Ubuntu
iperf package

Bug #1771283
Comment #3

Comment 3 for bug 1771283

Revision history for this message

Manoj Iyer (manjo) wrote on 2018-05-29:

byte_snprintf() calls snprintf() with a bad format pointer and snprintf() segfaults. The root cause of the bad pointer is very elusive because there is so much information being printed. Further debug needed to find out the root cause.

-- with GDB and debug --
(gdb) bt
#0 strlen () at ../sysdeps/aarch64/strlen.S:94
#1 0x0000ffffa35b5f18 in _IO_vfprintf_internal (s=s@entry=0xffff99ffa578,
    format=format@entry=0xaaaad52878f0 "%4.0f %s", ap=...) at vfprintf.c:1643
#2 0x0000ffffa364ca64 in ___vsnprintf_chk (
    s=s@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    maxlen=<optimized out>, maxlen@entry=32, flags=flags@entry=1,
    slen=slen@entry=18446744073709551615, format=0xaaaad52878f0 "%4.0f %s",
    args=...) at vsnprintf_chk.c:63
#3 0x0000ffffa364c980 in ___snprintf_chk (
    s=s@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    maxlen=maxlen@entry=32, flags=flags@entry=1,
    slen=slen@entry=18446744073709551615, format=<optimized out>)
    at snprintf_chk.c:34
#4 0x0000aaaad5283cb8 in snprintf (__fmt=<optimized out>, __n=32,
    __s=0xaaaad529a280 <buffer> "4235479613440 ")
    at /usr/include/aarch64-linux-gnu/bits/stdio2.h:64
#5 byte_snprintf (
    outString=outString@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    inLen=inLen@entry=32, inNum=<optimized out>, inFormat=<optimized out>)
    at stdio.c:247
#6 0x0000aaaad527d928 in reporter_multistats (stats=0xaaab104a38e0)
    at ReportDefault.c:205
#7 0x0000aaaad527f264 in reporter_print (stats=0xaaab104a3850,
    type=type@entry=16, end=end@entry=1) at Reporter.c:1154
#8 0x0000aaaad527f628 in reporter_handle_multiple_reports (
    reporthdr=reporthdr@entry=0xaaab104a37c0,
    stats=stats@entry=0xffffa03910a8, force=force@entry=1) at Reporter.c:996
#9 0x0000aaaad527f938 in reporter_condprintstats (stats=0xffffa0391018,
    multireport=0xaaab104a37c0, force=1) at Reporter.c:1075
#10 0x0000aaaad527fd6c in reporter_process_report (reporthdr=0xffffa0391010)
    at Reporter.c:759
#11 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa04cb010)
    at Reporter.c:719
#12 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa01ba010)
    at Reporter.c:719
#13 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa0080010)
    at Reporter.c:719
#14 0x0000aaaad527fdfc in reporter_process_report (
    reporthdr=reporthdr@entry=0xffffa02f4010) at Reporter.c:719
#15 0x0000aaaad527ff10 in reporter_spawn (thread=0xaaab104a5cd0)
    at Reporter.c:627
#16 0x0000aaaad52843cc in thread_run_wrapper (paramPtr=0xaaab104a5cd0)
    at Thread.c:247
#17 0x0000ffffa36ce088 in start_thread (arg=0xffffc669f3ff)
    at pthread_create.c:463
#18 0x0000ffffa363e4ec in thread_start ()
    at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

-- with GDB and debug --
(gdb) bt
#0  strlen () at ../sysdeps/aarch64/strlen.S:94
#1  0x0000ffffa35b5f18 in _IO_vfprintf_internal (s=s@entry=0xffff99ffa578,
    format=format@entry=0xaaaad52878f0 "%4.0f %s", ap=...) at vfprintf.c:1643
#2  0x0000ffffa364ca64 in ___vsnprintf_chk (
    s=s@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    maxlen=<optimized out>, maxlen@entry=32, flags=flags@entry=1,
    slen=slen@entry=18446744073709551615, format=0xaaaad52878f0 "%4.0f %s",
    args=...) at vsnprintf_chk.c:63
#3  0x0000ffffa364c980 in ___snprintf_chk (
    s=s@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    maxlen=maxlen@entry=32, flags=flags@entry=1, 
    slen=slen@entry=18446744073709551615, format=<optimized out>)
    at snprintf_chk.c:34
#4  0x0000aaaad5283cb8 in snprintf (__fmt=<optimized out>, __n=32,
    __s=0xaaaad529a280 <buffer> "4235479613440 ")
    at /usr/include/aarch64-linux-gnu/bits/stdio2.h:64
#5  byte_snprintf (
    outString=outString@entry=0xaaaad529a280 <buffer> "4235479613440 ",
    inLen=inLen@entry=32, inNum=<optimized out>, inFormat=<optimized out>)
    at stdio.c:247
#6  0x0000aaaad527d928 in reporter_multistats (stats=0xaaab104a38e0)
    at ReportDefault.c:205
#7  0x0000aaaad527f264 in reporter_print (stats=0xaaab104a3850,
    type=type@entry=16, end=end@entry=1) at Reporter.c:1154
#8  0x0000aaaad527f628 in reporter_handle_multiple_reports (
    reporthdr=reporthdr@entry=0xaaab104a37c0,
    stats=stats@entry=0xffffa03910a8, force=force@entry=1) at Reporter.c:996
#9  0x0000aaaad527f938 in reporter_condprintstats (stats=0xffffa0391018,
    multireport=0xaaab104a37c0, force=1) at Reporter.c:1075
#10 0x0000aaaad527fd6c in reporter_process_report (reporthdr=0xffffa0391010)
    at Reporter.c:759
#11 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa04cb010)
    at Reporter.c:719
#12 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa01ba010)
    at Reporter.c:719
#13 0x0000aaaad527fdfc in reporter_process_report (reporthdr=0xffffa0080010)
    at Reporter.c:719
#14 0x0000aaaad527fdfc in reporter_process_report (
    reporthdr=reporthdr@entry=0xffffa02f4010) at Reporter.c:719
#15 0x0000aaaad527ff10 in reporter_spawn (thread=0xaaab104a5cd0)
    at Reporter.c:627
#16 0x0000aaaad52843cc in thread_run_wrapper (paramPtr=0xaaab104a5cd0)
    at Thread.c:247
#17 0x0000ffffa36ce088 in start_thread (arg=0xffffc669f3ff)
    at pthread_create.c:463
#18 0x0000ffffa363e4ec in thread_start ()
    at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

Ubuntuiperf package

Comment 3 for bug 1771283

Ubuntu
iperf package