Menu

#6 Random segfaults with current Debian Jessie package (0.7.git20120829-1)

v1.0_(example)
closed
nobody
Segfault (2)
3
2019-04-15
2015-12-08
Christian Rohmann
No

I am running Debian Jessie with atftpd 0.7.git20120829-1 (https://packages.debian.org/jessie/atftpd) and noticed segfaults in the logs of two different servers every few days. They seems to be always from the same two instruction pointers:

in.tftpd[24132]: segfault at 118 ip 0000000000408110 sp 00007feb60ca7d30 error 4 in atftpd[400000+f000]
in.tftpd[31546]: segfault at 118 ip 0000000000408073 sp 00007f027dd66d30 error 4 in atftpd[400000+f000]
in.tftpd[11532]: segfault at 118 ip 0000000000408073 sp 00007f04151bbd30 error 4 in atftpd[400000+f000]
in.tftpd[20964]: segfault at 118 ip 0000000000408073 sp 00007f548687ad30 error 4 in atftpd[400000+f000]
in.tftpd[40884]: segfault at 118 ip 0000000000408073 sp 00007fbb3dd29d30 error 4 in atftpd[400000+f000]
in.tftpd[7207]: segfault at 118 ip 0000000000408073 sp 00007f573b5e7d30 error 4 in atftpd[400000+f000]
in.tftpd[35263]: segfault at 118 ip 0000000000408073 sp 00007f1723d6cd30 error 4 in atftpd[400000+f000]
in.tftpd[16734]: segfault at 118 ip 0000000000408073 sp 00007fe3555edd30 error 4 in atftpd[400000+f000]
in.tftpd[44816]: segfault at 118 ip 0000000000408073 sp 00007f3701cb1d30 error 4 in atftpd[400000+f000]
in.tftpd[13014]: segfault at 118 ip 0000000000408110 sp 00007fb1ad83fd30 error 4 in atftpd[400000+f000]
in.tftpd[41220]: segfault at 118 ip 0000000000408073 sp 00007f73db7fdd30 error 4 in atftpd[400000+f000]
in.tftpd[29095]: segfault at 118 ip 0000000000408073 sp 00007f911c1b9d30 error 4 in atftpd[400000+f000]
in.tftpd[4973]: segfault at 118 ip 0000000000408073 sp 00007fa101cfdd30 error 4 in atftpd[400000+f000]
in.tftpd[20996]: segfault at 118 ip 0000000000408073 sp 00007fa864933d30 error 4 in atftpd[400000+f000]
in.tftpd[21076]: segfault at 118 ip 0000000000408073 sp 00007f62d33f8d30 error 4 in atftpd[400000+f000]
in.tftpd[36498]: segfault at 118 ip 0000000000408073 sp 00007fd89f0a2d30 error 4 in atftpd[400000+f000]
in.tftpd[11604]: segfault at 118 ip 0000000000408073 sp 00007f4d7fffed30 error 4 in atftpd[400000+f000]
in.tftpd[9231]: segfault at 118 ip 0000000000408110 sp 00007f51edf23d30 error 4 in atftpd[400000+f000]
in.tftpd[31157]: segfault at 118 ip 0000000000408110 sp 00007f608a79dd30 error 4 in atftpd[400000+f000]
in.tftpd[35625]: segfault at 118 ip 0000000000408073 sp 00007f5f112e3d30 error 4 in atftpd[400000+f000]
in.tftpd[22473]: segfault at 118 ip 0000000000408073 sp 00007fb2cb58cd30 error 4 in atftpd[400000+f000]
in.tftpd[7973]: segfault at 118 ip 0000000000408073 sp 00007f3204c82d30 error 4 in atftpd[400000+f000]
in.tftpd[18453]: segfault at 118 ip 0000000000408073 sp 00007f97c7610d30 error 4 in atftpd[400000+f000]
in.tftpd[39771]: segfault at 118 ip 0000000000408073 sp 00007fdb8ce33d30 error 4 in atftpd[400000+f000]
in.tftpd[27772]: segfault at 118 ip 0000000000408073 sp 00007f4dd011fd30 error 4 in atftpd[400000+f000]
in.tftpd[46260]: segfault at 118 ip 0000000000408073 sp 00007f13226a9d30 error 4 in atftpd[400000+f000]
in.tftpd[23506]: segfault at 118 ip 0000000000408073 sp 00007f6eb19d0d30 error 4 in atftpd[400000+f000]
in.tftpd[10168]: segfault at 118 ip 0000000000408073 sp 00007f5627ffed30 error 4 in atftpd[400000+f000]
in.tftpd[23079]: segfault at 118 ip 0000000000408073 sp 00007f594b409d30 error 4 in atftpd[400000+f000]
in.tftpd[34840]: segfault at 118 ip 0000000000408073 sp 00007f3171a09d30 error 4 in atftpd[400000+f000]
in.tftpd[15798]: segfault at 118 ip 0000000000408073 sp 00007f6c1e957d30 error 4 in atftpd[400000+f000]
in.tftpd[21634]: segfault at 118 ip 0000000000408073 sp 00007febd0b70d30 error 4 in atftpd[400000+f000]
in.tftpd[18639]: segfault at 118 ip 0000000000408073 sp 00007f1deb1ecd30 error 4 in atftpd[400000+f000]
in.tftpd[16236]: segfault at 118 ip 0000000000408073 sp 00007fae612f5d30 error 4 in atftpd[400000+f000]
in.tftpd[33198]: segfault at 118 ip 0000000000408073 sp 00007f33ca777d30 error 4 in atftpd[400000+f000]
in.tftpd[42680]: segfault at 118 ip 0000000000408073 sp 00007f04877fdd30 error 4 in atftpd[400000+f000]
in.tftpd[6531]: segfault at 118 ip 0000000000408073 sp 00007f7810b84d30 error 4 in atftpd[400000+f000]
