[Bug network/15946] New: getaddrinfo() writes DNS queries to random file descriptors under high load

["arnaud.lb at gmail dot com" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=15946

            Bug ID: 15946
           Summary: getaddrinfo() writes DNS queries to random file
                    descriptors under high load
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: critical
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: arnaud.lb at gmail dot com

Created attachment 7193
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7193&action=edit
reproducing code

Under high load, getaddrinfo() starts sending DNS queries to random
file descriptors, e.g. some unrelated socket connected to a remote service.

The attached code reproduces the bug on at least the following configurations:

Archlinux libc6 2.18
Debian libc6 2.6.11
Debian libc6 2.13-38
Debian libc6 2.17-92
Ubuntu libc6 2.17-0ubuntu5

What the code does is to fill the file descriptor space, closing and creating
many file descriptors, to maximize the chances of reproducing the bug:

 - a thread listens to a local unix socket
 - a thread connects to the unix socket, never writes to it, dups the
connection as much as possible (fills the fd space), closes the dups, and
starts
dup()ing again
 - lots of threads call getaddrinfo()

Under less than a minute, the listener starts reading garbage.

The garbage received by the listener seems to always be a full, well-formed,
DNS query. It seems to always be an AAAA query, even when hints.ai_family is
AF_INET. All queries are similar, only the id changes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.