From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 35882385800D; Sat, 18 Sep 2021 07:08:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 35882385800D From: "yi.zhao at windriver dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() Date: Sat, 18 Sep 2021 07:08:09 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.34 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: yi.zhao at windriver dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2021 07:08:09 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28350 Bug ID: 28350 Summary: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() Product: glibc Version: 2.34 Status: UNCONFIRMED Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: yi.zhao at windriver dot com CC: drepper.fsp at gmail dot com Target Milestone: --- The ping received signal SIGABRT on lib32-qemux86-64 or lib32-qemuarm64 (64= bit kernel + 32bit lib) with glibc 2.34. Kernel: 5.10 Glibc: 2.34 ping: iputils-20210722 root@qemux86-64:~# uname -a Linux qemux86-64 5.10.53-yocto-standard #1 SMP PREEMPT Sun Jul 25 15:15:01 = UTC 2021 x86_64 x86_64 x86_64 GNU/Linux root@qemux86-64:~#=20 root@qemux86-64:~# iptables -F root@qemux86-64:~# iptables -A INPUT -p icmp --icmp-type 8 -j REJECT root@qemux86-64:~# ping -c1 127.0.0.1=20=20=20=20=20 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. Aborted root@qemux86-64:~#=20 On glibc 2.33, it works well: root@qemux86-64:~# iptables -F root@qemux86-64:~# iptables -A INPUT -p icmp --icmp-type 8 -j REJECT root@qemux86-64:~# ping -c1 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. >>From 127.0.0.1 icmp_seq=3D1 Destination Port Unreachable --- 127.0.0.1 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms This issue is introduced by glibc commit 13c51549e2077f2f3bf84e8fd0b46d8b0c615912: commit 13c51549e2077f2f3bf84e8fd0b46d8b0c615912 Author: Adhemerval Zanella Date: Mon Sep 7 17:08:46 2020 -0300 linux: Add fallback for 64-bit time_t SO_TIMESTAMP{NS} Here are some gdb outputs: $ gdb ping Reading symbols from ping... Reading symbols from /bin/.debug/ping.iputils... (gdb) set args -c1 127.0.0.1 (gdb) b ping4_receive_error_msg Breakpoint 1 at 0x5ae0: file ../git/ping/ping.c, line 1293. (gdb) r Starting program: /bin/ping -c1 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. Breakpoint 1, ping4_receive_error_msg (rts=3D0xffffaa20, sock=3D0xffffa9f0)= at ../git/ping/ping.c:1293 1293 { (gdb) n 1304 int saved_errno =3D errno; (gdb) n=20 1306 iov.iov_base =3D &icmph; (gdb) p saved_errno $1 =3D 111 (gdb) n 1308 msg.msg_name =3D (void *)⌖ (gdb)=20 1310 msg.msg_iov =3D &iov; (gdb)=20 1312 msg.msg_flags =3D 0; (gdb)=20 1313 msg.msg_control =3D cbuf; (gdb)=20 1314 msg.msg_controllen =3D sizeof(cbuf); (gdb)=20 1316 res =3D recvmsg(sock->fd, &msg, MSG_ERRQUEUE | MSG_DONTWAIT= ); (gdb) s __libc_recvmsg (fd=3D3, msg=3D0xffff9120, flags=3D8256) at ../sysdeps/unix/sysv/linux/recvmsg.c:25 25 { (gdb) n 28 socklen_t orig_controllen =3D msg !=3D NULL ? msg->msg_controllen= : 0; (gdb) p *msg $2 =3D {msg_name =3D 0xffff913c, msg_namelen =3D 16, msg_iov =3D 0xffff9110= , msg_iovlen =3D 1, msg_control =3D 0xffff914c, msg_controllen =3D 512, msg_flags =3D 0} (gdb) n 34 r =3D SOCKETCALL_CANCEL (recvmsg, fd, msg, flags); (gdb) n 38 if (r >=3D 0 && orig_controllen !=3D 0) (gdb) n 39 __convert_scm_timestamps (msg, orig_controllen); (gdb) p *msg $3 =3D {msg_name =3D 0xffff913c, msg_namelen =3D 16, msg_iov =3D 0xffff9110= , msg_iovlen =3D 1, msg_control =3D 0xffff914c, msg_controllen =3D 64, msg_flags =3D 822= 4} (gdb) n 42 return r; (gdb) p *msg $4 =3D {msg_name =3D 0xffff913c, msg_namelen =3D 16, msg_iov =3D 0xffff9110= , msg_iovlen =3D 1, msg_control =3D 0xffff914c, msg_controllen =3D 92, msg_flags =3D 822= 4} (gdb) n ping4_receive_error_msg (rts=3D0xffffaa20, sock=3D0xffffa9f0) at ../git/ping/ping.c:1317 1317 if (res < 0) { (gdb) p res $5 =3D 8 (gdb) n 1324 for (cmsgh =3D CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =3D CMSG_NXTHDR(&msg, cmsgh)) { (gdb) n 1325 if (cmsgh->cmsg_level =3D=3D SOL_IP) { (gdb) p *cmsgh $6 =3D {cmsg_len =3D 20, cmsg_level =3D 1, cmsg_type =3D 29, __cmsg_data = =3D 0xffff9158 "]\212EaG@\016"} (gdb) n 1324 for (cmsgh =3D CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =3D CMSG_NXTHDR(&msg, cmsgh)) { (gdb) n 1325 if (cmsgh->cmsg_level =3D=3D SOL_IP) { (gdb) p *cmsgh $7 =3D {cmsg_len =3D 28, cmsg_level =3D 1, cmsg_type =3D 63, __cmsg_data = =3D 0xffff916c "]\212Ea"} (gdb) n 1324 for (cmsgh =3D CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =3D CMSG_NXTHDR(&msg, cmsgh)) { (gdb) n 1325 if (cmsgh->cmsg_level =3D=3D SOL_IP) { (gdb) p *cmsgh $8 =3D {cmsg_len =3D 2, cmsg_level =3D 16777343, cmsg_type =3D 0, __cmsg_da= ta =3D 0xffff9188 ""} (gdb) n 1324 for (cmsgh =3D CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =3D CMSG_NXTHDR(&msg, cmsgh)) { (gdb) n 1330 if (e =3D=3D NULL) (gdb) n 1331 abort(); (gdb) n Program received signal SIGABRT, Aborted. 0xf7fc9549 in __kernel_vsyscall () (gdb) --=20 You are receiving this mail because: You are on the CC list for the bug.=