Bug#764457: perl: segfault in Dumper.so after upgrading to 5.20

Florian Ernst florian_ernst at gmx.net
Wed Oct 8 10:08:42 UTC 2014 

Package: perl-base
Version: 5.20.1-1
File: /usr/bin/perl

Hello there,

sorry for filing so late, I didn't get around any earlier ...

Some background:

On my testing system I have the Thruk Monitoring Webinterface installed
(1.84-6 as downloadable from http://www.thruk.org/download.html). Using
this webinterface creates a crontab entry for www-data:

$ sudo crontab -l -u www-data | grep -v -e '^#'
 0  3  *  *  * cd /usr/share/thruk && /bin/bash -l -c '/usr/bin/nice -n 5 /usr/bin/thruk --local -a     report=1  ' >/dev/null 2>/var/cache/thruk/reports/1.log

This cronjob worked without problems until I upgraded my perl
installation on Aug 26 2014, when I upgraded perl 5.18.2-7 -> 5.20.0-4.
Ever since this job segfaults reproducably.

:) root at fernst:~$ cat /var/cache/thruk/reports/1.log
Segmentation fault (core dumped)

Thanks to corekeeper (and ZFS snapshots) I have dumps available, the
oldest and the most recent of these dumps show

with then-current perl 5.20.0-4

:) root at fernst:~$ zgrep Dumper.so /var/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/log/syslog-20140827.gz 
Aug 27 03:00:02 fernst kernel: [1144099.516702] perl[24295]: segfault at 5 ip 00007f24d235ecee sp 00007fffe4e5e160 error 4 in Dumper.so[7f24d2358000+8000]
:) root at fernst:~$ ls -al /var/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/crash/33/24295-33-33-11-1409101202-fernst--usr-bin-perl.core
-rw------- 1 www-data www-data 2551808 Aug 27 03:00 /var/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/crash/33/24295-33-33-11-1409101202-fernst--usr-bin-perl.core
:) root at fernst:~$ gdb /usr/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/bin/perl --core=/var/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/crash/33/24295-33-33-11-1409101202-fernst--usr-bin-perl.core
[...]
Reading symbols from /usr/.zfs/snapshot/fernst_2014-09-01_00.00.01--12m/bin/perl...(no debugging symbols found)...done.
[New LWP 24295]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `perl -x /usr/bin/thruk --local -a report=1'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f24d235ecee in boot_Data__Dumper () from /usr/lib/thruk/perl5/x86_64-linux-gnu-thread-multi/auto/Data/Dumper/Dumper.so
(gdb) bt
#0  0x00007f24d235ecee in boot_Data__Dumper () from /usr/lib/thruk/perl5/x86_64-linux-gnu-thread-multi/auto/Data/Dumper/Dumper.so
#1  0x00007f24d3698cfb in Perl_pp_entersub () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#2  0x00007f24d36915b6 in Perl_pp_nextstate () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#3  0x00007f24d361b255 in Perl_init_debugger () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#4  0x0000000001cbd140 in ?? ()
#5  0x0000000001d104c0 in ?? ()
#6  0x0000000000000000 in ?? ()
(gdb) quit

and with now-current perl 5.20.1-1

:) root at fernst:~$ grep Dumper.so /var/log/syslog-20141008
Oct  8 03:00:01 fernst kernel: [1234184.018335] perl[10098]: segfault at 5 ip 00007f8098fcacee sp 00007fff3a459460 error 4 in Dumper.so[7f8098fc4000+8000]
:) root at fernst:~$ ls -al /var/crash/33/10098-33-33-11-1412730001-fernst--usr-bin-perl.core
-rw------- 1 www-data www-data 2580480 Oct  8 03:00 /var/crash/33/10098-33-33-11-1412730001-fernst--usr-bin-perl.core
:) root at fernst:~$ gdb /usr/bin/perl --core=/var/crash/33/10098-33-33-11-1412730001-fernst--usr-bin-perl.core
[...]
Reading symbols from /usr/bin/perl...(no debugging symbols found)...done.
[New LWP 10098]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `perl -x /usr/bin/thruk --local -a report=1'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f8098fcacee in boot_Data__Dumper () from /usr/lib/thruk/perl5/x86_64-linux-gnu-thread-multi/auto/Data/Dumper/Dumper.so
(gdb) bt
#0  0x00007f8098fcacee in boot_Data__Dumper () from /usr/lib/thruk/perl5/x86_64-linux-gnu-thread-multi/auto/Data/Dumper/Dumper.so
#1  0x00007f809a3045ab in Perl_pp_entersub () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#2  0x00007f809a2fce46 in Perl_runops_standard () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#3  0x00007f809a2863e5 in Perl_call_sv () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#4  0x00007f809a288753 in Perl_call_list () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#5  0x00007f809a26c241 in ?? () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#6  0x00007f809a27fa92 in Perl_newATTRSUB_x () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#7  0x00007f809a2b6341 in Perl_yyparse () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#8  0x00007f809a336542 in ?? () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#9  0x00007f809a342120 in Perl_pp_require () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#10 0x00007f809a2fce46 in Perl_runops_standard () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#11 0x00007f809a2863e5 in Perl_call_sv () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#12 0x00007f809a288753 in Perl_call_list () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#13 0x00007f809a26c241 in ?? () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#14 0x00007f809a27fa92 in Perl_newATTRSUB_x () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#15 0x00007f809a282b30 in Perl_utilize () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#16 0x00007f809a2b5c79 in Perl_yyparse () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#17 0x00007f809a336542 in ?? () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#18 0x00007f809a342120 in Perl_pp_require () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#19 0x00007f809a2fce46 in Perl_runops_standard () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#20 0x00007f809a28de0e in perl_run () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
#21 0x0000000000400e19 in main ()
(gdb) quit


At a first glance I suspected this to be somehow linked to #762256
(CVE-2014-4330: stack exhaustion bug in Data::Dumper), but the
segfaulting predates that update and definitely started with the upgrade
to perl 5.20.

I was tempted to file this bug at severity "important" as it shouldn't
segfault no matter wich script (included in Debian or not) is executed.
But I see other segfaults are kept at "normal", so I simply follow suit.
Please adjust as you see fit, and please advise on how to best further
debug this.

Cheers,
Flo


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages perl-base depends on:
ii  dpkg   1.17.13
ii  libc6  2.19-11

perl-base recommends no packages.

Versions of packages perl-base suggests:
ii  perl  5.20.1-1

-- no debconf information

More information about the Perl-maintainers mailing list