--- Begin Message ---
Package: grep
Version: 2.4.2-3
Severity: normal
I don't know if this is something that can't be fixed by its nature or not.
As root:
$ grep --rec something /dev
grep: dev/kmem: Bad address
Binary file dev/mem matches
Binary file dev/core matches
grep: memory exhausted
----
at this point, my monitor starts turning on and off randomly at about a one
second interval.
I can break out of X using Ctrl-Alt-Backspace, but if I start X again without
rebooting
first it starts flashing on and off again.
I found someone else had the exact same problem here:
http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=1551
Is the problem in the kernel, or in grep? The previous bug closer insinuated
that it's grep's fault. It's hard for me to believe that it's acceptable
that a read-only operation like grep should be able to bring the system down.
I realize that /dev/mem and /dev/kmem are pretty unusual, but it is still
pretty naughty behavior to bring the whole system down.
When I try the same thing non-root:
$ grep --rec something /dev
grep: /dev/kmem: Permission denied
grep: /dev/mem: Permission denied
grep: /dev/core: Permission denied
grep: /dev/port: Permission denied
grep: memory exhausted
but X doesn't crash.
==============================================================================
$ strace grep --rec something /dev >test 2>&1
$ cat test
execve("/bin/grep", ["grep", "--rec", "something", "/dev"], [/* 32 vars */]) = 0
uname({sys="Linux", node="nerdville.colorado.edu", ...}) = 0
brk(0) = 0x80548f4
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/X11R6/lib/i586/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file
or directory)
stat64("/usr/X11R6/lib/i586/mmx", 0xbfffedf4) = -1 ENOENT (No such file or
directory)
open("/usr/X11R6/lib/i586/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/X11R6/lib/i586", 0xbfffedf4) = -1 ENOENT (No such file or
directory)
open("/usr/X11R6/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/X11R6/lib/mmx", 0xbfffedf4) = -1 ENOENT (No such file or directory)
open("/usr/X11R6/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/X11R6/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/lib/i586/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file
or directory)
stat64("/usr/local/lib/i586/mmx", 0xbfffedf4) = -1 ENOENT (No such file or
directory)
open("/usr/local/lib/i586/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/local/lib/i586", 0xbfffedf4) = -1 ENOENT (No such file or
directory)
open("/usr/local/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/local/lib/mmx", 0xbfffedf4) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/local/lib", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0
open("i586/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("i586/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=75372, ...}) = 0
old_mmap(NULL, 75372, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) =
1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0
old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40027000
mprotect(0x4013a000, 40160, PROT_NONE) = 0
old_mmap(0x4013a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x113000) = 0x4013a000
old_mmap(0x40140000, 15584, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40140000
close(3) = 0
munmap(0x40014000, 75372) = 0
brk(0) = 0x80548f4
brk(0x805491c) = 0x805491c
brk(0x8055000) = 0x8055000
brk(0x8056000) = 0x8056000
brk(0x8057000) = 0x8057000
open("/dev", O_RDONLY|O_LARGEFILE) = 3
brk(0x8063000) = 0x8063000
fstat64(3, {st_mode=S_IFDIR|0755, st_size=24576, ...}) = 0
close(3) = 0
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a
directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=24576, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
brk(0x806a000) = 0x806a000
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4088
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4088
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4096
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4096
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4096
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4096
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4080
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4008
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4080
getdents64(0x3, 0x80615f8, 0x1000, 0) = 3992
getdents64(0x3, 0x80615f8, 0x1000, 0) = 4096
getdents64(0x3, 0x80615f8, 0x1000, 0) = 1696
getdents64(0x3, 0x80615f8, 0x1000, 0) = 0
close(3) = 0
open("/dev/kmem", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFCHR|0640, st_rdev=makedev(1, 2), ...}) = 0
read(3, 0x8059000, 32768) = -1 EFAULT (Bad address)
write(2, "grep: /dev/kmem: Bad address\n", 29grep: /dev/kmem: Bad address
) = 29
close(3) = 0
open("/dev/mem", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFCHR|0640, st_rdev=makedev(1, 1), ...}) = 0
read(3, "\1\0\0\0\266\346\0\360\303\342\0\360\266\346\0\360\266"..., 32768) =
32768
read(3, "\213D$\fP\350n\370\377\3771\300\203\304\10\353\5\270\1"..., 32768) =
32768
read(3, "\211\310\301\340\20\1\301\367\331\301\371\5\270\1\0\0\0"..., 32768) =
32768
read(3, "[^_]\303\215v\0\203\354\4UWVS1\3661\3771\355\307D$\20\0"..., 32768) =
32768
