[Bro] Broctl segmentation fault

Sean Hutchison shutchison at cert.org
Thu Oct 4 10:14:09 PDT 2018 

Yes, and I just removed the Bro Kafka plugin and no more error!

Thank you so much.

V/R
Sean

-----Original Message-----
From: Johanna Amann [mailto:johanna at icir.org] 
Sent: Thursday, October 04, 2018 11:36 AM
To: Sean Hutchison <shutchison at cert.org>
Cc: Azoff, Justin S <jazoff at illinois.edu>; bro at bro.org
Subject: Re: [Bro] Broctl segmentation fault

Hi,

Is there a change that you have binary plugins installed (netmap plugin, a few bro-pkg ones)?

They can cause crashes exactly like this. This behavior is fixed with Bro 2.6 (it will output an error message instead).

If that is the case - either recompiling or removing the binary plugins will fix this.

Johanna

On 4 Oct 2018, at 5:01, Sean Hutchison wrote:

> # bro -v
> bro version 2.5.5
>
> # bro -NN
> Segmentation fault
>
> # bro -b -i lo
> listening on lo
>
> ^C1538653437.070325 received termination signal
> 1538653437.070325 208 packets received on interface lo, 0 dropped
>
> # bro -i lo
> Segmentation fault
>
> # bro -i lo local
> Segmentation fault
>
> # ldd /opt/bro/bin/bro
>         linux-vdso.so.1 =>  (0x00007fff99dfd000)
>         libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f148eec1000)
>         libssl.so.10 => /lib64/libssl.so.10 (0x00007f148ec50000)
>         libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f148e7ef000)
>         libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f148e5d6000)
>         libz.so.1 => /lib64/libz.so.1 (0x00007f148e3c0000)
>         libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f148e190000)
>         libtcmalloc.so.4 => /lib64/libtcmalloc.so.4
> (0x00007f148dd9b000)
>         libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f148db7f000)
>         libdl.so.2 => /lib64/libdl.so.2 (0x00007f148d97b000)
>         libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f148d674000)
>         libm.so.6 => /lib64/libm.so.6 (0x00007f148d372000)
>         libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f148d15c000)
>         libc.so.6 => /lib64/libc.so.6 (0x00007f148cd8f000)
>         libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
> (0x00007f148cb42000)
>         libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f148c85a000)
>         libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f148c656000)
>         libk5crypto.so.3 => /lib64/libk5crypto.so.3
> (0x00007f148c423000)
>         /lib64/ld-linux-x86-64.so.2 (0x00007f148f102000)
>         libkrb5support.so.0 => /lib64/libkrb5support.so.0
> (0x00007f148c215000)
>         libkeyutils.so.1 => /lib64/libkeyutils.so.1
> (0x00007f148c011000)
>         libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f148bdea000)
>         libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f148bb88000)
>
> No custom scripts being loaded via local.bro Nothing in particular - 
> did yum install/update of RedHat-based dependencies according to 
> https://www.bro.org/sphinx/install/install.html#required-dependencies
> Although I did build it against pfring first, using yum package from 
> ntop repo - same issue, have since removed that and did regular build
>
> Only configure switch was --prefix.
>
> V/R
> Sean
>
> -----Original Message-----
> From: Azoff, Justin S [mailto:jazoff at illinois.edu]
> Sent: Wednesday, October 03, 2018 3:01 PM
> To: Sean Hutchison <shutchison at cert.org>
> Cc: bro at bro.org
> Subject: Re: [Bro] Broctl segmentation fault
>
>
>> On Oct 3, 2018, at 2:46 PM, Sean Hutchison <shutchison at cert.org>
>> wrote:
>>
>> Hello,
>>
>> After any build of Bro with Broctl 1.7, I’m experiencing the below 
>> error when broctl/scripts/check-config is run…
>>
>> /opt/bro/share/broctl/scripts/check-config: line 50:  4463 
>> Segmentation fault      "${bro}" $check_option "$@"
>>
>> Anyone encountered this before? Cannot bypass doing broctl check – 
>> broctl start results in failed/crashed processes.
>>
>> This is on RHEL7.5, after building Bro-2.5.5 (I’ve tried other minor 
>> versions since 2.5 – same issue).
>>
>> Existing Bro cluster on RHEL7.5 boxes with Bro-2.5 and Broctl 1.5 
>> works fine.
>>
>> Any help would be greatly appreciated.
>>
>
> check runs bro with the current configuration to see if it can start, 
> so that's bro segfaulting there.. that's why start also fails..
>
> What do you get if you try each of the following?
>
>     bro -v
>     bro -NN # just see if this runs or crashes
>     bro -b -i lo
>     bro -i lo
>     bro -i lo local
>
> You can hit control-c if any of those start successfully to get your 
> prompt back.
>
> I'm not aware of any issues like this, so it could be something with 
> your configuration.
>
> Do you have a customized local.bro at all?
> Are you building bro against a particular libpcap or malloc 
> implementation?
> What does ldd /opt/bro/bin/bro output?
>
>> Justin Azoff
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list