Package: psmisc
Version: 22.21-2
Severity: normal
Tags: upstream
Dear Maintainer,
we use `fuser /run/fail2ban/fail2ban.sock` in a script to determine if
fail2ban is still running, and if not, to restart it. On some servers
(just a few, so far I've seen this problem on 3 servers out of ~1800)
this didn't work for some reason - fuser didn't list the fail2ban
process, although it was listening on the socket:
affected-server ~ # fuser /run/fail2ban/fail2ban.sock
affected-server ~ #
affected-server ~ # lsof -n /var/run/fail2ban/fail2ban.sock
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
fail2ban- 21295 root 3u unix 0xffff88010eb610c0 0t0 3098423561
/var/run/fail2ban/fail2ban.sock
The expected output would have been something like this:
working-server ~ # fuser /run/fail2ban/fail2ban.sock
/run/fail2ban/fail2ban.sock: 13164
I found some debug code in fuser.c and added some of my own to track this down,
and I think I finally figured it out: the affected servers have socket inode
numbers > 2^31-1, and fill_unix_cache() in fuser.c fails to parse this:
affected-server ~ # ./fuser /run/fail2ban/fail2ban.sock 2>&1 | grep fail2ban
fill_unix_cache: scanned_inode:2147483647
scanned_path:/var/run/fail2ban/fail2ban.sock
/run/fail2ban/fail2ban.sock
Dev:7 Inode:(2147483647) 0x7fffffff => /run/fail2ban/fail2ban.sock
Dev:f Inode:(-1196543734) 0xb8ae310a => /run/fail2ban/fail2ban.sock
adding file /run/fail2ban/fail2ban.sock F B8AE310A
adding socket /run/fail2ban/fail2ban.sock 7 7FFFFFFF
Replacing the %d in the sscanf line with %lld seems to fix the problem:
affected-server ~ # ./fuser /run/fail2ban/fail2ban.sock
[...]
fill_unix_cache: scanned_inode:3098423561
scanned_path:/var/run/fail2ban/fail2ban.sock
[...]
adding file /run/fail2ban/fail2ban.sock F B8AE310A
adding socket /run/fail2ban/fail2ban.sock 7 B8AE3109
Specified Names:
/run/fail2ban/fail2ban.sock
Inodes:
Dev:7 Inode:(-1196543735) 0xb8ae3109 => /run/fail2ban/fail2ban.sock
Dev:f Inode:(-1196543734) 0xb8ae310a => /run/fail2ban/fail2ban.sock
Devices:
Cannot open /proc/fs/nfs/exports
/run/fail2ban/fail2ban.sock: 21295
I've attached a patch with my changes. Please beware though that my C knowledge
is rudimentary at best, so the necessary changes should probably be
reimplemented by someone who knows what he's doing :)
There are probably several other places in the code that have to be modified
for proper 64 bit inode support.
-- System Information:
Debian Release: 8.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages psmisc depends on:
ii libc6 2.19-18+deb8u10
ii libtinfo5 5.9+20140913-1+b1
psmisc recommends no packages.
psmisc suggests no packages.
-- no debconf information