read(3, "\r\4\316*\300\272\37\205\353Q\211\310\367\342\213\r\370"..., 32768) =
32768
read(3, "\2\0\203\304\4\205\366t\24\360\377N(\17\224\300\204\300"..., 32768) =
32768
read(3, "\5\0\0\0\300\215\f\20\211\332\201\342\377\377?\0\215\34"..., 32768) =
32768
read(3, "\304\4\351V\377\377\377\211.\377G`\260\1\206\7\270\3\0"..., 32768) =
32768
read(3, "X\206\5\210\331\"\300\215A4\272\1\0\377\377\360\17\301"..., 32768) =
32768
read(3, "D$\f\205\300t\t1\322\350j\323\376\377\211\366\211\330["..., 32768) =
32768
read(3, "\211YLj\1Q\350\331\351\377\377\203\304\10[\303\200=\20"..., 32768) =
32768
read(3, "G|\301\340\20\t\350\211C(\203\177|\0tW\215\207\0\0\0@\301"..., 32768)
= 32768
read(3, "W\215D$(P\213\204$\230\0\0\0P\213\204$\230\0\0\0PV\350"..., 32768) =
32768
read(3, "D$,\213l$0\213\0\211D$$\2138\307D$\34\0\0\0\0\307D$\30"..., 32768) =
32768
read(3, "\213\200\370\0\0\0\213@\f\303\211\366VS1\366\271\3\0\0"..., 32768) =
32768
read(3, "\r+\300}%\360\376\rD\r+\300\17\210\231\17\0\0\241H\r+\300"..., 32768)
= 32768
read(3, "\365\351\350\341\377\377\200\273$\f\0\0\0\363\220~\365"..., 32768) =
32768
read(3, "\300\213\24\31\213\202\220\0\0\0\213\272\210\0\0\0)\307"..., 32768) =
32768
read(3, "\0\30\300\377\0\0\3P\216\300\3\0\1)\31\1\20\0\363\245\352"..., 32768)
= 32768
old_mmap(NULL, 172032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40144000
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 131072) =
131072
mremap(0x40144000, 172032, 663552, MREMAP_MAYMOVE) = 0x40144000
read(3, "f\7s\7t\7a\7t\0076\0074\7(\0073\7,\7 \7{\7s\7t\7_\7m\7"..., 524288) =
524288
read(3, "\205\333u\24\215D$\fP\213D$8P\350\361c\1\0\211\303\203"..., 524288) =
524288
read(3, "\3\0f\201;\0\3u\27\241d\316%\300\377\5l\316%\300\211C\20"..., 524288)
= 524288
read(3, "\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 524288) =
524288
read(3, "\0\0\0\0\1\0\0\0\10\200+\300\10\200+\300\0\0\0\0\1\0\0"..., 524288) =
524288
mremap(0x40144000, 663552, 2629632, MREMAP_MAYMOVE) = 0x40144000
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2097152) =
2097152
mremap(0x40144000, 2629632, 20979712, MREMAP_MAYMOVE) = 0x40144000
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 16777216)
= 16777216
read(3, "\201\177\0\0\f\0\1\0.\0\0\0\2\0\0\0\f\0\2\0..\0\0\202\177"...,
16777216) = 16777216
mremap(0x40144000, 20979712, 83894272, MREMAP_MAYMOVE) = 0x40144000
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 67108864)
= 67108864
mremap(0x40144000, 83894272, 671096832, MREMAP_MAYMOVE) = -1 ENOMEM (Cannot
allocate memory)
old_mmap(NULL, 671096832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 ENOMEM (Cannot allocate memory)
brk(0x3006c000) = 0x806a000
old_mmap(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1,
0) = 0x45146000
munmap(0x45146000, 761856) = 0
munmap(0x45300000, 286720) = 0
old_mmap(0x45200000, 32768, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x45200000
old_mmap(NULL, 671096832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 ENOMEM (Cannot allocate memory)
old_mmap(NULL, 671096832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 ENOMEM (Cannot allocate memory)
write(2, "grep: memory exhausted\n", 23grep: memory exhausted
) = 23
_exit(2) = ?
=====================================================
$ valgrind -v grep --rec something /dev >test 2>&1
$ cat test
==3211== valgrind-1.0.0, a memory error detector for x86 GNU/Linux.
==3211== Copyright (C) 2000-2002, and GNU GPL'd, by Julian Seward.
==3211== Startup, with flags:
==3211== --suppressions=/usr/lib/valgrind/woody.supp
==3211== -v
==3211== Reading suppressions file: /usr/lib/valgrind/woody.supp
==3211== Reading syms from /bin/grep
==3211== object doesn't have a symbol table
==3211== object doesn't have any debug info
==3211== Reading syms from /lib/ld-2.2.5.so
==3211== object doesn't have any debug info
==3211== Reading syms from /usr/lib/valgrind/valgrind.so
==3211== Reading syms from /lib/libc-2.2.5.so
==3211== object doesn't have a symbol table
==3211== object doesn't have any debug info
==3211== Estimated CPU clock rate is 552 MHz
==3211==
grep: /dev/kmem: Bad address
==3211== Warning: set address range perms: large range 167776256, a 0, v 1
==3211== Warning: set address range perms: large range 134217728, a 0, v 0
==3211== Warning: set address range perms: large range 134217728, a 0, v 0
==3211== Warning: set address range perms: large range 134217728, a 0, v 0
==3211== Warning: set address range perms: large range 134217728, a 0, v 0
vg_get_memory_from_mmap failed on request of 671096832
valgrind: the `impossible' happened:
vg_get_memory_from_mmap: out of memory! Fatal! Bye!
Basic block ctr is approximately 348300000
sched status:
Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0
==3211== at 0x4004381E: realloc (vg_clientfuncs.c:252)
==3211== by 0x8049370: (within /bin/grep)
==3211== by 0x80496ED: (within /bin/grep)
==3211== by 0x8049FDF: (within /bin/grep)
Please report this bug to me at: [email protected]
-- System Information
Debian Release: 3.0
Kernel Version: Linux riccati 2.2.20 #1 Sat Nov 9 20:02:32 MST 2002 alpha
unknown
Versions of the packages grep depends on:
ii libc6.1 2.2.5-11.2 GNU C Library: Shared libraries and Timezone
--- End Message ---
