[Oisf-users] Get a kernel backtrace with latest git version
Victor Julien
lists at inliniac.net
Tue Mar 4 11:35:46 UTC 2014
On 03/03/2014 06:03 PM, Stefan Sabolowitsch wrote:
> Hi all,
> get a backtrace with latest git version, but no kernel dump.
>
> suri start config version 2.0dev (rev df927f7):
> suricata --user sguil --group sguil -c /etc/nsm/Serrig-intern/suricata.yaml -q 0 -q 1 -q 2 -q 3 -l /nsm/sensor_data/Serrig-intern --runmode workers
Do you have the 'eve-log.files' enabled by any chance?
Cheers,
Victor
> regards
> Stefan
>
>
> [root at ipd1 sysconfig]# *** glibc detected *** suricata: free(): invalid next size (fast): 0x00007f90a0926870 ***
> ======= Backtrace: =========
> /lib64/libc.so.6[0x373e876126]
> /lib64/libc.so.6[0x373e878c53]
> suricata[0x4d140c]
> suricata[0x4d18a7]
> suricata[0x4cb6af]
> suricata[0x514fb8]
> suricata[0x4f40de]
> /usr/lib/libnetfilter_queue.so.1(+0x2b97)[0x7f90b3cceb97]
> /usr/lib/libnfnetlink.so.0[0x37dbc01f77]
> /usr/lib/libnfnetlink.so.0(nfnl_handle_packet+0x6a)[0x37dbc01ffa]
> suricata[0x4f1c48]
> suricata[0x4f2054]
> suricata[0x514c46]
> /lib64/libpthread.so.0[0x373f407851]
> /lib64/libc.so.6(clone+0x6d)[0x373e8e894d]
> ======= Memory map: ========
> 00400000-005bf000 r-xp 00000000 fc:00 789513 /usr/local/bin/suricata
> 007be000-007c5000 rw-p 001be000 fc:00 789513 /usr/local/bin/suricata
> 007c5000-00805000 rw-p 00000000 00:00 0
> 01850000-2004e000 rw-p 00000000 00:00 0 [heap]
> 373e400000-373e420000 r-xp 00000000 fc:00 3145811 /lib64/ld-2.12.so
> 373e61f000-373e620000 r--p 0001f000 fc:00 3145811 /lib64/ld-2.12.so
> 373e620000-373e621000 rw-p 00020000 fc:00 3145811 /lib64/ld-2.12.so
> 373e621000-373e622000 rw-p 00000000 00:00 0
> 373e800000-373e98a000 r-xp 00000000 fc:00 3145838 /lib64/libc-2.12.so
> 373e98a000-373eb89000 ---p 0018a000 fc:00 3145838 /lib64/libc-2.12.so
> 373eb89000-373eb8d000 r--p 00189000 fc:00 3145838 /lib64/libc-2.12.so
> 373eb8d000-373eb8e000 rw-p 0018d000 fc:00 3145838 /lib64/libc-2.12.so
> 373eb8e000-373eb93000 rw-p 00000000 00:00 0
> 373ec00000-373ec35000 r-xp 00000000 fc:00 816693 /usr/lib64/libpcap.so.1.0.0
> 373ec35000-373ee34000 ---p 00035000 fc:00 816693 /usr/lib64/libpcap.so.1.0.0
> 373ee34000-373ee37000 rw-p 00034000 fc:00 816693 /usr/lib64/libpcap.so.1.0.0
> 373f000000-373f002000 r-xp 00000000 fc:00 3145852 /lib64/libdl-2.12.so
> 373f002000-373f202000 ---p 00002000 fc:00 3145852 /lib64/libdl-2.12.so
> 373f202000-373f203000 r--p 00002000 fc:00 3145852 /lib64/libdl-2.12.so
> 373f203000-373f204000 rw-p 00003000 fc:00 3145852 /lib64/libdl-2.12.so
> 373f400000-373f417000 r-xp 00000000 fc:00 3145924 /lib64/libpthread-2.12.so
> 373f417000-373f617000 ---p 00017000 fc:00 3145924 /lib64/libpthread-2.12.so
> 373f617000-373f618000 r--p 00017000 fc:00 3145924 /lib64/libpthread-2.12.so
> 373f618000-373f619000 rw-p 00018000 fc:00 3145924 /lib64/libpthread-2.12.so
> 373f619000-373f61d000 rw-p 00000000 00:00 0
