From: Bernhard Schmidt <berni@birkenwald.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jan Engelhardt <jengelh@medozas.de>,
Krzysztof Oledzki <ole@ans.pl>,
netfilter-devel@vger.kernel.org
Subject: Re: conntrack segfault
Date: Thu, 25 Jun 2009 00:18:45 +0200 [thread overview]
Message-ID: <20090624221845.GA16585@pest> (raw)
In-Reply-To: <4A426932.1030607@netfilter.org>
Hi,
not sure whether this helps, but after what felt like 500 attempts of
running conntrack -L in valgrind I just captured one crash.
secomat2:~ # valgrind -v conntrack -L > /dev/null
==24699== Memcheck, a memory error detector.
==24699== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
al.
==24699== Using LibVEX rev 1854, a library for dynamic binary
translation.
==24699== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==24699== Using valgrind-3.3.1, a dynamic binary instrumentation
framework.
==24699== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
al.
==24699==
--24699-- Command line
--24699-- conntrack
--24699-- -L
--24699-- Startup, with flags:
--24699-- -v
--24699-- Contents of /proc/version:
--24699-- Linux version 2.6.27.23-0.1-default (geeko@buildhost) (gcc
version 4.3.2 [gcc-4_3-branch revision 141291] (SUSE Linux) ) #1 SMP
2009-05-26 17:02:05 -0400
--24699-- Arch and hwcaps: AMD64, amd64-sse2
--24699-- Page sizes: currently 4096, max supported 4096
--24699-- Valgrind library directory: /usr/lib64/valgrind
--24699-- Reading syms from /usr/local/sbin/conntrack (0x400000)
--24699-- Reading syms from /lib64/ld-2.9.so (0x4000000)
--24699-- object doesn't have a symbol table
--24699-- Reading syms from /usr/lib64/valgrind/amd64-linux/memcheck
(0x38000000)
--24699-- object doesn't have a symbol table
--24699-- object doesn't have a dynamic symbol table
--24699-- Reading suppressions file: /usr/lib64/valgrind/default.supp
--24699-- Reading syms from
/usr/lib64/valgrind/amd64-linux/vgpreload_core.so (0x4A1F000)
--24699-- object doesn't have a symbol table
--24699-- Reading syms from
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so (0x4C21000)
--24699-- object doesn't have a symbol table
--24699-- Reading syms from
/usr/local/lib/libnetfilter_conntrack.so.1.2.0 (0x4E2A000)
--24699-- Reading syms from /usr/local/lib/libnfnetlink.so.0.2.0
(0x5043000)
--24699-- Reading syms from /lib64/libc-2.9.so (0x524B000)
--24699-- object doesn't have a symbol table
--24699-- Reading syms from /lib64/libdl-2.9.so (0x55A4000)
--24699-- object doesn't have a symbol table
--24699-- REDIR: 0x52c7c30 (rindex) redirected to 0x4c25a00 (rindex)
--24699-- REDIR: 0x52c93f0 (memset) redirected to 0x4c26ca0 (memset)
--24699-- REDIR: 0x52c67b0 (strcmp) redirected to 0x4c26100 (strcmp)
--24699-- REDIR: 0x52c7540 (strlen) redirected to 0x4c25e20 (strlen)
--24699-- REDIR: 0x52c6600 (index) redirected to 0x4c25b20 (index)
--24699-- REDIR: 0x52c37f0 (malloc) redirected to 0x4c255e0 (malloc)
--24699-- REDIR: 0xffffffffff600400 (???) redirected to 0x3802d13d (???)
--24699-- REDIR: 0x52c3430 (calloc) redirected to 0x4c233b0 (calloc)
--24699-- REDIR: 0x52cad30 (memcpy) redirected to 0x4c26270 (memcpy)
--24699-- REDIR: 0x52cd840 (strchrnul) redirected to 0x4c26d70
(strchrnul)
--24699-- REDIR: 0x52c9f20 (mempcpy) redirected to 0x4c26dd0 (mempcpy)
--24699-- REDIR: 0x52c0c00 (free) redirected to 0x4c242e0 (free)
--24699-- REDIR: 0x52c7b60 (strncpy) redirected to 0x4c25f50 (strncpy)
vex amd64->IR: unhandled instruction bytes: 0x6 0xDF 0xA1 0xBF 0x8 0x0
==24699== Invalid read of size 1
==24699== at 0x7FEFFD3E4: ???
==24699== by 0x7FEFFD3EB: ???
==24699== by 0x7FEFFD3F3: ???
