[Bro] Broctl segmentation fault

Thu Oct 4 05:01:02 PDT 2018

# bro -v
bro version 2.5.5

# bro -NN
Segmentation fault

# bro -b -i lo
listening on lo

^C1538653437.070325 received termination signal
1538653437.070325 208 packets received on interface lo, 0 dropped

# bro -i lo
Segmentation fault

# bro -i lo local
Segmentation fault

# ldd /opt/bro/bin/bro
        linux-vdso.so.1 =>  (0x00007fff99dfd000)
        libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f148eec1000)
        libssl.so.10 => /lib64/libssl.so.10 (0x00007f148ec50000)
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f148e7ef000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f148e5d6000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f148e3c0000)
        libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f148e190000)
        libtcmalloc.so.4 => /lib64/libtcmalloc.so.4 (0x00007f148dd9b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f148db7f000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f148d97b000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f148d674000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f148d372000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f148d15c000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f148cd8f000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f148cb42000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f148c85a000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f148c656000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f148c423000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f148f102000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f148c215000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f148c011000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f148bdea000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f148bb88000)

No custom scripts being loaded via local.bro
Nothing in particular - did yum install/update of RedHat-based dependencies according to https://www.bro.org/sphinx/install/install.html#required-dependencies
Although I did build it against pfring first, using yum package from ntop repo - same issue, have since removed that and did regular build

Only configure switch was --prefix.

V/R
Sean

-----Original Message-----
From: Azoff, Justin S [mailto:jazoff at illinois.edu] 
Sent: Wednesday, October 03, 2018 3:01 PM
To: Sean Hutchison <shutchison at cert.org>
Cc: bro at bro.org
Subject: Re: [Bro] Broctl segmentation fault

> On Oct 3, 2018, at 2:46 PM, Sean Hutchison <shutchison at cert.org> wrote:
> 
> Hello,
>  
> After any build of Bro with Broctl 1.7, I’m experiencing the below error when broctl/scripts/check-config is run…
>  
> /opt/bro/share/broctl/scripts/check-config: line 50:  4463 Segmentation fault      "${bro}" $check_option "$@"
>  
> Anyone encountered this before? Cannot bypass doing broctl check – broctl start results in failed/crashed processes.
>  
> This is on RHEL7.5, after building Bro-2.5.5 (I’ve tried other minor versions since 2.5 – same issue).
>  
> Existing Bro cluster on RHEL7.5 boxes with Bro-2.5 and Broctl 1.5 works fine.
>  
> Any help would be greatly appreciated.
>  

check runs bro with the current configuration to see if it can start, so that's bro segfaulting there.. that's why start also fails..

What do you get if you try each of the following?

    bro -v
    bro -NN # just see if this runs or crashes
    bro -b -i lo
    bro -i lo
    bro -i lo local

You can hit control-c if any of those start successfully to get your prompt back.

I'm not aware of any issues like this, so it could be something with your configuration.

Do you have a customized local.bro at all?
Are you building bro against a particular libpcap or malloc implementation?
What does ldd /opt/bro/bin/bro output?

— 
Justin Azoff