[Oisf-devel] Crashing

Wed Feb 23 15:49:46 UTC 2011

On 22/02/11 12:35, Chris Wakelin wrote:

> Usual lots of
> 
>> [20949] 22/2/2011 -- 11:56:48 - (app-layer-parser.c:943) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 134.225.xxx.xxx, destination IP address yyy.yyy.yyy.yyy, src port 3044 and dst port 80
> 
> per second, then
> 
>> [20949] 22/2/2011 -- 11:56:48 - (stream-tcp-reassemble.c:486) <Info> (PrintList) -- inconsistant list: SEQ_LT(seg->seq,next_seq)) == TRUE, seg->seq 959020101, next_seq 959020645
> 
> (BTW That should be "inconsistent" - which describes English spelling
> quite well :) )
> 

Here's another one:

> (gdb) bt
> #0  0x00007f7afb404a75 in raise () from /lib/libc.so.6
> #1  0x00007f7afb4085c0 in abort () from /lib/libc.so.6
> #2  0x00000000004d6b9c in PrintList (seg=0x7f7aecbf3d40) at stream-tcp-reassemble.c:495
> #3  0x00000000004d9407 in HandleSegmentStartsBeforeListSegment (tv=<value optimised out>, ra_ctx=<value optimised out>, stream=0x7f7972a75bb8, 
>     seg=0x7f7aeccaa6b0, p=<value optimised out>) at stream-tcp-reassemble.c:937
> #4  StreamTcpReassembleInsertSegment (tv=<value optimised out>, ra_ctx=<value optimised out>, stream=0x7f7972a75bb8, seg=0x7f7aeccaa6b0, 
>     p=<value optimised out>) at stream-tcp-reassemble.c:624
> #5  0x00000000004d9d09 in StreamTcpReassembleHandleSegmentHandleData (tv=0x674ea10, ra_ctx=0x7f7af0000cc0, ssn=<value optimised out>, 
>     stream=0x7f7972a75bb8, p=0x2ad6560) at stream-tcp-reassemble.c:1631
> #6  0x00000000004da11d in StreamTcpReassembleHandleSegment (tv=0x674ea10, ra_ctx=0x7f7af0000cc0, ssn=0x7f7972a75bb0, stream=0x7f7972a75bb8, p=0x2ad6560, 
>     pq=<value optimised out>) at stream-tcp-reassemble.c:3502
> #7  0x00000000004d393f in HandleEstablishedPacketToClient (tv=0x674ea10, p=0x2ad6560, stt=0x6840c20, ssn=0x7f7972a75bb0, pq=<value optimised out>)
>     at stream-tcp.c:1753
> #8  StreamTcpPacketStateEstablished (tv=0x674ea10, p=0x2ad6560, stt=0x6840c20, ssn=0x7f7972a75bb0, pq=<value optimised out>) at stream-tcp.c:1882
> #9  0x00000000004d5290 in StreamTcpPacket (tv=0x674ea10, p=0x2ad6560, data=0x6840c20, pq=<value optimised out>, postpq=<value optimised out>)
>     at stream-tcp.c:3208
> #10 StreamTcp (tv=0x674ea10, p=0x2ad6560, data=0x6840c20, pq=<value optimised out>, postpq=<value optimised out>) at stream-tcp.c:3388
> #11 0x00000000004c0e1e in TmThreadsSlot1 (td=0x674ea10) at tm-threads.c:356
> #12 0x00007f7afbba89ca in start_thread () from /lib/libpthread.so.0
> #13 0x00007f7afb4b770d in clone () from /lib/libc.so.6
> #14 0x0000000000000000 in ?? ()

I managed to get the PrintList output (excluding all the usual
SC_ERR_ALPARSER errors):

...

> [27942] 23/2/2011 -- 15:11:03 - (tm-threads.c:1487) <Info> (TmThreadWaitOnThreadInit) -- all 9 packet processing threads, 3 management threads initialized, engine started.
> [27947] 23/2/2011 -- 15:18:45 - (stream-tcp-reassemble.c:463) <Info> (PrintList) -- missing segment(s) for 1 bytes of data
> [27947] 23/2/2011 -- 15:18:45 - (stream-tcp-reassemble.c:463) <Info> (PrintList) -- missing segment(s) for 1460 bytes of data
> [27947] 23/2/2011 -- 15:35:56 - (stream-tcp-reassemble.c:463) <Info> (PrintList) -- missing segment(s) for 1 bytes of data
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:463) <Info> (PrintList) -- missing segment(s) for 1 bytes of data
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:463) <Info> (PrintList) -- missing segment(s) for 1 bytes of data
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:486) <Info> (PrintList) -- inconsistant list: SEQ_LT(seg->seq,next_seq)) == TRUE, seg->seq 3151117997, next_seq 3151118677
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151116631 len 685, seg 0x7f7aeccde190, prev (nil), next 0x7f7aecd54030
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151117316
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151117316 len 679, seg 0x7f7aecd54030, prev 0x7f7aeccde190, next 0x7f7aecbf4130
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151117995
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151117995 len 1, seg 0x7f7aecbf4130, prev 0x7f7aecd54030, next 0x7f7aecccddb0
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151117996
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151117996 len 681, seg 0x7f7aecccddb0, prev 0x7f7aecbf4130, next 0x7f7aecbf3d40
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151118677
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151117997 len 1, seg 0x7f7aecbf3d40, prev 0x7f7aecccddb0, next 0x7f7aecbf2ed0
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:435) <Info> (PrintList2) -- inconsistant list: SEQ_LT(seg->seq,next_seq)) == TRUE, seg->seq 3151117997, next_seq 3151118677
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151117998
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:414) <Info> (PrintList2) -- missing segment(s) for 1 bytes of data
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:418) <Info> (PrintList2) -- seg 3151117999 len 1, seg 0x7f7aecbf2ed0, prev 0x7f7aecbf3d40, next (nil)
> [27947] 23/2/2011 -- 15:36:39 - (stream-tcp-reassemble.c:444) <Info> (PrintList2) -- next_seq is now 3151118000

Does this help?

Best Wishes,
Chris

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094