Project Home
Project Home		 Documents
Documents		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
QNX Operating System/Discussion/OSTech/qad crash - Process 421917 (qad) terminated SIGSEGV code=1 /List of Posts
Forum Topic - qad crash - Process 421917 (qad) terminated SIGSEGV code=1 : (5 Items)
   
Update
Ovidiu Zaharia
07/17/2018 11:46 AM
post118962
qad crash - Process 421917 (qad) terminated SIGSEGV code=1   
Hello,
I was experimenting with qad (anomaly Detection) module which is a native module in QNX for a while and despite the fact
 that the documentation is very "spartanic" on qnx.com and internet in general, the command crashes after some 5 min 
when active.Several reboots didn't help. The nly thing which helped (for a while) was reflashing the whole OS, but then 
after 5-6 min of activity the error message (memory segmentation fault?) came again.
My questions:
1.) Is it a known bug and is someone also experiencing this?
2.) Are there some solutions available?
3.) I would also need to know how can this help me monitor my system from the security point of view?

I use 
QNX 7.0 on a A53 ARM processor

Here is the command (for ref)
# qad /root/conf/qad.conf

Here is the error message
Process 421917 (qad) terminated SIGSEGV code=1 fltno=11 ip=00000000100cdd04(/usr/bin/qad@ServerInfo+0x000000000000282c) 
mapaddr=0000000000005d04. ref=000000003f31fa6f
Memory fault (core dumped)

Here is the qad.conf - pretty much as the example available
{
    "buf_size": 64,
    "win_size": 8,
    "mon_list": [
        {	
            	"id": "proc/boot/random",
            	"type": 2,
            	"desc": "Proc monitored: proc/boot/random",
            	"win_size": 8,
            	"notify": 1
        },
        {
            	"id": "proc/boot/qconn",
            	"type": 2,
            	"desc": "Proc monitored: proc/boot/qconn",
            	"win_size": 8,
            	"notify": 1
        }
    ],
    "exc_list": [
    ],
    "prof_path": "/opt",
    "notify": 1,
    "normal_wait": 180
}
zhu haijun
07/17/2018 8:58 PM
post118963
Re: qad crash - Process 421917 (qad) terminated SIGSEGV code=1   
Is qad a native module of QNX OS?
Ovidiu Zaharia
07/18/2018 3:53 AM
post118965
Re: qad crash - Process 421917 (qad) terminated SIGSEGV code=1   
yes, it is.
Attachment: Image QNX_SDP_Architecture.JPG 135.11 KB
Ovidiu Zaharia
07/20/2018 4:00 AM
post118983
Re: qad crash - Process 421917 (qad) terminated SIGSEGV code=1   
Hello all,
When I joined here I was expecting that some Forum administrator will take some minutes to reply but .... apparently not
. Nevertheless I found the cause for the crash even though I do not understand why. The problem was that I choose to 
place the profile data in /opt/ folder and QNX doesn't like it (for some reason)
cganging the line in the config file from 

"prof_path": "/opt", -> to ->     "prof_path": "/home/myqnx6/qad_rootdir",

as stated in the example on the qad utility page will do the job. Why this is like this is a mystery to me.

Despite the fact that no answer received so far I would like to ask the comunity if someone did worked with the Anomaly 
Detector (qad).

1.) What should be in the generated profile anyway because even if the was process is active the folder (qad_rootdir) 
remains always empty, at least in my case
2.) Does anyone have an idea how to manipulate an observed process to actually test if the qad is really working? 

For the question 2: In the pps object the "anomalies: The number of anomalies detected." remains always 0 and I wonder 
what do I have to do to see it changing?

Regards,
OZ
Ovidiu Zaharia
07/23/2018 4:28 AM
post118987
Re: qad crash - Process 421917 (qad) terminated SIGSEGV code=1   
Hello again,
Could it be that no one in the entire community has the knowledge to answer or at least to give me a hint in which 
direction do I have to go to solve my problem?

1.) After starting the qad process with the config file posted above, what do I have to do to get a system signature 
(system profile in "/home/myqnx6/qad_rootdir",).of the Anomaly Detector (qad)?

2.) What should be in the generated profile anyway because even if the was process is active the folder (qad_rootdir) 
remains always empty, at least in my case

3.) Does anyone have an idea how to manipulate an observed process to actually test if the qad is really working? 

For the question 3: In the pps object the "anomalies: The number of anomalies detected." remains always 0 and I wonder 
what do I have to do to see it changing?

Thank you in advance
OZ

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems