iproute2 segfaults when filtering sockets

Issues comes from:

(gdb) bt
#0 render (screen_width=144) at ss.c:1204
#1 main (argc=<optimized out>, argv=<optimized out>) at ss.c:4974

render (screen_width=144) at ss.c:1204

workaround:

sudo ss -Hnp -o state established 'dport = 22' src 127.0.0.1 dst 127.0.0.1 | cat -

by not trying to control terminal WIDTH, segfault does not occur.

[rafaeldtinoco@iproute2issue iproute2]$ git unfixed
eb8559eff124221bfbafe934c4dbfe30f20604c0 is the first bad commit
commit eb8559eff124221bfbafe934c4dbfe30f20604c0
Author: Jean-Philippe Brucker <email address hidden>
Date: Sat Mar 3 16:59:44 2018 +0000

    ss: fix NULL dereference when rendering without header

    When ss is invoked with the no-header flag, if the query doesn't return
    any result, render() is called with 'buffer' uninitialized. This
    currently leads to a segfault. Ensure that buffer is initialized before
    rendering.

    The bug can be triggered with: ss -H sport = 100000

    Signed-off-by: Jean-Philippe Brucker <email address hidden>
    Acked-by: Stefano Brivio <email address hidden>
    Signed-off-by: Stephen Hemminger <email address hidden>

:040000 040000 bf8f626f1c0b85bd690dab60d4f74db292ac8e65 6174ebf0728edab46c62b713f6aee495eef81cb5 M misc

It only affects Bionic:

[rafaeldtinoco@iproute2issue iproute2]$ git describe eb8559eff124221bfbafe934c4dbfe30f20604c0
v4.15.0-103-geb8559ef

[rafaeldtinoco@iproute2issue ~]$ rmadison iproute2
 iproute2 | 3.12.0-2 | trusty | source
 iproute2 | 3.12.0-2ubuntu1.2 | trusty-updates | source
 iproute2 | 4.3.0-1ubuntu3 | xenial | source
 iproute2 | 4.3.0-1ubuntu3.16.04.5 | xenial-updates | source
 iproute2 | 4.15.0-2ubuntu1 | bionic | source
 iproute2 | 4.15.0-2ubuntu1.1 | bionic-security | source
 iproute2 | 4.15.0-2ubuntu1.2 | bionic-updates | source
 iproute2 | 4.18.0-1ubuntu2~ubuntu18.04.1 | bionic-backports | source
 iproute2 | 5.5.0-1ubuntu1 | focal | source
 iproute2 | 5.7.0-1ubuntu1 | groovy | source
 iproute2 | 5.9.0-1ubuntu1 | hirsute | source
 iproute2 | 5.10.0-2ubuntu1 | hirsute-proposed | source

MP: https://code.launchpad.net/~rafaeldtinoco/ubuntu/+source/iproute2/+git/iproute2/+merge/396921
PPA: https://launchpad.net/~rafaeldtinoco/+archive/ubuntu/lp1913187

$ git-ubuntu tag --upload

$ git describe
upload/4.15.0-2ubuntu1.3

$ git push pkg upload/4.15.0-2ubuntu1.3
Counting objects: 11, done.
Delta compression using up to 24 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.07 KiB | 176.00 KiB/s, done.
Total 11 (delta 7), reused 0 (delta 0)
To ssh://git.launchpad.net/ubuntu/+source/iproute2
 * [new tag] upload/4.15.0-2ubuntu1.3 -> upload/4.15.0-2ubuntu1.3

$ debdiff *.dsc | diffstat
 changelog | 7 +++++++
 patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 patches/series | 1 +
 3 files changed, 48 insertions(+)

[rafaeldtinoco@iproute2issue ubuntu]$ dput ubuntu ./iproute2_4.15.0-2ubuntu1.3_source.changes
Checking signature on .changes
gpg: ./iproute2_4.15.0-2ubuntu1.3_source.changes: Valid signature from A93E0E0AD83C0D0F
Checking signature on .dsc
gpg: ./iproute2_4.15.0-2ubuntu1.3.dsc: Valid signature from A93E0E0AD83C0D0F
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading iproute2_4.15.0-2ubuntu1.3.dsc: done.
  Uploading iproute2_4.15.0-2ubuntu1.3.debian.tar.xz: done.
  Uploading iproute2_4.15.0-2ubuntu1.3_source.buildinfo: done.
  Uploading iproute2_4.15.0-2ubuntu1.3_source.changes: done.
Successfully uploaded packages.

Hello Rafael, or anyone else affected,

Accepted iproute2 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted iproute2 (4.15.0-2ubuntu1.3) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

postgresql-common/190ubuntu0.1 (amd64, i386)
ubuntu-fan/0.12.10 (amd64, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#iproute2

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

# verfication

$ dpkg -l iproute2 | grep ii
ii iproute2 4.15.0-2ubuntu1.3 amd64 networking and traffic control tools

$ ss -Hnp -o state established 'dport = 22' src 127.0.0.1 dst 127.0.0.1 && echo worked
worked

good to migrate. thank you.

-rafaeldtinoco

What about the autopkgtest regressions as marked by comment #8?

ubuntu-fan dep8 failures are due to https://bugs.launchpad.net/ubuntu/+source/ubuntu-fan/+bug/1830180. It was fixed in focal+, but in bionic it remains flaky. Explanation is in https://bugs.launchpad.net/ubuntu/+source/ubuntu-fan/+bug/1830180/comments/1

I'll retry it once or twice, but we can see from the test output that the test worked, and the stderr text is just noise that happened because systemd-resolve was called too soon:
Starting fanatic-test
lxd test: Waiting for addresses on eth0 ...
lxd test: Waiting for addresses on eth0 ...
lxd test: Waiting for addresses on eth0 ...
lxd test: Waiting for addresses on eth0 ...
lxd test: Waiting for addresses on eth0 ...
slave: detected primary route through eth0
sd_bus_open_system: No such file or directory <-- too soon
slave: waiting for systemd resolver...
slave: DNS: systemd(250.40.8.1) <--- now it worked, and the test continues
...

postgresql-common amd64 and i386: passed after a retry
ubuntu-fan: see previous comment, known flaky test, and analysis of the test output shows that the test actually passed. I retried both amd64 and s390x, but I ask the SRU team to consider those runs green if they failed again (update: amd64 just passed, s390x still pending results).

This bug was fixed in the package iproute2 - 4.15.0-2ubuntu1.3

---------------
iproute2 (4.15.0-2ubuntu1.3) bionic; urgency=medium

  * Fix: NULL dereference when rendering without header (LP: #1913187)
    - d/p/lp1913187-ss-fix-NULL-dereference-when-rendering.patch

 -- Rafael David Tinoco <email address hidden> Tue, 26 Jan 2021 13:33:08 +0000

The verification of the Stable Release Update for iproute2 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.