argus-3.0.0 segfault (5/23 version)

Michael Hornung hornung at cac.washington.edu
Thu May 24 18:13:15 EDT 2007 

I've got argus running on a Fedora Core 6 x86 Linux box.  The argus daemon 
dies *very* regularly and so needs to be monitored.  I finally got around 
to capturing a pcap for the duration of an argus session.  Carter, let me 
know if you want this and I'll get it to you; it is 650MB uncompressed. 
Following is what I see when running argus in gdb:

(gdb) run
Starting program: /usr/local/sbin/argus
argus[29762]: 24 May 07 14:56:36.593821 started
argus[29762]: 24 May 07 14:56:36.596492 ArgusGetInterfaceStatus: interface 
eth1 is up
argus[29762]: 24 May 07 14:56:41.031467 connect from 128.95.135.24

Program received signal SIGSEGV, Segmentation fault.
0x0805a340 in ArgusCreateFlowKey (model=0x9491008, flow=0x9492290,
     hstruct=0x9492200) at ArgusUtil.c:785
785           hstruct->hash ^= *ptr++;

(gdb) bt full
#0  0x0805a340 in ArgusCreateFlowKey (model=0x9491008, flow=0x9492290,
     hstruct=0x9492200) at ArgusUtil.c:785
         ptr = (unsigned int *) 0xe025000
         key = (unsigned int *) 0x9492208
         retn = 0
         i = 19811198
         len = -1
#1  0x0804e71f in ArgusProcessPacket (model=0x9491008, p=0x949460a "",
     length=90, tvp=0xbff0d5b8, type=0) at ArgusModeler.c:988
         retn = 0
         tflow = (struct ArgusSystemFlow *) 0x9492290
         flow = (struct ArgusFlowStruct *) 0x94b9d78
         nflow = (struct ArgusFlowStruct *) 0xc6ecbc8
         ptr = 0x949473c "\031"
         value = 0
#2  0x08055b61 in ArgusEtherPacket (user=0xb7e4c008 "", h=0xbff0d5b8,
     p=0x949460a "") at ArgusSource.c:623
         ep = (struct ether_header *) 0x949460a
         ind = 0
         src = (struct ArgusSourceStruct *) 0xb7e4c008
         tvp = (struct timeval *) 0xbff0d5b8
         caplen = 90
         length = 90
         statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0,
   st_nlink = 10354372, st_uid = 3086711688, st_gid = 0,
   st_rdev = 44261669504811007, __pad2 = 18120, st_size = 
-4615955009626666608,
   st_blksize = 10255072, st_blocks = -5189414748145497984, st_atim = {
     tv_sec = 1, tv_nsec = 1}, st_mtim = {tv_sec = 0, tv_nsec = 134516346},
   st_ctim = {tv_sec = 0, tv_nsec = 134911664}, st_ino = 10354372}
#3  0x08066088 in pcap_read_linux ()
No symbol table info available.
#4  0x08057eeb in ArgusGetPackets (src=0xb7e4c008) at ArgusSource.c:1654
         ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
         ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
         ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
         tmp = 1
         i = 0
         width = 7
         noerror = 1
         fd = 7
         found = 1
         up = 1
         wait = {tv_sec = 0, tv_usec = 20000}
#5  0x0804b333 in main (argc=1, argv=0xbff0d984) at argus.c:464
         commandlinew = 0
         doconf = 0
         dodebug = 0
         i = 1
         pid = 0
         tmparg = 0x8049f30 "[\201�214�005"
         filter = 0x0
         statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 2688645,
   st_mode = 33133, st_nlink = 1, st_uid = 500, st_gid = 500, st_rdev = 0,
   __pad2 = 0, st_size = 11114, st_blksize = 4096, st_blocks = 32, st_atim 
= {
     tv_sec = 1180043663, tv_nsec = 0}, st_mtim = {tv_sec = 1180042005,
     tv_nsec = 0}, st_ctim = {tv_sec = 1180042005, tv_nsec = 0},
   st_ino = 2688645}
         host = (struct hostent *) 0x80a94bc
         commandlinei = 0
         op = -1
         path = "/etc/argus.conf\000argus", '\0' <repeats 8170 times>

(gdb) print hstruct->hash
$1 = 2710700798

So again, let me know if the pcap or anything else will be helpful.

-Mike

More information about the argus mailing list