[Oisf-users] Crash for illegal instruction
tidy at holonetsecurity.com
tidy at holonetsecurity.com
Tue May 2 08:14:33 UTC 2017
Yes, I Have disabled the option and you can find that from my build-info, the binary libhtp has no diff in both host.
>> GCC march native enabled: no
>> compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23
double running the whole steps again and get the same coredump.
-Tidy
> On May 2, 2017, at 3:53 PM, Jozef Mlich <jozef.mlich at greycortex.com> wrote:
>
> On Tue, 2017-05-02 at 15:38 +0800, tidy at holonetsecurity.com wrote:
>
> Use "./configure --disable-gccmarch-native" if you are building on
> other host.
>
> I can see that you are using --enable-non-bundled-htp. Make sure that
> you are using same version of libhtp.
>
>> Oddly, I’ve built in Physical host A and then running in another host
>> B, it crashed when runs in host B, Any body know whats
>>
>> [Thread debugging using libthread_db enabled]
>> Using host libthread_db library "/lib64/libthread_db.so.1".
>> Core was generated by `./suricata -c /etc/suricata/suricata.yaml -i
>> eth0'.
>> Program terminated with signal 4, Illegal instruction.
>> #0 0x00000000004500d6 in HTPRegisterPatternsForProtocolDetection ()
>> at app-layer-htp.c:2741
>> 2741 app-layer-htp.c: No such file or directory.
>>
>>
>>
>>
>>
>> [root@ ~]# ./suricata --build-info
>> This is Suricata version 3.2dev
>> Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET
>> HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT
>> HAVE_NSS HAVE_LUA HAVE_LIBJANSSON TLS MAGIC
>> SIMD support: none
>> Atomic intrisics: 1 2 4 8 byte(s)
>> 64-bits, Little-endian architecture
>> GCC version 4.8.5 20150623 (Red Hat 4.8.5-11), C version 199901
>> compiled with _FORTIFY_SOURCE=0
>> L1 cache line size (CLS)=64
>> thread local storage method: __thread
>> compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23
>>
>> Suricata Configuration:
>> AF_PACKET support: yes
>> PF_RING support: no
>> NFQueue support: no
>> NFLOG support: no
>> IPFW support: no
>> Netmap support: no
>> DAG enabled: no
>> Napatech enabled: no
>>
>> Unix socket enabled: yes
>> Detection enabled: yes
>>
>> Libmagic support: yes
>> libnss support: yes
>> libnspr support: yes
>> libjansson support: yes
>> hiredis support: yes
>> Prelude support: no
>> PCRE jit: yes
>> LUA support: yes
>> libluajit: no
>> libgeoip: no
>> Non-bundled htp: yes
>> Old barnyard2 support: no
>> CUDA enabled: no
>> Hyperscan support: yes
>> Libnet support: no
>>
>> Suricatasc install: yes
>>
>> Profiling enabled: no
>> Profiling locks enabled: no
>>
>> Development settings:
>> Coccinelle / spatch: no
>> Unit tests enabled: no
>> Debug output enabled: no
>> Debug validation enabled: no
>>
>> Generic build parameters:
>> Installation prefix: /usr/local/
>> Configuration directory: /usr/local/etc/suricata/
>> Log directory:
>> /usr/local/var/log/suricata/
>>
>> --prefix /usr/local/
>> --sysconfdir /usr/local/etc
>> --localstatedir /usr/local/var
>>
>> Host: x86_64-unknown-linux-gnu
>> Compiler: gcc (exec name) / gcc
>> (real)
>> GCC Protect enabled: no
>> GCC march native enabled: no
>> GCC Profile enabled: no
>> Position Independent Executable enabled: no
>> CFLAGS -g -O2
>> PCAP_CFLAGS -I/usr/local/deps/include
>> SECCFLAGS
>>
>>
>> Thanks,
>> -Tidy
>>
>>> On Apr 22, 2017, at 6:27 AM, Tom DeCanio <decanio.tom at gmail.com>
>>> wrote:
>>>
>>> I've seen illegal instruction crashes in the pcre library on some
>>> VMs. This sounds similar to your description.
>>>
>>
>>
> --
> Jozef Mlich <jozef.mlich at greycortex.com>
More information about the Oisf-users
mailing list