tcpdump segfault

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

tcpdump segfault

Nick
>Synopsis:      tcpdump segfault on reading file
>Category:      amd64 / system
>Environment:
        System      : OpenBSD 6.0
        Details     : OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
                      [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

        Architecture: OpenBSD.amd64
        Machine     : amd64
>Description:
        tcpdump segfault
>How-To-Repeat:
        tcpdump -r id\:000000,sig\:11,src\:000063,op\:havoc,rep\:32
>Fix:
        <how to correct or work around the problem, if known (multiple lines)>

dmesg:
OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
    real mem = 8473632768 (8081MB)
    avail mem = 8212348928 (7831MB)
    mpath0 at root
    scsibus0 at mpath0: 256 targets
    mainbus0 at root
    bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed7d0 (84 entries)
    bios0: vendor Dell Inc. version "A07" date 11/11/2015
    bios0: Dell Inc. XPS 13 9343
    acpi0 at bios0: rev 2
    acpi0: sleep states S0 S3 S4 S5
    acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT SSDT TPM2 SSDT ASF! SSDT SSDT SSDT SSDT PCCT SSDT SSDT SSDT SLIC DMAR CSRT BGRT
    acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) [...]
    acpitimer0 at acpi0: 3579545 Hz, 24 bits
    acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
    cpu0 at mainbus0: apid 0 (boot processor)
    cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.56 MHz
    cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NX
    E,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
    cpu0: 256KB 64b/line 8-way L2 cache
    cpu0: smt 0, core 0, package 0
    mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
    cpu0: apic clock running at 99MHz
    cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
    cpu1 at mainbus0: apid 2 (application processor)
    cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.23 MHz
    cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NX
    E,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
    cpu1: 256KB 64b/line 8-way L2 cache
    cpu1: smt 0, core 1, package 0
    cpu2 at mainbus0: apid 1 (application processor)
    cpu2: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.23 MHz
    cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NX
    E,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
    cpu2: 256KB 64b/line 8-way L2 cache
    cpu2: smt 1, core 0, package 0
    cpu3 at mainbus0: apid 3 (application processor)
    cpu3: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.23 MHz
    cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NX
    E,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
    cpu3: 256KB 64b/line 8-way L2 cache
    cpu3: smt 1, core 1, package 0
    ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 40 pins
    acpimadt0: bogus nmi for apid 0
    acpimadt0: bogus nmi for apid 2
    acpimadt0: bogus nmi for apid 1
    acpimadt0: bogus nmi for apid 3
    acpimcfg0 at acpi0 addr 0xf8000000, bus 0-63
    acpihpet0 at acpi0: 14318179 Hz
    acpiprt0 at acpi0: bus 0 (PCI0)
    acpiprt1 at acpi0: bus -1 (PEG0)
    acpiprt2 at acpi0: bus -1 (PEG1)
    acpiprt3 at acpi0: bus -1 (PEG2)
    acpiprt4 at acpi0: bus 1 (RP01)
    acpiprt5 at acpi0: bus -1 (RP02)
    acpiprt6 at acpi0: bus -1 (RP03)
    acpiprt7 at acpi0: bus 2 (RP04)
    acpiprt8 at acpi0: bus -1 (RP05)
    acpiprt9 at acpi0: bus -1 (RP06)
    acpiprt10 at acpi0: bus -1 (RP07)
    acpiprt11 at acpi0: bus -1 (RP08)
    acpiec0 at acpi0
    acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
    acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
    acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
    acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
    acpipwrres0 at acpi0: PG00, resource for PEG0
    acpipwrres1 at acpi0: PG01, resource for PEG1
acpipwrres2 at acpi0: PG02, resource for PEG2
