lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 15 Jul 2015 16:09:03 +0200
From:	Marc Dietrich <marvin24@....de>
To:	netdev@...r.kernel.org
Subject: "ss -p" segfaults

Hi,

ss -p segfaults here with some kind of memory corruption:

*** Error in `/work/iproute2/misc/ss': free(): invalid pointer: 
0x0000000000623000 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x71c6d)[0x7ffff7885c6d]
/lib64/libc.so.6(+0x771be)[0x7ffff788b1be]
/lib64/libc.so.6(+0x7799b)[0x7ffff788b99b]
/work/iproute2/misc/ss[0x403de1]
/work/iproute2/misc/ss[0x408247]
/work/iproute2/misc/ss[0x403295]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7ffff7834790]
/work/iproute2/misc/ss[0x4037f9]
======= Memory map: ========
00400000-00416000 r-xp 00000000 00:33 4207305                            
/work/iproute2/misc/ss
00616000-00617000 r--p 00016000 00:33 4207305                            
/work/iproute2/misc/ss
00617000-0061b000 rw-p 00017000 00:33 4207305                            
/work/iproute2/misc/ss
0061b000-0065f000 rw-p 00000000 00:00 0                                  
[heap]
7ffff6f6d000-7ffff6f83000 r-xp 00000000 00:21 16154175                   
/lib64/libgcc_s.so.1
7ffff6f83000-7ffff7182000 ---p 00016000 00:21 16154175                   
/lib64/libgcc_s.so.1
7ffff7182000-7ffff7183000 r--p 00015000 00:21 16154175                   
/lib64/libgcc_s.so.1
7ffff7183000-7ffff7184000 rw-p 00016000 00:21 16154175                   
/lib64/libgcc_s.so.1
7ffff7184000-7ffff719c000 r-xp 00000000 00:21 16694826                   
/lib64/libpthread-2.21.so
7ffff719c000-7ffff739b000 ---p 00018000 00:21 16694826                   
/lib64/libpthread-2.21.so
7ffff739b000-7ffff739c000 r--p 00017000 00:21 16694826                   
/lib64/libpthread-2.21.so
7ffff739c000-7ffff739d000 rw-p 00018000 00:21 16694826                   
/lib64/libpthread-2.21.so
7ffff739d000-7ffff73a1000 rw-p 00000000 00:00 0 
7ffff73a1000-7ffff73a4000 r-xp 00000000 00:21 16694804                   
/lib64/libdl-2.21.so
7ffff73a4000-7ffff75a3000 ---p 00003000 00:21 16694804                   
/lib64/libdl-2.21.so
7ffff75a3000-7ffff75a4000 r--p 00002000 00:21 16694804                   
/lib64/libdl-2.21.so
7ffff75a4000-7ffff75a5000 rw-p 00003000 00:21 16694804                   
/lib64/libdl-2.21.so
7ffff75a5000-7ffff7613000 r-xp 00000000 00:21 16153198                   
/usr/lib64/libpcre.so.1.2.5
7ffff7613000-7ffff7812000 ---p 0006e000 00:21 16153198                   
/usr/lib64/libpcre.so.1.2.5
7ffff7812000-7ffff7813000 r--p 0006d000 00:21 16153198                   
/usr/lib64/libpcre.so.1.2.5
7ffff7813000-7ffff7814000 rw-p 0006e000 00:21 16153198                   
/usr/lib64/libpcre.so.1.2.5
7ffff7814000-7ffff79ad000 r-xp 00000000 00:21 16694798                   
/lib64/libc-2.21.so
7ffff79ad000-7ffff7bac000 ---p 00199000 00:21 16694798                   
/lib64/libc-2.21.so
7ffff7bac000-7ffff7bb1000 r--p 00198000 00:21 16694798                   
/lib64/libc-2.21.so
7ffff7bb1000-7ffff7bb3000 rw-p 0019d000 00:21 16694798                   
/lib64/libc-2.21.so
7ffff7bb3000-7ffff7bb7000 rw-p 00000000 00:00 0 
7ffff7bb7000-7ffff7bd8000 r-xp 00000000 00:21 16155991                   
/lib64/libselinux.so.1
7ffff7bd8000-7ffff7dd7000 ---p 00021000 00:21 16155991                   
/lib64/libselinux.so.1
