[Bro] Fwd: Crash report from bro
Seth Hall
hall.692 at osu.edu
Thu Feb 11 12:40:30 PST 2010
On Feb 11, 2010, at 3:24 PM, Robin Sommer wrote:
>
> On Thu, Feb 11, 2010 at 12:50 -0600, Joe Klemencic wrote:
>
>> This happens whenever broctl cron is run.
>
> That's only a symptom: "broctl cron" checks whether Bro has crashed;
> if so, it mails out the crash report. The crash itself is quite
> certainly not triggered by "cron" but has occured earlier.
>
>> Program terminated with signal 11, Segmentation fault.
>> #0 FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62
>> 62 void ClearReassembler() { f = 0; }
>
> Don't know what's causing this but it seems to be related to IP
> fragments in some form. Are you able to reproduce this offline from
> a trace captured with tcpdump?
I've seen lots of crashes in strange places when my analyzers are
severely overworked. Are yours running close to 100% CPU usage?
Sometimes it will be difficult to tell though if you see occasional
dramatic spikes.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list