==24699== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==24699==
==24699== Process terminating with default action of signal 11 (SIGSEGV)
==24699== Access not within mapped region at address 0x0
==24699== at 0x7FEFFD3E4: ???
==24699== by 0x7FEFFD3EB: ???
==24699== by 0x7FEFFD3F3: ???
==24699==
==24699== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 1)
==24699==
==24699== 1 errors in context 1 of 1:
==24699== Invalid read of size 1
==24699== at 0x7FEFFD3E4: ???
==24699== by 0x7FEFFD3EB: ???
==24699== by 0x7FEFFD3F3: ???
==24699== Address 0x0 is not stack'd, malloc'd or (recently) free'd
--24699--
--24699-- supp: 2 dl-hack3-cond-1
==24699==
==24699== IN SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 1)
==24699==
==24699== malloc/free: in use at exit: 984 bytes in 5 blocks.
==24699== malloc/free: 8,293 allocs, 8,288 frees, 2,586,840 bytes
allocated.
==24699==
==24699== searching for pointers to 5 not-freed blocks.
==24699== checked 100,824 bytes.
==24699==
==24699== LEAK SUMMARY:
==24699== definitely lost: 0 bytes in 0 blocks.
==24699== possibly lost: 0 bytes in 0 blocks.
==24699== still reachable: 984 bytes in 5 blocks.
==24699== suppressed: 0 bytes in 0 blocks.
==24699== Rerun with --leak-check=full to see details of leaked memory.
--24699-- memcheck: sanity checks: 300 cheap, 12 expensive
--24699-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--24699-- memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
--24699-- memcheck: auxmaps_L2: 0 searches, 0 nodes
--24699-- memcheck: SMs: n_issued = 64 (1024k, 1M)
--24699-- memcheck: SMs: n_deissued = 0 (0k, 0M)
--24699-- memcheck: SMs: max_noaccess = 524287 (8388592k, 8191M)
--24699-- memcheck: SMs: max_undefined = 0 (0k, 0M)
--24699-- memcheck: SMs: max_defined = 210 (3360k, 3M)
--24699-- memcheck: SMs: max_non_DSM = 64 (1024k, 1M)
--24699-- memcheck: max sec V bit nodes: 0 (0k, 0M)
--24699-- memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--24699-- memcheck: max shadow mem size: 5168k, 5M
--24699-- translate: fast SP updates identified: 1,595 (
85.4%)
--24699-- translate: generic_known SP updates identified: 184 ( 9.8%)
--24699-- translate: generic_unknown SP updates identified: 88 ( 4.7%)
--24699-- tt/tc: 21,344 tt lookups requiring 21,427 probes
--24699-- tt/tc: 21,344 fast-cache updates, 2 flushes
--24699-- transtab: new 2,351 (54,368 -> 830,549; ratio 152:10)
[1 scs]
--24699-- transtab: dumped 0 (0 -> ??)
--24699-- transtab: discarded 0 (0 -> ??)
--24699-- scheduler: 30,068,731 jumps (bb entries).
--24699-- scheduler: 300/37,001 major/minor sched events.
--24699-- sanity: 301 cheap, 12 expensive checks.
--24699-- exectx: 769 lists, 9 contexts (avg 0 per list)
--24699-- exectx: 16,584 searches, 16,575 full compares (999 per
1000)
--24699-- exectx: 0 cmp2, 1 cmp4, 0 cmpAll
--24699-- errormgr: 3 supplist searches, 69 comparisons during search
--24699-- errormgr: 3 errlist searches, 3 comparisons during search
Segmentation fault
Does this help any more?
Bernhard
next prev parent reply other threads:[~2009-06-24 22:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-23 7:27 null-pointer deref in ulogd2 Bernhard Schmidt
2009-06-23 8:31 ` Bernhard Schmidt
2009-06-23 15:40 ` Pablo Neira Ayuso
2009-06-23 16:54 ` Bernhard Schmidt
2009-06-23 22:39 ` Bernhard Schmidt
2009-06-24 10:59 ` conntrack segfault (was: Re: null-pointer deref in ulogd2) Bernhard Schmidt
2009-06-24 11:17 ` Krzysztof Oledzki
2009-06-24 11:57 ` Jan Engelhardt
2009-06-24 12:56 ` conntrack segfault Bernhard Schmidt
2009-06-24 17:58 ` Pablo Neira Ayuso
2009-06-24 20:05 ` Bernhard Schmidt
2009-06-24 22:18 ` Bernhard Schmidt [this message]
2009-07-02 16:30 ` Pablo Neira Ayuso
2009-07-06 10:29 ` Krzysztof Oledzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090624221845.GA16585@pest \
--to=berni@birkenwald.de \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.