Bug#1023879: Buster: oldstable: Weird supplementary GID passed with getgroups syscall
Package: linux-image-amd64
Version: 4.19+105+deb10u17
Appears with: linux-image-4.19.0-{19..22}-amd64
Does not appear with: linux-image-4.19.0-12-amd64
Not checked with: linux-image-4.19.0-{14..17}-amd64
Hi guys,
I observed a very strange error on Debian Buster (oldstable) that appears only while using the latest kernel images starting from version 4.19.0-19. However employing a rather old kernel image like 4.19.0-12, the problem does not show up. The erratic behavior only happens on boxes running in default mode, but not while running them in rescue mode. The error is reproducible on different machines and can be triggered by using the `groups' command without any argument or the C-Library function `getgroups' in C-code directly. The error is encountered for any user (root/system accounts/non-privileged users) on the system.
Here, you see the example of the `groups' command with and without a strace:
root@box# groups
root groups: cannot find name for group ID 1097573495
1097573495
root@box# strace groups
execve("/usr/bin/groups", ["groups"], 0x7ffd25df6490 /* 30 vars */) = 0
brk(NULL) = 0x55fe16719000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=180247, ...}) = 0
mmap(NULL, 180247, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9bbdb000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1820400, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea9bbd9000
mmap(NULL, 1832960, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea9ba19000
mprotect(0x7fea9ba3b000, 1654784, PROT_NONE) = 0
mmap(0x7fea9ba3b000, 1339392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7fea9ba3b000
mmap(0x7fea9bb82000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x169000) = 0x7fea9bb82000
mmap(0x7fea9bbcf000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b5000) = 0x7fea9bbcf000
mmap(0x7fea9bbd5000, 14336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea9bbd5000
close(3) = 0
arch_prctl(ARCH_SET_FS, 0x7fea9bbda540) = 0
mprotect(0x7fea9bbcf000, 16384, PROT_READ) = 0
mprotect(0x55fe15e0c000, 4096, PROT_READ) = 0
mprotect(0x7fea9bc2f000, 4096, PROT_READ) = 0
munmap(0x7fea9bbdb000, 180247) = 0
brk(NULL) = 0x55fe16719000
brk(0x55fe1673a000) = 0x55fe1673a000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=4600912, ...}) = 0
mmap(NULL, 4600912, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9b5b5000
close(3) = 0
getuid() = 0
getegid() = 0
getgid() = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=608, ...}) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 608
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=180247, ...}) = 0
mmap(NULL, 180247, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9bbdb000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0003\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=55792, ...}) = 0
mmap(NULL, 83768, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea9b5a0000
mprotect(0x7fea9b5a3000, 40960, PROT_NONE) = 0
mmap(0x7fea9b5a3000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fea9b5a3000
mmap(0x7fea9b5aa000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fea9b5aa000
mmap(0x7fea9b5ad000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7fea9b5ad000
mmap(0x7fea9b5af000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea9b5af000
close(3) = 0
mprotect(0x7fea9b5ad000, 4096, PROT_READ) = 0
munmap(0x7fea9bbdb000, 180247) = 0
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1114, ...}) = 0
read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 1114
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0), ...}) = 0
##################################################
getgroups(0, NULL) = 2
getgroups(2, [0, 1097573495]) = 2
##################################################
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1114, ...}) = 0
read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 1114
lseek(3, 0, SEEK_CUR) = 1114
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=180247, ...}) = 0
mmap(NULL, 180247, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9bbdb000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=30936, ...}) = 0
mmap(NULL, 33896, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea9b597000
mprotect(0x7fea9b599000, 20480, PROT_NONE) = 0
mmap(0x7fea9b599000, 12288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fea9b599000
mmap(0x7fea9b59c000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7fea9b59c000
mmap(0x7fea9b59e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fea9b59e000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdb-5.3.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\364\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1815152, ...}) = 0
mmap(NULL, 1817192, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea9b3db000
mprotect(0x7fea9b405000, 1605632, PROT_NONE) = 0
mmap(0x7fea9b405000, 1318912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2a000) = 0x7fea9b405000
mmap(0x7fea9b547000, 282624, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16c000) = 0x7fea9b547000
mmap(0x7fea9b58d000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b1000) = 0x7fea9b58d000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146968, ...}) = 0
mmap(NULL, 132288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fea9b3ba000
mmap(0x7fea9b3c0000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fea9b3c0000
mmap(0x7fea9b3cf000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7fea9b3cf000
mmap(0x7fea9b3d5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7fea9b3d5000
mmap(0x7fea9b3d7000, 13504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fea9b3d7000
close(3) = 0
mprotect(0x7fea9b3d5000, 4096, PROT_READ) = 0
mprotect(0x7fea9b58d000, 28672, PROT_READ) = 0
mprotect(0x7fea9b59e000, 4096, PROT_READ) = 0
set_tid_address(0x7fea9bbda810) = 18196
set_robust_list(0x7fea9bbda820, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fea9b3c06b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fea9b3cc730}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fea9b3c0740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fea9b3cc730}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fea9bbdb000, 180247) = 0
getpid() = 18196
openat(AT_FDCWD, "/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3
read(3, "0-5\n", 8192) = 4
close(3) = 0
openat(AT_FDCWD, "/var/lib/misc/DB_CONFIG", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/var/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
stat("/var/lib/misc/group.db", {st_mode=S_IFREG|0644, st_size=1204224, ...}) = 0
openat(AT_FDCWD, "/var/lib/misc/group.db", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "\0\0\0\0\1\0\0\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0\0\0\0\0"..., 512) = 512
close(3) = 0
openat(AT_FDCWD, "/var/lib/misc/group.db", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1204224, ...}) = 0
mmap(NULL, 1204224, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9b294000
fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
munmap(0x7fea9b294000, 1204224) = 0
close(3) = 0
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2995, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(1, "root ", 5root ) = 5
write(2, "groups: ", 8groups: ) = 8
write(2, "cannot find name for group ID 10"..., 40cannot find name for group ID 1097573495) = 40
write(2, "\n", 1
) = 1
write(1, "1097573495\n", 111097573495
) = 11
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
Additional notes:
While using the `groups' command with arguments, the error does not show up.
The additional, seemingly random GID is not constant. If you run the command in a another (pseudo) terminal, you get a another random number.
The random number does not look like a EGUID of the calling process itself.
The getgroups C-libray call directly ends in the Linux getgroups syscall, so the root cause seems to be in connection with the Linux Kernel.
Maybe, the problem is related to the cgroups subsystem???
Let me know, if this bug has been published in the right place and/or if you need any more details about it.
Regards
Sebastian
_______________________
Sebastian Kraus
IT-Abteilung
Institut für Chemie
Straße des 17. Juni 115
Technische Universität Berlin
Fakultät II
Institut für Chemie
Straße des 17. Juni 135
10623 Berlin
Reply to: