Bug#958312: marked as done (docker.io: signal SIGSEGV: segmentation violation shortly after starting the daemon)

Debian Bug Tracking System Tue, 21 Apr 2020 00:06:41 -0700

Your message dated Tue, 21 Apr 2020 07:04:12 +0000
with message-id <e1jqmx2-0002zl...@fasolo.debian.org>
and subject line Bug#958312: fixed in docker.io 19.03.7+dfsg1-2
has caused the Debian Bug report #958312,
regarding docker.io: signal SIGSEGV: segmentation violation shortly after 
starting the daemon
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
958312: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958312
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: docker.io
Version: 19.03.7+dfsg1-1
Severity: critical
Tags: patch upstream
Justification: breaks unrelated software

Dear Maintainer,

The update to 19.03.7 led to a reproducible issue with docker shortly after
starting the daemon:

Apr 20 14:30:27 fsn dockerd[488555]: panic: runtime error: invalid memory 
address or nil pointer dereference
Apr 20 14:30:27 fsn dockerd[488555]: [signal SIGSEGV: segmentation violation 
code=0x1 addr=0x11 pc=0x55a05b5ac02b]
Apr 20 14:30:27 fsn dockerd[488555]: goroutine 2029 [running]:
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/docker/libnetwork.(*resolver).ServeDNS(0xc000e38380, 0x55a05cbea2c0, 
0xc0014b94a0, 0xc0018bd5f0)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/docker/libnetwork/resolver.go:487
 +0x79b
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/miekg/dns.(*Server).serveDNS(0xc000dab200, 0xc000c0f200, 0x21, 
0x200, 0xc0014b94a0)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:609
 +0x2e2
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/miekg/dns.(*Server).serveUDPPacket(0xc000dab200, 0xc0011cf6b0, 
0xc000c0f200, 0x21, 0x200, 0xc00020a7e0, 0xc000fa7c00)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:549
 +0xb4
Apr 20 14:30:27 fsn dockerd[488555]: created by 
github.com/miekg/dns.(*Server).serveUDP
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:479
 +0x28c
Apr 20 14:30:27 fsn systemd[1]: docker.service: Main process exited, 
code=exited, status=2/INVALIDARGUMENT

Still testing out, but
https://github.com/SamWhited/libnetwork/commit/bea32b018c874ef35396ef46a3908ca0f9367d76
was merged in upstream, seems relevant and is part of upstream 19.03.8

So either apply that to 19.3.7 or update to 19.3.8?

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages docker.io depends on:
ii  adduser             3.118
ii  iptables            1.8.4-3
ii  libc6               2.30-4
ii  libdevmapper1.02.1  2:1.02.167-1+b1
ii  libltdl7            2.4.6-14
ii  libnspr4            2:4.25-1
ii  libnss3             2:3.51-1
ii  libseccomp2         2.4.3-1+b1
ii  libsystemd0         245.5-1
ii  lsb-base            11.1.0
ii  runc                1.0.0~rc10+dfsg1-1
ii  tini                0.18.0-1+b1

Versions of packages docker.io recommends:
ii  ca-certificates  20190110
ii  cgroupfs-mount   1.4
ii  git              1:2.26.1-1
ii  needrestart      3.5-1
ii  xz-utils         5.2.4-1+b1

Versions of packages docker.io suggests:
pn  aufs-tools                 <none>
ii  btrfs-progs                5.6-1
ii  debootstrap                1.0.123
pn  docker-doc                 <none>
ii  e2fsprogs                  1.45.6-1
pn  rinse                      <none>
ii  xfsprogs                   5.4.0-1
ii  zfsutils-linux [zfsutils]  0.8.3-2

-- no debconf information

>From bea32b018c874ef35396ef46a3908ca0f9367d76 Mon Sep 17 00:00:00 2001
From: Sam Whited <s...@samwhited.com>
Date: Wed, 18 Mar 2020 12:06:23 -0400
Subject: [PATCH] Fixes a panic in the DNS resolver

Under certain conditions it appears that the DNS response and returned
error can be nil. When this happens, checking resp.Truncated results in
a nil panic so we must first check that the response is not nil before
checking if a truncated response was received.

