[Bro-Dev] [JIRA] (BIT-505) Invalid Unref crash
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Thu Nov 7 08:07:31 PST 2013
[ https://bro-tracker.atlassian.net/browse/BIT-505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Seth Hall updated BIT-505:
--------------------------
Resolution: Fixed
Status: Closed (was: Open)
I'm not seeing crashes.
> Invalid Unref crash
> -------------------
>
> Key: BIT-505
> URL: https://bro-tracker.atlassian.net/browse/BIT-505
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: gclark
> Attachments: bro.trace.bz2
>
>
> Using latest from bro-master:
> Last few lines of Bro execution trace:
> {noformat}
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Builtin Function called: network_time()
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Function return: 1311220077.26388
> 1311220077.263882 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 function called: id_string(id = '[orig_h=204.152.191.37, orig_p=80/tcp, resp_h=212.110.251.3, resp_p=33595/tcp]')
> 1311220077.263882 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Builtin Function called: fmt(va_args = '%s:%d > %s:%d', vararg0 = '204.152.191.37', vararg1 = '80/tcp', vararg2 = '212.110.251.3', vararg3 = '33595/tcp')
> 1311220077.263882 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 204.152.191.37:80 > 212.110.251.3:33595
> 1311220077.263882 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 204.152.191.37:80 > 212.110.251.3:33595
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:359 function called: Weird::report_weird_conn(t = '1311220077.26388', name = 'above_hole_data_without_any_acks', id = '204.152.191.37:80 > 212.110.251.3:33595', addl = '', c = '[id=[orig_h=204.152.191.37, orig_p=80/tcp, resp_h=212.110.251.3, resp_p=33595/tcp], orig=[size=7240, state=3, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.2637, duration=0.000185012817382812, service={
> }, addl=, hot=0, history=D, uid=vwfIafnipTj, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]')
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:310 function called: Weird::report_weird(t = '1311220077.26388', name = 'above_hole_data_without_any_acks', id = '204.152.191.37:80 > 212.110.251.3:33595', have_conn = 'T', addl = '', action = 'WEIRD_FILE', no_log = 'F')
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 function called: Log::write(id = 'WEIRD', columns = '[ts=1311220077.26388, uid=vwfIafnipTj, id=[orig_h=204.152.191.37, orig_p=80/tcp, resp_h=212.110.251.3, resp_p=33595/tcp], msg=above_hole_data_without_any_acks, addl=<uninitialized>, notice=F]')
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Builtin Function called: Log::__write(id = 'WEIRD', columns = '[ts=1311220077.26388, uid=vwfIafnipTj, id=[orig_h=204.152.191.37, orig_p=80/tcp, resp_h=212.110.251.3, resp_p=33595/tcp], msg=above_hole_data_without_any_acks, addl=<uninitialized>, notice=F]')
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.263882 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.461318 /home/gilbert/Code/bro/build/src/event.bif.bro:104 event called: conn_weird(name = 'spontaneous_RST', c = '[id=[orig_h=212.110.251.3, orig_p=113/tcp, resp_h=161.53.178.240, resp_p=50349/tcp], orig=[size=0, state=6, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46132, duration=0.0, service={
> }, addl=, hot=0, history=R, uid=0Wn1J3f4jD4, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]', addl = '')
> 1311220077.461318 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Builtin Function called: network_time()
> 1311220077.461318 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Function return: 1311220077.46132
> 1311220077.461318 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 function called: id_string(id = '[orig_h=212.110.251.3, orig_p=113/tcp, resp_h=161.53.178.240, resp_p=50349/tcp]')
> 1311220077.461318 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Builtin Function called: fmt(va_args = '%s:%d > %s:%d', vararg0 = '212.110.251.3', vararg1 = '113/tcp', vararg2 = '161.53.178.240', vararg3 = '50349/tcp')
> 1311220077.461318 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 212.110.251.3:113 > 161.53.178.240:50349
> 1311220077.461318 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 212.110.251.3:113 > 161.53.178.240:50349
