[Bro-Commits] [git/bro] topic/jsiwek/modbus-fixes: Remove byte count parameter from modbus events carrying register arrays (fd5eb23)

Development
1

Thanks for looking into this, Jon.

I'm still seeing crashes with this commit (trace included below). Should I open a new ticket for this? I don't want to latch onto the merge request at #917 unnecessarily. Thanks,

  --Vlad

[New LWP 3282]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/bro/bin/bro -i eth4 -U .status -p broctl -p broctl-live -p local -p'.
Program terminated with signal 6, Aborted.
#0 0x00007f46f893f425 in raise () from /lib/x86_64-linux-gnu/libc.so.6

Thread 1 (Thread 0x7f46fac7e780 (LWP 3282)):
#0 0x00007f46f893f425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f46f8942b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f46f89380ee in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f46f8938192 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x000000000068cd9f in ClearPreviousData (this=<optimized out>) at /home/bro/src/bro/aux/binpac/lib/binpac_buffer.cc:213
#5 binpac::FlowBuffer::ClearPreviousData (this=<optimized out>) at /home/bro/src/bro/aux/binpac/lib/binpac_buffer.cc:208
#6 0x000000000068d246 in binpac::FlowBuffer::NewData (this=0xb1b08c0, begin=0xbfcf7a0 "\300\205", end=0xbfcf7ad "") at /home/bro/src/bro/aux/binpac/lib/binpac_buffer.cc:176
#7 0x0000000000503ce0 in binpac::ModbusTCP::ModbusTCP_Flow::NewData (this=0x46c1f90, t_begin_of_data=<optimized out>, t_end_of_data=<optimized out>) at /home/bro/src/bro/build/src/modbus_pac.cc:2867
#8 0x000000000052169d in Analyzer::NextStream (this=0xb1a3640, len=<optimized out>, data=<optimized out>, is_orig=<optimized out>) at /home/bro/src/bro/src/Analyzer.cc:369
#9 0x00000000005222b6 in Analyzer::ForwardStream (this=0xb19b240, len=13, data=0xbfcf7a0 "\300\205", is_orig=false) at /home/bro/src/bro/src/Analyzer.cc:456
#10 0x0000000000646e80 in TCP_Reassembler::DeliverBlock (this=0x5fdf8c0, seq=15, len=13, data=0xbfcf7a0 "\300\205") at /home/bro/src/bro/src/TCP_Reassembler.cc:618
#11 0x00000000006471aa in BlockInserted (start_block=<optimized out>, this=<optimized out>) at /home/bro/src/bro/src/TCP_Reassembler.cc:359
#12 TCP_Reassembler::BlockInserted (this=0x5fdf8c0, start_block=<optimized out>) at /home/bro/src/bro/src/TCP_Reassembler.cc:334
#13 0x0000000000646d28 in TCP_Reassembler::DataSent (this=0x5fdf8c0, t=<optimized out>, seq=<optimized out>, len=<optimized out>, data=<optimized out>, replaying=<optimized out>) at /home/bro/src/bro/src/TCP_Reassembler.cc:458
#14 0x0000000000645cc6 in TCP_Endpoint::DataSent (this=0xb1a8790, t=<optimized out>, seq=15, len=13, caplen=13, data=0x7f46e2eefffe <Address 0x7f46e2eefffe out of bounds>, ip=<optimized out>, tp=0x7f46e2eeffea) at /home/bro/src/bro/src/TCP_Endpoint.cc:183
#15 0x00000000006446f8 in TCP_Analyzer::DeliverPacket (this=0xb19b240, len=13, data=0x7f46e2eefffe <Address 0x7f46e2eefffe out of bounds>, is_orig=false, seq=<optimized out>, ip=0x7fff69511bf0, caplen=13) at /home/bro/src/bro/src/TCP.cc:1039
#16 0x0000000000521571 in Analyzer::NextPacket (this=0xb19b240, len=<optimized out>, data=<optimized out>, is_orig=<optimized out>, seq=<optimized out>, ip=<optimized out>, caplen=33) at /home/bro/src/bro/src/Analyzer.cc:341
#17 0x000000000053aa70 in Connection::NextPacket (this=<optimized out>, t=<optimized out>, is_orig=<optimized out>, ip=<optimized out>, len=<optimized out>, caplen=<optimized out>, data=<optimized out>, record_packet=@0x7fff69511868: 1, record_content=@0x7fff6951186c: 1, hdr=0x1abd040, pkt=0x7f46e2eeffc8 <Address 0x7f46e2eeffc8 out of bounds>, hdr_size=14) at /home/bro/src/bro/src/Conn.cc:259
#18 0x000000000062e2f0 in NetSessions::DoNextPacket (this=0x2bd0c00, t=1352833032.1424849, hdr=0x1abd040, ip_hdr=0x7fff69511bf0, pkt=0x7f46e2eeffc8 <Address 0x7f46e2eeffc8 out of bounds>, hdr_size=14, encapsulation=0x0) at /home/bro/src/bro/src/Sessions.cc:700
#19 0x000000000062f8c5 in NetSessions::NextPacket (this=0x2bd0c00, t=1352833032.1424849, hdr=0x1abd040, pkt=0x7f46e2eeffc8 <Address 0x7f46e2eeffc8 out of bounds>, hdr_size=14, pkt_elem=<optimized out>) at /home/bro/src/bro/src/Sessions.cc:238
#20 0x00000000005ec14b in net_packet_dispatch (t=1352833032.1424849, hdr=0x1abd040, pkt=0x7f46e2eeffc8 <Address 0x7f46e2eeffc8 out of bounds>, hdr_size=14, src_ps=0x1abd000, pkt_elem=0x0) at /home/bro/src/bro/src/Net.cc:353
#21 0x00000000005fb0cf in Process (this=0x1abd000) at /home/bro/src/bro/src/PktSrc.cc:303
#22 PktSrc::Process (this=0x1abd000) at /home/bro/src/bro/src/PktSrc.cc:175
#23 0x00000000005ec547 in net_run () at /home/bro/src/bro/src/Net.cc:446
#24 0x00000000004c06ea in main (argc=<optimized out>, argv=<optimized out>) at /home/bro/src/bro/src/main.cc:1073

==== No reporter.log

==== stderr.log
listening on eth4, capture length 8192 bytes

bro: /home/bro/src/bro/aux/binpac/lib/binpac_buffer.cc:213: void binpac::FlowBuffer::ClearPreviousData(): Assertion `buffer_n_ == 0' failed.
/usr/local/bro/share/broctl/scripts/run-bro: line 60: 3282 Aborted (core dumped) nohup $mybro $@

2

I'm still seeing crashes with this commit (trace included below). Should I open a new ticket for this? I don't want to latch onto the merge request at #917 unnecessarily. Thanks,

Did you also checkout the changes I did in the aux/binpac repo (I did changes in branch "topic/jsiwek/modbus-fixes" in both bro and aux/binpac) ?

That stack trace looks similar to something I encountered that needed a change in binpac.

    Jon

3

Ah, I didn't catch those commits. Updated to use both, and so far (*knock on wood*) it hasn't crashed. Statistically speaking, the buggy code should've crashed by now. I'll continue to monitor for any issues.

Thanks,

  --Vlad