Bug#958312: docker.io: signal SIGSEGV: segmentation violation shortly after starting the daemon

Patrick Georgi Mon, 20 Apr 2020 06:04:35 -0700

Package: docker.io
Version: 19.03.7+dfsg1-1
Severity: critical
Tags: patch upstream
Justification: breaks unrelated software


Dear Maintainer,

The update to 19.03.7 led to a reproducible issue with docker shortly after
starting the daemon:

Apr 20 14:30:27 fsn dockerd[488555]: panic: runtime error: invalid memory 
address or nil pointer dereference
Apr 20 14:30:27 fsn dockerd[488555]: [signal SIGSEGV: segmentation violation 
code=0x1 addr=0x11 pc=0x55a05b5ac02b]
Apr 20 14:30:27 fsn dockerd[488555]: goroutine 2029 [running]:
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/docker/libnetwork.(*resolver).ServeDNS(0xc000e38380, 0x55a05cbea2c0, 
0xc0014b94a0, 0xc0018bd5f0)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/docker/libnetwork/resolver.go:487
 +0x79b
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/miekg/dns.(*Server).serveDNS(0xc000dab200, 0xc000c0f200, 0x21, 
0x200, 0xc0014b94a0)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:609
 +0x2e2
Apr 20 14:30:27 fsn dockerd[488555]: 
github.com/miekg/dns.(*Server).serveUDPPacket(0xc000dab200, 0xc0011cf6b0, 
0xc000c0f200, 0x21, 0x200, 0xc00020a7e0, 0xc000fa7c00)
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:549
 +0xb4
Apr 20 14:30:27 fsn dockerd[488555]: created by 
github.com/miekg/dns.(*Server).serveUDP
Apr 20 14:30:27 fsn dockerd[488555]:         
/build/docker.io-CrAKu8/docker.io-19.03.7+dfsg1/.gopath/src/github.com/miekg/dns/server.go:479
 +0x28c
Apr 20 14:30:27 fsn systemd[1]: docker.service: Main process exited, 
code=exited, status=2/INVALIDARGUMENT

Still testing out, but
https://github.com/SamWhited/libnetwork/commit/bea32b018c874ef35396ef46a3908ca0f9367d76
was merged in upstream, seems relevant and is part of upstream 19.03.8

So either apply that to 19.3.7 or update to 19.3.8?

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages docker.io depends on:
ii  adduser             3.118
ii  iptables            1.8.4-3
ii  libc6               2.30-4
ii  libdevmapper1.02.1  2:1.02.167-1+b1
ii  libltdl7            2.4.6-14
ii  libnspr4            2:4.25-1
ii  libnss3             2:3.51-1
ii  libseccomp2         2.4.3-1+b1
ii  libsystemd0         245.5-1
ii  lsb-base            11.1.0
ii  runc                1.0.0~rc10+dfsg1-1
ii  tini                0.18.0-1+b1

Versions of packages docker.io recommends:
ii  ca-certificates  20190110
ii  cgroupfs-mount   1.4
ii  git              1:2.26.1-1
ii  needrestart      3.5-1
ii  xz-utils         5.2.4-1+b1

Versions of packages docker.io suggests:
pn  aufs-tools                 <none>
ii  btrfs-progs                5.6-1
ii  debootstrap                1.0.123
pn  docker-doc                 <none>
ii  e2fsprogs                  1.45.6-1
pn  rinse                      <none>
ii  xfsprogs                   5.4.0-1
ii  zfsutils-linux [zfsutils]  0.8.3-2

-- no debconf information

>From bea32b018c874ef35396ef46a3908ca0f9367d76 Mon Sep 17 00:00:00 2001
From: Sam Whited <s...@samwhited.com>
Date: Wed, 18 Mar 2020 12:06:23 -0400
Subject: [PATCH] Fixes a panic in the DNS resolver

Under certain conditions it appears that the DNS response and returned
error can be nil. When this happens, checking resp.Truncated results in
a nil panic so we must first check that the response is not nil before
checking if a truncated response was received.

See moby/moby#40715

Signed-off-by: Sam Whited <s...@samwhited.com>
---
 resolver.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resolver.go b/resolver.go
index 7e02a37a5b..e32522a254 100644
--- a/resolver.go
+++ b/resolver.go
@@ -484,7 +484,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query 
*dns.Msg) {
                        resp, err = co.ReadMsg()
                        // Truncated DNS replies should be sent to the client 
so that the
                        // client can retry over TCP
-                       if err != nil && !resp.Truncated {
+                       if err != nil && (resp != nil && !resp.Truncated) {
                                r.forwardQueryEnd()
                                logrus.Debugf("[resolver] read from DNS server 
failed, %s", err)
                                continue

Bug#958312: docker.io: signal SIGSEGV: segmentation violation shortly after starting the daemon

Reply via email to