Bug#1103345: marked as done (golang-1.24-go: vgetrandom cleanup causes SIGSEGVs in programs using Go)

Thu, 17 Apr 2025 09:04:15 -0700 

Your message dated Thu, 17 Apr 2025 15:08:02 +0000
with message-id <e1u5qqq-001sjr...@fasolo.debian.org>
and subject line Bug#1103345: fixed in golang-1.24 1.24.2-2
has caused the Debian Bug report #1103345,
regarding golang-1.24-go: vgetrandom cleanup causes SIGSEGVs in programs using 
Go
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1103345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: golang-1.24-go
Version: 1.24.2-1
Severity: grave
Tags: upstream
Justification: causes non-serious data loss

Since the update to trixie on last Friday, we started experiencing
random failures on both podman and docker.io either while pulling
images, or while running containers.

This is due to https://github.com/golang/go/issues/73141.

We applied locally the patch at
https://go-review.googlesource.com/c/go/+/662496 and this fixed the
problem (by recompiling golang-go + podman + docker.io).

Some other reports upstream:

* https://github.com/moby/moby/issues/49513
* https://github.com/NixOS/nixpkgs/issues/392815
* https://bugzilla.suse.com/show_bug.cgi?id=1240764

We believe all these bugs to have the same root cause. We used
systemd-coredump to check the stacktraces upon crash, and they match
line-by-line what is seen in the bug reports.

For instance, in the logs, we see for docker:

Apr 16 07:00:34 de013-sh0011 gitlab-runner[1134]: WARNING: Failed to pull image 
with policy "always": unexpected EOF (manager.go:254:5s)  job=9735131137 projec>
Apr 16 07:00:34 de013-sh0011 gitlab-runner[1134]: Attempt #2: Trying 
"if-not-present" pull policy     job=9735131137 project=17731405 
runner=UiZzAk_dx
Apr 16 07:00:34 de013-sh0011 systemd[1]: docker.service: Main process exited, 
code=dumped, status=11/SEGV
Apr 16 07:00:34 de013-sh0011 systemd[1]: docker.service: Failed with result 
'core-dump'.
Apr 16 07:00:34 de013-sh0011 systemd[1]: docker.service: Consumed 2min 8.106s 
CPU time, 4.1G memory peak, 4K memory swap peak.
Apr 16 07:00:37 de013-sh0011 systemd[1]: docker.service: Scheduled restart job, 
restart counter is at 6.

And for podman:

Apr 16 07:48:18 de013-sh0011 gitlab-runner[1134]: WARNING: Job failed: failed 
to pull image "artifacts/charging-oci-bender.de-staging-gruenberg/be>
Apr 16 07:48:18 de013-sh0011 gitlab-runner[1134]:   duration_s=47.391613933 
job=9735395252 project=17731405 runner=t2_zpVfGn
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: Main process 
exited, code=killed, status=11/SEGV
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: Failed with result 
'signal'.
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: Unit process 144474 
(pasta.avx2) remains running after unit stopped.
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: Consumed 1min 
6.928s CPU time, 4.6G memory peak.
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: Found left-over 
process 144474 (pasta.avx2) in control group while starting unit. Ignoring.
Apr 16 07:48:18 de013-sh0011 systemd[1353]: podman.service: This usually 
indicates unclean termination of a previous run, or service implementation 
deficiencie>

Additionally, for podman, this results in all further containers failing
to start because some leftover files in
/var/run/user/<UID>/containers/networks/rootless-netns

The only resort is either a reboot, or manually cleaning up in /var/run
spurious files and restarting the podman service.

This happens multiple times per day.

Please be so kind as to include the patch from upstream in the Go
compiler, and then trigger a binary rebuild of dependent packages.

* podman version: 5.4.2+ds1-1
* docker.io version: 26.1.5+dfsg1-9+b2

Thanks!

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.21-amd64 (SMP w/192 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages golang-1.24-go depends on:
pn  golang-1.24-src  <none>

Versions of packages golang-1.24-go recommends:
ii  g++        4:14.2.0-1
ii  gcc        4:14.2.0-1
ii  libc6-dev  2.41-6
pn  pkgconf    <none>

Versions of packages golang-1.24-go suggests:
pn  bzr | brz        <none>
ii  ca-certificates  20241223
ii  git              1:2.47.2-0.1
pn  mercurial        <none>
pn  subversion       <none>

--- End Message ---
--- Begin Message --- 
Source: golang-1.24
Source-Version: 1.24.2-2
Done: Shengjing Zhu <z...@debian.org>

We believe that the bug you reported is fixed in the latest version of
golang-1.24, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Shengjing Zhu <z...@debian.org> (supplier of updated golang-1.24 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Apr 2025 22:45:41 +0800
Source: golang-1.24
Architecture: source
Version: 1.24.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compi...@tracker.debian.org>
Changed-By: Shengjing Zhu <z...@debian.org>
Closes: 1103345
Changes:
 golang-1.24 (1.24.2-2) unstable; urgency=medium
 .
   * Team upload
   * Backport patch to fix SIGSEGV in vgetrandom on Linux 6.11+
     (Closes: #1103345)
Checksums-Sha1:
 e0ca9319ed3a4b61ab36885762759b356c70aacb 2272 golang-1.24_1.24.2-2.dsc
 90d667f2af6f7661e684c088ab6ad548b0f5d295 43680 
golang-1.24_1.24.2-2.debian.tar.xz
 6b1846fd1d1fbcedca85138177a19596678ea4bc 5183 
golang-1.24_1.24.2-2_source.buildinfo
Checksums-Sha256:
 abbc87e12fd6576f62e198fe8fbbb86ad1f9116cd51436bff3eaa216762b219b 2272 
golang-1.24_1.24.2-2.dsc
 fc6415fdaf703899019a4dda2c715524f9097c062c1d291a1504781e670fd32a 43680 
golang-1.24_1.24.2-2.debian.tar.xz
 0bad236ceaf5eefef97988b040ec60ee3c8b547d84e1f56df7aa28562499f8ac 5183 
golang-1.24_1.24.2-2_source.buildinfo
Files:
 6d3893cd1cbff70ce0e73879aded6d60 2272 golang optional golang-1.24_1.24.2-2.dsc
 2667ce5e06e7cc1940b18b26dde73257 43680 golang optional 
golang-1.24_1.24.2-2.debian.tar.xz
 8f8fb918e0c495dc3531f3e1d38c9f67 5183 golang optional 
golang-1.24_1.24.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQDd7ZVPtkLISR2GtI+VZ1MrPKt2AUCaAEURAAKCRA+VZ1MrPKt
2FtPAP4m+99BGlEdhhuo4AtoJVFtfsHTHLUcT26jI7wkFLyoWQEAimFZ6OVsVJDG
FRM0qS6/FM+A5UVn5+bkjUBE3tYbLAk=
=nJ7a
-----END PGP SIGNATURE-----

Attachment: pgpBlxkrBwzm1.pgp
Description: PGP signature


--- End Message ---

Reply via email to