RC.39 (and 40) 'argus' segfault on Fedora Core 6

Carter Bullard carter at qosient.com
Tue Feb 27 23:30:25 EST 2007 

This is very odd.  When you get to someplace in gdb, with a Segmentation
fault, try to find out what variable is having problems by printing the 
actual
values:

   (gdb) print ArgusMallocList
   (gdb) print ArgusMallocList->end
   (gdb) print ArgusMallocList->end->nxt

I would guess that ArgusMallocList doesn't exist, or is corrupted.
This can happen for a number of reasons, but it may be useful to
try to get a packet trace that generates your errors.  Maybe a
bit of data, but if we can replicate the problem, we can fix it.

Carter



Michael Hornung wrote:

>On Tue, 27 Feb 2007 at 14:04, Peter Van Epp wrote:
>
>|touch .devel
>|touch .debug
>|./configure
>|make clean 
>|make
>|
>|in the top argus directory it will compile with debug symbols which will 
>|get interesting data if you type "where" at the gdb prompt.
>
>
># gdb /usr/local/sbin/argus
>GNU gdb Red Hat Linux (6.5-15.fc6rh)
>...
>(gdb) run 2>run.log
>Starting program: /usr/local/sbin/argus 2>run.log
>
>Program received signal SIGSEGV, Segmentation fault.
>0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>1362                ArgusMallocList->end->nxt = mem;
>
>
>(gdb) where
>#0  0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>#1  0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
>    at ArgusUtil.c:1281
>#2  0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
>#3  0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "", 
>    length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
>#4  0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768, 
>    p=0x9e1d442 "") at ArgusSource.c:608
>#5  0x08063e18 in pcap_read_linux ()
>#6  0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
>#7  0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
>
>
>(gdb) bt full
>#0  0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>        mem = (struct ArgusMemoryHeader *) 0xaa96df0
>        rec = (struct ArgusRecordStruct *) 0xaa96df0
>#1  0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
>    at ArgusUtil.c:1281
>        asock = (struct ArgusSocketStruct *) 0xb4ffb50
>        list = (struct ArgusListStruct *) 0xa1e47d0
>        rec = (struct ArgusRecordStruct *) 0xaa96df0
>        retn = 276
>        count = 0
>        len = 276
>        ocnt = 11128989
>        statbuf = {st_dev = 836293388809535488, __pad1 = 39296, 
>  __st_ino = 165781512, st_mode = 165796208, st_nlink = 3216561320, 
>  st_uid = 165781512, st_gid = 0, st_rdev = 13815025949856902614, 
>  __pad2 = 36845, st_size = 578914913796227081, st_blksize = 165781512, 
>  st_blocks = 1739248179131534, st_atim = {tv_sec = 30, tv_nsec = 0}, 
>  st_mtim = {tv_sec = 1172616364, tv_nsec = 165781512}, st_ctim = {
>    tv_sec = -1078405756, tv_nsec = -1078405928}, st_ino = 38789285994}
>        ptr = (unsigned char *) 0xb4ffb9c "\020 "
>#2  0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
>        arguswriterecord = 1
>        done = 0
>        rec = (struct ArgusRecordStruct *) 0xaa97028
>        output = (struct ArgusOutputStruct *) 0x9e1b2e0
>        ArgusUpDate = {tv_sec = 0, tv_usec = 500000}
>        ArgusNextUpdate = {tv_sec = 0, tv_usec = 500000}
>        i = 0
>        val = 0
>        count = 0
>        retn = (void *) 0x0
>#3  0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "", 
>    length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
>        retn = 0
>        tflow = (struct ArgusSystemFlow *) 0x9e1b290
>        flow = (struct ArgusFlowStruct *) 0x9e22b40
>        nflow = (struct ArgusFlowStruct *) 0xdaa8c08
>        ptr = 0x9e1d468 "\b\002"
>        value = 0
>#4  0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768, 
>    p=0x9e1d442 "") at ArgusSource.c:608
>        ep = (struct ether_header *) 0x9e1d442
>        ind = 0
>        src = (struct ArgusSourceStruct *) 0xb7e59008
>        tvp = (struct timeval *) 0xbfb8d768
>        caplen = 160
>        length = 1514
>        statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0, 
>  st_nlink = 10354372, st_uid = 3086764936, st_gid = 0, 
>  st_rdev = 44261669504811007, __pad2 = 18120, st_size = 
>-4631715752896591472, 
>  st_blksize = 10255072, st_blocks = -5189186049726920576, st_atim = {
>    tv_sec = 1, tv_nsec = 1}, st_mtim = {tv_sec = 0, tv_nsec = 134516346}, 
>  st_ctim = {tv_sec = 0, tv_nsec = 134899988}, st_ino = 10354372}
>#5  0x08063e18 in pcap_read_linux ()
>No symbol table info available.
>#6  0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
>        ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
>        ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
>        ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
>        tmp = 1
>        i = 0
>        width = 7
>        noerror = 1
>        fd = 7
>        found = 1
>        up = 1
>        wait = {tv_sec = 0, tv_usec = 20000}
>#7  0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
>        commandlinew = 0
>        doconf = 0
>        dodebug = 0
>        i = 1
>        pid = 0
>        tmparg = 0x8049f30 "[\201��005"
>        filter = 0x0
>        statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 2688737, 
>  st_mode = 33133, st_nlink = 1, st_uid = 500, st_gid = 500, st_rdev = 0, 
>  __pad2 = 0, st_size = 11071, st_blksize = 4096, st_blocks = 32, st_atim 
>= {
>    tv_sec = 1172616251, tv_nsec = 0}, st_mtim = {tv_sec = 1172616251, 
>    tv_nsec = 0}, st_ctim = {tv_sec = 1172616251, tv_nsec = 0}, 
>  st_ino = 2688737}
>        host = (struct hostent *) 0x80a6720
>        commandlinei = 0
>        op = -1
>        path = "/etc/argus.conf\000argus", '\0' <repeats 8170 times>
>
>
>_____________________________________________________
> Michael Hornung          Computing & Communications 
> hornung at washington.edu   University of Washington
>

More information about the argus mailing list