RC.39 (and 40) 'argus' segfault on Fedora Core 6
Carter Bullard
carter at qosient.com
Wed Feb 28 15:38:53 EST 2007
Hey Michael,
Oh yes, bad memory can cause all sorts of problems.
since we're not getting this kind of instability in other places, that
type of situation would be high on my list, but ....there can still
be software problems.
You should be able to see in your system log if the machine thinks
there are memory errors?
Carter
Michael Hornung wrote:
>I got a different segfault today:
>
>Program received signal SIGSEGV, Segmentation fault.
>0x0805940f in ArgusCreateFlowKey (model=0x87af008, flow=0x87b0290,
> hstruct=0x87b0200) at ArgusUtil.c:704
>704 hstruct->hash ^= *ptr++;
>
>
>(gdb) where
>#0 0x0805940f in ArgusCreateFlowKey (model=0x87af008, flow=0x87b0290,
> hstruct=0x87b0200) at ArgusUtil.c:704
>#1 0x0804e6af in ArgusProcessPacket (model=0x87af008, p=0x87b260a "",
> length=90, tvp=0xbfc03298, type=0) at ArgusModeler.c:1004
>#2 0x0805545d in ArgusEtherPacket (user=0xb7e2b008 "", h=0xbfc03298,
> p=0x87b260a "") at ArgusSource.c:608
>#3 0x08063e18 in pcap_read_linux ()
>#4 0x0805718c in ArgusGetPackets (src=0xb7e2b008) at ArgusSource.c:1477
>#5 0x0804b2eb in main (argc=1, argv=0xbfc03664) at argus.c:460
>
>
>(gdb) print hstruct->hash
>$1 = 4251857491
>(gdb) print ptr
>$2 = (unsigned int *) 0xc023000
>(gdb) print *ptr
>Cannot access memory at address 0xc023000
>
>
>Could this be a result of bad physical memory in this box?
>
>I captured traffic with tcpdump while running argus and will see if I can
>reproduce the crash that way.
>
>-Mike
>
>On Wed, 28 Feb 2007 at 08:04, Michael Hornung wrote:
>
>|(gdb) print ArgusMallocList
>|$1 = (struct ArgusMemoryList *) 0x9e1d538
>|(gdb) print ArgusMallocList->end
>|$2 = (struct ArgusMemoryHeader *) 0x54a96bb8
>|(gdb) print ArgusMallocList->end->nxt
>|Cannot access memory at address 0x54a96bb8
>|
>|-Mike
>|
>|On Tue, 27 Feb 2007 at 23:30, Carter Bullard wrote:
>|
>||This is very odd. When you get to someplace in gdb, with a Segmentation
>||fault, try to find out what variable is having problems by printing the actual
>||values:
>||
>|| (gdb) print ArgusMallocList
>|| (gdb) print ArgusMallocList->end
>|| (gdb) print ArgusMallocList->end->nxt
>||
>||I would guess that ArgusMallocList doesn't exist, or is corrupted.
>||This can happen for a number of reasons, but it may be useful to
>||try to get a packet trace that generates your errors. Maybe a
>||bit of data, but if we can replicate the problem, we can fix it.
>||
>||Carter
>||
>||
>||
>||Michael Hornung wrote:
>||
>||> On Tue, 27 Feb 2007 at 14:04, Peter Van Epp wrote:
>||>
>||> |touch .devel
>||> |touch .debug
>||> |./configure
>||> |make clean |make
>||> |
>||> |in the top argus directory it will compile with debug symbols which will
>||> |get interesting data if you type "where" at the gdb prompt.
>||>
>||>
>||> # gdb /usr/local/sbin/argus
>||> GNU gdb Red Hat Linux (6.5-15.fc6rh)
>||> ...
>||> (gdb) run 2>run.log
>||> Starting program: /usr/local/sbin/argus 2>run.log
>||>
>||> Program received signal SIGSEGV, Segmentation fault.
