[Oisf-users] Suricata segfaults
Peter Manev
petermanev at gmail.com
Tue Oct 29 09:59:25 UTC 2013
On Tue, Oct 29, 2013 at 8:26 AM, Kirill Sluchanko <KSluchanko at polikom.ru>wrote:
> Hi,
>
> I have a problem with Suricata segfaults. It looks like this:
>
> root at suricata:~# cat /var/log/messages | grep segfault
> Oct 20 20:08:47 suricata kernel: [196713.311569] Detect4[3218]: segfault
> at 8 ip 00007ffce1ec9e0b sp 00007ffcc7ffe4b0 error 4 in
> suricata[7ffce1de5000+1cd000]
> Oct 21 04:01:31 suricata kernel: [28234.645921] Detect2[3613]: segfault
> at 8 ip 00007f3eb4be7e0b sp 00007f3eae34e4b0 error 4 in
> suricata[7f3eb4b03000+1cd000]
> Oct 21 23:35:33 suricata kernel: [70193.283110] Detect5[3611]: segfault
> at 8 ip 00007f4c0cc11e0b sp 00007f4c053764b0 error 4 in
> suricata[7f4c0cb2d000+1cd000]
> Oct 21 23:39:14 suricata kernel: [ 168.582171] Detect2[3625]: segfault
> at 8 ip 00007f4c04291e0b sp 00007f4bfd9f84b0 error 4 in
> suricata[7f4c041ad000+1cd000]
> Oct 21 23:43:57 suricata kernel: [ 239.626195] Detect6[3165]: segfault
> at 8 ip 00007fd38e211e0b sp 00007fd3861754b0 error 4 in
> suricata[7fd38e12d000+1cd000]
> Oct 21 23:47:11 suricata kernel: [ 155.268455] Detect4[3521]: segfault
> at 8 ip 00007f449e2f6e0b sp 00007f4483ffe4b0 error 4 in
> suricata[7f449e212000+1cd000]
> Oct 21 23:50:31 suricata kernel: [ 161.476515] Detect6[3532]: segfault
> at 8 ip 00007fd1e6faae0b sp 00007fd1def0e4b0 error 4 in
> suricata[7fd1e6ec6000+1cd000]
> Oct 21 23:52:19 suricata kernel: [ 68.928578] Detect2[3522]: segfault
> at 8 ip 00007f6c98bffe0b sp 00007f6c923664b0 error 4 in
> suricata[7f6c98b1b000+1cd000]
> Oct 21 23:54:30 suricata kernel: [ 87.263267] Detect5[3569]: segfault
> at 8 ip 00007fa2738a1e0b sp 00007fa26b8054b0 error 4 in
> suricata[7fa2737bd000+1cd000]
> Oct 21 23:59:32 suricata kernel: [ 265.395157] Detect6[3535]: segfault
> at 8 ip 00007f3ed6706e0b sp 00007f3ece66a4b0 error 4 in
> suricata[7f3ed6622000+1cd000]
> Oct 22 00:02:54 suricata kernel: [ 163.091784] Detect2[3625]: segfault
> at 8 ip 00007fdf2172ae0b sp 00007fdf1ae914b0 error 4 in
> suricata[7fdf21646000+1cd000]
> Oct 26 07:55:07 suricata kernel: [372825.339726] Detect3[3622]: segfault
> at 8 ip 00007f04f8ed4e0b sp 00007f04f1e3a4b0 error 4 in
> suricata[7f04f8df0000+1cd000]
> Oct 26 07:58:49 suricata kernel: [ 175.222422] Detect5[3660]: segfault
> at 8 ip 00007f4234c1ee0b sp 00007f422d3834b0 error 4 in
> suricata[7f4234b3a000+1cd000]
> Oct 26 08:00:38 suricata kernel: [ 73.356093] Detect6[3603]: segfault
> at 8 ip 00007f8bc3faae0b sp 00007f8bbbf0e4b0 error 4 in
> suricata[7f8bc3ec6000+1cd000]
> Oct 26 11:17:13 suricata kernel: [11726.652112] Detect1[3564]: segfault
> at 4 ip 00007f06d4b5ef63 sp 00007f06ceac64b0 error 4 in
> suricata[7f06d4a7a000+1cd000]
> Oct 26 11:35:18 suricata kernel: [ 1038.738681] Detect1[3550]: segfault
> at 4 ip 00007f3ed470af63 sp 00007f3ece6724b0 error 4 in
> suricata[7f3ed4626000+1cd000]
> Oct 26 11:40:51 suricata kernel: [ 295.378649] Detect6[3600]: segfault
> at 4 ip 00007fa500bd0f63 sp 00007fa4f8b344b0 error 4 in
> suricata[7fa500aec000+1cd000]
> Oct 26 11:46:33 suricata kernel: [ 303.151071] Detect1[3617]: segfault
> at 4 ip 00007f4d19eaff63 sp 00007f4d13e174b0 error 4 in
> suricata[7f4d19dcb000+1cd000]
> Oct 26 11:52:13 suricata kernel: [ 303.590013] Detect6[3623]: segfault
> at 4 ip 00007f6a78767f63 sp 00007f6a706cb4b0 error 4 in
> suricata[7f6a78683000+1cd000]
> Oct 26 11:57:46 suricata kernel: [ 297.468598] Detect4[3617]: segfault
> at 4 ip 00007fc849bbaf63 sp 00007fc82fffe4b0 error 4 in
> suricata[7fc849ad6000+1cd000]
> Oct 26 12:03:30 suricata kernel: [ 306.600599] Detect1[3649]: segfault
> at 4 ip 00007fd58115df63 sp 00007fd57b0c54b0 error 4 in
> suricata[7fd581079000+1cd000]
> Oct 26 12:09:19 suricata kernel: [ 308.945417] Detect3[3669]: segfault
> at 4 ip 00007fe0b2689f63 sp 00007fe0ab5ef4b0 error 4 in
> suricata[7fe0b25a5000+1cd000]
> Oct 26 12:15:05 suricata kernel: [ 306.190261] Detect3[3613]: segfault
> at 4 ip 00007f9120284f63 sp 00007f91191ea4b0 error 4 in
