fping icon indicating copy to clipboard operation
fping copied to clipboard
verified publisher icon schweikert

fping 4.0 crush

Open lionleo opened this issue 7 years ago • 3 comments

hello when fping check alot host i get crush

fping -version fping: Version 4.0 fping: comments to [email protected]

*** buffer overflow detected ***: /usr/bin/fping terminated

_usr_bin_fping.0.crash https://pastebin.com/aspkjjzB

lionleo avatar Mar 25 '19 09:03 lionleo

Can you reproduce the issue? It's very difficult to say what could be causing this by the output that you provided.

schweikert avatar May 27 '19 19:05 schweikert

I am facing a simialr issue while cross compile, the last working cross compiled version was 3.16. On the 4.x Versionthe only thing that works is fping -h , all other commands like fping -v result in a exit code of 4.

Any idea whats going wronge here?

STRACE:

root@HOSBC:/lib strace fping 172.16.29.34 execve("/usr/sbin/fping", ["fping", "172.16.29.34"], [/* 11 vars */]) = 0 brk(0) = 0x1572000 uname({sys="Linux", node="HOSBC", ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff5000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib/tls/v7l/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/v7l/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/v7l/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/v7l/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/v7l/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/v7l/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/v7l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/v7l", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/tls", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/v7l/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/v7l/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/v7l/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/v7l/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/v7l/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/v7l/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/v7l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/v7l", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/neon/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/neon/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/neon/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/neon", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/vfp/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/lib/vfp", 0x7eaef4b8) = -1 ENOENT (No such file or directory) open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\255w\1\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=902732, ...}) = 0 mmap2(NULL, 906648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76efa000 mmap2(0x76fd2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd8000) = 0x76fd2000 mmap2(0x76fd5000, 9624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x76fd5000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff4000 set_tls(0x76ff44c0, 0x76ff7050, 0x76ff4ba8, 0x76ff44c0, 0x76ff7050) = 0 mprotect(0x76fd2000, 8192, PROT_READ) = 0 mprotect(0x17000, 4096, PROT_READ) = 0 mprotect(0x76ff6000, 4096, PROT_READ) = 0 brk(0) = 0x1572000 brk(0x1593000) = 0x1593000 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat64(3, {st_mode=S_IFREG|0644, st_size=288, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000 read(3, "#\n# /etc/nsswitch.conf\n#\n\npasswd"..., 4096) = 288 read(3, "", 4096) = 0 close(3) = 0 munmap(0x76ff3000, 4096) = 0 open("/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\220\31\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=34388, ...}) = 0 mmap2(NULL, 66476, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76ee9000 mprotect(0x76ef1000, 28672, PROT_NONE) = 0 mmap2(0x76ef8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x76ef8000 close(3) = 0 mprotect(0x76ef8000, 4096, PROT_READ) = 0 open("/etc/protocols", O_RDONLY|O_CLOEXEC) = 3 fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat64(3, {st_mode=S_IFREG|0644, st_size=178, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000 read(3, "ip\t\t0\tIP # internet"..., 4096) = 178 close(3) = 0 munmap(0x76ff3000, 4096) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 open("/etc/protocols", O_RDONLY|O_CLOEXEC) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=178, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ff3000 read(4, "ip\t\t0\tIP # internet"..., 4096) = 178 read(4, "", 4096) = 0 close(4) = 0 munmap(0x76ff3000, 4096) = 0 exit_group(4) = ? +++ exited with 4 +++

IAmWebSA avatar Jun 18 '19 12:06 IAmWebSA

Hi David,

Can you reproduce the issue? It's very difficult to say what could be causing this by the output that you provided.

There's quite some information about the (initially reported) crash in the pastebin paste, including a compressed and base64-encoded 1.9 MB core dump in the last three lines of the paste (each line prepended with one space).

