Closed clemensg closed 5 years ago
Hashscan is a bit of a hack; it's probably finding a range of bytes that happens to accidentally match the signature a0 11 1f e1
, and then everything naturally goes off the rails.
Can you post a complete transcript — what command line did you run, what output did you see prior to the crash. Also, please try with a checkout that includes commit 97826f5a37ab3d42a585b1fdc57ad89f0662e5b9, and add -vv
to your hashscan command line. That should at least confirm my suspicion that the tbl->num_buckets
being inferred in your case is something huge and inappropriate.
Hi, thanks for the quick response.
I did just run ./hashscan with the PID of the process I wanted to analyze. The linemalloc(): invalid next size (unsorted)
was the first output.
I tried again with the latest commit as well as -vvv
and interestingly it did not crash.. very odd. Even one -v
seems to be enough for it to not crash.
tbl->num_buckets
is 32, according to the output:
$ ./hashscan -vvv 271
attaching to peer
waiting for peer to suspend temporarily
opening peer memory map [/proc/271/maps]
listing peer virtual memory areas
peer has 43 virtual memory areas
opening peer memory
scanning peer memory for hash table signatures
found signature at peer 0x22cf910
reading table at peer 0x22cf8e8
reading 32 buckets at peer 0x22c8c38
scanning 32 peer buckets
bucket 0 has 4 items
scanning bucket 0 chain:
bucket 1 has 1 items
scanning bucket 1 chain:
bucket 2 has 4 items
scanning bucket 2 chain:
bucket 3 has 3 items
scanning bucket 3 chain:
bucket 4 has 1 items
scanning bucket 4 chain:
bucket 5 has 1 items
scanning bucket 5 chain:
bucket 6 has 2 items
scanning bucket 6 chain:
bucket 7 has 1 items
scanning bucket 7 chain:
bucket 8 has 1 items
scanning bucket 8 chain:
bucket 9 has 3 items
scanning bucket 9 chain:
bucket 10 has 4 items
scanning bucket 10 chain:
bucket 11 has 3 items
scanning bucket 11 chain:
bucket 12 has 4 items
scanning bucket 12 chain:
bucket 13 has 0 items
scanning bucket 13 chain:
bucket 14 has 2 items
scanning bucket 14 chain:
bucket 15 has 3 items
scanning bucket 15 chain:
bucket 16 has 1 items
scanning bucket 16 chain:
bucket 17 has 2 items
scanning bucket 17 chain:
bucket 18 has 2 items
scanning bucket 18 chain:
bucket 19 has 5 items
scanning bucket 19 chain:
bucket 20 has 5 items
scanning bucket 20 chain:
bucket 21 has 2 items
scanning bucket 21 chain:
bucket 22 has 2 items
scanning bucket 22 chain:
bucket 23 has 2 items
scanning bucket 23 chain:
bucket 24 has 4 items
scanning bucket 24 chain:
bucket 25 has 2 items
scanning bucket 25 chain:
bucket 26 has 0 items
scanning bucket 26 chain:
bucket 27 has 2 items
scanning bucket 27 chain:
bucket 28 has 3 items
scanning bucket 28 chain:
bucket 29 has 0 items
scanning bucket 29 chain:
bucket 30 has 3 items
scanning bucket 30 chain:
bucket 31 has 4 items
scanning bucket 31 chain:
looking for bloom signature at peer 0x22cf914
Address ideal items buckets mc fl bloom sat fcn keys saved to
------------------ ----- -------- -------- -- -- ----- ----- --- -------------
0x22cf8e8 100% 76 32 5 ok JEN
detaching and resuming peer
Hm. Does it reliably crash with no -v
, and reliably not-crash with -v
? If so, that's very weird. I probably have no further help I can give here... but at least you know a workaround!
Hm. Does it reliably crash with no
-v
, and reliably not-crash with-v
?
Yes, it does. Very weird indeed.
Yeah, thanks for the help anyway, I now got the information I wanted.
Hi,
I tried to run a cross-compiled hashscan (from the master branch) for 32-Bit ARM and it crashed with the following output:
I then recompiled with
-fsanitize=address
and got this at runtime:Operating system is Linux 5.3.5. Glibc is 2.30, GCC is 9.2 and the target is a Cortex A9 with ARMv7-A ISA.
I can't reproduce the issue on my x64 development machine.