Segmentation fault on sysdig + libs 0.7.0-rc3 when doing a capture

deepskyblue86 commented 2 years ago

Describe the bug Building sysdig (dev, b26c9522) with libs 0.7.0-rc3 and trying to write a capture I systematically have a segfault.

How to reproduce it

Build sysdig with -DFALCOSECURITY_LIBS_SOURCE_DIR=<libs path>
Build the scap driver and insmod it
Run (with privileges) sysdig -w foo.scap.

Expected behaviour Writing a capture runs smooth.

Screenshots

(gdb) r -w foo.scap
Thread 1 "sysdig" received signal SIGSEGV, Segmentation fault.
scap_kmod_get_threadlist (engine=..., procinfo_p=0x555557019628, lasterr=0x555557014e44 "") at /home/angelo/Projects/falcosecurity/libs/userspace/libscap/engine/kmod/scap_kmod.c:737
737                             if(scap_alloc_proclist_info(procinfo_p, (*procinfo_p)->n_entries + 256, kmod_engine->m_lasterr) == false)
(gdb) p *procinfo_p
$1 = (struct ppm_proclist_info *) 0x950

Environment

sysdig b26c9522
libs 0.7.0-rc3

Additional context

I debugged just a bit, and handle->m_driver_procinfo is fine until ioctl PPM_IOCTL_GET_PROCLIST:

Thread 1 "sysdig" hit Breakpoint 8, scap_kmod_get_threadlist (engine=..., procinfo_p=0x555557019628, lasterr=0x555557014e44 "") at /home/angelo/Projects/falcosecurity/libs/userspace/libscap/engine/kmod/scap_kmod.c:731
731             struct kmod_engine* kmod_engine = engine.m_handle;
(gdb) p *procinfo_p
$29 = (struct ppm_proclist_info *) 0x555559d91a40       <=== HERE IS FINE
(gdb) n
732             int ioctlres = ioctl(kmod_engine->m_dev_set.m_devs[0].m_fd, PPM_IOCTL_GET_PROCLIST, procinfo_p);
(gdb) n
733             if(ioctlres)
(gdb) p *procinfo_p
$30 = (struct ppm_proclist_info *) 0x98e                <=== HERE IS BROKEN

If I revert libs at 075da069, i.e. right before falcosecurity/libs/pull/374, it works fine.

deepskyblue86 commented 2 years ago

"moved" from falcosecurity/libs/issues/465 CC @LucaGuerra

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

draios / sysdig

Segmentation fault on sysdig + libs 0.7.0-rc3 when doing a capture #1886