Copying and pasting it from the browser failed for me, but piping it directly from the internet worked for me. So after installing fping-dbgsym and libc6-dbg (and of course fping itself, gdb, libwww-perl for GET, etc.) in a Ubuntu 18.04 Bionic chroot, I was able to extract the backtrace of the initial reported crash:

$  lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04 LTS
Release:        18.04
Codename:       bionic
$  dpkg --print-architecture
amd64
$ GET https://pastebin.com/raw/aspkjjzB | tail -3 | sed -e 's/^ //' | base64 -d -i | zcat > GH\#146.CoreDump
$ gdb /usr/bin/fping GH\#146.CoreDump 
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/fping...Reading symbols from /usr/lib/debug/.build-id/a5/d5449d8bf9f110e54bb5a9fe35b36141f70d5d.debug...done.
done.
[New LWP 32068]
Core was generated by `/usr/bin/fping -i10 -r3 -A -a 172.18.134.207 172.18.134.205 10.157.155.4 10.157'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fb2febc4e97 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007fb2febc4e97 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fb2febc6801 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fb2fec0f897 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007fb2fecbacff in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007fb2fecbad21 in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x00007fb2fecb8a10 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x00007fb2fecbac0a in __fdelt_warn () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x000055b6aefa0ca5 in socket_can_read (timeout=0x7ffed8eb5420) at fping.c:1694
#8  0x000055b6aefa2a49 in wait_for_reply (wait_time=<optimized out>) at fping.c:2007
#9  0x000055b6aefa32d5 in main_loop () at fping.c:1243
#10 0x000055b6aefa067e in main (argc=<optimized out>, argv=<optimized out>) at fping.c:994

I assume that the two ?? in libc.so.6 stem from an since then updated libc6package.

Hope, this helps.

P.S.: I also tried to reproduce the issue inside this chroot, but fping just worked fine for me:

$ /usr/bin/fping -i10 -r3 -A -a 172.18.134.207 172.18.134.205 10.157.155.4 10.157.155.3 172.18.134.202 10.157.187.34 10.157.187.33 10.157.187.30 10.157.155.35 172.18.134.190 10.157.150.77 172.24.227.35 172.24.227.34 10.157.150.78 10.157.150.79 10.157.152.28 10.157.187.101 172.24.227.140 172.24.227.141 172.24.227.146 10.157.187.83 10.157.187.87 10.157.114.38 193.138.244.33 10.157.29.208 10.157.155.27 10.157.155.28 10.157.155.29 10.153.127.188 10.157.121.55 10.153.127.183 10.153.127.182 10.153.127.181 10.153.127.187 10.153.127.186 10.153.127.185 10.153.127.184 80.249.229.40 10.157.152.9 10.157.187.14 10.157.187.15 10.157.187.17 10.157.187.10 10.157.187.11 10.157.187.12 10.157.187.13 10.157.155.10 10.157.29.172 10.157.29.173 10.157.155.19 10.157.187.3 172.24.227.167 10.157.152.45 10.157.152.44 172.24.227.163 10.153.127.179 10.157.150.111 10.157.187.62 172.24.227.183 10.157.126.16 10.157.29.144 10.157.84.62 10.157.121.136 10.157.187.99 10.157.187.95 10.157.150.104 172.24.227.112 10.157.150.109 10.157.187.72 10.157.9.9 10.157.187.76 10.157.9.7 10.157.84.73 10.157.152.64 10.157.152.62 10.157.121.144 10.157.187.40 10.157.187.56 10.157.152.71 192.168.254.77 10.157.114.34 10.157.114.35 10.157.114.32 172.18.134.228 10.157.187.53 10.157.150.91 10.157.150.92 172.18.134.222 10.157.126.23 10.153.127.44 192.168.254.94 192.168.254.97 172.18.134.32 10.235.0.250 10.157.121.22 10.157.152.50 10.235.0.11 172.24.227.90 172.18.134.210 172.18.134.212 172.18.134.216 10.157.187.22 10.153.127.129 10.157.150.63 10.157.150.62 10.157.150.67 10.153.127.5 172.24.227.89 172.24.227.87 10.157.150.121 10.157.150.86
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
80.249.229.40
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
ICMP Network Unreachable from 88.81.247.3 for ICMP Echo sent to 193.138.244.33
$ echo $?
1
$ fping -version
fping: Version 4.0
fping: comments to [email protected]
$

xtaran avatar Jun 18 '19 23:06 xtaran