[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: [Ntop] RC1BUG - SEGFAULT - free(), called from scanTimedoutTCPSessions()
From: "Burton M. Strauss III" <Burton () ntopsupport ! com>
Date: 2002-05-31 14:46:51
Message-ID: JIEPJGFPFMFIGBNCPKGGIEIFCIAA.Burton () ntopsupport ! com
[Download RAW message or body]
First off, I've changed the subject to a meaningful one...
Luca:
Patrick is reporting a problem in the free() called from freeSession()
called from scanTimedoutTCPSessions()
Below is the (extracted) (meaningful) stuff from his gdb trace...
It looks like we're freeing a session that wasn't allocated through malloc()
or something like that... yet sessionToPurge looks fine...
Please let us know whatelse you need...
-----Burton
30/May/2002 11:08:59 Extending hash size [newSize=512][deviceId=0]
30/May/2002 11:09:00 Started thread (6151) for network packet sniffing on
eth0.
30/May/2002 11:09:24 Extending hash size [newSize=1024][deviceId=0]
30/May/2002 11:10:04 Extending hash size [newSize=2048][deviceId=0]
30/May/2002 11:11:34 Extending hash size [newSize=4096][deviceId=0]
30/May/2002 11:14:34 Extending hash size [newSize=8192][deviceId=0]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2051 (LWP 13680)]
0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at malloc.c:3228
3228 malloc.c: No such file or directory.
in malloc.c
(gdb) info stack
#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
malloc.c:3228
#1 0x4055ebf4 in __libc_free (mem=0x8793970) at malloc.c:3154
#2 0x40284c55 in ntop_safefree (ptr=0x41ad29dc, file=0x402a55b9
"sessions.c", line=246) at leaks.c:485
#3 0x402905cf in freeSession (sessionToPurge=0x8793970, actualDeviceId=0,
allocateMemoryIfNeeded=1 '\001')
at sessions.c:246
#4 0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at
sessions.c:310
#5 0x4028107e in purgeIdleHosts (actDevice=0) at hash.c:471
#6 0x40286909 in scanIdleLoop (notUsed=0x0) at ntop.c:619
#7! 0x4022fb9c in pthread_start_thread (arg=0x41ad2be0) at manager.c:274
#8 0x4022fc7f in pthread_start_thread_event (arg=0x41ad2be0) at
manager.c:298
(gdb) frame 3
#3 0x402905cf in freeSession (sessionToPurge=0x8793970, actualDeviceId=0,
allocateMemoryIfNeeded=1 '\001')
at sessions.c:246
246 free(sessionToPurge); /* No inner pointers to free */
(gdb) list
241 &nb! sp; _intoa(sessionToPurge->remotePeerRealIp, buf1,
sizeof(buf1)), sessionToPurge->dport,
242 sessionToPurge->lastSeen,
myGlobals.device[actualDeviceId].numTcpSessions);
243 }
244 #endif
245
246 free(sessionToPurge); /* No inner pointers to free */
247 }
248
249 /* ************************************ */
250
(gdb) print sessionToPurge
$12 = (IPSession *) 0x8793970
(gdb) print *sessionToPurge
$13 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = 2887190290},
sport = 4260, remotePeerIdx = 43,
remotePeerRealIp = {s_addr = 3507473923}, dport = 80, firstSeen =
1022771354, lastSeen = 1022771359, pktSent = 5,
pktRcvd = 0, bytesSe! nt = 590, bytesRcvd = 0, bytesProtoSent = 382,
bytesProtoRcvd = 0, bytesFragmentedSent = 0,
bytesFragmentedRcvd = 0, minWindow = 64, maxWindow = 55359, nwLatency =
{tv_sec = 0, tv_usec = 0}, numFin = 1,
numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0,
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,
bytesRetranI2R = 0, bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0},
lastFlags = 17, lastCSAck = 0, lastSCAck = 0,
lastCSFin = 3907093120, lastSCFin = 0, lastInitiator2RemFlags =
"\000\000\000", lastRem2InitiatorFlags = "\000\000\000",
sessionState = 3 '\003', passiveFtpSession = 0 '\000', next = 0x0}
(gdb) frame 4
#4 0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at
sessions.c:310
310 freeSession(thisSession, actualDeviceId, 1);
(gdb) print thisSession
$18 = (IPSession *) 0x8793970
(gdb) print *thisSession
$19 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = 2887190290},
