Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 873909 Details for
Bug 1075995
systemd is vulnerable to denial of service (DoS) attacks
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
File: backtrace
backtrace (text/plain), 7.92 KB, created by
Martin
on 2014-03-13 10:53:45 UTC
(
hide
)
Description:
File: backtrace
Filename:
MIME Type:
Creator:
Martin
Created:
2014-03-13 10:53:45 UTC
Size:
7.92 KB
patch
obsolete
>[New LWP 3375] >[Thread debugging using libthread_db enabled] >Using host libthread_db library "/lib64/libthread_db.so.1". >Core was generated by `/usr/lib/systemd/systemd --switched-root --system --deserialize 22'. >Program terminated with signal 11, Segmentation fault. >#0 0x00007f9acc75200b in raise (sig=sig@entry=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 >37 return INLINE_SYSCALL (tgkill, 3, pid, THREAD_GETMEM (THREAD_SELF, tid), > >Thread 1 (Thread 0x7f9ace258880 (LWP 3375)): >#0 0x00007f9acc75200b in raise (sig=sig@entry=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 > resultvar = 0 > pid = <optimized out> >#1 0x00007f9ace29d74e in crash (sig=11) at src/core/main.c:148 > rl = {rlim_cur = 18446744073709551615, rlim_max = 18446744073709551615} > sa = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0} > pid = 0 > __func__ = "crash" > __PRETTY_FUNCTION__ = "crash" >#2 <signal handler called> >No locals. >#3 0x00007f9acec0da30 in ?? () >No symbol table info available. >#4 0x00007f9ace2fa1c6 in bucket_hash (p=0x4d2, h=0x7f9aceed7e20) at src/shared/hashmap.c:181 >No locals. >#5 hashmap_remove (h=0x7f9aceed7e20, key=0x4d2) at src/shared/hashmap.c:578 > e = <optimized out> > hash = <optimized out> > data = <optimized out> >#6 0x00007f9ace2fdc05 in set_remove (s=<optimized out>, value=<optimized out>) at src/shared/set.c:75 >No locals. >#7 0x00007f9ace310c9f in unit_unwatch_pid (u=u@entry=0x7f9aceeced40, pid=<optimized out>) at src/core/unit.c:1689 > __PRETTY_FUNCTION__ = "unit_unwatch_pid" >#8 0x00007f9ace29f2a6 in manager_dispatch_sigchld (m=m@entry=0x7f9acec0da30) at src/core/manager.c:1392 > si = {si_signo = 17, si_errno = 0, si_code = 1, _sifields = {_pad = {1234, 1000, 0 <repeats 26 times>}, _kill = {si_pid = 1234, si_uid = 1000}, _timer = {si_tid = 1234, si_overrun = 1000, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 1234, si_uid = 1000, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 1234, si_uid = 1000, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x3e8000004d2}, _sigpoll = {si_band = 4294967297234, si_fd = 0}, _sigsys = {_call_addr = 0x3e8000004d2, _syscall = 0, _arch = 0}}} > u = 0x7f9aceeced40 > r = <optimized out> > __PRETTY_FUNCTION__ = "manager_dispatch_sigchld" > __func__ = "manager_dispatch_sigchld" >#9 0x00007f9ace2a4aed in manager_process_signal_fd (m=<optimized out>) at src/core/manager.c:1636 > n = <optimized out> > sfsi = {ssi_signo = 17, ssi_errno = 0, ssi_code = 1, ssi_pid = 31696, ssi_uid = 1000, ssi_fd = 0, ssi_tid = 0, ssi_band = 0, ssi_overrun = 0, ssi_trapno = 0, ssi_status = 0, ssi_int = 0, ssi_ptr = 0, ssi_utime = 0, ssi_stime = 0, ssi_addr = 0, __pad = '\000' <repeats 47 times>} > sigchld = true >#10 process_event (ev=0x7fff234ac0e0, m=0x7f9acec0da30) at src/core/manager.c:1661 > r = <optimized out> > w = <optimized out> >#11 manager_loop (m=0x7f9acec0da30) at src/core/manager.c:1858 > event = {events = 1, data = {ptr = 0x7f9acec0db00, fd = -826221824, u32 = 3468745472, u64 = 140302870436608}} > n = <optimized out> > wait_msec = <optimized out> > r = <optimized out> > rl = {interval = 1000000, begin = 33510043255, burst = 50000, num = 10} > __PRETTY_FUNCTION__ = "manager_loop" > __func__ = "manager_loop" >#12 0x00007f9ace29b619 in main (argc=5, argv=0x7fff234aca48) at src/core/main.c:1667 > m = 0x7f9acec0da30 > r = <optimized out> > retval = 1 > before_startup = 11651251 > after_startup = <optimized out> > timespan = "1.780861s\000\273\316\232\177\000\000\300\f\002\000\000\000\000\000\"\364?