<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Oct 29, 2013 at 8:26 AM, Kirill Sluchanko <span dir="ltr"><<a href="mailto:KSluchanko@polikom.ru" target="_blank">KSluchanko@polikom.ru</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
I have a problem with Suricata segfaults. It looks like this:<br>
<br>
root@suricata:~# cat /var/log/messages | grep segfault<br>
Oct 20 20:08:47 suricata kernel: [196713.311569] Detect4[3218]: segfault<br>
at 8 ip 00007ffce1ec9e0b sp 00007ffcc7ffe4b0 error 4 in<br>
suricata[7ffce1de5000+1cd000]<br>
Oct 21 04:01:31 suricata kernel: [28234.645921] Detect2[3613]: segfault<br>
at 8 ip 00007f3eb4be7e0b sp 00007f3eae34e4b0 error 4 in<br>
suricata[7f3eb4b03000+1cd000]<br>
Oct 21 23:35:33 suricata kernel: [70193.283110] Detect5[3611]: segfault<br>
at 8 ip 00007f4c0cc11e0b sp 00007f4c053764b0 error 4 in<br>
suricata[7f4c0cb2d000+1cd000]<br>
Oct 21 23:39:14 suricata kernel: [ 168.582171] Detect2[3625]: segfault<br>
at 8 ip 00007f4c04291e0b sp 00007f4bfd9f84b0 error 4 in<br>
suricata[7f4c041ad000+1cd000]<br>
Oct 21 23:43:57 suricata kernel: [ 239.626195] Detect6[3165]: segfault<br>
at 8 ip 00007fd38e211e0b sp 00007fd3861754b0 error 4 in<br>
suricata[7fd38e12d000+1cd000]<br>
Oct 21 23:47:11 suricata kernel: [ 155.268455] Detect4[3521]: segfault<br>
at 8 ip 00007f449e2f6e0b sp 00007f4483ffe4b0 error 4 in<br>
suricata[7f449e212000+1cd000]<br>
Oct 21 23:50:31 suricata kernel: [ 161.476515] Detect6[3532]: segfault<br>
at 8 ip 00007fd1e6faae0b sp 00007fd1def0e4b0 error 4 in<br>
suricata[7fd1e6ec6000+1cd000]<br>
Oct 21 23:52:19 suricata kernel: [ 68.928578] Detect2[3522]: segfault<br>
at 8 ip 00007f6c98bffe0b sp 00007f6c923664b0 error 4 in<br>
suricata[7f6c98b1b000+1cd000]<br>
Oct 21 23:54:30 suricata kernel: [ 87.263267] Detect5[3569]: segfault<br>
at 8 ip 00007fa2738a1e0b sp 00007fa26b8054b0 error 4 in<br>
suricata[7fa2737bd000+1cd000]<br>
Oct 21 23:59:32 suricata kernel: [ 265.395157] Detect6[3535]: segfault<br>
at 8 ip 00007f3ed6706e0b sp 00007f3ece66a4b0 error 4 in<br>
suricata[7f3ed6622000+1cd000]<br>
Oct 22 00:02:54 suricata kernel: [ 163.091784] Detect2[3625]: segfault<br>
at 8 ip 00007fdf2172ae0b sp 00007fdf1ae914b0 error 4 in<br>
suricata[7fdf21646000+1cd000]<br>
Oct 26 07:55:07 suricata kernel: [372825.339726] Detect3[3622]: segfault<br>
at 8 ip 00007f04f8ed4e0b sp 00007f04f1e3a4b0 error 4 in<br>
suricata[7f04f8df0000+1cd000]<br>
Oct 26 07:58:49 suricata kernel: [ 175.222422] Detect5[3660]: segfault<br>
at 8 ip 00007f4234c1ee0b sp 00007f422d3834b0 error 4 in<br>
suricata[7f4234b3a000+1cd000]<br>
Oct 26 08:00:38 suricata kernel: [ 73.356093] Detect6[3603]: segfault<br>
at 8 ip 00007f8bc3faae0b sp 00007f8bbbf0e4b0 error 4 in<br>
suricata[7f8bc3ec6000+1cd000]<br>
Oct 26 11:17:13 suricata kernel: [11726.652112] Detect1[3564]: segfault<br>
at 4 ip 00007f06d4b5ef63 sp 00007f06ceac64b0 error 4 in<br>
