[Oisf-users] Suricata 1.4.1 crashing
Anoop Saldanha
anoopsaldanha at gmail.com
Tue Mar 19 02:23:02 UTC 2013
gdb output says it's a different executable to the one that produced
the core. If you haven't rebuilt suricata since the last rebuild that
produced the core, you should still have the binary around.
On Tue, Mar 19, 2013 at 12:47 AM, Listman <list.man at bluejeantime.com> wrote:
> I don't have several suricata binaries on my server. I had the same problem with suricata 1.4.
>
>
> On Mar 18, 2013, at 12:42 PM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>
>> On Mon, Mar 18, 2013 at 9:59 PM, Listman <list.man at bluejeantime.com> wrote:
>>> It is on debian squeeze. It was installed via source. Does anyone know why I am getting the below error when suricata crashes:
>>>
>>>
>>> GNU gdb (GDB) 7.0.1-debian
>>> Copyright (C) 2009 Free Software Foundation, Inc.
>>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>>> This is free software: you are free to change and redistribute it.
>>> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
>>> and "show warranty" for details.
>>> This GDB was configured as "i486-linux-gnu".
>>> For bug reporting instructions, please see:
>>> <http://www.gnu.org/software/gdb/bugs/>...
>>> Reading symbols from /usr/bin/suricata...(no debugging symbols found)...done.
>>>
>>> warning: core file may not match specified executable file.
>>> [New Thread 9884]
>>> [New Thread 9883]
>>> [New Thread 9882]
>>> [New Thread 9881]
>>> [New Thread 9880]
>>> [New Thread 9879]
>>> [New Thread 9878]
>>> [New Thread 9877]
>>> [New Thread 9876]
>>> [New Thread 9875]
>>> [New Thread 9874]
>>> [New Thread 9873]
>>> [New Thread 9872]
>>> [New Thread 9871]
>>> [New Thread 9870]
>>> [New Thread 9867]
>>>
>>> warning: Can't read pathname for load map: Input/output error.
>>> Reading symbols from /usr/lib/libhtp-0.2.so.1...done.
>>> Loaded symbols for /usr/lib/libhtp-0.2.so.1
>>> Reading symbols from /usr/lib/libmagic.so.1...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libmagic.so.1
>>> Reading symbols from /usr/lib/libcap-ng.so.0...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libcap-ng.so.0
>>> Reading symbols from /usr/lib/libpcap.so.0.8...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libpcap.so.0.8
>>> Reading symbols from /usr/lib/libnet.so.1...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libnet.so.1
>>> Reading symbols from /usr/lib/libnetfilter_queue.so.1...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libnetfilter_queue.so.1
>>> Reading symbols from /usr/lib/libnfnetlink.so.0...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libnfnetlink.so.0
>>> Reading symbols from /lib/i686/cmov/libpthread.so.0...(no debugging symbols found)...done.
>>> Loaded symbols for /lib/i686/cmov/libpthread.so.0
>>> Reading symbols from /usr/lib/libyaml-0.so.2...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libyaml-0.so.2
>>> Reading symbols from /lib/libpcre.so.3...Reading symbols from /usr/lib/debug/lib/libpcre.so.3.12.1...done.
>>> (no debugging symbols found)...done.
>>> Loaded symbols for /lib/libpcre.so.3
>>> Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols found)...done.
>>> Loaded symbols for /lib/i686/cmov/libc.so.6
>>> Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
>>> Loaded symbols for /usr/lib/libz.so.1
>>> Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
>>> Loaded symbols for /lib/ld-linux.so.2
>>> Core was generated by `suricata -D -c /etc/suricata/suricata.yaml -i eth0'.
>>> Program terminated with signal 6, Aborted.
>>> #0 0xb7741424 in __kernel_vsyscall ()
>>>
>>>
>>> It is a 32 bit system with 8 core CPU with 8GB of ram. It is running kernel 2.6.26-2-686-bigmem.
>>>
>>
>> The core file and the executable don't match. When you get a core
>> next time round, can you immediately take a bt without re-compiling
>> suricata? Or maybe you have opened gdb with the core against the
>> wrong binary?
>>
>> --
>> Anoop Saldanha
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Anoop Saldanha
More information about the Oisf-users
mailing list