See moby/moby#40715

Signed-off-by: Sam Whited <s...@samwhited.com>
---
 resolver.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resolver.go b/resolver.go
index 7e02a37a5b..e32522a254 100644
--- a/resolver.go
+++ b/resolver.go
@@ -484,7 +484,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query 
*dns.Msg) {
                        resp, err = co.ReadMsg()
                        // Truncated DNS replies should be sent to the client 
so that the
                        // client can retry over TCP
-                       if err != nil && !resp.Truncated {
+                       if err != nil && (resp != nil && !resp.Truncated) {
                                r.forwardQueryEnd()
                                logrus.Debugf("[resolver] read from DNS server 
failed, %s", err)
                                continue

--- End Message ---

--- Begin Message ---

Source: docker.io
Source-Version: 19.03.7+dfsg1-2
Done: Arnaud Rebillout <arnaud.rebill...@collabora.com>

We believe that the bug you reported is fixed in the latest version of
docker.io, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 958...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arnaud Rebillout <arnaud.rebill...@collabora.com> (supplier of updated 
docker.io package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Apr 2020 13:32:19 +0700
Source: docker.io
Architecture: source
Version: 19.03.7+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Arnaud Rebillout <arnaud.rebill...@collabora.com>
Changed-By: Arnaud Rebillout <arnaud.rebill...@collabora.com>
Closes: 958312
Changes:
 docker.io (19.03.7+dfsg1-2) unstable; urgency=medium
 .
   [ Dmitry Smirnov ]
   * Added missing-pre-depends. Thanks, Lintian.
   * debian/TODO.Debian --> debian/TODO.
   * L:Override "field-too-long Built-Using" on binary package also.
 .
   [ Arnaud Rebillout ]
   * d/clean: Remove lines that are obsolete.
   * d/clean: Update for doc files.
   * Add upstream patch to fix panic in libnetwork resolver (Closes: #958312).
   * Add patch to skip flaky signal tests.
Checksums-Sha1:
 756ac56bb61f6ffa421dbcd0b824b129271d60fe 8690 docker.io_19.03.7+dfsg1-2.dsc
 5cfb0001af2aa32622c6dc8968bab5c87627358d 48108 
docker.io_19.03.7+dfsg1-2.debian.tar.xz
 250ec530d280706dab3a7b74883c45ac1b2a5ec3 7709 
docker.io_19.03.7+dfsg1-2_source.buildinfo
Checksums-Sha256:
 800cefa8b26a36bdd778cedeef6e40a07d707827b19f2db070cc26e16f0dba8a 8690 
docker.io_19.03.7+dfsg1-2.dsc
 8875e266f6542d0d393d17ce26cc0d161754999ae6ddd7fee0e9957f462a29da 48108 
docker.io_19.03.7+dfsg1-2.debian.tar.xz
 cf7bdb921e74730a9b99a4117f3a3ff81031908258ed9701723aeb738df0c41b 7709 
docker.io_19.03.7+dfsg1-2_source.buildinfo
Files:
 1e4c73a59362c501aa18cf927dd9980a 8690 admin optional 
docker.io_19.03.7+dfsg1-2.dsc
 7de4ac66df89de40eca51ebbc73693a9 48108 admin optional 
docker.io_19.03.7+dfsg1-2.debian.tar.xz
 0d171c3d9eb52693eac3a6dcb0eedfb2 7709 admin optional 
docker.io_19.03.7+dfsg1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJTBAEBCgA9FiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAl6ek/0fHGFybmF1ZC5y
ZWJpbGxvdXRAY29sbGFib3JhLmNvbQAKCRDnJeh5FGACFmjPD/9C60YJghjIPKU+
Dn+Kg9abHPS+UfJyV6t7zUP7HCADzm0UsU/eTZgspVn70whvVBI9Ef1YN5KSMRB9
ohjTyyZU9fGDFIoP2PUQOyU96S04jo1632rMvtR3jGCP44Bc1pjvHg8ZRVw1Avfn
hBr6uODgeKTeTD10K8kh+5CGk5FyBAfWaGIgXqZZEELmOZDxRIEBuUjOqz2rOyOk
nFMW9Dqw09glFMkHs/OdwBizeqbpxYtNSoaWWFQDv1tyXr9nq48JEltruyW7lAMD
0SCtWLy8V8jLmSgbijUwJG4Obka+3aITU8aAeU/FqB21Ao+z+EIyUoOAFV4Q6cYZ
8TVgbs76U6XbQk0hFdgQZjLgTv8WBC1wb5B1n9AwQFgqMzPeWzKEs0vPbSSmC6Sf
LgC676LDT1I52eQMjV7HFN5T6fC12p5yqKtR+JzbKnHrNUY34gngIS+p+4Xdopkh
qmHdjGtoltTrv76KrHr5IAKqMFKCyVv4/cZP5LhhwpE0yqzAJMnOSsqjolthPnro
L54ydj8zFUj3kUnJHAMGsy4MGe9F9WBycjEmATvRwLKDtrlngQ9+h5thUgGEIL5k
OmKuiQotRXq8pTJ3a1cSDPavRz8Zb2XLJHreASyZYFY3eAxsTxsdhjtKxQuI5Fkv
UHAjEu8t0Vnz6seMgo534bP3GRYDuQ==
=C7Yc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#958312: marked as done (docker.io: signal SIGSEGV: segmentation violation shortly after starting the daemon)

Reply via email to