Wireshark-bugs: [Wireshark-bugs] [Bug 11654] New: NLM v4 statistics crash

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 29 Oct 2015 23:01:25 +0000
Bug ID 11654
Summary NLM v4 statistics crash
Product Wireshark
Version 1.12.8
Hardware x86
OS Windows 8.1
Status UNCONFIRMED
Severity Normal
Priority Low
Component GTK+ UI
Assignee [email protected]
Reporter [email protected] 

Created attachment 13957 [details]
NLM packets that reproduce Service Response Time crash

Build Information:
Version 1.12.8 (v1.12.8-0-g5b6e543 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 14 2015),
with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4310U CPU @ 2.00GHz, with 16289MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Troubleshooting NFS V3, with lockd/statd
Lockd is using NLM v4, statd is using STAT v1.

Selecting 
Statistics->Service Response Time-> ONC-RPC
Program->NLM
Version->4

Crashes.  Input pcap file from a Mac OS X tcpdump.  There ARE NLM v4 packets in
the capture file.  If you select v1 or v2, the statistics are run, finding no
packets (correct).  Wireshark crashes if version = 3 (with no matches in
capture).  Wireshark crashes if version = 4, with matches in capture file.

The filter
ip.proto==17 && rpc.program==100021 && rpc.programversion==4 will filter the
capture file and show all the NLM v4 packets, but you can not run the
"Statistics" function to generate a report.

You CAN use Statistics->Service Response Time with ONC-RPC, NFS V3 correctly.

You can also use Statistics->Service Response Time with STAT v1 correctly which
is very similar to NLM

The filter:
ip.proto==17 && rpc.program==100024 && rpc.programversion==1  displays the STAT
packets (of which there are very few).

This appears to be a bug in the ONC-RPC/NLM statistics reporting, for version 3
or 4.

The attached pcap file, with just NLM packets will reproduce the problem.

The Windows event log shows the following information.

Log Name:      Application
Source:        Application Error
Date:          10/29/2015 6:21:36 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dbaril-e5440.int.panasas.com
Description:
Faulting application name: Wireshark.exe, version: 1.12.8.0, time stamp:
0x561e90db
Faulting module name: libglib-2.0-0.dll, version: 2.38.0.0, time stamp:
0xbabababa
Exception code: 0x40000015
Fault offset: 0x00000000000372df
Faulting process id: 0x1b4
Faulting application start time: 0x01d1129812104c09
Faulting application path: C:\Program Files\Wireshark\Wireshark.exe
Faulting module path: C:\Program Files\Wireshark\libglib-2.0-0.dll
Report Id: 6a71aada-7e8b-11e5-82b0-4851b708a5a7
Faulting package full name: 
Faulting package-relative application ID: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-10-29T22:21:36.000000000Z" />
    <EventRecordID>104847</EventRecordID>
    <Channel>Application</Channel>
    <Computer>dbaril-e5440.int.panasas.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Wireshark.exe</Data>
    <Data>1.12.8.0</Data>
    <Data>561e90db</Data>
    <Data>libglib-2.0-0.dll</Data>
    <Data>2.38.0.0</Data>
    <Data>babababa</Data>
    <Data>40000015</Data>
    <Data>00000000000372df</Data>
    <Data>1b4</Data>
    <Data>01d1129812104c09</Data>
    <Data>C:\Program Files\Wireshark\Wireshark.exe</Data>
    <Data>C:\Program Files\Wireshark\libglib-2.0-0.dll</Data>
    <Data>6a71aada-7e8b-11e5-82b0-4851b708a5a7</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

You are receiving this mail because:
  • You are watching all bug changes.