>||> 0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>||> 1362 ArgusMallocList->end->nxt = mem;
>||>
>||>
>||> (gdb) where
>||> #0 0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>||> #1 0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
>||> at ArgusUtil.c:1281
>||> #2 0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
>||> #3 0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "",
>||> length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
>||> #4 0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768,
>||> p=0x9e1d442 "") at ArgusSource.c:608
>||> #5 0x08063e18 in pcap_read_linux ()
>||> #6 0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
>||> #7 0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
>||>
>||>
>||> (gdb) bt full
>||> #0 0x08075df8 in ArgusFreeListRecord (buf=0xaa96df0) at argus_util.c:1362
>||> mem = (struct ArgusMemoryHeader *) 0xaa96df0
>||> rec = (struct ArgusRecordStruct *) 0xaa96df0
>||> #1 0x0805a744 in ArgusWriteOutSocket (output=0x9e1b2e0, client=0x9e1b2f4)
>||> at ArgusUtil.c:1281
>||> asock = (struct ArgusSocketStruct *) 0xb4ffb50
>||> list = (struct ArgusListStruct *) 0xa1e47d0
>||> rec = (struct ArgusRecordStruct *) 0xaa96df0
>||> retn = 276
>||> count = 0
>||> len = 276
>||> ocnt = 11128989
>||> statbuf = {st_dev = 836293388809535488, __pad1 = 39296, __st_ino =
>||> 165781512, st_mode = 165796208, st_nlink = 3216561320, st_uid = 165781512,
>||> st_gid = 0, st_rdev = 13815025949856902614, __pad2 = 36845, st_size =
>||> 578914913796227081, st_blksize = 165781512, st_blocks = 1739248179131534,
>||> st_atim = {tv_sec = 30, tv_nsec = 0}, st_mtim = {tv_sec = 1172616364,
>||> tv_nsec = 165781512}, st_ctim = {
>||> tv_sec = -1078405756, tv_nsec = -1078405928}, st_ino = 38789285994}
>||> ptr = (unsigned char *) 0xb4ffb9c "\020 "
>||> #2 0x0805be78 in ArgusOutputProcess (arg=0x9e1b2e0) at ArgusOutput.c:428
>||> arguswriterecord = 1
>||> done = 0
>||> rec = (struct ArgusRecordStruct *) 0xaa97028
>||> output = (struct ArgusOutputStruct *) 0x9e1b2e0
>||> ArgusUpDate = {tv_sec = 0, tv_usec = 500000}
>||> ArgusNextUpdate = {tv_sec = 0, tv_usec = 500000}
>||> i = 0
>||> val = 0
>||> count = 0
>||> retn = (void *) 0x0
>||> #3 0x0804e983 in ArgusProcessPacket (model=0x9e1a008, p=0x9e1d442 "",
>||> length=1514, tvp=0xbfb8d768, type=-1) at ArgusModeler.c:1055
>||> retn = 0
>||> tflow = (struct ArgusSystemFlow *) 0x9e1b290
>||> flow = (struct ArgusFlowStruct *) 0x9e22b40
>||> nflow = (struct ArgusFlowStruct *) 0xdaa8c08
>||> ptr = 0x9e1d468 "\b\002"
>||> value = 0
>||> #4 0x0805545d in ArgusEtherPacket (user=0xb7e59008 "", h=0xbfb8d768,
>||> p=0x9e1d442 "") at ArgusSource.c:608
>||> ep = (struct ether_header *) 0x9e1d442
>||> ind = 0
>||> src = (struct ArgusSourceStruct *) 0xb7e59008
>||> tvp = (struct timeval *) 0xbfb8d768
>||> caplen = 160
>||> length = 1514
>||> statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0,
>||> st_nlink = 10354372, st_uid = 3086764936, st_gid = 0, st_rdev =
>||> 44261669504811007, __pad2 = 18120, st_size = -4631715752896591472,
>||> st_blksize = 10255072, st_blocks = -5189186049726920576, st_atim = {
>||> tv_sec = 1, tv_nsec = 1}, st_mtim = {tv_sec = 0, tv_nsec = 134516346},
>||> st_ctim = {tv_sec = 0, tv_nsec = 134899988}, st_ino = 10354372}
>||> #5 0x08063e18 in pcap_read_linux ()
>||> No symbol table info available.
>||> #6 0x0805718c in ArgusGetPackets (src=0xb7e59008) at ArgusSource.c:1477
>||> ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
>||> ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
>||> ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
>||> tmp = 1
>||> i = 0
>||> width = 7
>||> noerror = 1
>||> fd = 7
>||> found = 1
>||> up = 1
>||> wait = {tv_sec = 0, tv_usec = 20000}
>||> #7 0x0804b2eb in main (argc=1, argv=0xbfb8db34) at argus.c:460
>||> commandlinew = 0
>||> doconf = 0
>||> dodebug = 0
>||> i = 1
>||> pid = 0
>||> tmparg = 0x8049f30 "[\201��005"
>||> filter = 0x0
>||> statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 2688737, st_mode =
>||> 33133, st_nlink = 1, st_uid = 500, st_gid = 500, st_rdev = 0, __pad2 = 0,
>||> st_size = 11071, st_blksize = 4096, st_blocks = 32, st_atim = {
>||> tv_sec = 1172616251, tv_nsec = 0}, st_mtim = {tv_sec = 1172616251,
>||> tv_nsec = 0}, st_ctim = {tv_sec = 1172616251, tv_nsec = 0}, st_ino =
>||> 2688737}
>||> host = (struct hostent *) 0x80a6720
>||> commandlinei = 0
>||> op = -1
>||> path = "/etc/argus.conf\000argus", '\0' <repeats 8170 times>
>||>
>||>
>||> _____________________________________________________
>||> Michael Hornung Computing & Communications hornung at washington.edu
>||> University of Washington
>||>
>||
>||
>
More information about the argus
mailing list