Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue "corrupted size vs. prev_size" on Debian with libc6 2.24-11+deb9u4 #402

Open
lost-byte opened this issue Oct 15, 2019 · 0 comments
Open

Issue "corrupted size vs. prev_size" on Debian with libc6 2.24-11+deb9u4 #402

lost-byte opened this issue Oct 15, 2019 · 0 comments

Comments

@lost-byte
Copy link

Hello!
I am using 6LBR on a small BBB-like linux box, that is a data acquisition system. I would like to follow debian releases, and am now going to walk from "jessie" through "stretch" to "bullsye" (debian 8-9-10).

With "jessie" and "stretch" before June 2019, the cetic_6lbr_router process works fine. But with newer stretch and bullsye, I have a crush with the message "corrupted size vs. prev_size". Some Googleing (for example) shows that this message is generated by libc6 during dynamic memory workout if the buffer is underflowed-overflowed, double free or whatever.

I found that the libc6 version has grown from 2.19-18 to 2.24-11 inside the stretch release somewhere in June 2019, and v2.19-18 is now strongly deprecated.

Have you ever seen such behavior?

Well, I'm not familiar with FreeRTOS debugging... I tried running cetic_6lbr_router under gdbserver and systrace, without any applicable information.

Under GDB stepping is too long..., and when I send "continue" - I got a SIGABT with "corrupted size vs prev_size" and GDB can't roll back the call stack after it.

Systrace log also does not give me applicable information.
So, could you provide me with some suggestions?

That's tail of strace log:

open("/tmp/6lbr_F2/6lbr.log", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=6816, ...}) = 0
read(5, "2019-10-15 8:24:17.038160: INFO:"..., 4096) = 4096
read(5, "EBUG: BR-RDC: br-rdc: failed to "..., 4096) = 2720
read(5, "", 4096)                       = 0
close(5)                                = 0
open("/tmp/6lbr_F2/6lbr.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 5
_llseek(5, 0, [6816], SEEK_END)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=6816, ...}) = 0
write(5, "Starting as RPL ROUTER\n", 23) = 23
close(5)                                = 0
open("/tmp/6lbr_F2/6lbr.ip", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
write(5, "bbbb::102\n", 10)             = 10
close(5)                                = 0
open("/tmp/6lbr_F2/6lbr.ip4", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
write(5, "0.0.0.0\n", 8)                = 8
close(5)                                = 0
_newselect(5, [3 4], [], NULL, {tv_sec=0, tv_usec=1}) = 0 (Timeout)
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=662882468}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=665256426}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=666570051}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=667878510}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=669165010}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=669799051}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=670532760}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=671613551}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=672155176}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=673114385}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=673651801}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=674468385}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=676679760}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=681752760}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=682323926}) = 0
clock_gettime(CLOCK_MONOTONIC, {tv_sec=56955, tv_nsec=683747593}) = 0
open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = 5
writev(5, [{iov_base="*** Error in `", iov_len=14}, {iov_base="/usr/6lbr/6lbr"..., iov_len=39}, {iov_base="': ", iov_len=3}, {iov_base="corrupted size vs. prev_size", iov_len=28}, {iov_base=": 0x", iov_len=4}, {iov_base="00678258", iov_len=8}, {iov_base=" ***\n", iov_len=5}], 7*** Error in `/usr/6lbr/6lbr_F2/bin': corrupted size vs. prev_size: 0x00678258 ***
) = 101
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=11946, ...}) = 0
mmap2(NULL, 11946, PROT_READ, MAP_PRIVATE, 6, 0) = 0xb6f0e000
close(6)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xb6b66000
munmap(0xb6b66000, 630784)              = 0
munmap(0xb6d00000, 417792)              = 0
mprotect(0xb6c00000, 135168, PROT_READ|PROT_WRITE) = 0
open("/lib/arm-linux-gnueabihf/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\270\321\0\0004\0\0\0"..., 512) = 512
lseek(6, 98924, SEEK_SET)               = 98924
read(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1120) = 1120
lseek(6, 98560, SEEK_SET)               = 98560
read(6, "A0\0\0\0aeabi\0\1&\0\0\0\0057-A\0\6\n\7A\10\1\t\2\n\4\22"..., 49) = 49
fstat64(6, {st_mode=S_IFREG|0644, st_size=100044, ...}) = 0
mmap2(NULL, 164152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0xb6d3d000
mprotect(0xb6d55000, 61440, PROT_NONE)  = 0
mmap2(0xb6d64000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x17000) = 0xb6d64000
close(6)                                = 0
mprotect(0xb6d64000, 4096, PROT_READ)   = 0
munmap(0xb6f0e000, 11946)               = 0
futex(0xb6e76598, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid()                                = 782
gettid()                                = 782
tgkill(782, 782, SIGABRT)               = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=782, si_uid=0} ---
+++ killed by SIGABRT +++

That's end of GDB session:

(gdb) c
Continuing.
[Detaching after fork from child process 599]
[Detaching after fork from child process 605]
[Detaching after fork from child process 628]

Program received signal SIGABRT, Aborted.
0xb6e866f6 in ?? () from target:/lib/arm-linux-gnueabihf/libc.so.6
(gdb) bt
#0  0xb6e866f6 in ?? () from target:/lib/arm-linux-gnueabihf/libc.so.6
#1  0xb6e943cc in raise () from target:/lib/arm-linux-gnueabihf/libc.so.6
#2  0xb6e950ba in abort () from target:/lib/arm-linux-gnueabihf/libc.so.6
#3  0xb6ebbcda in ?? () from target:/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

P.S. Yes, I've rebuild cetic_6lbr_router in new system enviroment, both stretch and bullsye... no changes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lost-byte