Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
suricata Kernel crashes since update
« previous
next »
Print
Pages: [
1
]
Author
Topic: suricata Kernel crashes since update (Read 1215 times)
ruggerio
Full Member
Posts: 202
Karma: 10
suricata Kernel crashes since update
«
on:
July 16, 2018, 07:11:36 am »
Hi,
Since update to RC1, Suricata crashes few minutes after restart.
Logs show Kernel crash. Suricata-Log just show up the start of itself
System-Log:
Jul 15 12:21:08
kernel: [HBSD SEGVGUARD] [suricata (70918)] Suspension expired.
Jul 15 12:21:08
kernel: pid 70918 (suricata), uid 0: exited on signal 6 (core dumped)
Jul 15 12:17:20
kernel: [HBSD SEGVGUARD] [suricata (94460)] Suspension expired.
Jul 15 12:17:20
kernel: pid 94460 (suricata), uid 0: exited on signal 6 (core dumped)
Jul 15 12:13:23
kernel: pid 20596 (suricata), uid 0: exited on signal 6 (core dumped)
Jul 15 12:09:30
kernel: [HBSD SEGVGUARD] [/usr/local/bin/suricata (20591)] Suspension expired.
Jul 15 11:52:43
kernel: pid 11110 (suricata), uid 0: exited on signal 6 (core dumped)
Jul 15 11:48:33
kernel: [HBSD SEGVGUARD] [/usr/local/bin/suricata (10899)] Suspension expired.
Jul 15 02:05:40
kernel: pid 96244 (suricata), uid 0: exited on signal 6 (core dumped)
Found more information:
kernel: -> pid: 70918 ppid: 1 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
Jul 15 12:17:20
kernel: -> pid: 94460 ppid: 1 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
any hint? or a bug?
Thx,
Roger
«
Last Edit: July 16, 2018, 07:16:25 am by ruggerio
»
Logged
crt333
Newbie
Posts: 28
Karma: 0
Re: suricata Kernel crashes since update
«
Reply #1 on:
July 16, 2018, 11:33:29 pm »
I reported the same thing on the 18.1.12 update.
Logged
franco
Administrator
Hero Member
Posts: 8901
Karma: 596
Re: suricata Kernel crashes since update
«
Reply #2 on:
July 19, 2018, 12:05:55 am »
The timing with 18.1.12 or 18.7-RC1 should be purely coincidental as Suricata hasn't been touched in a long time in 18.1 and has no changes in 18.7 either. Tomorrows 18.7-RC2 will, however, ship today's security release of Suricata 4.0.5 which has several CVEs that could be part of the crashes seen in the wild.
Cheers,
Franco
Logged
bob.rjk
Newbie
Posts: 1
Karma: 0
Re: suricata Kernel crashes since update
«
Reply #3 on:
July 19, 2018, 12:15:01 pm »
Quote from: crt333 on July 16, 2018, 11:33:29 pm
I reported the same thing on the 18.1.12 update.
I had the same after updating to 18.1.12 and found changing Pattern matcher to Aho-Corasick solved the problem.
Logged
franco
Administrator
Hero Member
Posts: 8901
Karma: 596
Re: suricata Kernel crashes since update
«
Reply #4 on:
July 19, 2018, 05:36:32 pm »
In light of people reporting the same problems and 4.0.5 not helping but not using Hyperscan does it's a rule pattern causing this, probably ultimately exposing a Hyperscan bug.
Cheers,
Franco
Logged
codera
Newbie
Posts: 1
Karma: 0
Re: suricata Kernel crashes since update
«
Reply #5 on:
January 01, 2019, 06:32:02 pm »
Using OPNsense 18.7.9-amd64 and i can confirm, that the same bug still exists with Hyperscan.
As i can see, that even the latest version is using still suricata 4.0.6 version, but the latest stable is 4.1.2.
Are there any plans on upgrade?
EDIT: as found from here, fix is to disable "abuse.ch/URLhaus" rule:
https://forum.opnsense.org/index.php?topic=9164.30
EDIT: fix was temporarly, still Surricata crashes:
(suricata), uid 0: exited on signal 6 (core dumped)
«
Last Edit: January 01, 2019, 06:48:11 pm by codera
»
Logged
mimugmail
Hero Member
Posts: 2765
Karma: 203
Re: suricata Kernel crashes since update
«
Reply #6 on:
January 01, 2019, 07:12:04 pm »
Can you check via CLI if the rule file is still in rules folder?
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW:
www.routerperformance.net
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
suricata Kernel crashes since update
