Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fping 4.0 crush #146

Closed
lionleo opened this issue Mar 25, 2019 · 3 comments
Closed

fping 4.0 crush #146

lionleo opened this issue Mar 25, 2019 · 3 comments
Labels
question

Comments

@lionleo
Copy link

lionleo commented Mar 25, 2019

hello when fping check alot host i get crush

fping -version
fping: Version 4.0
fping: comments to david@schweikert.ch

*** buffer overflow detected ***: /usr/bin/fping terminated

_usr_bin_fping.0.crash https://pastebin.com/aspkjjzB
@schweikert
Copy link
Owner

Can you reproduce the issue? It's very difficult to say what could be causing this by the output that you provided.

@IAmWebSA
Copy link

IAmWebSA commented Jun 18, 2019
edited

I am facing a simialr issue while cross compile, the last working cross compiled version was 3.16.
On the 4.x Versionthe only thing that works is fping -h , all other commands like fping -v result in a exit code of 4.

Any idea whats going wronge here?

STRACE:

root@HOSBC:/lib strace fping 172.16.29.34
execve("/usr/sbin/fping", ["fping", "172.16.29.34"], [/* 11 vars */]) = 0
brk(0) = 0x1572000
uname({sys="Linux", node="HOSBC", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff5000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/tls/v7l/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v7l/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/v7l/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v7l/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/v7l/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v7l/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/v7l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v7l", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/v7l/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/v7l/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/v7l/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/v7l/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/v7l/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/v7l/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/v7l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/v7l", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\255w\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=902732, ...}) = 0
mmap2(NULL, 906648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76efa000
mmap2(0x76fd2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd8000) = 0x76fd2000
mmap2(0x76fd5000, 9624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x76fd5000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff4000
set_tls(0x76ff44c0, 0x76ff7050, 0x76ff4ba8, 0x76ff44c0, 0x76ff7050) = 0
mprotect(0x76fd2000, 8192, PROT_READ) = 0
mprotect(0x17000, 4096, PROT_READ) = 0
mprotect(0x76ff6000, 4096, PROT_READ) = 0
brk(0) = 0x1572000
brk(0x1593000) = 0x1593000
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=288, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000
read(3, "#\n# /etc/nsswitch.conf\n#\n\npasswd"..., 4096) = 288
read(3, "", 4096) = 0
close(3) = 0
munmap(0x76ff3000, 4096) = 0
open("/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\220\31\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=34388, ...}) = 0
mmap2(NULL, 66476, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76ee9000
mprotect(0x76ef1000, 28672, PROT_NONE) = 0
mmap2(0x76ef8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x76ef8000
close(3) = 0
mprotect(0x76ef8000, 4096, PROT_READ) = 0
open("/etc/protocols", O_RDONLY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=178, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000
read(3, "ip\t\t0\tIP # internet"..., 4096) = 178
close(3) = 0
munmap(0x76ff3000, 4096) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
open("/etc/protocols", O_RDONLY|O_CLOEXEC) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=178, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000
read(4, "ip\t\t0\tIP # internet"..., 4096) = 178
read(4, "", 4096) = 0
close(4) = 0
munmap(0x76ff3000, 4096) = 0
exit_group(4) = ?
+++ exited with 4 +++

@xtaran
Copy link
Contributor

xtaran commented Jun 18, 2019

Hi David,

Can you reproduce the issue? It's very difficult to say what could be causing this by the output that you provided.

There's quite some information about the (initially reported) crash in the pastebin paste, including a compressed and base64-encoded 1.9 MB core dump in the last three lines of the paste (each line prepended with one space).