> suricata[7f91201a0000+1cd000]
> Oct 26 12:20:46 suricata kernel: [ 303.095698] Detect3[3590]: segfault
> at 4 ip 00007f1c648ddf63 sp 00007f1c5d8434b0 error 4 in
> suricata[7f1c647f9000+1cd000]
> Oct 26 12:26:27 suricata kernel: [ 304.138298] Detect5[3558]: segfault
> at 4 ip 00007f7a909a6f63 sp 00007f7a8910b4b0 error 4 in
> suricata[7f7a908c2000+1cd000]
> Oct 26 12:32:12 suricata kernel: [ 307.896040] Detect6[3227]: segfault
> at 4 ip 00007fa97c1fff63 sp 00007fa9741634b0 error 4 in
> suricata[7fa97c11b000+1cd000]
> Oct 26 12:37:54 suricata kernel: [ 304.975273] Detect2[3613]: segfault
> at 4 ip 00007f9cf4791f63 sp 00007f9cedef84b0 error 4 in
> suricata[7f9cf46ad000+1cd000]
> Oct 26 12:43:38 suricata kernel: [ 308.122617] Detect3[3234]: segfault
> at 4 ip 00007fb970231f63 sp 00007fb9691974b0 error 4 in
> suricata[7fb97014d000+1cd000]
> Oct 26 12:49:14 suricata kernel: [ 298.845899] Detect6[3583]: segfault
> at 4 ip 00007ffdb255cf63 sp 00007ffdaa4c04b0 error 4 in
> suricata[7ffdb2478000+1cd000]
> Oct 26 12:54:55 suricata kernel: [ 302.028484] Detect2[3635]: segfault
> at 4 ip 00007ff9df1f0f63 sp 00007ff9d89574b0 error 4 in
> suricata[7ff9df10c000+1cd000]
> Oct 26 13:00:29 suricata kernel: [ 295.567638] Detect3[3529]: segfault
> at 4 ip 00007f9b6ddcbf63 sp 00007f9b66d314b0 error 4 in
> suricata[7f9b6dce7000+1cd000]
> Oct 26 13:06:02 suricata kernel: [ 295.277042] Detect4[3623]: segfault
> at 4 ip 00007f4387a4af63 sp 00007f43801af4b0 error 4 in
> suricata[7f4387966000+1cd000]
> Oct 26 13:11:43 suricata kernel: [ 301.514005] Detect6[3541]: segfault
> at 4 ip 00007fd6c1973f63 sp 00007fd6b98d74b0 error 4 in
> suricata[7fd6c188f000+1cd000]
> Oct 26 13:17:27 suricata kernel: [ 303.499040] Detect1[3612]: segfault
> at 4 ip 00007f42b479af63 sp 00007f42ae7024b0 error 4 in
> suricata[7f42b46b6000+1cd000]
> Oct 26 13:22:59 suricata kernel: [ 294.384116] Detect5[3569]: segfault
> at 4 ip 00007f62160e0f63 sp 00007f620e8454b0 error 4 in
> suricata[7f6215ffc000+1cd000]
> Oct 26 13:42:50 suricata kernel: [ 300.954323] Detect6[3641]: segfault
> at 4 ip 00007fbb7e7a4f63 sp 00007fbb767084b0 error 4 in
> suricata[7fbb7e6c0000+1cd000]
> Oct 26 13:48:34 suricata kernel: [ 305.380599] Detect2[3276]: segfault
> at 4 ip 00007fe908fbdf63 sp 00007fe9027244b0 error 4 in
> suricata[7fe908ed9000+1cd000]
> Oct 26 13:54:18 suricata kernel: [ 305.965125] Detect6[3634]: segfault
> at 4 ip 00007fe96e9d7f63 sp 00007fe96693b4b0 error 4 in
> suricata[7fe96e8f3000+1cd000]
>
> Suricata runs on Debian:
>
> root at suricata:~# uname -a
> Linux suricata 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1+deb7u1 x86_64
> GNU/Linux
>
> and installed from testing:
>
> root at suricata:~# apt-cache showpkg suricata
> Package: suricata
> Versions:
> 1.4.5-1
>
> (/var/lib/apt/lists/ftp.debian.org_debian_dists_testing_main_binary-amd64_Packages)
>
> What additional information I should provide to help developers to deal
> with this?
>
>
Do you have segfaults on a repeatable/regular basis ?
What is the output of "suricata --build-info" ?
How much traffic are you currently inspecting and how many/what rules(et)
are you using?
Alternatively - compiling from source with debugging enabled would help
the most in pinpointing the issue:
use
CFLAGS="-O0 -ggdb" ./configure
instead of just "./configure"
If you get a segfaut again you should locate the cored dump file and
execute:
gdb /usr/bin/suricata core
then
thread apply all bt
After which you can post back the information (in a file, do not copy/paste
it in the email, might be very long :) )
You could try updating to the current stable 1.4.6 -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation
Just make sure you use 1.4.6 while following the guide. (but i doubt that
will fix the segfault issues, since the differences between 1.4.5 and 1.4.6
do not fix any segfault issues as far as I remember)
thanks
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131029/96785c04/attachment-0002.html>
More information about the Oisf-users
mailing list