Wireshark-bugs: [Wireshark-bugs] [Bug 13265] New: Buildbot crash output: fuzz-2016-12-21-27866.p
Date: Thu, 22 Dec 2016 08:50:03 +0000
Bug ID 13265
Summary Buildbot crash output: fuzz-2016-12-21-27866.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-12-21-27866.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-21-27866.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3828
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=41951f98fb01726575c559d5d015b24879cbfb7d

Return value:  0

Dissector bug:  0

Valgrind error count:  102



Git commit
commit 41951f98fb01726575c559d5d015b24879cbfb7d
Author: AndersBroman <anders.broman@ericsson.com>
Date:   Tue Dec 20 13:22:15 2016 +0100

    [rpm-build] Add an option to exclude extcap.

    Change-Id: Ibe16ad31986818fcd6e1bfbcfdd38ecc7663dd39
    Reviewed-on: https://code.wireshark.org/review/19360
    Reviewed-by: Anders Broman <a.broman58@gmail.com>
    Petri-Dish: Anders Broman <a.broman58@gmail.com>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
    Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>


==12036== Memcheck, a memory error detector
==12036== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==12036== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==12036== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-21-27866.pcap
==12036== 

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet 7:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet 18:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet 29:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet 49:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==12036== Conditional jump or move depends on uninitialised value(s)
==12036==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12036==    by 0x69E5F93: addresses_equal (address.h:230)
==12036==    by 0x69E5F93: fragment_addresses_equal (reassemble.c:82)
==12036==    by 0xA706DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==12036==    by 0x69E7496: lookup_fd_head (reassemble.c:541)
==12036==    by 0x69E7496: fragment_add_seq_common (reassemble.c:1886)
==12036==    by 0x69E7A97: fragment_add_seq_check_work (reassemble.c:2037)
==12036==    by 0x69E7B59: fragment_add_seq_next (reassemble.c:2100)
==12036==    by 0x6B4EDD1: dissect_btle (packet-btle.c:888)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6F835CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036== 
==12036== Conditional jump or move depends on uninitialised value(s)
==12036==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12036==    by 0x69E5FCD: addresses_equal (address.h:230)
==12036==    by 0x69E5FCD: fragment_addresses_equal (reassemble.c:83)
==12036==    by 0xA706DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==12036==    by 0x69E7496: lookup_fd_head (reassemble.c:541)
==12036==    by 0x69E7496: fragment_add_seq_common (reassemble.c:1886)
==12036==    by 0x69E7A97: fragment_add_seq_check_work (reassemble.c:2037)
==12036==    by 0x69E7B59: fragment_add_seq_next (reassemble.c:2100)
==12036==    by 0x6B4EDD1: dissect_btle (packet-btle.c:888)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6F835CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036== 
==12036== Conditional jump or move depends on uninitialised value(s)
==12036==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12036==    by 0x69E5F93: addresses_equal (address.h:230)
==12036==    by 0x69E5F93: fragment_addresses_equal (reassemble.c:82)
==12036==    by 0xA7065F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==12036==    by 0x69E7AB4: fragment_unhash (reassemble.c:789)
==12036==    by 0x69E7AB4: fragment_add_seq_check_work (reassemble.c:2052)
==12036==    by 0x69E7B59: fragment_add_seq_next (reassemble.c:2100)
==12036==    by 0x6B4EDD1: dissect_btle (packet-btle.c:888)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6F835CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6CAEC72: dissect_exported_pdu (packet-exported_pdu.c:285)
==12036== 
==12036== Conditional jump or move depends on uninitialised value(s)
==12036==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12036==    by 0x69E5FCD: addresses_equal (address.h:230)
==12036==    by 0x69E5FCD: fragment_addresses_equal (reassemble.c:83)
==12036==    by 0xA7065F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==12036==    by 0x69E7AB4: fragment_unhash (reassemble.c:789)
==12036==    by 0x69E7AB4: fragment_add_seq_check_work (reassemble.c:2052)
==12036==    by 0x69E7B59: fragment_add_seq_next (reassemble.c:2100)
==12036==    by 0x6B4EDD1: dissect_btle (packet-btle.c:888)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6F835CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==12036==    by 0x69BC905: call_dissector_through_handle (packet.c:650)
==12036==    by 0x69BC905: call_dissector_work (packet.c:725)
==12036==    by 0x69BB9BC: call_dissector_only (packet.c:2955)
==12036==    by 0x69BB9BC: call_dissector_with_data (packet.c:2968)
==12036==    by 0x6CAEC72: dissect_exported_pdu (packet-exported_pdu.c:285)
==12036== 

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet 78:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
100: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
102: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
146: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
152: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
197: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
216: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
218: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
225: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
237: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
249: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
252: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
253: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
257: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
327: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
331: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
340: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
348: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
354: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
378: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
380: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
384: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
390: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
442: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
459: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
534: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
540: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
554: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
596: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
613: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
649: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
669: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
679: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
749: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
750: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
755: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
763: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
793: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
818: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
822: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
846: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
853: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
855: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
874: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
886: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:12036): WARNING **: Dissector bug, protocol BT LE LL, in packet
893: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==12036== 
==12036== HEAP SUMMARY:
==12036==     in use at exit: 6,091,802 bytes in 10,024 blocks
==12036==   total heap usage: 286,514 allocs, 276,490 frees, 38,016,530 bytes
allocated
==12036== 
==12036== LEAK SUMMARY:
==12036==    definitely lost: 4,326 bytes in 352 blocks
==12036==    indirectly lost: 0 bytes in 0 blocks
==12036==      possibly lost: 0 bytes in 0 blocks
==12036==    still reachable: 6,087,476 bytes in 9,672 blocks
==12036==         suppressed: 0 bytes in 0 blocks
==12036== Rerun with --leak-check=full to see details of leaked memory
==12036== 
==12036== For counts of detected and suppressed errors, rerun with: -v
==12036== Use --track-origins=yes to see where uninitialised values come from
==12036== ERROR SUMMARY: 102 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.