From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31445 invoked by alias); 12 Sep 2013 09:50:21 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 31421 invoked by uid 48); 12 Sep 2013 09:50:18 -0000 From: "arnaud.lb at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug network/15946] New: getaddrinfo() writes DNS queries to random file descriptors under high load Date: Thu, 12 Sep 2013 09:50:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: arnaud.lb at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-09/txt/msg00079.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=15946 Bug ID: 15946 Summary: getaddrinfo() writes DNS queries to random file descriptors under high load Product: glibc Version: unspecified Status: NEW Severity: critical Priority: P2 Component: network Assignee: unassigned at sourceware dot org Reporter: arnaud.lb at gmail dot com Created attachment 7193 --> https://sourceware.org/bugzilla/attachment.cgi?id=7193&action=edit reproducing code Under high load, getaddrinfo() starts sending DNS queries to random file descriptors, e.g. some unrelated socket connected to a remote service. The attached code reproduces the bug on at least the following configurations: Archlinux libc6 2.18 Debian libc6 2.6.11 Debian libc6 2.13-38 Debian libc6 2.17-92 Ubuntu libc6 2.17-0ubuntu5 What the code does is to fill the file descriptor space, closing and creating many file descriptors, to maximize the chances of reproducing the bug: - a thread listens to a local unix socket - a thread connects to the unix socket, never writes to it, dups the connection as much as possible (fills the fd space), closes the dups, and starts dup()ing again - lots of threads call getaddrinfo() Under less than a minute, the listener starts reading garbage. The garbage received by the listener seems to always be a full, well-formed, DNS query. It seems to always be an AAAA query, even when hints.ai_family is AF_INET. All queries are similar, only the id changes. -- You are receiving this mail because: You are on the CC list for the bug.