7ffff7dd7000-7ffff7dd8000 r--p 00020000 00:21 16155991                   
/lib64/libselinux.so.1
7ffff7dd8000-7ffff7dd9000 rw-p 00021000 00:21 16155991                   
/lib64/libselinux.so.1
7ffff7dd9000-7ffff7ddb000 rw-p 00000000 00:00 0 
7ffff7ddb000-7ffff7dfc000 r-xp 00000000 00:21 16694791                   
/lib64/ld-2.21.so
7ffff7fb5000-7ffff7fba000 rw-p 00000000 00:00 0 
7ffff7ff5000-7ffff7ff8000 rw-p 00000000 00:00 0 
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          
[vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          
[vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00021000 00:21 16694791                   
/lib64/ld-2.21.so
7ffff7ffd000-7ffff7ffe000 rw-p 00022000 00:21 16694791                   
/lib64/ld-2.21.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffdd000-7ffffffff000 rw-p 00000000 00:00 0                          
[stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  
[vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff7847638 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: zypper install libgcc_s1-
debuginfo-5.1.1+r224716-1.2.x86_64 libpcre1-debuginfo-8.37-1.18.x86_64 
libselinux1-debuginfo-2.3-5.18.x86_64
(gdb) bt full
#0  0x00007ffff7847638 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff7848a1a in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff7885c72 in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff788b1be in malloc_printerr () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007ffff788b99b in _int_free () from /lib64/libc.so.6
No symbol table info available.
#5  0x0000000000403de1 in unix_list_free (list=0x6251a0, list@...ry=0x645b50) 
at ss.c:2516
        s = 0x623010
        name = 0x272 <error: Cannot access memory at address 0x272>
#6  0x0000000000408247 in unix_show (f=0x61cdf0 <current_filter>) at ss.c:2798
        buf = "ffff880205a15b00: 00000003 00000000 00000000 0001 03 
84307\n\000/tmp/.X11-
unix/X0\n\000/stdout\n\000adiserver.socket\n\000\n\000c\n\000cket\n", '\000' 
<repeats 12 times>, 
"q\017A\000\000\000\000\000p\205\201\367\377\177\000\000x\323\377\377\377\177\000\000\067\v\000\000\000\000\000\000h\323\377\377\377\177\000\000\060\374\336\367\377\177\000\000\000U\000\000\005\000\000\000\277\000\000\000;
\212\000\000\000\003\034\177\025\004\000\001"...
        name = "\000/tmp/.X11-
unix/X0\000l/stdout\000nadiserver.socket\000\071\000ec\000ocket\000\021@\000\000\000\000\000\377\377\377\377\000\000\000\000\b\321\377\377\377\177\000\000p\205\201\367\377\177\000\000Д\373\367\377\177\000\000\330|
\335\367\377\177\000\000\226\226\204\367\377\177\000\000\370\n@\000\000\000\000\000\070\254a\000\000\000\000"
        newformat = 0
        cnt = 734
        list = <optimized out>
#7  0x0000000000403295 in main (argc=<optimized out>, argv=0x7fffffffd378) at 
ss.c:3921
        saw_states = <optimized out>
        saw_query = 0
        do_summary = <optimized out>
        dump_tcpdiag = 0x0
        filter_fp = 0x0
        ch = <optimized out>
        state_filter = 2871
(gdb) 

git bisect shows bad commit ec4d0d8 (ss: Replace unixstat struct by new 
sockstat struct)

This is with a 4.1.2 kernel. Strange thing is, that this segfault does not 
happen on my distro kernel (also v4.1) (openSUSE). Seems to be some random 
stuff or kernel config problem maybe.

Marc

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