* Segmentation fault in aureport's safe_print_string()
@ 2019-05-22 20:08 Zephyr Pellerin
2019-05-29 15:57 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: Zephyr Pellerin @ 2019-05-22 20:08 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 10241 bytes --]
While running `aureport -tm', I recieved a segmentation fault, I won't be
able to attach the core dump but I've tried include rudimentary information
about the crash.
- Backtrace
#0 0x00007ff3d7bbf8a1 in __strlen_avx2 () from /lib64/libc.so.6
#1 0x000055b44a62f304 in safe_print_string ()
#2 0x000055b44a62dbd6 in print_per_event_item ()
#3 0x000055b44a62c709 in per_event_processing ()
#4 0x000055b44a62184c in process_log_fd ()
#5 0x000055b44a621c78 in process_logs ()
#6 0x000055b44a621597 in main ()
- Base registers
rax 0xd 13
rbx 0x0 0
rcx 0x0 0
rdx 0x0 0
rsi 0x0 0
rdi 0x0 0
rbp 0x0 0x0
rsp 0x7ffff261b748 0x7ffff261b748
r8 0x7ff3d7be37f7 140685273348087
r9 0x7ff3d7bdd0a0 140685273321632
r10 0x0 0
r11 0x7ff3d7bdd120 140685273321760
r12 0x0 0
r13 0x7ffff261b910 140737259878672
r14 0x7ffff261b8e0 140737259878624
r15 0x55b44c570a10 94232863246864
rip 0x7ff3d7bbf8a1 0x7ff3d7bbf8a1 <__strlen_avx2+17>
eflags 0x10283 [ CF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
- AVX registers
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0,
0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0 <repeats 20 times>}, v16_int16 =
{0x0, 0xff00, 0xff00, 0x0, 0xff, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int32 = {0xff000000, 0xff00, 0xff0000ff, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0xff00ff000000, 0xff0000ff, 0x0, 0x0}, v2_int128 =
{0xff0000ff0000ff00ff000000, 0x0}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0 <repeats 20 times>}, v16_int16 =
{0x0, 0xff00, 0x0, 0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v8_int32 = {
0xff000000, 0x0, 0xff000000, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xff000000, 0xff000000, 0x0, 0x0}, v2_int128 =
{0xff00000000000000ff000000, 0x0}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0
<repeats 28 times>}, v16_int16 = {0x0, 0xff00, 0x0 <repeats 14 times>},
v8_int32 = {0xff000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xff000000, 0x0, 0x0, 0x0},
v2_int128 = {0xff000000, 0x0}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0xffff,
0xffff, 0x0, 0xffff,
0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32
= {0x0, 0xffffffff, 0xffff0000, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xffffffff00000000, 0xffffffffffff0000, 0x0, 0x0}, v2_int128 =
{0xffffffffffff0000ffffffff00000000, 0x0}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0xffff,
0x0, 0x0, 0x0, 0xffff,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0,
0xffff0000, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xffff000000000000, 0xffff000000000000, 0x0, 0x0}, v2_int128 =
{0xffff000000000000ffff000000000000, 0x0}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0,
0x0}, v4_double = {0x0, 0x7fffffffffffffff, 0x0, 0x0}, v32_int8 = {0x45,
0x4e, 0x54, 0x0, 0x20, 0x25, 0x73, 0x20, 0x25, 0x73, 0x20, 0x0, 0x64, 0x61,
0x74, 0x61, 0x0 <repeats 16 times>}, v16_int16 = {0x4e45, 0x54, 0x2520,
0x2073, 0x7325, 0x20,
0x6164, 0x6174, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32
= {0x544e45, 0x20732520, 0x207325, 0x61746164, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x2073252000544e45, 0x6174616400207325, 0x0, 0x0}, v2_int128 =
{0x61746164002073252073252000544e45, 0x0}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0,
0x0}, v4_double = {0x0, 0x7fffffffffffffff, 0x0, 0x0}, v32_int8 = {0x55,
0x45, 0x17, 0x0, 0x16, 0x58, 0x16, 0x10, 0x6, 0x6, 0x0, 0x16, 0x16, 0x42,
0x65, 0x65, 0x0 <repeats 16 times>}, v16_int16 = {0x4555, 0x17, 0x5816,
0x1016, 0x606, 0x1600,
0x4216, 0x6565, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32
= {0x174555, 0x10165816, 0x16000606, 0x65654216, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x1016581600174555, 0x6565421616000606, 0x0, 0x0}, v2_int128 =
{0x65654216160006061016581600174555, 0x0}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
- (gdb) x/128x $rsp
0x7ffff261b748: 0x4a62f304 0x000055b4 0x4c570a10
0x000055b4
0x7ffff261b758: 0x4c570a10 0x000055b4 0xf261b790
0x00007fff
0x7ffff261b768: 0x4a62dbd6 0x000055b4 0x4c570b28
0x000055b4
0x7ffff261b778: 0x4c562db9 0x000055b4 0x4c570a50
0x000055b4
0x7ffff261b788: 0x4a627625 0x000055b4 0x312f3031
0x30322f38
0x7ffff261b798: 0x31203831 0x32333a32 0x0034313a
0x000055b4
0x7ffff261b7a8: 0x00000000 0x00000000 0x4a8390a0
0x000055b4
0x7ffff261b7b8: 0x4a62540a 0x000055b4 0x00000001
0x00000000
0x7ffff261b7c8: 0x1a278200 0x8d5822a5 0x4c570b10
0x000055b4
0x7ffff261b7d8: 0x4c570a10 0x000055b4 0x00000000
0x00000000
0x7ffff261b7e8: 0x4c570a50 0x000055b4 0xf261b8e0
0x00007fff
0x7ffff261b7f8: 0x4a6294ef 0x000055b4 0xf261b830
