<div dir="ltr"><div><div>Hi, our Suricata box are crashing about once a day with the following BT:<br><br>idsuser@suricata:/$ sudo gdb /usr/bin/suricata ./core <br>GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04<br>
Copyright (C) 2012 Free Software Foundation, Inc.<br>License GPLv3+: GNU GPL version 3 or later <<a href="http://gnu.org/licenses/gpl.html">http://gnu.org/licenses/gpl.html</a>><br>This is free software: you are free to change and redistribute it.<br>
There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br>and "show warranty" for details.<br>This GDB was configured as "x86_64-linux-gnu".<br>For bug reporting instructions, please see:<br>
<<a href="http://bugs.launchpad.net/gdb-linaro/">http://bugs.launchpad.net/gdb-linaro/</a>>...<br>Reading symbols from /usr/bin/suricata...Reading symbols from /usr/lib/debug/usr/bin/suricata...done.<br>done.<br><br>
warning: core file may not match specified executable file.<br>[New LWP 14778]<br>[New LWP 18767]<br>[New LWP 14779]<br>[New LWP 14783]<br>[New LWP 14763]<br>[New LWP 14762]<br>[New LWP 14745]<br>[New LWP 14782]<br>[New LWP 14768]<br>
[New LWP 14765]<br>[New LWP 14771]<br>[New LWP 14770]<br>[New LWP 14769]<br>[New LWP 14773]<br>[New LWP 14761]<br>[New LWP 14766]<br>[New LWP 14777]<br>[New LWP 14772]<br>[New LWP 14780]<br>[New LWP 14775]<br>[New LWP 14781]<br>
[New LWP 14776]<br>[New LWP 14767]<br>[New LWP 14764]<br>[New LWP 14774]<br><br>warning: Can't read pathname for load map: Input/output error.<br>[Thread debugging using libthread_db enabled]<br>Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".<br>
Core was generated by `suricata -D -c /etc/suricata/suricata.yaml --af-packet'.<br>Program terminated with signal 11, Segmentation fault.<br>#0 0x000000000000000f in ?? ()<br>(gdb) bt<br>#0 0x000000000000000f in ?? ()<br>
#1 0x000000000048702b in SigMatchSignatures (th_v=0x2caeed50, de_ctx=0x7fda40000930, det_ctx=0x7fda23fcc070, p=0x7217750)<br> at detect.c:1553<br>#2 0x0000000000487858 in Detect (tv=0x2caeed50, p=0x7217750, data=0x7fda23fcc070, pq=0x2f723fb0, postpq=0x0) at detect.c:1794<br>
#3 0x00000000005bdfcd in TmThreadsSlotVarRun (tv=0x2caeed50, p=0x7217750, slot=0x2ae24fd0) at tm-threads.c:542<br>#4 0x000000000058113d in TmThreadsSlotProcessPkt (tv=0x2caeed50, s=0x2ae24fd0, p=0x7217750) at tm-threads.h:139<br>
#5 0x0000000000583476 in AFPReadFromRing (ptv=0x7fe2b40008c0) at source-af-packet.c:829<br>#6 0x000000000058442c in ReceiveAFPLoop (tv=0x2caeed50, data=0x7fe2b40008c0, slot=0x2b29d530) at source-af-packet.c:1030<br>#7 0x00000000005be904 in TmThreadsSlotPktAcqLoop (td=0x2caeed50) at tm-threads.c:682<br>
#8 0x00007fe313637e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0<br>#9 0x00007fe312efbccd in clone () from /lib/x86_64-linux-gnu/libc.so.6<br>#10 0x0000000000000000 in ?? ()<br><br></div>Please let me know hoy can I help to solve the issue!<br>
</div>Best regards<br></div>