Copying and pasting it from the browser failed for me, but piping it directly from the internet worked for me. So after installing fping-dbgsym and libc6-dbg (and of course fping itself, gdb, libwww-perl for GET, etc.) in a Ubuntu 18.04 Bionic chroot, I was able to extract the backtrace of the initial reported crash:

$  lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04 LTS
Release:        18.04
Codename:       bionic
$  dpkg --print-architecture
amd64
$ GET https://pastebin.com/raw/aspkjjzB | tail -3 | sed -e 's/^ //' | base64 -d -i | zcat > GH\#146.CoreDump
$ gdb /usr/bin/fping GH\#146.CoreDump 
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/fping...Reading symbols from /usr/lib/debug/.build-id/a5/d5449d8bf9f110e54bb5a9fe35b36141f70d5d.debug...done.
done.
[New LWP 32068]
Core was generated by `/usr/bin/fping -i10 -r3 -A -a 172.18.134.207 172.18.134.205 10.157.155.4 10.157'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fb2febc4e97 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007fb2febc4e97 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fb2febc6801 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fb2fec0f897 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007fb2fecbacff in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007fb2fecbad21 in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x00007fb2fecb8a10 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x00007fb2fecbac0a in __fdelt_warn () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x000055b6aefa0ca5 in socket_can_read (timeout=0x7ffed8eb5420) at fping.c:1694
#8  0x000055b6aefa2a49 in wait_for_reply (wait_time=<optimized out>) at fping.c:2007
#9  0x000055b6aefa32d5 in main_loop () at fping.c:1243
#10 0x000055b6aefa067e in main (argc=<optimized out>, argv=<optimized out>) at fping.c:994

I assume that the two ?? in libc.so.6 stem from an since then updated libc6package.

Hope, this helps.

P.S.: I also tried to reproduce the issue inside this chroot, but fping just worked fine for me:

$ /usr/bin/fping -i10 -r3 -A -a 172.18.134.207 172.18.134.205 10.157.155.4 10.157.155.3 172.18.134.202 10.157.187.34 10.157.187.33 10.157.187.30 10.157.155.35 172.18.134.190 10.157.150.77 172.24.227.35 172.24.227.34 10.157.150.78 10.157.150.79 10.157.152.28 10.157.187.101 172.24.227.140 172.24.227.141 172.24.227.146 10.157.187.83 10.157.187.87 10.157.114.38 193.138.244.33 10.157.29.208 10.157.155.27 10.157.155.28 10.157.155.29 10.153.127.188 10.157.121.55 10.153.127.183 10.153.127.182 10.153.127.181 10.153.127.187 10.153.127.186 10.153.127.185 10.153.127.184 80.249.229.40 10.157.152.9 10.157.187.14 10.157.187.15 10.157.187.17 10.157.187.10 10.157.187.11 10.157.187.12 10.157.187.13 10.157.155.10 10.157.29.172 10.157.29.173 10.157.155.19 10.157.187.3 172.24.227.167 10.157.152.45 10.157.152.44 172.24.227.163 10.153.127.179 10.157.150.111 10.157.187.62 172.24.227.183 10.157.126.16 10.157.29.144 10.157.84.62 10.157.121.136 10.157.187.99 10.157.187.95 10.157.150.104 172.24.227.112 10.157.150.109 10.157.187.72 10.157.9.9 10.157.187.76 10.157.9.7 10.157.84.73 10.157.152.64 10.157.152.62 10.157.121.144 10.157.187.40 10.157.187.56 10.157.152.71 192.168.254.77 10.157.114.34 10.157.114.35 10.157.114.32 172.18.134.228 10.157.187.53 10.157.150.91 10.157.150.92 172.18.134.222 10.157.126.23 10.153.127.44 192.168.254.94 192.168.254.97 172.18.134.32 10.235.0.250 10.157.121.22 10.157.152.50 10.235.0.11 172.24.227.90 172.18.134.210 172.18.134.212 172.18.134.216 10.157.187.22 10.153.127.129 10.157.150.63 10.157.150.62 10.157.150.67 10.153.127.5 172.24.227.89 172.24.227.87 10.157.150.121 10.157.150.86
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
80.249.229.40
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
$ echo $?
1
$ fping -version
fping: Version 4.0
fping: comments to david@schweikert.ch
$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xtaran @schweikert @lionleo @IAmWebSA