Help deciphering/decoding/debugging abrt report

scarf · 06-11-2016, 04:33 PM

I received the following notice from my abrt daemon, about a crash. I'm not sure if my question belongs in the security forum, but it seems the file that crashed was gam_server, a file modification monitoring daemon, and VNC seems to be involved too, which i see another user has recently posted about... I know VNC is prone to security holes and attacks... our particular server is only accessible through a VPN but the VPN has potentially thousands of other users within the organization, so at a minimum it is vulnerable to local attacks. Anyway what do you think of this report? I tried to scrub private information out that doesn't seem necessary to publish... Thanks

Code:

abrt_version:   2.0.8
cgroup:         
cmdline:        /usr/libexec/gam_server
event_log:      
executable:     /usr/libexec/gam_server
hostname:       [private]
kernel:         2.6.32-573.18.1.el6.x86_64
last_occurrence: [private]
machineid:      [private]
pid:            18112
pkg_arch:       x86_64
pkg_epoch:      0
pkg_fingerprint: [private]
pkg_name:       gamin
pkg_release:    9.el6
pkg_vendor:     Red Hat, Inc.
pkg_version:    0.1.10
pwd:            [private]
time:           Sat 11 Jun 2016 12:53:54 PM MST
uid:            1089
username:       [private]

sosreport.tar.xz: Binary file, 1936412 bytes

core_backtrace:
:{   "signal": 11
:,   "executable": "/usr/libexec/gam_server"
:,   "stacktrace":
:      [ {   "crash_thread": true
:        ,   "frames":
:              [ {   "address": 246571071690
:                ,   "build_id": "24d3ab3db0f38c7515feadf82191651da4117a18"
:                ,   "build_id_offset": 522442
:                ,   "function_name": "__strcmp_sse2"
:                ,   "file_name": "/lib64/libc.so.6"
:                }
:              , {   "address": 4208267
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 13963
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4211020
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 16716
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4238837
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 44533
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4244802
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 50498
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4241365
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 47061
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 246600175755
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 266379
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600173122
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 263746
:                ,   "function_name": "g_main_context_dispatch"
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600191128
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 281752
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600192421
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 283045
:                ,   "function_name": "g_main_loop_run"
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 4212838
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 18534
:                ,   "file_name": "/usr/libexec/gam_server"
:                } ]
:        } ]
:}

dso_list:
:/lib64/ld-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libnss_ldap.so.2 nss-pam-ldapd-0.7.5-32.el6.x86_64 (Red Hat, Inc.) 1463016566
:/usr/lib64/gconv/gconv-modules.cache glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/librt-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/usr/libexec/gam_server gamin-0.1.10-9.el6.x86_64 (Red Hat, Inc.) 1316803441
:/lib64/libnss_files-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libc-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libglib-2.0.so.0.2800.8 glib2-2.28.8-5.el6.x86_64 (Red Hat, Inc.) 1463017960
:/lib64/libpthread-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140

environ:
:REMOTEHOST=[private]
:MANPATH=[private]
:'VNCDESKTOP=[private]:1 ([private])'
:SSH_AGENT_PID=[private]
:HOSTNAME=[private]
:FPCHELP=[private]
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:SHELL=/bin/tcsh
:HOST=[private]
:TERM=xterm
:XDG_SESSION_COOKIE=[private]
:'SSH_CLIENT=[private] 61184 22'
:PERL5LIB=[private]
:SYSFONT=latarcyrheb-sun16
:QTDIR=/usr/lib64/qt-3.3
:QTINC=/usr/lib64/qt-3.3/include
:SSH_TTY=/dev/pts/2
:IMSETTINGS_MODULE=none
:USER=[private]
:GROUP=seq
:LS_COLORS=rs=0:di=01;30:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
:MPICH_USE_SHLIB=yes
:PHRED_PARAMETER_FILE=[private]
:SSH_AUTH_SOCK=/tmp/keyring-[private]/socket.ssh
:HOSTTYPE=x86_64-linux
:RIGDIR=/usr/local/rig
:PATH=[private]
:MAIL=/var/spool/mail/[private]
:QT_IM_MODULE=xim
:PWD=[private]
:XMODIFIERS=@im=none
:EDITOR=vi
:LANG=en_US.UTF-8
:KDE_IS_PRELINKED=1
:KDEDIRS=/usr
:FPCTOP_DIR=/home/fpc
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HOME=[private]
:SHLVL=2
:OSTYPE=linux
:CONSED_HOME=[private]
:VENDOR=unknown
:LOGNAME=[private]
:MACHTYPE=x86_64
:CVS_RSH=ssh
:QTLIB=/usr/lib64/qt-3.3/lib
:'SSH_CONNECTION=[private] 61184 [private] 22'
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-[private],guid=[private]
:ZOE=/opt/snap
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:IMTOP_DIR=/home/imdata
:DISPLAY=:1
:GTK_IM_MODULE=gtk-im-context-simple
:G_BROKEN_FILENAMES=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/18031,unix/unix:/tmp/.ICE-unix/18031
:ORBIT_SOCKETDIR=/tmp/orbit-[private]
:GTK_RC_FILES=[private]
:GNOME_KEYRING_SOCKET=/tmp/keyring-[private]/socket
:GAM_CLIENT_ID=