> 373f800000-373f807000 r-xp 00000000 fc:00 3146111 /lib64/librt-2.12.so
> 373f807000-373fa06000 ---p 00007000 fc:00 3146111 /lib64/librt-2.12.so
> 373fa06000-373fa07000 r--p 00006000 fc:00 3146111 /lib64/librt-2.12.so
> 373fa07000-373fa08000 rw-p 00007000 fc:00 3146111 /lib64/librt-2.12.so
> 373fc00000-373fc15000 r-xp 00000000 fc:00 3146108 /lib64/libz.so.1.2.3
> 373fc15000-373fe14000 ---p 00015000 fc:00 3146108 /lib64/libz.so.1.2.3
> 373fe14000-373fe15000 r--p 00014000 fc:00 3146108 /lib64/libz.so.1.2.3
> 373fe15000-373fe16000 rw-p 00015000 fc:00 3146108 /lib64/libz.so.1.2.3
> 3740000000-374001b000 r-xp 00000000 fc:00 790730 /usr/lib64/libmagic.so.1.0.0
> 374001b000-374021b000 ---p 0001b000 fc:00 790730 /usr/lib64/libmagic.so.1.0.0
> 374021b000-374021c000 rw-p 0001b000 fc:00 790730 /usr/lib64/libmagic.so.1.0.0
> 374021c000-374021e000 rw-p 00000000 00:00 0
> 3740c00000-3740c3d000 r-xp 00000000 fc:00 816729 /usr/lib64/libsoftokn3.so
> 3740c3d000-3740e3d000 ---p 0003d000 fc:00 816729 /usr/lib64/libsoftokn3.so
> 3740e3d000-3740e3e000 r--p 0003d000 fc:00 816729 /usr/lib64/libsoftokn3.so
> 3740e3e000-3740e3f000 rw-p 0003e000 fc:00 816729 /usr/lib64/libsoftokn3.so
> 3741800000-3741866000 r-xp 00000000 fc:00 3146109 /lib64/libfreebl3.so
> 3741866000-3741a66000 ---p 00066000 fc:00 3146109 /lib64/libfreebl3.so
> 3741a66000-3741a67000 r--p 00066000 fc:00 3146109 /lib64/libfreebl3.so
> 3741a67000-3741a68000 rw-p 00067000 fc:00 3146109 /lib64/libfreebl3.so
> 3741a68000-3741a6c000 rw-p 00000000 00:00 0
> 3742000000-3742033000 r-xp 00000000 fc:00 813150 /usr/lib64/libssl3.so
> 3742033000-3742233000 ---p 00033000 fc:00 813150 /usr/lib64/libssl3.so
> 3742233000-3742235000 r--p 00033000 fc:00 813150 /usr/lib64/libssl3.so
> 3742235000-3742236000 rw-p 00035000 fc:00 813150 /usr/lib64/libssl3.so
> 3742236000-3742237000 rw-p 00000000 00:00 0
> 3742400000-3742403000 r-xp 00000000 fc:00 3146114 /lib64/libplds4.so
> 3742403000-3742602000 ---p 00003000 fc:00 3146114 /lib64/libplds4.so
> 3742602000-3742603000 r--p 00002000 fc:00 3146114 /lib64/libplds4.so
> 3742603000-3742604000 rw-p 00003000 fc:00 3146114 /lib64/libplds4.so
> 3742800000-3742839000 r-xp 00000000 fc:00 3146112 /lib64/libnspr4.so
> 3742839000-3742a39000 ---p 00039000 fc:00 3146112 /lib64/libnspr4.so
> 3742a39000-3742a3a000 r--p 00039000 fc:00 3146112 /lib64/libnspr4.so
> 3742a3a000-3742a3c000 rw-p 0003a000 fc:00 3146112 /lib64/libnspr4.so
> 3742a3c000-3742a3e000 rw-p 00000000 00:00 0
> 3743000000-3743135000 r-xp 00000000 fc:00 813137 /usr/lib64/libnss3.so
> 3743135000-3743334000 ---p 00135000 fc:00 813137 /usr/lib64/libnss3.so
> 3743334000-3743339000 r--p 00134000 fc:00 813137 /usr/lib64/libnss3.so
> 3743339000-374333b000 rw-p 00139000 fc:00 813137 /usr/lib64/libnss3.so
> 374333b000-374333d000 rw-p 00000000 00:00 0
> 3743400000-3743404000 r-xp 00000000 fc:00 3146113 /lib64/libplc4.so
> 3743404000-3743603000 ---p 00004000 fc:00 3146113 /lib64/libplc4.so