sport = 4260, remotePeerIdx = 43,
remotePeerRealIp = {s_addr = 3507473923}, dport! = 80, firstSeen =
1022771354, lastSeen = 1022771359, pktSent = 5,
pktRcvd = 0, bytesSent = 590, bytesRcvd = 0, bytesProtoSent = 382,
bytesProtoRcvd = 0, bytesFragmentedSent = 0,
bytesFragmentedRcvd = 0, minWindow = 64, maxWindow = 55359, nwLatency =
{tv_sec = 0, tv_usec = 0}, numFin = 1,
numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0,
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,
bytesRetranI2R = 0, bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0},
lastFlags = 17, lastCSAck = 0, lastSCAck = 0,
lastCSFin = 3907093120, lastSCFin = 0, lastInitiator2RemFlags =
"\000\000\000", lastRem2InitiatorFlags = "\000\000\000",
sessionState = 3 '\003', passiveFtpSession = 0 '\000', next = 0x0}
(gdb) frame 5
#5 0x4028107e in purgeIdleHosts (actDevice=0) at hash.c:471
471 scanTimedoutTCPSessions(actDevice); /* let's check timedout
sessions too */
(gdb) print actDevice
$20 = 0
(gdb) frame 0
#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
malloc.c:3228
3228 in malloc.c
(gdb) print ar_ptr
$24 = (arena *) 0x40612620
(gdb) print *ar_ptr
$25 = {av = {0x0, 0xff0717ff, 0xad237d8, 0x40612620, 0x88d9150, 0x88d9150,
0x8411070, 0x8461238, 0x8ba40d0, 0x8ba40d0,
0x87b73a0, 0x8410ff0, 0x8a99df8, 0xaa05c10, 0x89600e8, 0x8a90c58,
0x40612658, 0x40612658, 0x40612660, 0x40612660,
0x40612668, 0x40612668, 0x8483790, 0x8866008, 0x40612678, 0x40612678,
0x87cbbd8, 0x87cbbd8, 0x87d6c70, 0x8bc9948,
0x846f0c8, 0x8457e10! , 0x87dd370, 0x87dd370, 0x406126a0, 0x406126a0,
0x406126a8, 0x406126a8, 0x868d1a8, 0x868d1a8,
0x406126b8, 0x406126b8, 0x8875608, 0x841e778, 0x406126c8, 0x406126c8,
0x406126d0, 0x406126d0, 0x8b377b0, 0x887a510,
0x8962b28, 0x8962b28, 0x86785b0, 0xa8ff8c0, 0xad236a0, 0xad236a0,
0x406126f8, 0x406126f8, 0x868d0b0, 0x868d0b0,
0x87ed6a0, 0x8ba81a8, 0x40612710, 0x40612710, 0x40612718, 0x40612718,
0x40612720, 0x40612720, 0x40612728, 0x40612728,
0x40612730, 0x40612730, 0x40612738, 0x40612738, 0x40612740, 0x40612740,
0x40612748, 0x40612748, 0x83f5368, 0x83f5368,
0x40612758, 0x40612758, 0x40612760, 0x40612760, 0x40612768, 0x40612768,
0x885e828, 0x847c9e0, 0x40612778, 0x40612778,
0x40612780, 0x40612780, 0x40612788, 0x40612788, 0x40612790, 0x40612790,
0x40612798, 0x40612798, 0x406127a0,
0x406127a0, 0x406127a8, 0x406127a8, 0x862de30, 0x84! 0cbc0, 0x406127b8,
0x406127b8, 0x406127c0, 0x406127c0, 0x406127c8,
0x406127c8, 0x406127d0, 0x406127d0, 0x406127d8, 0x406127d8, 0x406127e0,
0x406127e0, 0x406127e8, 0x406127e8,
0x406127f0, 0x406127f0, 0x406127f8, 0x406127f8, 0x40612800, 0x40612800,
0x40612808, 0x40612808, 0x40612810,
0x40612810, 0x40612818, 0x40612818, 0x87d69b0, 0x87d69b0, 0x83f5010,
0x83f5010, 0x40612830, 0x40612830, 0x8236530,
0x8236530, 0x40612840, 0x40612840, 0x40612848, 0x40612848, 0x40612850,
0x40612850, 0x40612858, 0x40612858, 0x8b47ae0,
0x8b47ae0, 0x40612868, 0x40612868, 0x40612870, 0x40612870, 0x40612878,
0x40612878, 0x40612880, 0x40612880, 0x40612888,
0x40612888, 0x40612890, 0x40612890, 0x40612898, 0x40612898, 0x406128a0,
0x406128a0, 0x406128a8, 0x406128a8,
0x406128b0, 0x406128b0, 0x406128b8, 0x406128b8, 0x406128c0, 0x406128c0,
0x406128c8, 0x406128! c8, 0x406128d0,
0x406128d0, 0x406128d8, 0x406128d8, 0x406128e0, 0x406128e0, 0x406128e8,
0x406128e8, 0x406128f0, 0x406128f0,
0x406128f8, 0x406128f8, 0x40612900, 0x40612900, 0x40612908, 0x40612908,
0x40612910, 0x40612910, 0x40612918,
0x40612918, 0x40612920, 0x40612920, 0x8b481b8, 0x8b481b8, 0x8479f18,
0x8b342d0...}, next = 0x40612620,
size = 45112412, mutex = {__m_reserved = 0, __m_count = 0, __m_owner =
0x0, __m_kind = 0, __m_lock = {__status = 1,
__spinlock = 0}}}
(gdb) print p
$27 = 0x8793968
(gdb) print *p
$28 = {prev_size = 0, size = 200, fd = 0x0, bk = 0x2}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic