Bro seg faults when used with gperftools monitoring.

Zeek
1

So, I wanted to find out whether there are any memory leaks in any of the code/scripts,
that I am loading with Bro, therefore I installed gperftools and compiled Bro 2.5 on a VM
with 5GB of memory and centos 7.2.

I loaded only the default scripts to start with, i.e didn’t include any custom scripts in local.bro.
I ran Bro as default on a pcap (~11G) and it terminated normally producing output log files.

When I ran Bro with Perftools heap leak checker active on the same pcap, it seg faulted
after some time.
I was watching memory usage during the run and it didn’t seem to be using 100% of available
memory.

Hence wanted to ask Is there any reason Bro would seg fault while run with HEAPCHECK enabled?

My goal was to load custom scripts one by one and everytime run bro with heap check
to see what can cause a memory leak. But stumbled upon this at the very beginning,
so until I find out why it seg faulted on default configs, I can’t really check the custom scripts/code
for memory leak :frowning: :frowning:

Including the coredump file.

Thanks,
Fatema.

dump (31.3 KB)

2

That's a common config that we test with which I would expect to work.
Can you provide some details on how exactly you built and ran Bro?

  --Vlad

fatema bannatwala <fatema.bannatwala@gmail.com> writes:

3

Hi Vlad,

I installed Bro from source by getting the tar of v2.5 and performing following to compile and install it:

$ sudo yum install cmake make libpcap-devel openssl-devel python-devel swig zlib-devel
$ tar -xvfz bro-2.5.tar.gz

$ cd bro-2.5
$./configure --enable-debug --enable-perftools --enable-perftools-debug
$ make
$ sudo make install

And before installing Bro, I installed gperftools according to the directions mentioned by the Project Readme:

$ wget http://download.savannah.gnu.org/releases/libunwind/libunwind-0.99-beta.tar.gz

$ tar -xvzf libunwind-0.99-beta.tar.gz

$ cd libunwind-0.99-beta

$./configure

$ make
$ sudo make install

$ sudo yum groupinstall ‘Development Tools’

$ unzip gperftools-master.zip

$ cd gperftools-master

$ ./autogen.sh

$ ./configure

$ make

$ sudo make install

I also ran bro with a small pcap trace (~319MB) capture from one of the Bro sensors, but it seg faulted.

bro -m -r /home/fatemabw/bro-test-vvvsmall.pcap

WARNING: Perftools heap leak checker is active – Performance may suffer
Segmentation fault (core dumped)