 pts/5 00:00:00 bash
3925974 pts/5 00:00:00 ps
root@sn:~# strace -f -o out cron-apt
*** buffer overflow detected ***: dotlockfile terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f27661f27e7]
/lib/libc.so.6(+0xfe6a0)[0x7f27661f16a0]
/lib/libc.so.6(+0xfdb09)[0x7f27661f0b09]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2766168f6c]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x7f2766138a10]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f27661f0ba9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f27661f0aef]
dotlockfile[0x401e6e]
dotlockfile[0x40198a]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2766111c4d]
dotlockfile[0x4011f9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fb:02 2104182 /usr/bin/dotlockfile
00602000-00603000 r--p 00002000 fb:02 2104182 /usr/bin/dotlockfile
00603000-00604000 rw-p 00003000 fb:02 2104182 /usr/bin/dotlockfile
01a13000-01a34000 rw-p 00000000 00:00 0 [heap]
7f27656a1000-7f27656b7000 r-xp 00000000 fb:02 131128 /lib/libgcc_s.so.1
7f27656b7000-7f27658b6000 ---p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b6000-7f27658b7000 r--p 00015000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b7000-7f27658b8000 rw-p 00016000 fb:02 131128 /lib/libgcc_s.so.1
7f27658b8000-7f27658c4000 r-xp 00000000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f27658c4000-7f2765ac3000 ---p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac3000-7f2765ac4000 r--p 0000b000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac4000-7f2765ac5000 rw-p 0000c000 fb:02 147406 /lib/libnss_files-2.11.1.so
7f2765ac5000-7f2765acf000 r-xp 00000000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765acf000-7f2765cce000 ---p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cce000-7f2765ccf000 r--p 00009000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765ccf000-7f2765cd0000 rw-p 0000a000 fb:02 147385 /lib/libnss_nis-2.11.1.so
7f2765cd0000-7f2765ce7000 r-xp 00000000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ce7000-7f2765ee6000 ---p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee6000-7f2765ee7000 r--p 00016000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee7000-7f2765ee8000 rw-p 00017000 fb:02 147369 /lib/libnsl-2.11.1.so
7f2765ee8000-7f2765eea000 rw-p 00000000 00:00 0
7f2765eea000-7f2765ef2000 r-xp 00000000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f2765ef2000-7f27660f1000 ---p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f1000-7f27660f2000 r--p 00007000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f2000-7f27660f3000 rw-p 00008000 fb:02 147379 /lib/libnss_compat-2.11.1.so
7f27660f3000-7f276626d000 r-xp 00000000 fb:02 147402 /lib/libc-2.11.1.so
7f276626d000-7f276646c000 ---p 0017a000 fb:02 147402 /lib/libc-2.11.1.so
7f276646c000-7f2766470000 r--p 00179000 fb:02 147402 /lib/libc-2.11.1.so
7f2766470000-7f2766471000 rw-p 0017d000 fb:02 147402 /lib/libc-2.11.1.so
7f2766471000-7f2766476000 rw-p 00000000 00:00 0
7f2766476000-7f2766496000 r-xp 00000000 fb:02 147370 /lib/ld-2.11.1.so
7f2766689000-7f276668c000 rw-p 00000000 00:00 0
7f2766693000-7f2766695000 rw-p 00000000 00:00 0
7f2766695000-7f2766696000 r--p 0001f000 fb:02 147370 /lib/ld-2.11.1.so
7f2766696000-7f2766697000 rw-p 00020000 fb:02 147370 /lib/ld-2.11.1.so
7f2766697000-7f2766698000 rw-p 00000000 00:00 0
7fff3660b000-7fff3662c000 rw-p 00000000 00:00 0 [stack]
7fff36765000-7fff36766000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted
When we switch back to a small pid number e.g. by "sysctl -w kernel.pid_max = 32768" cron-apt works again. The Problem also just occurs if the pid counter reached high values. If pid_max is set high but the counter is still low the problem doesn't show up.
[Test Case]
The overflow occurs when the decimal representation of the PID value is 7 characters or higher. So, set pid_max to a value that is 7 characters long, run through PIDs until we get one that is at least 7 characters (the while loop may take a long time), then create a lock file containing the PID (building the string containing the PID is where the overflow occurs). Watch for the `echo $BASHPID` and `cat ${lock}.lock` to print out the same PID number and make sure that it is at least 7 characters long.
Note that this test case obviously depends on a bash'ism, so use bash or adjust it as necessary. :)
$ lock=/var/lock/lockfile-create-test
$ lockfile-remove $lock
$ sudo sysctl -w kernel.pid_max=4194304
$ while ([ $BASHPID -lt 1000000 ]); do continue; done
$ (echo $BASHPID; lockfile-create $lock --use-pid; cat ${lock}.lock)
[Regression Potential]
Minimum. We've applied a patch to the same version of liblockfile in 13.04 and that has since been merged to debian with no reports of regressions. |
|
2013-06-24 09:57:29 |
Martin Pitt |
bug task added |
|
liblockfile (Ubuntu Precise) |
|
2013-06-24 09:57:52 |
Martin Pitt |
bug task added |
|
liblockfile (Ubuntu Quantal) |
|
2013-06-24 10:04:29 |
Martin Pitt |
liblockfile (Ubuntu Precise): status |
New |
In Progress |
|
2013-06-27 19:41:24 |
Brian Murray |
liblockfile (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
2013-06-27 19:41:29 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2013-06-27 19:41:32 |
Brian Murray |
tags |
|
verification-needed |
|
2013-06-27 20:40:02 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/liblockfile |
|
2013-07-05 08:28:20 |
Colin Watson |
liblockfile (Ubuntu Quantal): status |
New |
Fix Committed |
|
2013-07-05 08:38:28 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/liblockfile/quantal-proposed |
|
2013-10-04 19:30:33 |
Ubuntu Foundations Team Bug Bot |
tags |
verification-needed |
removal-candidate verification-needed |
|
2013-10-15 08:35:33 |
Philipp Kern |
tags |
removal-candidate verification-needed |
removal-candidate verification-done-precise verification-needed |
|
2013-10-16 12:03:10 |
Launchpad Janitor |
liblockfile (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2014-12-05 05:03:45 |
Rolf Leggewie |
liblockfile (Ubuntu Quantal): status |
Fix Committed |
Won't Fix |
|