> 3743603000-3743604000 r--p 00003000 fc:00 3146113 /lib64/libplc4.so
> 3743604000-3743605000 rw-p 00004000 fc:00 3146113 /lib64/libplc4.so
> 3743800000-3743825000 r-xp 00000000 fc:00 813133 /usr/lib64/libnssutil3.so
> 3743825000-3743a24000 ---p 00025000 fc:00 813133 /usr/lib64/libnssutil3.so
> 3743a24000-3743a2a000 r--p 00024000 fc:00 813133 /usr/lib64/libnssutil3.so
> 3743a2a000-3743a2b000 rw-p 0002a000 fc:00 813133 /usr/lib64/libnssutil3.so
> 3744800000-3744828000 r-xp 00000000 fc:00 813151 /usr/lib64/libsmime3.so
> 3744828000-3744a28000 ---p 00028000 fc:00 813151 /usr/lib64/libsmime3.so
> 3744a28000-3744a2b000 r--p 00028000 fc:00 813151 /usr/lib64/libsmime3.so
> 3744a2b000-3744a2c000 rw-p 0002b000 fc:00 813151 /usr/lib64/libsmime3.so
> 3747c00000-3747c8c000 r-xp 00000000 fc:00 790538 /usr/lib64/libsqlite3.so.0.8.6
> 3747c8c000-3747e8b000 ---p 0008c000 fc:00 790538 /usr/lib64/libsqlite3.so.0.8.6
> 3747e8b000-3747e8e000 rw-p 0008b000 fc:00 790538 /usr/lib64/libsqlite3.so.0.8.6
> 3747e8e000-3747e8f000 rw-p 00000000 00:00 0
> 374a800000-374a804000 r-xp 00000000 fc:00 3159222 /lib64/libcap-ng.so.0.0.0
> 374a804000-374aa03000 ---p 00004000 fc:00 3159222 /lib64/libcap-ng.so.0.0.0
> 374aa03000-374aa04000 r--p 00003000 fc:00 3159222 /lib64/libcap-ng.so.0.0.0
> 374aa04000-374aa05000 rw-p 00004000 fc:00 3159222 /lib64/libcap-ng.so.0.0.0
> 37dbc00000-37dbc06000 r-xp 00000000 fc:00 812636 /usr/lib/libnfnetlink.so.0.2.0
> 37dbc06000-37dbe05000 ---p 00006000 fc:00 812636 /usr/lib/libnfnetlink.so.0.2.0
> 37dbe05000-37dbe06000 rw-p 00005000 fc:00 812636 /usr/lib/libnfnetlink.so.0.2.0
> 7f9094000000-7f9094951000 rw-p 00000000 00:00 0
> 7f9094951000-7f9098000000 ---p 00000000 00:00 0
> 7f9098000000-7f9098290000 rw-p 00000000 00:00 0
> 7f9098290000-7f909c000000 ---p 00000000 00:00 0
> 7f909c000000-7f909c95f000 rw-p 00000000 00:00 0
> 7f909c95f000-7f90a0000000 ---p 00000000 00:00 0
> 7f90a0000000-7f90a0940000 rw-p 00000000 00:00 0
> 7f90a0940000-7f90a4000000 ---p 00000000 00:00 0
> 7f90a4000000-7f90a4921000 rw-p 00000000 00:00 0
> 7f90a4921000-7f90a8000000 ---p 00000000 00:00 0
> 7f90aaf67000-7f90adefb000 rw-p 00000000 00:00 0
> 7f90aec0c000-7f90aec22000 r-xp 00000000 fc:00 3146135 /lib64/libgcc_s-4.4.7-20120601.so.1
> 7f90aec22000-7f90aee21000 ---p 00016000 fc:00 3146135 /lib64/libgcc_s-4.4.7-20120601.so.1
> 7f90aee21000-7f90aee22000 rw-p 00015000 fc:00 3146135 /lib64/libgcc_s-4.4.7-20120601.so.1
> 7f90aee35000-7f90aee36000 ---p 00000000 00:00 0
> 7f90aee36000-7f90af636000 rw-p 00000000 00:00 0 [stack:30425]
> 7f90af636000-7f90af637000 ---p 00000000 00:00 0
> 7f90af637000-7f90afe37000 rw-p 00000000 00:00 0 [stack:30424]
> 7f90afe37000-7f90afe38000 ---p 00000000 00:00 0
> 7f90afe38000-7f90b0638000 rw-p 00000000 00:00 0 [stack:30423]
> 7f90b0638000-7f90b0639000 ---p 00000000 00:00 0
> 7f90b0639000-7f90b0e39000 rw-p 00000000 00:00 0 [stack:30422]
> 7f90b0e39000-7f90b0e3a000 ---p 00000000 00:00 0
> 7f90b0e3a000-7f90b18bd000 rw-p 00000000 00:00 0 [stack:30421]