> 1311220077.461318 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:359 function called: Weird::report_weird_conn(t = '1311220077.46132', name = 'spontaneous_RST', id = '212.110.251.3:113 > 161.53.178.240:50349', addl = '', c = '[id=[orig_h=212.110.251.3, orig_p=113/tcp, resp_h=161.53.178.240, resp_p=50349/tcp], orig=[size=0, state=6, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46132, duration=0.0, service={
> }, addl=, hot=0, history=R, uid=0Wn1J3f4jD4, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]')
> 1311220077.461318 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:310 function called: Weird::report_weird(t = '1311220077.46132', name = 'spontaneous_RST', id = '212.110.251.3:113 > 161.53.178.240:50349', have_conn = 'T', addl = '', action = 'WEIRD_IGNORE', no_log = 'F')
> 1311220077.461532 /home/gilbert/Code/bro/build/src/event.bif.bro:104 event called: conn_weird(name = 'connection_originator_SYN_ack', c = '[id=[orig_h=161.53.178.240, orig_p=6667/tcp, resp_h=212.110.251.3, resp_p=59665/tcp], orig=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46094, duration=0.0, service={
> }, addl=, hot=0, history=H, uid=hrTdn4R7Yq9, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]', addl = '')
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Builtin Function called: network_time()
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Function return: 1311220077.46153
> 1311220077.461532 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 function called: id_string(id = '[orig_h=161.53.178.240, orig_p=6667/tcp, resp_h=212.110.251.3, resp_p=59665/tcp]')
> 1311220077.461532 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Builtin Function called: fmt(va_args = '%s:%d > %s:%d', vararg0 = '161.53.178.240', vararg1 = '6667/tcp', vararg2 = '212.110.251.3', vararg3 = '59665/tcp')
> 1311220077.461532 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 161.53.178.240:6667 > 212.110.251.3:59665
> 1311220077.461532 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 161.53.178.240:6667 > 212.110.251.3:59665
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:359 function called: Weird::report_weird_conn(t = '1311220077.46153', name = 'connection_originator_SYN_ack', id = '161.53.178.240:6667 > 212.110.251.3:59665', addl = '', c = '[id=[orig_h=161.53.178.240, orig_p=6667/tcp, resp_h=212.110.251.3, resp_p=59665/tcp], orig=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46094, duration=0.0, service={
> }, addl=, hot=0, history=H, uid=hrTdn4R7Yq9, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]')
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:310 function called: Weird::report_weird(t = '1311220077.46153', name = 'connection_originator_SYN_ack', id = '161.53.178.240:6667 > 212.110.251.3:59665', have_conn = 'T', addl = '', action = 'WEIRD_FILE', no_log = 'F')
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 function called: Log::write(id = 'WEIRD', columns = '[ts=1311220077.46153, uid=hrTdn4R7Yq9, id=[orig_h=161.53.178.240, orig_p=6667/tcp, resp_h=212.110.251.3, resp_p=59665/tcp], msg=connection_originator_SYN_ack, addl=<uninitialized>, notice=F]')
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Builtin Function called: Log::__write(id = 'WEIRD', columns = '[ts=1311220077.46153, uid=hrTdn4R7Yq9, id=[orig_h=161.53.178.240, orig_p=6667/tcp, resp_h=212.110.251.3, resp_p=59665/tcp], msg=connection_originator_SYN_ack, addl=<uninitialized>, notice=F]')
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.461532 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.462050 /home/gilbert/Code/bro/build/src/event.bif.bro:67 event called: protocol_confirmation(c = '[id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], orig=[size=38, state=3, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46205, duration=0.0, service={
> }, addl=, hot=0, history=D, uid=Y6rpTW6Rgeg, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]', atype = '19', aid = '8963')
> 1311220077.462050 /home/gilbert/Code/bro/build/src/event.bif.bro:104 event called: conn_weird(name = 'irc_line_too_short', c = '[id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], orig=[size=38, state=3, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46205, duration=0.0, service={
> }, addl=, hot=0, history=D, uid=Y6rpTW6Rgeg, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]', addl = '')
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Builtin Function called: network_time()
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:384 Function return: 1311220077.46205
> 1311220077.462050 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 function called: id_string(id = '[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp]')
