Package: conntrackd
Version: 1:1.2.1-1+deb7u1
Severity: important
Tags: upstream

Hi,

I'm hitting a SEGFAULT in conntrackd.
By now, I ignore if the problem is solved in unstable or upstream.
I will report this upstream myself. Will do soon some tests with
the latest version in unstable as well.

More information (I don't know how to get the symbols resolved):

$ sudo valgrind conntrackd
==30764== Memcheck, a memory error detector
==30764== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==30764== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==30764== Command: conntrackd
==30764==
==30764== Invalid read of size 4
==30764==    at 0x408F00: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x40957E: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x4050C4: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x4E3472E: __callback (in 
/usr/lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3.3.0)
==30764==    by 0x504A04E: nfnl_step (libnfnetlink.c:1340)
==30764==    by 0x504A7F2: nfnl_process (libnfnetlink.c:1385)
==30764==    by 0x504AB65: nfnl_catch (libnfnetlink.c:1539)
==30764==    by 0x404E0B: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x404A50: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x405E50: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x403C17: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x526BEAC: (below main) (libc-start.c:244)
==30764==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==30764==
==30764==
==30764== Process terminating with default action of signal 11 (SIGSEGV)
==30764==  Access not within mapped region at address 0x0
==30764==    at 0x408F00: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x40957E: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x4050C4: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x4E3472E: __callback (in 
/usr/lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3.3.0)
==30764==    by 0x504A04E: nfnl_step (libnfnetlink.c:1340)
==30764==    by 0x504A7F2: nfnl_process (libnfnetlink.c:1385)
==30764==    by 0x504AB65: nfnl_catch (libnfnetlink.c:1539)
==30764==    by 0x404E0B: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x404A50: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x405E50: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x403C17: ??? (in /usr/sbin/conntrackd)
==30764==    by 0x526BEAC: (below main) (libc-start.c:244)
==30764==  If you believe this happened as a result of a stack
==30764==  overflow in your program's main thread (unlikely but
==30764==  possible), you can try to increase the size of the
==30764==  main thread stack using the --main-stacksize= flag.
==30764==  The main thread stack size used in this run was 8388608.
==30764==
==30764== HEAP SUMMARY:
==30764==     in use at exit: 35,673 bytes in 286 blocks
==30764==   total heap usage: 89,239 allocs, 88,953 frees, 26,350,033 bytes 
allocated
==30764==
==30764== LEAK SUMMARY:
==30764==    definitely lost: 1,582 bytes in 97 blocks
==30764==    indirectly lost: 0 bytes in 0 blocks
==30764==      possibly lost: 0 bytes in 0 blocks
==30764==    still reachable: 34,091 bytes in 189 blocks
==30764==         suppressed: 0 bytes in 0 blocks
==30764== Rerun with --leak-check=full to see details of leaked memory
==30764==
==30764== For counts of detected and suppressed errors, rerun with: -v
==30764== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)

##########################################################################

(gdb) r
Starting program: /usr/sbin/conntrackd

Program received signal SIGSEGV, Segmentation fault.
0x0000000000408f00 in ?? ()
(gdb) bt
#0  0x0000000000408f00 in ?? ()
#1  0x000000000040957f in ?? ()
#2  0x00000000004050c5 in ?? ()
#3  0x00007ffff7bca72f in __callback () from 
/usr/lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3
#4  0x00007ffff79c204f in nfnl_step (h=h@entry=0x65be30, 
nlh=nlh@entry=0x7fffffffb370) at libnfnetlink.c:1340
#5  0x00007ffff79c27f3 in nfnl_process (h=h@entry=0x65be30, 
buf=buf@entry=0x7fffffffb370 "\030\001", len=len@entry=280) at 
libnfnetlink.c:1385
#6  0x00007ffff79c2b66 in nfnl_catch (h=0x65be30) at libnfnetlink.c:1539
#7  0x0000000000404e0c in ?? ()
#8  0x0000000000404a51 in ?? ()
#9  0x0000000000405e51 in ?? ()
#10 0x0000000000403c18 in ?? ()
#11 0x00007ffff7652ead in __libc_start_main (main=<optimized out>, 
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, 
fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffe778) at libc-start.c:244
#12 0x0000000000404465 in ?? ()
#13 0x00007fffffffe778 in ?? ()
#14 0x000000000000001c in ?? ()
#15 0x0000000000000001 in ?? ()
#16 0x00007fffffffe982 in ?? ()
#17 0x0000000000000000 in ?? ()

Just a curiosity, the SEGFAULT happened almost at the same time as this:

$ sudo conntrack -E -s 192.168.3.123 -d 8.8.8.8
    [NEW] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27482 
[UNREPLIED] src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27482
 [UPDATE] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27482 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27482
[DESTROY] icmp     1 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27455 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27455
    [NEW] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27510 
[UNREPLIED] src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27510
 [UPDATE] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27510 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27510
[DESTROY] icmp     1 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27482 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27482
[DESTROY] icmp     1 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27510 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27510
    [NEW] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27699 
[UNREPLIED] src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27699
 [UPDATE] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27699 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27699
[DESTROY] icmp     1 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27699 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27699
    [NEW] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27728 
[UNREPLIED] src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27728
 [UPDATE] icmp     1 30 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27728 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27728
[DESTROY] icmp     1 src=192.168.3.123 dst=8.8.8.8 type=8 code=0 id=27728 
src=8.8.8.8 dst=192.168.3.123 type=0 code=0 id=27728
    [NEW] tcp      6 120 SYN_SENT src=192.168.3.123 dst=8.8.8.8 sport=36379 
dport=80 [UNREPLIED] src=8.8.8.8 dst=192.168.3.123 sport=80 dport=36379
WARNING: We have hit ENOBUFS! We are losing events.
This message means that the current netlink socket buffer size is too small.
Please, check --buffer-size in conntrack(8) manpage.
conntrack v1.2.1 (conntrack-tools): Operation failed: No buffer space available

-- System Information:
Debian Release: 7.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages conntrackd depends on:
ii  libc6                    2.13-38+deb7u8
ii  libnetfilter-conntrack3  1.0.1-1
ii  libnfnetlink0            1.0.0-1.1

conntrackd recommends no packages.

conntrackd suggests no packages.

-- Configuration Files:
/etc/conntrackd/conntrackd.conf changed:
Sync {
        Mode NOTRACK {
                DisableInternalCache on
                DisableExternalCache on
        }
        TCP {
                IPv4_address 172.16.0.1
                IPv4_Destination_Address 172.16.0.2
                Port 3780
                Interface eth8
                SndSocketBuffer 12492800
                RcvSocketBuffer 12492800
                Checksum on
        }
        Options {
                ExpectationSync On
        }
}
General {
        Nice -20
        Scheduler {
                Type FIFO
                Priority 99
        }
        HashSize 3276800
        HashLimit 131072000
        LogFile on
        LockFile /var/lock/conntrackd.lock
        UNIX {
                Path /var/run/conntrackd.sock
                Backlog 20
        }
        NetlinkBufferSize 8388608
        NetlinkBufferSizeMaxGrowth 8388608
        SocketBufferSize 8388608
        SocketBufferSizeMaxGrown 8388608
        Filter {
                Address Ignore {
                        # a set of ~50 IPv4/IPv6 addresses
                }
        }
}

/etc/default/conntrackd changed:
CONFIG=/etc/conntrackd/conntrackd.conf

/etc/logrotate.d/conntrackd changed:
/var/log/conntrackd*.log {
    weekly
    rotate 2
    missingok
}


-- no debconf information

Reply via email to