suricata[7f06d4a7a000+1cd000]<br>
Oct 26 11:35:18 suricata kernel: [ 1038.738681] Detect1[3550]: segfault<br>
at 4 ip 00007f3ed470af63 sp 00007f3ece6724b0 error 4 in<br>
suricata[7f3ed4626000+1cd000]<br>
Oct 26 11:40:51 suricata kernel: [ 295.378649] Detect6[3600]: segfault<br>
at 4 ip 00007fa500bd0f63 sp 00007fa4f8b344b0 error 4 in<br>
suricata[7fa500aec000+1cd000]<br>
Oct 26 11:46:33 suricata kernel: [ 303.151071] Detect1[3617]: segfault<br>
at 4 ip 00007f4d19eaff63 sp 00007f4d13e174b0 error 4 in<br>
suricata[7f4d19dcb000+1cd000]<br>
Oct 26 11:52:13 suricata kernel: [ 303.590013] Detect6[3623]: segfault<br>
at 4 ip 00007f6a78767f63 sp 00007f6a706cb4b0 error 4 in<br>
suricata[7f6a78683000+1cd000]<br>
Oct 26 11:57:46 suricata kernel: [ 297.468598] Detect4[3617]: segfault<br>
at 4 ip 00007fc849bbaf63 sp 00007fc82fffe4b0 error 4 in<br>
suricata[7fc849ad6000+1cd000]<br>
Oct 26 12:03:30 suricata kernel: [ 306.600599] Detect1[3649]: segfault<br>
at 4 ip 00007fd58115df63 sp 00007fd57b0c54b0 error 4 in<br>
suricata[7fd581079000+1cd000]<br>
Oct 26 12:09:19 suricata kernel: [ 308.945417] Detect3[3669]: segfault<br>
at 4 ip 00007fe0b2689f63 sp 00007fe0ab5ef4b0 error 4 in<br>
suricata[7fe0b25a5000+1cd000]<br>
Oct 26 12:15:05 suricata kernel: [ 306.190261] Detect3[3613]: segfault<br>
at 4 ip 00007f9120284f63 sp 00007f91191ea4b0 error 4 in<br>
suricata[7f91201a0000+1cd000]<br>
Oct 26 12:20:46 suricata kernel: [ 303.095698] Detect3[3590]: segfault<br>
at 4 ip 00007f1c648ddf63 sp 00007f1c5d8434b0 error 4 in<br>
suricata[7f1c647f9000+1cd000]<br>
Oct 26 12:26:27 suricata kernel: [ 304.138298] Detect5[3558]: segfault<br>
at 4 ip 00007f7a909a6f63 sp 00007f7a8910b4b0 error 4 in<br>
suricata[7f7a908c2000+1cd000]<br>
Oct 26 12:32:12 suricata kernel: [ 307.896040] Detect6[3227]: segfault<br>
at 4 ip 00007fa97c1fff63 sp 00007fa9741634b0 error 4 in<br>
suricata[7fa97c11b000+1cd000]<br>
Oct 26 12:37:54 suricata kernel: [ 304.975273] Detect2[3613]: segfault<br>
at 4 ip 00007f9cf4791f63 sp 00007f9cedef84b0 error 4 in<br>
suricata[7f9cf46ad000+1cd000]<br>
Oct 26 12:43:38 suricata kernel: [ 308.122617] Detect3[3234]: segfault<br>
at 4 ip 00007fb970231f63 sp 00007fb9691974b0 error 4 in<br>
suricata[7fb97014d000+1cd000]<br>
Oct 26 12:49:14 suricata kernel: [ 298.845899] Detect6[3583]: segfault<br>
at 4 ip 00007ffdb255cf63 sp 00007ffdaa4c04b0 error 4 in<br>
suricata[7ffdb2478000+1cd000]<br>
Oct 26 12:54:55 suricata kernel: [ 302.028484] Detect2[3635]: segfault<br>
at 4 ip 00007ff9df1f0f63 sp 00007ff9d89574b0 error 4 in<br>
suricata[7ff9df10c000+1cd000]<br>
Oct 26 13:00:29 suricata kernel: [ 295.567638] Detect3[3529]: segfault<br>
at 4 ip 00007f9b6ddcbf63 sp 00007f9b66d314b0 error 4 in<br>
suricata[7f9b6dce7000+1cd000]<br>
Oct 26 13:06:02 suricata kernel: [ 295.277042] Detect4[3623]: segfault<br>
at 4 ip 00007f4387a4af63 sp 00007f43801af4b0 error 4 in<br>
suricata[7f4387966000+1cd000]<br>
