RE: [squid-users] Spyware....bleh

Thanks Henrik,

I opened a new bug (1329) this morning. I have also reopened a couple
that were slated as fixed. However, they may all be tied together.
Here is the content from the last bug report opened. They may all be
unrelated. However I find it interesting that it happens at a time that
either a known spyware site has tried to be accessed, or that it is a
site containing javascript.

Thanks in advance.

Received the following stack trace on a crash this morning. Running
Squid Cache version 3.0-PRE3-20050609 on Linux Fedora Core 3.

2005/06/21 09:56:07| assertion failed: pconn.cc:145: "i >= 0"
Detaching after fork from child process 2806.
Detaching after fork from child process 2807.
Detaching after fork from child process 2808.
Detaching after fork from child process 2809.
Detaching after fork from child process 2810.
Detaching after fork from child process 2811.

Program received signal SIGABRT, Aborted.
[Switching to Thread -1208232256 (LWP 2803)]
0x009777a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#0 0x009777a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x009b87d5 in raise () from /lib/tls/libc.so.6
#2 0x009ba149 in abort () from /lib/tls/libc.so.6
#3 0x08081ccb in xassert (msg=0x80fdc2a "i >= 0", file=0x80fdc21
"pconn.cc", line=145) at debug.cc:524
#4 0x080b1aa9 in pconnRemoveFD (p=0xb7d8b2a0, fd=134) at pconn.cc:145
#5 0x080b1b2a in pconnTimeout (fd=134, data=0xb7d8b2a0) at pconn.cc:167
#6 0x0807e75d in checkTimeouts () at comm.cc:2257
#7 0x08080889 in comm_select (msec=776) at comm_poll.cc:477
#8 0x080aacc7 in main (argc=2, argv=0xbffd8d84) at main.cc:1159

This last sites visited before this happened were:

"172.20.17.33":;"-":;"172.18.10.200":;1119103179:;2005-06-18
09:59:39:619:;0:;"-":;"-":;"407":;"GET":;"http://dellsupport.dellfix.com
/agent/security/status.txt":;"1.0":;2419:;"text/html":;"TCP_DENIED"
"172.20.17.33":;"-":;"172.18.10.200":;1119103179:;2005-06-18
09:59:39:642:;0:;"-":;"-":;"407":;"GET":;"http://dellsupport.dellfix.com
/agent/security/pub.crt":;"1.0":;2424:;"text/html":;"TCP_DENIED"
"172.20.25.132":;"64.46.197.156":;"172.18.10.200":;1119269399:;2005-06-2
0
08:09:59:391:;73:;"-":;"-":;"304":;"GET":;"http://l8wt0m0p.rsodm20.smsrs
m.com/lawson/portal/images/edge3rt.gif":;"1.0":;288:;"-":;"TCP_MISS"
"172.18.9.138":;"204.95.15.98":;"172.18.10.200":;1119280199:;2005-06-20
11:09:59:390:;25:;"username":;"username":;"304":;"GET":;"http://alt.coxn
ewsweb.com/ajc/js/homepage/skyboxes.flash.js":;"1.0":;339:;"text/plain":
;"TCP_MISS"
"172.20.25.22":;"-":;"172.18.10.200":;1119362379:;2005-06-21
09:59:39:983:;2:;"-":;"-":;"407":;"POST":;"http://reports.hotbar.com/rep
orts/hotbar/4.0/HbRpt.dll":;"1.0":;4161:;"text/html":;"TCP_DENIED"

Added information: Whenever I see a crash (no matter what crash bug I
see)it always seems to be preceeded by either a site that is known
spyware or a site with javascript in it. I don't know it that helps.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Saturday, June 18, 2005 6:09 AM
To: Sam Reynolds
Cc: Squid Users
Subject: RE: [squid-users] Spyware....bleh

Yes, and here you need to follow what is said in the FAQ to get any
further. A stack trace is required.

Regards
Henrik

On Fri, 17 Jun 2005, Sam Reynolds wrote:

> Does this help shed light?
>
> FATAL: Received Segment Violation...dying.
> 2005/06/17 11:21:31| storeDirWriteCleanLogs: Starting...
> 2005/06/17 11:21:31| WARNING: Closing open FD 16
> 2005/06/17 11:21:31| Finished. Wrote 0 entries.
> 2005/06/17 11:21:31| Took 0.0 seconds ( 0.0 entries/sec).
> CPU Usage: 21.284 seconds = 10.293 user + 10.990 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> Memory usage for squid via mallinfo():
> total space in arena: 13700 KB
> Ordinary blocks: 13148 KB 37 blks
> Small blocks: 0 KB 0 blks
> Holding blocks: 7344 KB 42 blks
> Free Small blocks: 0 KB
> Free Ordinary blocks: 551 KB
> Total in use: 20492 KB 150%
> Total free: 551 KB 4%
Received on Tue Jun 21 2005 - 08:10:20 MDT