> 7f90b18bd000-7f90b238d000 rwxp 00000000 00:00 0
> 7f90b238d000-7f90b2961000 rw-p 00000000 00:00 0
> 7f90b2961000-7f90b296d000 r-xp 00000000 fc:00 3145898 /lib64/libnss_files-2.12.so
> 7f90b296d000-7f90b2b6d000 ---p 0000c000 fc:00 3145898 /lib64/libnss_files-2.12.so
> 7f90b2b6d000-7f90b2b6e000 r--p 0000c000 fc:00 3145898 /lib64/libnss_files-2.12.so
> 7f90b2b6e000-7f90b2b6f000 rw-p 0000d000 fc:00 3145898 /lib64/libnss_files-2.12.so
> 7f90b2b70000-7f90b2b72000 rw-p 00000000 00:00 0
> 7f90b2b72000-7f90b2b82000 rwxp 00000000 00:00 0
> 7f90b2b82000-7f90b3450000 rw-p 00000000 00:00 0
> 7f90b3450000-7f90b3454000 r-xp 00000000 fc:00 816704 /usr/lib64/libmnl.so.0.1.0
> 7f90b3454000-7f90b3654000 ---p 00004000 fc:00 816704 /usr/lib64/libmnl.so.0.1.0
> 7f90b3654000-7f90b3655000 rw-p 00004000 fc:00 816704 /usr/lib64/libmnl.so.0.1.0
> 7f90b3655000-7f90b3658000 rw-p 00000000 00:00 0
> 7f90b3658000-7f90b36a0000 r-xp 00000000 fc:00 793766 /usr/local/lib/libpcre.so.1.2.1
> 7f90b36a0000-7f90b389f000 ---p 00048000 fc:00 793766 /usr/local/lib/libpcre.so.1.2.1
> 7f90b389f000-7f90b38a0000 rw-p 00047000 fc:00 793766 /usr/local/lib/libpcre.so.1.2.1
> 7f90b38a0000-7f90b38a1000 rw-p 00000000 00:00 0
> 7f90b38a1000-7f90b38c0000 r-xp 00000000 fc:00 810317 /usr/lib64/libyaml-0.so.2.0.2
> 7f90b38c0000-7f90b3abf000 ---p 0001f000 fc:00 810317 /usr/lib64/libyaml-0.so.2.0.2
> 7f90b3abf000-7f90b3ac0000 rw-p 0001e000 fc:00 810317 /usr/lib64/libyaml-0.so.2.0.2
> 7f90b3ac0000-7f90b3aca000 r-xp 00000000 fc:00 805057 /usr/local/lib/libjansson.so.4.5.0
> 7f90b3aca000-7f90b3cca000 ---p 0000a000 fc:00 805057 /usr/local/lib/libjansson.so.4.5.0
> 7f90b3cca000-7f90b3ccb000 rw-p 0000a000 fc:00 805057 /usr/local/lib/libjansson.so.4.5.0
> 7f90b3ccb000-7f90b3ccc000 rw-p 00000000 00:00 0
> 7f90b3ccc000-7f90b3cd2000 r-xp 00000000 fc:00 809918 /usr/lib/libnetfilter_queue.so.1.3.0
> 7f90b3cd2000-7f90b3ed1000 ---p 00006000 fc:00 809918 /usr/lib/libnetfilter_queue.so.1.3.0
> 7f90b3ed1000-7f90b3ed2000 rw-p 00005000 fc:00 809918 /usr/lib/libnetfilter_queue.so.1.3.0
> 7f90b3ed2000-7f90b3ee8000 r-xp 00000000 fc:00 3145747 /lib64/libnet.so.1.7.0
> 7f90b3ee8000-7f90b40e8000 ---p 00016000 fc:00 3145747 /lib64/libnet.so.1.7.0
> 7f90b40e8000-7f90b40e9000 rw-p 00016000 fc:00 3145747 /lib64/libnet.so.1.7.0
> 7f90b40e9000-7f90b40ee000 rw-p 00000000 00:00 0
> 7f90b40ee000-7f90b40fe000 rwxp 00000000 00:00 0
> 7f90b40fe000-7f90b4100000 rw-p 00000000 00:00 0
> 7f90b4100000-7f90b411c000 r-xp 00000000 fc:00 787798 /usr/local/lib/libhtp-0.5.so.1.0.2
> 7f90b411c000-7f90b431c000 ---p 0001c000 fc:00 787798 /usr/local/lib/libhtp-0.5.so.1.0.2
> 7f90b431c000-7f90b431d000 rw-p 0001c000 fc:00 787798 /usr/local/lib/libhtp-0.5.so.1.0.2
> 7f90b431d000-7f90b431e000 rw-p 00000000 00:00 0
> 7fff822e2000-7fff82328000 rw-p 00000000 00:00 0 [stack]
> 7fff82350000-7fff82352000 r-xp 00000000 00:00 0 [vdso]
> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list