FS#69532 : [unbound] [glibc] Segmentation fault during startup with glibc 2.33

FS#69532 - [unbound] [glibc] Segmentation fault during startup with glibc 2.33

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 04 February 2021, 09:45 GMT
Last edited by Allan McRae (Allan) - Saturday, 06 February 2021, 08:35 GMT

Task Type	Bug Report
Category	Packages: Testing
Status	Closed
Assigned To	Allan McRae (Allan) David Runge (dvzrv) Bruno Pagani (ArchangeGabriel)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

When trying to start unbound using the systemd service with the testing repositories enabled, unbound fails with a segfault:

$ systemctl status unbound.service
[...]
Feb 04 10:35:52 diabonas systemd[1]: Starting Validating, recursive, and caching DNS resolver...
Feb 04 10:35:52 diabonas systemd[1]: unbound.service: Main process exited, code=dumped, status=11/SEGV
Feb 04 10:35:52 diabonas systemd[1]: unbound.service: Failed with result 'core-dump'.
Feb 04 10:35:52 diabonas systemd[1]: Failed to start Validating, recursive, and caching DNS resolver.

The coredump indicates a failure in glibc's initgroups:

$ coredumpctl info unbound
[...]
Stack trace of thread 2767:
#0 0x00007f48ea70fc45 internal_getgrouplist (libc.so.6 + 0xc8c45)
#1 0x00007f48ea70ffdf initgroups (libc.so.6 + 0xc8fdf)
#2 0x00005555feebf7fd n/a (unbound + 0xc7fd)
#3 0x00007f48ea66eb25 __libc_start_main (libc.so.6 + 0x27b25)
#4 0x00005555feec028e n/a (unbound + 0xd28e)

Temporarily downgrading glibc to the previous version 2.32-5 and restarting the unbound service fixes the issue.

Additional info:
* unbound 1.13.0-1
* glibc 2.33-1 (currently in [testing])

Steps to reproduce:
1. Enable the [testing] repositories, upgrade your system to obtain glibc 2.33-1.
2. Install and (re)start unbound: pacman -S unbound && systemctl start unbound.service
3. Observe the "Job for unbound.service failed because a fatal signal was delivered causing the control process to dump core." error during systemd service startup.
4. Run "systemctl status unbound.service" and "coredumpctl info unbound" to obtain the debug information provided above.

This task depends upon

Closed by Allan McRae (Allan)
Saturday, 06 February 2021, 08:35 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.33-3

Comment by Jonas Witschel (diabonas) - Thursday, 04 February 2021, 09:55 GMT

The issue is not limited to the systemd service (so the hardening applied there does not appear to be the cause of the issue), starting unbound manually using "sudo /usr/bin/unbound -d -vvv" fails with the same segfault.

Comment by David Runge (dvzrv) - Thursday, 04 February 2021, 10:16 GMT

@diabonas: Thanks for creating the ticket!

I have created an upstream ticket[1], so that they are also aware of any possible implications.

[1] https://github.com/NLnetLabs/unbound/issues/418

Comment by Jonas Witschel (diabonas) - Thursday, 04 February 2021, 11:22 GMT

Upon closer inspection, this is probably more of a glibc than an Unbound issue, see [1]. As a workaround for Arch Linux until this is fixed,
you can disable the chroot security mechanism which Unbound uses and which causes problems with glibc 2.33 by specifying

chroot: ""

in /etc/unbound/unbound.conf

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=27343

Comment by Allan McRae (Allan) - Saturday, 06 February 2021, 00:40 GMT

glibc-2.33-3 uploaded with the fix. Please confirm it works.

Comment by Jonas Witschel (diabonas) - Saturday, 06 February 2021, 08:33 GMT

Thank you for applying the patch, I confirm that unbound starts and runs fine with glibc 2.33-3 (without disabling the chroot).

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#69532 - [unbound] [glibc] Segmentation fault during startup with glibc 2.33

Details

Loading...