0x00007fff
0x7ffff261b808: 0xf261b828 0x00007fff 0x5bc8dfbe
0x00000000
0x7ffff261b818: 0x00000015 0x00000000 0x000000f8
0x00000000
0x7ffff261b828: 0x00000000 0x00000000 0x00000463
0x000000bc
0x7ffff261b838: 0x00000011 0x00000000 0x4c562d70
0x000055b4
0x7ffff261b848: 0x00000000 0x00000000 0x0000012e
0x0000012e
0x7ffff261b858: 0x00000463 0x00007ff3 0x00000000
0x00000000
0x7ffff261b868: 0x1a278200 0x8d5822a5 0x0000230a
0x00000000
0x7ffff261b878: 0x1a278200 0x8d5822a5 0x4c570a10
0x000055b4
0x7ffff261b888: 0x4c570a10 0x000055b4 0x4a8390a0
0x000055b4
0x7ffff261b898: 0x00000000 0x00000000 0xf261b910
0x00007fff
0x7ffff261b8a8: 0xf261b8e0 0x00007fff 0x4c570a10
0x000055b4
0x7ffff261b8b8: 0x4a62c709 0x000055b4 0x4c565d40
0x000055b4
0x7ffff261b8c8: 0x4a62184c 0x000055b4 0x4c55fd40
0x000055b4
0x7ffff261b8d8: 0x4c561420 0x000055b4 0x4a631233
0x000055b4
0x7ffff261b8e8: 0x00000001 0x00000000 0x00000000
0x00000000
0x7ffff261b8f8: 0xd7adf05a 0x00007ff3 0xd7adfa10
0x00007ff3
0x7ffff261b908: 0x00000000 0x00000000 0x00000000
0x00000000
0x7ffff261b918: 0x00000000 0x00000000 0x00000000
0x00000000
0x7ffff261b928: 0x1a278200 0x8d5822a5 0x00000000
0x00000000
0x7ffff261b938: 0x4c55fd40 0x000055b4 0x4c55fd40
0x000055b4
[-- Attachment #1.2: Type: text/html, Size: 20070 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Segmentation fault in aureport's safe_print_string()
2019-05-22 20:08 Segmentation fault in aureport's safe_print_string() Zephyr Pellerin
@ 2019-05-29 15:57 ` Steve Grubb
2019-05-29 17:35 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2019-05-29 15:57 UTC (permalink / raw)
To: linux-audit; +Cc: Zephyr Pellerin
Hello,
On Wednesday, May 22, 2019 4:08:06 PM EDT Zephyr Pellerin wrote:
> While running `aureport -tm', I recieved a segmentation fault, I won't be
> able to attach the core dump but I've tried include rudimentary information
> about the crash.
Out of curiosity, which version of the audit package is doing this? And what
C library is aureport linked with?
It looks like we have an unterminated string somewhere. IOW, it's picked this
up somewhere and you're seeing the effect on output which isn't helpful. If
this is reproducible, can you narrow down the event that is causing this by
altering the start and end times to see if you can get it down to a couple
events? That would be helpful if you can.
Thanks,
-Steve
> - Backtrace
>
>
> #0 0x00007ff3d7bbf8a1 in __strlen_avx2 () from /lib64/libc.so.6
> #1 0x000055b44a62f304 in safe_print_string ()
> #2 0x000055b44a62dbd6 in print_per_event_item ()
> #3 0x000055b44a62c709 in per_event_processing ()
> #4 0x000055b44a62184c in process_log_fd ()
> #5 0x000055b44a621c78 in process_logs ()
> #6 0x000055b44a621597 in main ()
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Segmentation fault in aureport's safe_print_string()
2019-05-29 15:57 ` Steve Grubb
@ 2019-05-29 17:35 ` Steve Grubb
0 siblings, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2019-05-29 17:35 UTC (permalink / raw)
To: linux-audit; +Cc: Zephyr Pellerin
On Wednesday, May 29, 2019 11:57:48 AM EDT Steve Grubb wrote:
> Hello,
>
> On Wednesday, May 22, 2019 4:08:06 PM EDT Zephyr Pellerin wrote:
> > While running `aureport -tm', I recieved a segmentation fault, I won't be
> > able to attach the core dump but I've tried include rudimentary
> > information about the crash.
>
> Out of curiosity, which version of the audit package is doing this? And
> what C library is aureport linked with?
I think I found it. It should be fixed by this commit:
https://github.com/linux-audit/audit-userspace/commit/
cd06bc803355a535104c057370f7960c11aeef8f
Looks like sudo is sending malformed events. I'll look into that and see if I
can also get that fixed, too.
-Steve
> It looks like we have an unterminated string somewhere. IOW, it's picked
> this up somewhere and you're seeing the effect on output which isn't
> helpful. If this is reproducible, can you narrow down the event that is
> causing this by altering the start and end times to see if you can get it
> down to a couple events? That would be helpful if you can.
>
> Thanks,
> -Steve
>
> > - Backtrace
> >
> > #0 0x00007ff3d7bbf8a1 in __strlen_avx2 () from /lib64/libc.so.6
> > #1 0x000055b44a62f304 in safe_print_string ()
> > #2 0x000055b44a62dbd6 in print_per_event_item ()
> > #3 0x000055b44a62c709 in per_event_processing ()
> > #4 0x000055b44a62184c in process_log_fd ()
> > #5 0x000055b44a621c78 in process_logs ()
> > #6 0x000055b44a621597 in main ()
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-05-29 17:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-22 20:08 Segmentation fault in aureport's safe_print_string() Zephyr Pellerin
2019-05-29 15:57 ` Steve Grubb
2019-05-29 17:35 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.