> 1311220077.462050 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Builtin Function called: fmt(va_args = '%s:%d > %s:%d', vararg0 = '212.110.251.3', vararg1 = '52895/tcp', vararg2 = '64.18.128.86', vararg3 = '6667/tcp')
> 1311220077.462050 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 212.110.251.3:52895 > 64.18.128.86:6667
> 1311220077.462050 /home/gilbert/Code/bro/policy/utils/conn-ids.bro:23 Function return: 212.110.251.3:52895 > 64.18.128.86:6667
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:359 function called: Weird::report_weird_conn(t = '1311220077.46205', name = 'irc_line_too_short', id = '212.110.251.3:52895 > 64.18.128.86:6667', addl = '', c = '[id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], orig=[size=38, state=3, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46205, duration=0.0, service={
> }, addl=, hot=0, history=D, uid=Y6rpTW6Rgeg, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]')
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/notice/weird.bro:310 function called: Weird::report_weird(t = '1311220077.46205', name = 'irc_line_too_short', id = '212.110.251.3:52895 > 64.18.128.86:6667', have_conn = 'T', addl = '', action = 'WEIRD_FILE', no_log = 'F')
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 function called: Log::write(id = 'WEIRD', columns = '[ts=1311220077.46205, uid=Y6rpTW6Rgeg, id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], msg=irc_line_too_short, addl=<uninitialized>, notice=F]')
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Builtin Function called: Log::__write(id = 'WEIRD', columns = '[ts=1311220077.46205, uid=Y6rpTW6Rgeg, id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], msg=irc_line_too_short, addl=<uninitialized>, notice=F]')
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.462050 /home/gilbert/Code/bro/policy/frameworks/logging/base.bro:188 Function return: T
> 1311220077.462050 /home/gilbert/Code/bro/build/src/event.bif.bro:611 event called: irc_nick_message(c = '[id=[orig_h=212.110.251.3, orig_p=52895/tcp, resp_h=64.18.128.86, resp_p=6667/tcp], orig=[size=38, state=3, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], resp=[size=0, state=0, num_pkts=<uninitialized>, num_bytes_ip=<uninitialized>], start_time=1311220077.46205, duration=0.0, service={
> }, addl=, hot=0, history=D, uid=Y6rpTW6Rgeg, conn=<uninitialized>, extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, mime=<uninitialized>, mime_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, ssh=<uninitialized>, ssl=<uninitialized>, syslog=<uninitialized>]', who = 'T', newnick = '', vararg0 = 'Trance')
> {noformat}
> Also, gdb stack trace:
> {noformat}
> (gdb) bt
> #0 0x081ae57f in Unref (o=0x1b9) at /home/gilbert/Code/bro-baseline/src/Obj.h:215
> BIT-1 0x0827fc24 in Frame::SetElement (this=0xac64360, n=3, v=0xac60da0) at /home/gilbert/Code/bro-baseline/src/Frame.h:25
> BIT-2 0x08288796 in BroFunc::Call (this=0x920b258, args=0xac60ec8, parent=0x0) at /home/gilbert/Code/bro-baseline/src/Func.cc:304
> BIT-3 0x08251d33 in EventHandler::Call (this=0x91363c0, vl=0xac60ec8, no_remote=false) at /home/gilbert/Code/bro-baseline/src/EventHandler.cc:73
> BIT-4 0x081fd6c9 in Event::Dispatch (this=0xac63e08, no_remote=false) at /home/gilbert/Code/bro-baseline/src/Event.h:46
> BIT-5 0x08251594 in EventMgr::Dispatch (this=0x8471da0) at /home/gilbert/Code/bro-baseline/src/Event.cc:107
> BIT-6 0x082515ef in EventMgr::Drain (this=0x8471da0) at /home/gilbert/Code/bro-baseline/src/Event.cc:119
> BIT-7 0x082e16f1 in net_packet_dispatch (t=1311220077.46205, hdr=0x9a15c58, pkt=0x9a16148 "", hdr_size=14, src_ps=0x9a15c20, pkt_elem=0x0)
> at /home/gilbert/Code/bro-baseline/src/Net.cc:354
> BIT-8 0x082e1912 in net_packet_arrival (t=1311220077.46205, hdr=0x9a15c58, pkt=0x9a16148 "", hdr_size=14, src_ps=0x9a15c20)
> at /home/gilbert/Code/bro-baseline/src/Net.cc:416
> BIT-9 0x082f2433 in PktSrc::Process (this=0x9a15c20) at /home/gilbert/Code/bro-baseline/src/PktSrc.cc:275
> BIT-10 0x082e1a33 in net_run () at /home/gilbert/Code/bro-baseline/src/Net.cc:446
> BIT-11 0x081fcf5e in main (argc=8, argv=0xbf90af14) at /home/gilbert/Code/bro-baseline/src/main.cc:997
> {noformat}
> This crash was triggered by replaying a trace through a local TAP device; Bro was listening on the TAP device and processing the replayed packets.
> The address passed to Unref() appears to be invalid.
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
More information about the bro-dev
mailing list