Oct 26 13:11:43 suricata kernel: [ 301.514005] Detect6[3541]: segfault<br>
at 4 ip 00007fd6c1973f63 sp 00007fd6b98d74b0 error 4 in<br>
suricata[7fd6c188f000+1cd000]<br>
Oct 26 13:17:27 suricata kernel: [ 303.499040] Detect1[3612]: segfault<br>
at 4 ip 00007f42b479af63 sp 00007f42ae7024b0 error 4 in<br>
suricata[7f42b46b6000+1cd000]<br>
Oct 26 13:22:59 suricata kernel: [ 294.384116] Detect5[3569]: segfault<br>
at 4 ip 00007f62160e0f63 sp 00007f620e8454b0 error 4 in<br>
suricata[7f6215ffc000+1cd000]<br>
Oct 26 13:42:50 suricata kernel: [ 300.954323] Detect6[3641]: segfault<br>
at 4 ip 00007fbb7e7a4f63 sp 00007fbb767084b0 error 4 in<br>
suricata[7fbb7e6c0000+1cd000]<br>
Oct 26 13:48:34 suricata kernel: [ 305.380599] Detect2[3276]: segfault<br>
at 4 ip 00007fe908fbdf63 sp 00007fe9027244b0 error 4 in<br>
suricata[7fe908ed9000+1cd000]<br>
Oct 26 13:54:18 suricata kernel: [ 305.965125] Detect6[3634]: segfault<br>
at 4 ip 00007fe96e9d7f63 sp 00007fe96693b4b0 error 4 in<br>
suricata[7fe96e8f3000+1cd000]<br>
<br>
Suricata runs on Debian:<br>
<br>
root@suricata:~# uname -a<br>
Linux suricata 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1+deb7u1 x86_64<br>
GNU/Linux<br>
<br>
and installed from testing:<br>
<br>
root@suricata:~# apt-cache showpkg suricata<br>
Package: suricata<br>
Versions:<br>
1.4.5-1<br>
(/var/lib/apt/lists/ftp.debian.org_debian_dists_testing_main_binary-amd64_Packages)<br>
<br>
What additional information I should provide to help developers to deal<br>
with this?<br>
<br></blockquote><div><br></div><div>Do you have segfaults on a repeatable/regular basis ?<br></div><div><br>What is the output of "suricata --build-info" ? <br><br></div><div>How much traffic are you currently inspecting and how many/what rules(et) are you using?<br>
</div><div><br></div><div>Alternatively - compiling from source with debugging enabled would help the most in pinpointing the issue:<br><br></div><div>use <br><pre>CFLAGS="-O0 -ggdb" ./configure </pre></div><div>
instead of just "./configure"<br></div><div>If you get a segfaut again you should locate the cored dump file and execute:<br><pre>gdb /usr/bin/suricata core</pre></div><div>then <br><pre>thread apply all bt</pre>
After which you can post back the information (in a file, do not copy/paste it in the email, might be very long :) )<br></div></div><br></div><div class="gmail_extra">You could try updating to the current stable 1.4.6 - <br>
<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation</a><br></div><div class="gmail_extra">Just make sure you use 1.4.6 while following the guide. (but i doubt that will fix the segfault issues, since the differences between 1.4.5 and 1.4.6 do not fix any segfault issues as far as I remember)<br>
</div><div class="gmail_extra"><br><br></div><div class="gmail_extra">thanks<br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>
</div></div>