[Oisf-users] segfault in libc

Christophe Vandeplas christophe at vandeplas.com
Mon Sep 9 08:08:57 UTC 2013

@Peter: bug created : #942

@Victor: I would prefer to delegate this completely to you, and give
you full access on the system. Unfortunately as you said, and as
everyone says, this machine is "in production" and not in a network
where I can give you access.

On Tue, Sep 3, 2013 at 5:41 PM, Victor Julien <lists at inliniac.net> wrote:
>> Any pointer what I should do next to help locate the problem?
> This is really strange. The error you get is SEGV, but the bt says it
> crashes on a line:
>         BUG_ON(data_len > sizeof(data));
> BUG_ON is a wrapper around assert, which should exit/crash with a
> different signal. Weird.
> To get at this point there has to be some bug during reassembly. The
> data_len variable is too big, that is clear.

Perhaps it would be a good idea to also focus on reproducing the bug
easily, right now it can take half a day or more before the thing
Could you help me pinpoint what type of traffic was reassembled? I'm
sure it must be in the core dump somewhere (I kept 2 core dumps), but
I have no idea where to look. With details about the traffic I should
be able to put a filter and capture the thing..

> There are a few more 'BUG_ON' statements in that same function. They are
> enabled by debug mode. Running with debugging enabled is probably not
> feasible, so maybe you can edit the code to remove the various:
>                 if (SCLogDebugEnabled()) {
> and their corresponding
>                 }
> and then recompile. If it crashes slightly sooner, it may give us the
> clue we need.

The annoying part is that I don't have a compiler nor anything else on
that system.
I'll see what I can do to recompile. See below for more reactions.

I do need to say that the box is currently underscaled. (not enough
CPU and not enough RAM)
RAM is coming, and to solve the CPU problem on the short term we're
going to filter the traffic on the network taps (or capture filter) to
remove the useless traffic that's passing.


More information about the Oisf-users mailing list