RC.39 (and 40) 'argus' segfault on Fedora Core 6

Michael Hornung hornung at cac.washington.edu
Wed Feb 28 13:46:25 EST 2007 

I got a different segfault today:

Program received signal SIGSEGV, Segmentation fault.
0x0805940f in ArgusCreateFlowKey (model=0x87af008, flow=0x87b0290, 
    hstruct=0x87b0200) at ArgusUtil.c:704
704           hstruct->hash ^= *ptr++;


(gdb) where
#0  0x0805940f in ArgusCreateFlowKey (model=0x87af008, flow=0x87b0290, 
    hstruct=0x87b0200) at ArgusUtil.c:704
#1  0x0804e6af in ArgusProcessPacket (model=0x87af008, p=0x87b260a "", 
    length=90, tvp=0xbfc03298, type=0) at ArgusModeler.c:1004
#2  0x0805545d in ArgusEtherPacket (user=0xb7e2b008 "", h=0xbfc03298, 
    p=0x87b260a "") at ArgusSource.c:608
#3  0x08063e18 in pcap_read_linux ()
#4  0x0805718c in ArgusGetPackets (src=0xb7e2b008) at ArgusSource.c:1477
#5  0x0804b2eb in main (argc=1, argv=0xbfc03664) at argus.c:460


(gdb) print hstruct->hash
$1 = 4251857491
(gdb) print ptr
$2 = (unsigned int *) 0xc023000
(gdb) print *ptr
Cannot access memory at address 0xc023000


Could this be a result of bad physical memory in this box?

I captured traffic with tcpdump while running argus and will see if I can 
reproduce the crash that way.

-Mike

On Wed, 28 Feb 2007 at 08:04, Michael Hornung wrote:

|(gdb) print ArgusMallocList
|$1 = (struct ArgusMemoryList *) 0x9e1d538
|(gdb) print ArgusMallocList->end
|$2 = (struct ArgusMemoryHeader *) 0x54a96bb8
|(gdb) print ArgusMallocList->end->nxt
|Cannot access memory at address 0x54a96bb8
|
|-Mike
|
|On Tue, 27 Feb 2007 at 23:30, Carter Bullard wrote:
|
||This is very odd.  When you get to someplace in gdb, with a Segmentation
||fault, try to find out what variable is having problems by printing the actual
||values:
||
||  (gdb) print ArgusMallocList
||  (gdb) print ArgusMallocList->end
||  (gdb) print ArgusMallocList->end->nxt
||
||I would guess that ArgusMallocList doesn't exist, or is corrupted.
||This can happen for a number of reasons, but it may be useful to
||try to get a packet trace that generates your errors.  Maybe a
||bit of data, but if we can replicate the problem, we can fix it.
||
||Carter
||
||
||
||Michael Hornung wrote:
||
||> On Tue, 27 Feb 2007 at 14:04, Peter Van Epp wrote:
||> 
||> |touch .devel
||> |touch .debug
||> |./configure
||> |make clean |make
||> |
||> |in the top argus directory it will compile with debug symbols which will
||> |get interesting data if you type "where" at the gdb prompt.
||> 
||> 
||> # gdb /usr/local/sbin/argus
||> GNU gdb Red Hat Linux (6.5-15.fc6rh)
||> ...
||> (gdb) run 2>run.log
||> Starting program: /usr/local/sbin/argus 2>run.log
||> 
||> Program received signal SIGSEGV, Segmentation fault.
||> 0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
||> 1362                ArgusMallocList->end->nxt = mem;
||> 
||> 
||> (gdb) where
||> #0  0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
||> #1  0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
||>    at ArgusUtil.c:1281
||> #2  0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
||> #3  0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "",
||> length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
||> #4  0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768,
||> p=0x9e1d442 "") at ArgusSource.c:608
||> #5  0x08063e18 in pcap_read_linux ()
||> #6  0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
||> #7  0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
||> 
||> 
||> (gdb) bt full
||> #0  0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
||>        mem = (struct ArgusMemoryHeader *) 0xaa96df0
||>        rec = (struct ArgusRecordStruct *) 0xaa96df0
||> #1  0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
||>    at ArgusUtil.c:1281
||>        asock = (struct ArgusSocketStruct *) 0xb4ffb50
||>        list = (struct ArgusListStruct *) 0xa1e47d0
||>        rec = (struct ArgusRecordStruct *) 0xaa96df0
||>        retn = 276
||>        count = 0
||>        len = 276
||>        ocnt = 11128989
||>        statbuf = {st_dev = 836293388809535488, __pad1 = 39296,  __st_ino =
||> 165781512, st_mode = 165796208, st_nlink = 3216561320,  st_uid = 165781512,
||> st_gid = 0, st_rdev = 13815025949856902614,  __pad2 = 36845, st_size =
||> 578914913796227081, st_blksize = 165781512,  st_blocks = 1739248179131534,
||> st_atim = {tv_sec = 30, tv_nsec = 0},  st_mtim = {tv_sec = 1172616364,
||> tv_nsec = 165781512}, st_ctim = {
||>    tv_sec = -1078405756, tv_nsec = -1078405928}, st_ino = 38789285994}
||>        ptr = (unsigned char *) 0xb4ffb9c "\020 "
||> #2  0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
||>        arguswriterecord = 1
||>        done = 0
||>        rec = (struct ArgusRecordStruct *) 0xaa97028
||>        output = (struct ArgusOutputStruct *) 0x9e1b2e0
||>        ArgusUpDate = {tv_sec = 0, tv_usec = 500000}
||>        ArgusNextUpdate = {tv_sec = 0, tv_usec = 500000}
||>        i = 0
||>        val = 0
||>        count = 0
||>        retn = (void *) 0x0
||> #3  0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "",
||> length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
||>        retn = 0
||>        tflow = (struct ArgusSystemFlow *) 0x9e1b290
||>        flow = (struct ArgusFlowStruct *) 0x9e22b40
||>        nflow = (struct ArgusFlowStruct *) 0xdaa8c08
||>        ptr = 0x9e1d468 "\b\002"
||>        value = 0
||> #4  0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768,
||> p=0x9e1d442 "") at ArgusSource.c:608
||>        ep = (struct ether_header *) 0x9e1d442
||>        ind = 0
||>        src = (struct ArgusSourceStruct *) 0xb7e59008
||>        tvp = (struct timeval *) 0xbfb8d768
||>        caplen = 160
||>        length = 1514
||>        statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0,
||> st_nlink = 10354372, st_uid = 3086764936, st_gid = 0,  st_rdev =
||> 44261669504811007, __pad2 = 18120, st_size = -4631715752896591472,
||> st_blksize = 10255072, st_blocks = -5189186049726920576, st_atim = {
||>    tv_sec = 1, tv_nsec = 1}, st_mtim = {tv_sec = 0, tv_nsec = 134516346},
||> st_ctim = {tv_sec = 0, tv_nsec = 134899988}, st_ino = 10354372}
||> #5  0x08063e18 in pcap_read_linux ()
||> No symbol table info available.
||> #6  0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
||>        ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
||>        ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
||>        ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
||>        tmp = 1
||>        i = 0
||>        width = 7
||>        noerror = 1
||>        fd = 7
||>        found = 1
||>        up = 1
||>        wait = {tv_sec = 0, tv_usec = 20000}
||> #7  0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
||>        commandlinew = 0
||>        doconf = 0
||>        dodebug = 0
||>        i = 1
||>        pid = 0
||>        tmparg = 0x8049f30 "[\201��005"
||>        filter = 0x0
||>        statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 2688737,  st_mode =
||> 33133, st_nlink = 1, st_uid = 500, st_gid = 500, st_rdev = 0,  __pad2 = 0,
||> st_size = 11071, st_blksize = 4096, st_blocks = 32, st_atim = {
||>    tv_sec = 1172616251, tv_nsec = 0}, st_mtim = {tv_sec = 1172616251,
||> tv_nsec = 0}, st_ctim = {tv_sec = 1172616251, tv_nsec = 0},  st_ino =
||> 2688737}
||>        host = (struct hostent *) 0x80a6720
||>        commandlinei = 0
||>        op = -1
||>        path = "/etc/argus.conf\000argus", '\0' <repeats 8170 times>
||> 
||> 
||> _____________________________________________________
||> Michael Hornung          Computing & Communications hornung at washington.edu
||> University of Washington
||> 
||
||

More information about the argus mailing list