Ubuntu
tripwire package

tripwire -m c stops with segmentation fault

Bug #296302 reported by Peter Wainwright
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripwire (Ubuntu)
New
Undecided
Unassigned

Bug Description

My nightly tripwire check has been failing since I reinstalled some kernel modules at the beginning of November 2008.

I'm running tripwire 2.3.1.2.0-11 on Ubuntu 8.04 with all updates applied.

strace -eopen,access,lstat,lstat64 tripwire -m c

lstat("/lib/modules/2.6.24-21-generic/ubuntu/wireless/wimax-i2400m/drivers/net/wimax/i2400m/i2400m.ko", {st_mode=S_IFREG|0644, st_size=59448, ...}) = 0
open("/lib/modules/2.6.24-21-generic/ubuntu/wireless/wimax-i2400m/drivers/net/wimax/i2400m/i2400m.ko", O_RDONLY) = 3
lstat("/lib/modules/2.6.24-21-generic/ubuntu/wireless/wimax-i2400m/drivers/net/wimax/wimax.ko", {st_mode=S_IFREG|0644, st_size=23352, ...}) = 0
open("/lib/modules/2.6.24-21-generic/ubuntu/wireless/wimax-i2400m/drivers/net/wimax/wimax.ko", O_RDONLY) = 3
lstat("/lib/modules/2.6.24-21-generic/volatile", {st_mode=S_IFDIR|0755, st_size=300, ...}) = 0
The object: "/lib/modules/2.6.24-21-generic/volatile" is on a different file system...ignoring.
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Software interrupt forced exit: Segmentation Fault
Process 19513 detached

I've checked, and it seems that /lib/modules/2.6.24-21-generic/volatile is a mounted tmpfs filesystem. It seems to cause tripwire to crash.

root@ceiriog:prw# cat /proc/mounts | grep volatile
tmpfs /lib/modules/2.6.24-21-generic/volatile tmpfs rw,relatime 0 0

(gdb) i s
#0 0x00000000004d4b39 in cFCODataSourceIterImpl::CanDescend (this=0x17178f0) at fcodatasourceiterimpl.cpp:148
#1 0x000000000040ac05 in cIntegrityCheck::ProcessDir (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee56780, pIter=0x17178f0) at integritycheck.cpp:299
#2 0x000000000040a23b in cIntegrityCheck::ProcessAddedFCO (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee56ad0, pIter=0x9723a0, bRecurse=true) at integritycheck.cpp:94
#3 0x000000000040ae51 in cIntegrityCheck::ProcessDir (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee56ce0, pIter=0x9723a0) at integritycheck.cpp:360
#4 0x000000000040ab10 in cIntegrityCheck::ProcessChangedFCO (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee56fa0, pIter=0xb177c0, bRecurse=true) at integritycheck.cpp:235
#5 0x000000000040b263 in cIntegrityCheck::ProcessDir (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee573f0, pIter=0xb177c0) at integritycheck.cpp:402
#6 0x000000000040ab10 in cIntegrityCheck::ProcessChangedFCO (this=0x7fff0ee57bc0, dbIter=@0x7fff0ee576f0, pIter=0x7ff750, bRecurse=true) at integritycheck.cpp:235
#7 0x000000000040ba5e in cIntegrityCheck::Execute (this=0x7fff0ee57bc0, flags=0) at integritycheck.cpp:536
#8 0x0000000000428c1d in cTWModeIC::Execute (this=0x7d85c0, pQueue=0x7fff0ee582f0) at twcmdline.cpp:1341
#9 0x000000000041a38c in main (argc=3, argv=0x7fff0ee58598, envp=0x7fff0ee585b8) at tripwiremain.cpp:235

In CanDescend, at the line:
return ( (*mCurPos)->GetCaps() & iFCO::CAP_CAN_HAVE_CHILDREN );

gdb reports that

(gdb) p *mCurPos
$3 = (class iFCO * const&) @0x17dd2a8: 0x80

which is clearly not a valid pointer. However, I can't tell what this iterator thing is supposed to represent and I can't spare the time to debug further without more clues...

See original description
Peter Wainwright (prw)
description: updated
Revision history for this message
martin suchanek (martin-suc) wrote :

I am not sure but the following should corresponding with an error:

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Thu May 17 09:45:04 2012
DistroRelease: Ubuntu 12.04
ExecutablePath: /usr/sbin/tripwire
ExecutableTimestamp: 1326844936
ProcCmdline: /usr/sbin/tripwire
ProcCwd: /
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
 SHELL=/bin/sh
ProcMaps:
 00400000-0066b000 r-xp 00000000 08:25 6315215 /usr/sbin/tripwire
 0086b000-00870000 rw-p 0026b000 08:25 6315215 /usr/sbin/tripwire
 00870000-0088a000 rw-p 00000000 00:00 0
 02227000-048db000 rw-p 00000000 00:00 0 [heap]
 7fa4f1465000-7fa4f1866000 rw-p 00000000 00:00 0
 7fa4f1c2a000-7fa4f1c2b000 rw-p 00000000 00:00 0
 7fa4f1c2c000-7fa4f1c8e000 rw-p 00000000 00:00 0
 7fff20d67000-7fff20d88000 rw-p 00000000 00:00 0 [stack]
 7fff20dff000-7fff20e00000 r-xp 00000000 00:00 0 [vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
ProcStatus:
 Name: tripwire
 State: S (sleeping)
 Tgid: 14105
 Pid: 14105
 PPid: 14104
 TracerPid: 0
 Uid: 0 0 0 0
 Gid: 0 0 0 0
 FDSize: 64
 Groups:
 VmPeak: 46872 kB
 VmSize: 46868 kB
 VmLck: 0 kB
 VmPin: 0 kB
 VmHWM: 45044 kB
 VmRSS: 45044 kB
 VmData: 44236 kB
 VmStk: 136 kB
 VmExe: 2476 kB
 VmLib: 0 kB
 VmPTE: 112 kB
 VmSwap: 0 kB
 Threads: 1
 SigQ: 1/255948
 SigPnd: 0000000000000000
 ShdPnd: 0000000000000000
 SigBlk: 0000000000000000
 SigIgn: 0000000000001000
 SigCgt: 00000000418000fc
 CapInh: 0000000000000000
 CapPrm: ffffffffffffffff
 CapEff: ffffffffffffffff
 CapBnd: ffffffffffffffff
 Cpus_allowed: ff
 Cpus_allowed_list: 0-7
 Mems_allowed: 00000000,00000001
 Mems_allowed_list: 0
 voluntary_ctxt_switches: 347249
 nonvoluntary_ctxt_switches: 23044
Signal: 11
Uname: Linux 3.2.0-24-generic x86_64
UserGroups:
CoreDump: base64

...
... see attached file
...

SegvAnalysis:
 Segfault happened at: 0x421: Cannot access memory at address 0x421
 PC (0x00000421) not located in a known VMA region (needed executable region)!
SegvReason: executing NULL VMA
SourcePackage: tripwire
....

Revision history for this message
martin suchanek (martin-suc) wrote :

The whole crash report is located here:

http://dl.dropbox.com/u/38489690/var/crash/_usr_sbin_tripwire.0.crash

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.