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            10485760             unlimited            bytes     
:Max core file size        unlimited            unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             1024                 128056               processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       128056               128056               signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

maps:
:00400000-00416000 r-xp 00000000 fd:00 2118414                            /usr/libexec/gam_server
:00615000-00617000 rw-p 00015000 fd:00 2118414                            /usr/libexec/gam_server
:01bb5000-01bfc000 rw-p 00000000 00:00 0                                  [heap]
:3968800000-3968820000 r-xp 00000000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a1f000-3968a21000 r--p 0001f000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a21000-3968a22000 rw-p 00021000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a22000-3968a23000 rw-p 00000000 00:00 0 
:3968c00000-3968d8a000 r-xp 00000000 fd:00 1048921                        /lib64/libc-2.12.so
:3968d8a000-3968f8a000 ---p 0018a000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f8a000-3968f8e000 r--p 0018a000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f8e000-3968f90000 rw-p 0018e000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f90000-3968f94000 rw-p 00000000 00:00 0 
:3969400000-3969417000 r-xp 00000000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969417000-3969617000 ---p 00017000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969617000-3969618000 r--p 00017000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969618000-3969619000 rw-p 00018000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969619000-396961d000 rw-p 00000000 00:00 0 
:3969c00000-3969c07000 r-xp 00000000 fd:00 1048950                        /lib64/librt-2.12.so
:3969c07000-3969e06000 ---p 00007000 fd:00 1048950                        /lib64/librt-2.12.so
:3969e06000-3969e07000 r--p 00006000 fd:00 1048950                        /lib64/librt-2.12.so
:3969e07000-3969e08000 rw-p 00007000 fd:00 1048950                        /lib64/librt-2.12.so
:396a800000-396a915000 r-xp 00000000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396a915000-396ab15000 ---p 00115000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396ab15000-396ab16000 rw-p 00115000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396ab16000-396ab17000 rw-p 00000000 00:00 0 
:7f317a1a0000-7f317a1ab000 r-xp 00000000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a1ab000-7f317a3aa000 ---p 0000b000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a3aa000-7f317a3ab000 rw-p 0000a000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a3ab000-7f317a3b8000 r-xp 00000000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a3b8000-7f317a5b7000 ---p 0000d000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b7000-7f317a5b8000 r--p 0000c000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b8000-7f317a5b9000 rw-p 0000d000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b9000-7f317a5bd000 rw-p 00000000 00:00 0 
:7f317a5ce000-7f317a5d5000 r--s 00000000 fd:00 2098436                    /usr/lib64/gconv/gconv-modules.cache
:7f317a5d5000-7f317a5d6000 rw-p 00000000 00:00 0 
:7ffc1ef2c000-7ffc1ef41000 rw-p 00000000 00:00 0                          [stack]
:7ffc1ef69000-7ffc1ef6a000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

open_fds:
:0:/dev/null
:pos:	0
:flags:	0100000
:1:/dev/null
:pos:	0
:flags:	0100001
:2:/dev/null
:pos:	0
:flags:	0100001
:3:inotify
:pos:	0
:flags:	04000
:4:socket:[3218055]
:pos:	0
:flags:	02
:5:pipe:[3218056]
:pos:	0
:flags:	04000
:6:pipe:[3218056]
:pos:	0
:flags:	04001
:7:socket:[3218074]
:pos:	0
:flags:	02
:8:socket:[3218181]
:pos:	0
:flags:	02
:9:socket:[3218496]
:pos:	0
:flags:	02
:10:socket:[3219764]
:pos:	0
:flags:	02

var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]
.

JockVSJock · 06-12-2016, 09:04 PM

This looks like an SOSREPORT for Red hat GSS troubleshooting. Wondering if you have shared this with them?

Possible clue here:

Code:

var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]

There is probably a core dump file under /usr/libexec/gam_server. You could use objdump to sift thru the info...

Looks like abrt can generate a core dump under Red Hat, correct?

What app are you trying to troubleshoot and create a core dump for, VNC?