in.tftpd[22923]: segfault at 118 ip 0000000000408073 sp 00007f3396723d30 error 4 in atftpd[400000+f000]
in.tftpd[44554]: segfault at 118 ip 0000000000408073 sp 00007f8c1bc53d30 error 4 in atftpd[400000+f000]
in.tftpd[48899]: segfault at 118 ip 0000000000408073 sp 00007fc2a7ffed30 error 4 in atftpd[400000+f000]
in.tftpd[10462]: segfault at 118 ip 0000000000408073 sp 00007fe79a75ad30 error 4 in atftpd[400000+f000]
in.tftpd[29367]: segfault at 118 ip 0000000000408073 sp 00007f0784264d30 error 4 in atftpd[400000+f000]
in.tftpd[38552]: segfault at 118 ip 0000000000408073 sp 00007f5887b64d30 error 4 in atftpd[400000+f000]
in.tftpd[38311]: segfault at 118 ip 0000000000408073 sp 00007f4381032d30 error 4 in atftpd[400000+f000]
in.tftpd[23447]: segfault at 118 ip 0000000000408110 sp 00007f12cbffed30 error 4 in atftpd[400000+f000]
in.tftpd[31455]: segfault at 118 ip 0000000000408073 sp 00007feeeb283d30 error 4 in atftpd[400000+f000]
in.tftpd[36949]: segfault at 118 ip 0000000000408073 sp 00007f5405e74d30 error 4 in atftpd[400000+f000]
in.tftpd[12766]: segfault at 118 ip 0000000000408073 sp 00007f34872bed30 error 4 in atftpd[400000+f000]
in.tftpd[28959]: segfault at 118 ip 0000000000408073 sp 00007f4083be1d30 error 4 in atftpd[400000+f000]
in.tftpd[28935]: segfault at 118 ip 0000000000408073 sp 00007f726dcf2d30 error 4 in atftpd[400000+f000]
in.tftpd[13890]: segfault at 118 ip 0000000000408073 sp 00007fdb209f4d30 error 4 in atftpd[400000+f000]
in.tftpd[22922]: segfault at 118 ip 0000000000408073 sp 00007fa3e9465d30 error 4 in atftpd[400000+f000]
in.tftpd[28718]: segfault at 118 ip 0000000000408073 sp 00007fb5b383cd30 error 4 in atftpd[400000+f000]
in.tftpd[20316]: segfault at 118 ip 0000000000408073 sp 00007f3490ba5d30 error 4 in atftpd[400000+f000]
in.tftpd[1952]: segfault at 118 ip 0000000000408073 sp 00007f85eb154d30 error 4 in atftpd[400000+f000]
in.tftpd[45896]: segfault at 118 ip 0000000000408073 sp 00007f2293ffed30 error 4 in atftpd[400000+f000]
in.tftpd[15897]: segfault at 118 ip 0000000000408073 sp 00007f2eb590ad30 error 4 in atftpd[400000+f000]
in.tftpd[14779]: segfault at 118 ip 0000000000408073 sp 00007fa0977fdd30 error 4 in atftpd[400000+f000]
in.tftpd[46635]: segfault at 118 ip 0000000000408073 sp 00007fd23b404d30 error 4 in atftpd[400000+f000]
in.tftpd[13897]: segfault at 118 ip 0000000000408073 sp 00007f3852863d30 error 4 in atftpd[400000+f000]
in.tftpd[25618]: segfault at 118 ip 0000000000408073 sp 00007f37d9fd7d30 error 4 in atftpd[400000+f000]
in.tftpd[4050]: segfault at 118 ip 0000000000408073 sp 00007f5a3205bd30 error 4 in atftpd[400000+f000]
in.tftpd[28504]: segfault at 118 ip 0000000000408073 sp 00007f0641035d30 error 4 in atftpd[400000+f000]
in.tftpd[35971]: segfault at 118 ip 0000000000408073 sp 00007f90cf9e4d30 error 4 in atftpd[400000+f000]
in.tftpd[29739]: segfault at 118 ip 0000000000408073 sp 00007f21428e9d30 error 4 in atftpd[400000+f000]
in.tftpd[12687]: segfault at 118 ip 0000000000408110 sp 00007fce6e7cdd30 error 4 in atftpd[400000+f000]
in.tftpd[46687]: segfault at 118 ip 0000000000408073 sp 00007f25f0d80d30 error 4 in atftpd[400000+f000]
in.tftpd[22483]: segfault at 118 ip 0000000000408073 sp 00007fea31bf8d30 error 4 in atftpd[400000+f000]

Could this be an unfixed atftpd bug or should I file a bug with debian?

Regards

Christian

Discussion

  • Simon Rettberg

    Simon Rettberg - 2018-01-09

    This also happens with current HEAD from this repo. Tracked it down to a race condition. Attached patch fixes the issue.

    The head of the thread list was read before locking,
making it possible for another thread to delete it
while holding the lock, so the first thread would
eventually work with a dangling pointer.
This resulted in invalid pointer derefs and crashes
under high load.
     
    0001-Fix-race-condition-accessing-thread-list.patch

  • Martin Dummer

    Martin Dummer - 2019-04-15

    This issue is fixed now with commit 382f76a9
    But nevertheless many thanks for figuring out and reporting the issue!

     

  • Martin Dummer

    Martin Dummer - 2019-04-15
    • status: open --> closed
     

Log in to post a comment.

MongoDB Logo MongoDB
Gen AI apps are built with MongoDB Atlas
Atlas offers built-in vector search and global availability across 125+ regions. Start building AI apps faster, all in one place.
Try Free →