Debian
djbdns package

tinydns: allocation failures with glibc 2.38/s390x

Bug #2031909 reported by Simon Chopin on 2023-08-18

This bug affects 1 person

	Status	Importance	Assigned to
djbdns (Debian)	Fix Released	Unknown	debbugs #1050371
djbdns (Ubuntu)	Fix Released	Critical	Unassigned
glibc (Ubuntu)	Fix Released	High	Unassigned

Bug Description

When using glibc 2.38, in some conditions tinydns fails with the following error:

/usr/sbin/tinydns: error while loading shared libraries: libc.so.6: cannot map zero-fill pages

This error shows up at least on the s390x autopkgtests for djbdns.

This is blocking the glibc transition.

Tags:

Related branches

~danilogondolfo/ubuntu/+source/djbdns:ubuntu/devel

Merged into ubuntu/+source/djbdns:ubuntu/devel at revision 6d8d1f08e413bcf4f487332450733cb3af727b57

Simon Chopin (community): Approve on 2023-08-22

CVE References

Simon Chopin (schopin) on 2023-08-18

Changed in glibc (Ubuntu):
importance:	Undecided → Critical

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-08-18:

The problem seems to be related to the "run" scripts.

Increasing the data segment limit makes it work:

# envuidgid root envdir ./env softlimit -d 400000 tinydns
tinydns: error while loading shared libraries: libc.so.6: cannot map zero-fill pages

# envuidgid root envdir ./env softlimit -d 4000000 tinydns
starting tinydns

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-08-18:

debian/patches/0011-datalimit.patch probably needs to be updated...

Revision history for this message

Simon Chopin (schopin) wrote on 2023-08-18: Re: [Bug 2031909] Re: tinydns: allocation failures with glibc 2.38/s390x

Bumping the limit sounds like a good idea as a first step, but we might
want to dig a bit deeper to see if it's just a straw that broke the
camel's back or if there was instead a dramatic increase to memory
consumption on s390x with this release.

If you prepare it I shall sponsor it ;)

Simon Chopin (schopin) on 2023-08-22

tags:

added: foundations-todo

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-08-22:

Just created an MP. I tested it in different archs and autopkgtests are passing. It should unblock glibc.

Simon Chopin (schopin) on 2023-08-22

Changed in glibc (Ubuntu):
status:	New → Invalid
Changed in djbdns (Ubuntu):
status:	New → Fix Committed

Revision history for this message

Simon Chopin (schopin) wrote on 2023-08-22:

Tagging this as rls-mm-incoming as we might want to investigate the fairly big memory bump there. Re-opening the glibc task as well, but with a lower priority since we can still get things moving.

Changed in glibc (Ubuntu):
status:	Invalid → Triaged
importance:	Critical → High
tags:	added: rls-mm-incoming removed: foundations-todo

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-22:

This bug was fixed in the package djbdns - 1:1.05-15ubuntu1

---------------
djbdns (1:1.05-15ubuntu1) mantic; urgency=medium

  * d/p/0011-datalimit.patch: double the data segment limit. (LP: #2031909)
    The tinydns binary was failing with "libc.so.6: cannot map zero-fill
    pages". The new value was determined empirically. Slightly increasing it
    will cause a different issue ("cannot allocate TLS data structures for
    initial thread").

-- Danilo Egea Gondolfo <email address hidden> Tue, 22 Aug 2023 10:01:34 +0100

Changed in djbdns (Ubuntu):
status:	Fix Committed → Fix Released

Julian Andres Klode (juliank) on 2023-08-24

tags:

added: foundations-todo
removed: rls-mm-incoming

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-08-24:

One more piece of information: I tried increasing it to 600k and got "cannot allocate TLS data structures for initial thread". Then I tried 700k and it worked, but I decided to change it to 800k for safety.

Bug Watch Updater (bug-watch-updater) on 2023-09-01

Changed in djbdns (Debian):
status:	Unknown → New

Revision history for this message

Florian Weimer (fweimer) wrote on 2023-09-08:

I think Adam Jackson found the root cause in glibc:

[PATCH] libio: Fix oversized __io_vtables
<https://<email address hidden>/T/#u>

Bug Watch Updater (bug-watch-updater) on 2023-09-10

Changed in djbdns (Debian):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-09-30:

This bug was fixed in the package glibc - 2.38-1ubuntu5

---------------
glibc (2.38-1ubuntu5) mantic; urgency=medium

  * Update from upstream release branche:
    - CVE-2023-4527: Stack read overflow with large TCP responses in
      no-aaaa mode
    - CVE-2023-4806: use after free in getcanonname
    - LP: #2031909: Fix oversized __io_vtables
  * d/p/u/0001-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV:
    Cherry-picked to fix a regression in one of the previous CVE fixes
    (LP: #2037516, CVE-2023-5156)
  * d/p/lp2032624.patch: add an escape hatch in arm64 math-vector.h.
    This should help fixing multiple FTBFS (LP: #2032624)

-- Simon Chopin <email address hidden> Wed, 27 Sep 2023 16:38:18 +0200

Changed in glibc (Ubuntu):
status:	Triaged → Fix Released

Benjamin Drung (bdrung) on 2023-10-23

tags:

removed: foundations-todo

Bug Watch Updater (bug-watch-updater) on 2023-12-04

Changed in djbdns (Debian):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #1050371
[done normal] Edit

Bug watches keep track of this bug in other bug trackers.

Debiandjbdns package

tinydns: allocation failures with glibc 2.38/s390x

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Debian
djbdns package