\314\232\177\000\000\223\202'\316\232\177\000\000\262\266?\314\232\177\000\000\000\000\000\000\000\000\000\000\253\255?\314\000\000\000" > fds = 0x0 > reexecute = false > shutdown_verb = 0x0 > initrd_timestamp = {realtime = 0, monotonic = 0} > userspace_timestamp = {realtime = 1394625543449025, monotonic = 11163775} > kernel_timestamp = {realtime = 1394625532285251, monotonic = 0} > systemd = "systemd" > skip_setup = false > j = <optimized out> > loaded_policy = true > arm_reboot_watchdog = false > queue_default_job = <optimized out> > switch_root_dir = 0x0 > switch_root_init = 0x0 > saved_rlimit_nofile = {rlim_cur = 1024, rlim_max = 4096} > __func__ = "main" > __PRETTY_FUNCTION__ = "main" >From To Syms Read Shared Object Library >0x00007f9acde56da0 0x00007f9acde57bf1 Yes /lib64/libsystemd-daemon.so.0 >0x00007f9acdc47540 0x00007f9acdc5003c Yes /lib64/libudev.so.1 >0x00007f9acda264a0 0x00007f9acda3913c Yes /lib64/libselinux.so.1 >0x00007f9acd8183e0 0x00007f9acd81bea8 Yes /lib64/libwrap.so.0 >0x00007f9acd6086c0 0x00007f9acd60fadc Yes /lib64/libpam.so.0 >0x00007f9acd3e28f0 0x00007f9acd3e8124 Yes /lib64/libaudit.so.1 >0x00007f9acd1dc620 0x00007f9acd1dde58 Yes /lib64/libcap.so.2 >0x00007f9accfc8230 0x00007f9accfd5218 Yes /lib64/libkmod.so.2 >0x00007f9accdbf2c0 0x00007f9accdc20ac Yes /lib64/librt.so.1 >0x00007f9accb7c840 0x00007f9accba67c4 Yes /lib64/libdbus-1.so.3 >0x00007f9acc961af0 0x00007f9acc9712e8 Yes /lib64/libgcc_s.so.1 >0x00007f9acc7488a0 0x00007f9acc753554 Yes /lib64/libpthread.so.0 >0x00007f9acc3a13c0 0x00007f9acc4e4d40 Yes /lib64/libc.so.6 >0x00007f9ace05aae0 0x00007f9ace074c9a Yes /lib64/ld-linux-x86-64.so.2 >0x00007f9acc17eed0 0x00007f9acc17f9d0 Yes /lib64/libdl.so.2 >0x00007f9acbf1e5f0 0x00007f9acbf63620 Yes /lib64/libpcre.so.1 >0x00007f9acbcfaf30 0x00007f9acbd10e90 Yes /lib64/liblzma.so.5 >0x00007f9acbae3110 0x00007f9acbaefd64 Yes /lib64/libnsl.so.1 >0x00007f9acb8db3d0 0x00007f9acb8dd40c Yes /lib64/libattr.so.1 >0x00007f9acb6c6170 0x00007f9acb6d2740 Yes /lib64/libz.so.1 >0x00007f9acb4ba240 0x00007f9acb4c0d3c Yes /lib64/libnss_files.so.2 >0x00007f9acb2b0820 0x00007f9acb2b4d24 Yes /lib64/libnss_sss.so.2 >$1 = 0x0 >No symbol "__glib_assert_msg" in current context. >rax 0x0 0 >rbx 0xb 11 >rcx 0xffffffffffffffff -1 >rdx 0xb 11 >rsi 0xd2f 3375 >rdi 0xd2f 3375 >rbp 0x7fff234ab880 0x7fff234ab880 >rsp 0x7fff234ab7d8 0x7fff234ab7d8 >r8 0x0 0 >r9 0x0 0 >r10 0x8 8 >r11 0x202 514 >r12 0x0 0 >r13 0x7f9acec0da30 140302870436400 >r14 0x7f9ace324966 140302861093222 >r15 0x0 0 >rip 0x7f9acc75200b 0x7f9acc75200b <raise+43> >eflags 0x202 [ IF ] >cs 0x33 51 >ss 0x2b 43 >ds 0x0 0 >es 0x0 0 >fs 0x0 0 >gs 0x0 0 >Dump of assembler code for function raise: > 0x00007f9acc751fe0 <+0>: mov %fs:0x2d4,%ecx > 0x00007f9acc751fe8 <+8>: mov %fs:0x2d0,%esi > 0x00007f9acc751ff0 <+16>: mov %ecx,%eax > 0x00007f9acc751ff2 <+18>: movslq %edi,%rdx > 0x00007f9acc751ff5 <+21>: movslq %esi,%rsi > 0x00007f9acc751ff8 <+24>: sar $0x1f,%eax > 0x00007f9acc751ffb <+27>: xor %eax,%ecx > 0x00007f9acc751ffd <+29>: mov %ecx,%edi > 0x00007f9acc751fff <+31>: sub %eax,%edi > 0x00007f9acc752001 <+33>: mov $0xea,%eax > 0x00007f9acc752006 <+38>: movslq %edi,%rdi > 0x00007f9acc752009 <+41>: syscall >=> 0x00007f9acc75200b <+43>: cmp $0xfffffffffffff000,%rax > 0x00007f9acc752011 <+49>: ja 0x7f9acc752015 <raise+53> > 0x00007f9acc752013 <+51>: repz retq > 0x00007f9acc752015 <+53>: mov 0x207f6c(%rip),%rdx # 0x7f9acc959f88 > 0x00007f9acc75201c <+60>: neg %eax > 0x00007f9acc75201e <+62>: mov %eax,%fs:(%rdx) > 0x00007f9acc752021 <+65>: or $0xffffffffffffffff,%rax > 0x00007f9acc752025 <+69>: retq >End of assembler dump.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=873909">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1075995
: 873909 |
873910
|
873911
|
873912
|
873913
|
873914
|
873915
|
873916
|
873917
|
873918