[Bro] Segmentation fault while using own signature.
fatema bannatwala
fatema.bannatwala at gmail.com
Wed Jan 18 11:30:34 PST 2017
Thanks Jon for the links!
Thanks Justin for alternative.
We have our cluster in production, hence currently that sig file is
disabled so that the cluster runs properly.
Hence, to recreate the seg fault issue this time, rather than enabling it
for the whole cluster, I just enabled it (in local.bro) for the previous
version
of bro that we still have around, and ran a single bro process for that old
version, as you suggested.
This time I was able to generate core dump for that single process.
I ran the core dump through the crash-diag script:
==========================================================================
$ /usr/local/bro/2.4.1/share/broctl/scripts/crash-diag /tmp/brotest/
Bro 2.5
Linux 3.10.0-327.36.3.el7.x86_64
core.bro-1484765328-89288
Core was generated by `/usr/local/bro/2.4.1/bin/bro -i eth2 local'.
Program terminated with signal 11, Segmentation fault.
#0 0x00000000005ed589 in Func::Func (this=0x7ffd504940e0) at
/home/fa/bro-2.5/src/Func.cc:63
Thread 1 (LWP 89288):
#0 0x00000000005ed589 in Func::Func (this=0x7ffd504940e0) at
/home/fa/bro-2.5/src/Func.cc:63
#1 0x00000000047dfaf0 in ?? ()
#2 0x00007ffd504940e0 in ?? ()
#3 0x0000000000000000 in ?? ()
==== No reporter.log
==== No stderr.log
==== No stdout.log
==== No .cmdline
==== No .env_vars
==== No .status
==== prof.log
1484765327.517900 TCP-States: Inact. Syn. SA Part. Est.
Fin. Rst.
1484765327.517900 TCP-States:Inact. 454 1611
19 7
1484765327.517900 TCP-States:Syn. 2360 1027 12
262 34
1484765327.517900 TCP-States:SA 31 22
1484765327.517900 TCP-States:Part. 807 6489 1036
824 18
1484765327.517900 TCP-States:Est. 13778
3785 97
1484765327.517900 TCP-States:Fin. 61 619 3114
2401 33
1484765327.517900 TCP-States:Rst. 27 14 106
45 7
1484765327.517900 Connections expired due to inactivity: 37736
1484765327.517900 Total reassembler data: 21844K
==== packet_filter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2017-01-18-13-44-17
#fields ts node filter init success
#types time string string bool bool
1484765057.522496 bro ip or not ip T T
==== loaded_scripts.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2017-01-18-13-44-17
#fields name
#types string
/usr/local/bro/2.4.1/share/bro/base/init-bare.bro
/usr/local/bro/2.4.1/share/bro/base/bif/const.bif.bro
.......... (And a whole lot of loaded scripts, truncated)
=============================================================================
The interesting thing is, I don't have such folder as: /home/fa/
*bro-2.5/src*/Func.cc:63 in the home dir on that machine, where the error
reported according to coredump.
But located the Func.cc file and saw the function where the seg fault was
reported:
Func::Func() : scope(0), type(0)
{
unique_id = unique_ids.size();
unique_ids.push_back(this);
}
Don't have much intuition though, that what have caused it :/
Thanks,
Fatema.
On Wed, Jan 18, 2017 at 12:33 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
>
> > On Jan 18, 2017, at 11:56 AM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> >
> > Hi Seth,
> >
> > Thanks for the suggestions, still getting No core dump:
>
> I'd just run bro from a shell.. you said it crashes pretty quickly right?
>
> sudo su -
> mkdir /tmp/brotest
> cd /tmp/brotest
> ulimit -c unlimited
> /usr/local/bro/2.5/bin/bro -i eth0 local
>
> then it should crash and dump the core file right there.
>
> (replace eth0 with whatever)
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170118/a2452335/attachment-0001.html
More information about the Bro
mailing list