acpitz0 at acpi0: critical temperature is 107 degC
acpipwrres3 at acpi0: FN00, resource for FAN0
acpipwrres4 at acpi0: FN01, resource for FAN1
acpipwrres5 at acpi0: FN02, resource for FAN2
acpipwrres6 at acpi0: FN03, resource for FAN3
acpipwrres7 at acpi0: FN04, resource for FAN4
acpitz1 at acpi0: critical temperature is 105 degC
acpitz2 at acpi0: critical temperature is 105 degC
"INT3F0D" at acpi0 not configured
"INT3403" at acpi0 not configured
"INT3403" at acpi0 not configured
"INT3403" at acpi0 not configured
"INT3403" at acpi0 not configured
"DLLK0665" at acpi0 not configured
"DLL0665" at acpi0 not configured
"INTL9C60" at acpi0 not configured
dwiic0 at acpi0: I2C0 addr 0xfe103000/0x1000 irq 7
iic0 at dwiic0
dwiic1 at acpi0: I2C1 addr 0xfe105000/0x1000 irq 7
iic1 at dwiic1
ihidev0 at iic1 addr 0x2c irq 39dwiic1: timed out reading remaining 29
, failed fetching initial HID descriptor
"DLL0665" at acpi0 not configured
"INT3402" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "DELL 0N7T653" serial 1123 type LiP oem "SMP"
"INT33D5" at acpi0 not configured
"MSFT0101" at acpi0 not configured
"INT340F" at acpi0 not configured
"INT3400" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: LCD_
cpu0: Enhanced SpeedStep 2494 MHz: speeds: 2201, 2200, 2100, 2000, 1800, 1700, 1600, 1500, 1300, 1200, 1100, 1000, 900, 700, 600, 500 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1920x1080
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x09: msi
vendor "Intel", unknown product 0x1603 (class DASP subclass miscellaneous, rev 0x09) at pci0 dev 4 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured
azalia1 at pci0 dev 27 function 0 "Intel 9 Series HD Audio" rev 0x03: msi
azalia1: codecs: Realtek/0x0288
audio0 at azalia1
ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3: msi
pci1 at ppb0 bus 1
rtsx0 at pci1 dev 0 function 0 "Realtek RTS5249 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0: 4-bit
ppb1 at pci0 dev 28 function 3 "Intel 9 Series PCIE" rev 0xe3: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7265" rev 0x59, msi
ehci0 at pci0 dev 29 function 0 "Intel 9 Series USB" rev 0x03: apic 2 int 21
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 "Intel 9 Series LPC" rev 0x03
ahci0 at pci0 dev 31 function 2 "Intel 9 Series AHCI" rev 0x03: msi, AHCI 1.3
ahci0: port 3: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 3 lun 0: <ATA, LITEON L8H-256V2, F881> SCSI3 0/direct fixed t10.ATA_LITEON_L8H-256V2G-11_M.2_2280_256GB_TW0MGNHV5508556A5008
sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 9 Series SMBus" rev 0x03: apic 2 int 18
iic2 at ichiic0
pchtemp0 at pci0 dev 31 function 6 "Intel 9 Series Thermal" rev 0x03
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
efifb at mainbus0 not configured
ugen0 at uhub0 port 3 "Intel product 0x0a2a" rev 2.01/0.01 addr 2
uhub2 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.03 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (9399b88d27c1cf0f.a) swap on sd0b dump on sd0b
iwm0: hw rev 0x210, fw ver 16.242414.0, address 34:02:86:f0:91:23

id:000000,sig:11,src:000063,op:havoc,rep:32 (10K) Download Attachment
signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: tcpdump segfault

Jonathan Gray-11
On Sun, Nov 27, 2016 at 06:19:00PM -0500, Nick wrote:

> >Synopsis:      tcpdump segfault on reading file
> >Category:      amd64 / system
> >Environment:
>         System      : OpenBSD 6.0
>         Details     : OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
>                       [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
>         Architecture: OpenBSD.amd64
>         Machine     : amd64
> >Description:
>         tcpdump segfault
> >How-To-Repeat:
>         tcpdump -r id\:000000,sig\:11,src\:000063,op\:havoc,rep\:32
> >Fix:
>         <how to correct or work around the problem, if known (multiple lines)>

This appears to have already been fixed sometime after 6.0.

If you are going to run afl you should be testing -current.