[Oisf-users] Suricata 1.4.1 crashing
Anoop Saldanha
anoopsaldanha at gmail.com
Mon Mar 18 16:42:48 UTC 2013
On Mon, Mar 18, 2013 at 9:59 PM, Listman <list.man at bluejeantime.com> wrote:
> It is on debian squeeze. It was installed via source. Does anyone know why I am getting the below error when suricata crashes:
>
>
> GNU gdb (GDB) 7.0.1-debian
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i486-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/suricata...(no debugging symbols found)...done.
>
> warning: core file may not match specified executable file.
> [New Thread 9884]
> [New Thread 9883]
> [New Thread 9882]
> [New Thread 9881]
> [New Thread 9880]
> [New Thread 9879]
> [New Thread 9878]
> [New Thread 9877]
> [New Thread 9876]
> [New Thread 9875]
> [New Thread 9874]
> [New Thread 9873]
> [New Thread 9872]
> [New Thread 9871]
> [New Thread 9870]
> [New Thread 9867]
>
> warning: Can't read pathname for load map: Input/output error.
> Reading symbols from /usr/lib/libhtp-0.2.so.1...done.
> Loaded symbols for /usr/lib/libhtp-0.2.so.1
> Reading symbols from /usr/lib/libmagic.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libmagic.so.1
> Reading symbols from /usr/lib/libcap-ng.so.0...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libcap-ng.so.0
> Reading symbols from /usr/lib/libpcap.so.0.8...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libpcap.so.0.8
> Reading symbols from /usr/lib/libnet.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libnet.so.1
> Reading symbols from /usr/lib/libnetfilter_queue.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libnetfilter_queue.so.1
> Reading symbols from /usr/lib/libnfnetlink.so.0...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libnfnetlink.so.0
> Reading symbols from /lib/i686/cmov/libpthread.so.0...(no debugging symbols found)...done.
> Loaded symbols for /lib/i686/cmov/libpthread.so.0
> Reading symbols from /usr/lib/libyaml-0.so.2...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libyaml-0.so.2
> Reading symbols from /lib/libpcre.so.3...Reading symbols from /usr/lib/debug/lib/libpcre.so.3.12.1...done.
> (no debugging symbols found)...done.
> Loaded symbols for /lib/libpcre.so.3
> Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols found)...done.
> Loaded symbols for /lib/i686/cmov/libc.so.6
> Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libz.so.1
> Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib/ld-linux.so.2
> Core was generated by `suricata -D -c /etc/suricata/suricata.yaml -i eth0'.
> Program terminated with signal 6, Aborted.
> #0 0xb7741424 in __kernel_vsyscall ()
>
>
> It is a 32 bit system with 8 core CPU with 8GB of ram. It is running kernel 2.6.26-2-686-bigmem.
>
The core file and the executable don't match. When you get a core
next time round, can you immediately take a bt without re-compiling
suricata? Or maybe you have opened gdb with the core against the
wrong binary?
--
Anoop Saldanha
More information about the Oisf-users
mailing list