[Bro] Broctl segmentation fault

Zeolla@GMail.com zeolla at gmail.com
Thu Oct 4 14:06:06 PDT 2018 

If you don't mind, can you share the steps you took to build and install
the plug-in?  What version?

Jon

On Thu, Oct 4, 2018, 13:23 Sean Hutchison <shutchison at cert.org> wrote:

> Yes, and I just removed the Bro Kafka plugin and no more error!
>
> Thank you so much.
>
> V/R
> Sean
>
> -----Original Message-----
> From: Johanna Amann [mailto:johanna at icir.org]
> Sent: Thursday, October 04, 2018 11:36 AM
> To: Sean Hutchison <shutchison at cert.org>
> Cc: Azoff, Justin S <jazoff at illinois.edu>; bro at bro.org
> Subject: Re: [Bro] Broctl segmentation fault
>
> Hi,
>
> Is there a change that you have binary plugins installed (netmap plugin, a
> few bro-pkg ones)?
>
> They can cause crashes exactly like this. This behavior is fixed with Bro
> 2.6 (it will output an error message instead).
>
> If that is the case - either recompiling or removing the binary plugins
> will fix this.
>
> Johanna
>
> On 4 Oct 2018, at 5:01, Sean Hutchison wrote:
>
> > # bro -v
> > bro version 2.5.5
> >
> > # bro -NN
> > Segmentation fault
> >
> > # bro -b -i lo
> > listening on lo
> >
> > ^C1538653437.070325 received termination signal
> > 1538653437.070325 208 packets received on interface lo, 0 dropped
> >
> > # bro -i lo
> > Segmentation fault
> >
> > # bro -i lo local
> > Segmentation fault
> >
> > # ldd /opt/bro/bin/bro
> >         linux-vdso.so.1 =>  (0x00007fff99dfd000)
> >         libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f148eec1000)
> >         libssl.so.10 => /lib64/libssl.so.10 (0x00007f148ec50000)
> >         libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f148e7ef000)
> >         libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f148e5d6000)
> >         libz.so.1 => /lib64/libz.so.1 (0x00007f148e3c0000)
> >         libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f148e190000)
> >         libtcmalloc.so.4 => /lib64/libtcmalloc.so.4
> > (0x00007f148dd9b000)
> >         libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f148db7f000)
> >         libdl.so.2 => /lib64/libdl.so.2 (0x00007f148d97b000)
> >         libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f148d674000)
> >         libm.so.6 => /lib64/libm.so.6 (0x00007f148d372000)
> >         libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f148d15c000)
> >         libc.so.6 => /lib64/libc.so.6 (0x00007f148cd8f000)
> >         libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
> > (0x00007f148cb42000)
> >         libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f148c85a000)
> >         libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f148c656000)
> >         libk5crypto.so.3 => /lib64/libk5crypto.so.3
> > (0x00007f148c423000)
> >         /lib64/ld-linux-x86-64.so.2 (0x00007f148f102000)
> >         libkrb5support.so.0 => /lib64/libkrb5support.so.0
> > (0x00007f148c215000)
> >         libkeyutils.so.1 => /lib64/libkeyutils.so.1
> > (0x00007f148c011000)
> >         libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f148bdea000)
> >         libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f148bb88000)
> >
> > No custom scripts being loaded via local.bro Nothing in particular -
> > did yum install/update of RedHat-based dependencies according to
> > https://www.bro.org/sphinx/install/install.html#required-dependencies
> > Although I did build it against pfring first, using yum package from
> > ntop repo - same issue, have since removed that and did regular build
> >
> > Only configure switch was --prefix.
> >
> > V/R
> > Sean
> >
> > -----Original Message-----
> > From: Azoff, Justin S [mailto:jazoff at illinois.edu]
> > Sent: Wednesday, October 03, 2018 3:01 PM
> > To: Sean Hutchison <shutchison at cert.org>
> > Cc: bro at bro.org
> > Subject: Re: [Bro] Broctl segmentation fault
> >
> >
> >> On Oct 3, 2018, at 2:46 PM, Sean Hutchison <shutchison at cert.org>
> >> wrote:
> >>
> >> Hello,
> >>
> >> After any build of Bro with Broctl 1.7, I’m experiencing the below
> >> error when broctl/scripts/check-config is run…
> >>
> >> /opt/bro/share/broctl/scripts/check-config: line 50:  4463
> >> Segmentation fault      "${bro}" $check_option "$@"
> >>
> >> Anyone encountered this before? Cannot bypass doing broctl check –
> >> broctl start results in failed/crashed processes.
> >>
> >> This is on RHEL7.5, after building Bro-2.5.5 (I’ve tried other minor
> >> versions since 2.5 – same issue).
> >>
> >> Existing Bro cluster on RHEL7.5 boxes with Bro-2.5 and Broctl 1.5
> >> works fine.
> >>
> >> Any help would be greatly appreciated.
> >>
> >
> > check runs bro with the current configuration to see if it can start,
> > so that's bro segfaulting there.. that's why start also fails..
> >
> > What do you get if you try each of the following?
> >
> >     bro -v
> >     bro -NN # just see if this runs or crashes
> >     bro -b -i lo
> >     bro -i lo
> >     bro -i lo local
> >
> > You can hit control-c if any of those start successfully to get your
> > prompt back.
> >
> > I'm not aware of any issues like this, so it could be something with
> > your configuration.
> >
> > Do you have a customized local.bro at all?
> > Are you building bro against a particular libpcap or malloc
> > implementation?
> > What does ldd /opt/bro/bin/bro output?
> >
> > —
> > Justin Azoff
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181004/6f3ab12b/attachment.html

More information about the Bro mailing list