Snort mailing list archives

Re: Snort 3 - Inconsistent segmentation faults

From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 1 Sep 2020 19:44:24 +0000
Thanks YM.  I've got a fix for this that will be out soon.

Russ

________________________________________
From: Y M <snort () outlook com>
Sent: Monday, August 31, 2020 10:55 AM
To: Russ Combs (rucombs)
Cc: snort-devel () lists snort org
Subject: Re: Snort 3 - Inconsistent segmentation faults

Thanks, Russ,

-H does help at least from one run. Interestingly, same PCAP file from the first segfault resulted in a different 
segfault this time (below).

I increased the machine memory to 6GB. I forgot to mention that the following flags were set prior to building Snort 
CFLAGS="-O3" and CXXFLAGS="-O3 -fno-rtti". I will follow up with the files.

Thank you.
YM


[New Thread 0x7ffff0b80700 (LWP 28881)]

Reading network traffic from "pcaps//1.pcap" with snaplen = 1518

Thread 1029 "snort" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0b80700 (LWP 28881)]
0x00007ffff79ff823 in tcmalloc::CentralFreeList::FetchFromOneSpans(int, void**, void**) () from /lib64/libtcmalloc.so.4
(gdb) bt
#0  0x00007ffff79ff823 in tcmalloc::CentralFreeList::FetchFromOneSpans(int, void**, void**) () from 
/lib64/libtcmalloc.so.4
#1  0x00007ffff79fface in tcmalloc::CentralFreeList::FetchFromOneSpansSafe(int, void**, void**) () from 
/lib64/libtcmalloc.so.4
#2  0x00007ffff79ffb91 in tcmalloc::CentralFreeList::RemoveRange(void**, void**, int) () from /lib64/libtcmalloc.so.4
#3  0x00007ffff7a035a3 in tcmalloc::ThreadCache::FetchFromCentralCache(unsigned int, int, void* (*)(unsigned long)) () 
from /lib64/libtcmalloc.so.4
#4  0x00000000005b8e92 in snort_alloc (sz=3072) at /root/sources/snort3/src/utils/util.h:88
#5  snort_calloc (sz=3072, num=1) at /root/sources/snort3/src/utils/util.h:82
#6  snort_calloc (sz=3072) at /root/sources/snort3/src/utils/util.h:88
#7  snort::MailLogState::MailLogState (this=0x1b261b30, conf=0x1bdeef8) at 
/root/sources/snort3/src/mime/file_mime_log.cc:250
#8  0x00000000005b9fd8 in snort::MimeSession::MimeSession (this=0x1de79c00, dconf=0x1bdeed0, lconf=0x1bdeef8, 
base_file_id=0, session_is_http=<optimized out>) at /root/sources/snort3/src/mime/file_mime_process.cc:809
#9  0x000000000074d2aa in PopMime::MimeSession (this=0x1de79c00) at 
/root/sources/snort3/src/service_inspectors/pop/pop.h:104
#10 SetNewPOPData (p=0x1cfbc000, p=0x1cfbc000, config=0x1bdeed0) at 
/root/sources/snort3/src/service_inspectors/pop/pop.cc:136
#11 snort_pop (p=0x1cfbc000, config=0x1bdeed0) at /root/sources/snort3/src/service_inspectors/pop/pop.cc:505
#12 Pop::eval (this=<optimized out>, p=0x1cfbc000) at /root/sources/snort3/src/service_inspectors/pop/pop.cc:692
#13 0x000000000059f3eb in snort::InspectorManager::full_inspection<false> (p=0x1cfbc000) at 
/root/sources/snort3/src/protocols/packet.h:204
#14 0x000000000059f9f8 in snort::InspectorManager::internal_execute<false> (p=p@entry=0x1cfbc000) at 
/root/sources/snort3/src/flow/flow.h:344
#15 0x000000000059cfd9 in snort::InspectorManager::execute (p=p@entry=0x1cfbc000) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1161
#16 0x000000000050322c in snort::DetectionEngine::inspect (p=0x1cfbc000) at 
/root/sources/snort3/src/detection/detection_engine.cc:590
#17 0x000000000057da9b in Analyzer::inspect_rebuilt (this=<optimized out>, p=p@entry=0x1cfbc000) at 
/root/sources/snort3/src/main/analyzer.cc:495
#18 0x00000000006103db in TcpReassembler::_flush_to_seq (this=this@entry=0x19bebb0, trs=..., bytes=bytes@entry=20, 
p=p@entry=0x1cfbcfc0, pkt_flags=pkt_flags@entry=832) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:572
#19 0x00000000006122ab in TcpReassembler::flush_to_seq (pkt_flags=832, p=0x1cfbcfc0, bytes=20, trs=..., this=0x19bebb0) 
at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:638
#20 TcpReassembler::flush_to_seq (pkt_flags=832, p=0x1cfbcfc0, bytes=<optimized out>, trs=..., this=0x19bebb0) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:608
#21 TcpReassembler::flush_on_ack_policy (this=0x19bebb0, trs=..., p=0x1cfbcfc0) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:1138
#22 0x00000000006138da in TcpReassemblerPolicy::flush_on_ack_policy (p=0x1cfbcfc0, this=0x1b188f80) at 
/root/sources/snort3/src/stream/tcp/tcp_reassemblers.h:74
#23 TcpSession::restart (this=<optimized out>, p=0x1cfbcfc0) at /root/sources/snort3/src/stream/tcp/tcp_session.cc:140
#24 0x000000000059f459 in snort::InspectorManager::bumble (p=0x1cfbcfc0) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1117
#25 snort::InspectorManager::full_inspection<false> (p=0x1cfbcfc0) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1126
#26 0x000000000059f9f8 in snort::InspectorManager::internal_execute<false> (p=p@entry=0x1cfbcfc0) at 
/root/sources/snort3/src/flow/flow.h:344
#27 0x000000000059cfd9 in snort::InspectorManager::execute (p=p@entry=0x1cfbcfc0) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1161
#28 0x000000000050322c in snort::DetectionEngine::inspect (p=0x1cfbcfc0) at 
/root/sources/snort3/src/detection/detection_engine.cc:590
#29 0x000000000057c8e1 in process_packet (p=p@entry=0x1cfbcfc0) at /root/sources/snort3/src/main/analyzer.cc:206
#30 0x000000000057d3da in Analyzer::process_daq_pkt_msg (this=0xf33de00, msg=0x17ab2100, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:435
#31 0x000000000057d9d8 in Analyzer::process_daq_msg (this=0xf33de00, msg=0x17ab2100, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:452
#32 0x000000000057eac8 in Analyzer::process_messages (this=0xf33de00) at /root/sources/snort3/src/main/analyzer.cc:884
#33 0x000000000057f075 in Analyzer::analyze (this=this@entry=0xf33de00) at /root/sources/snort3/src/main/analyzer.cc:916
#34 0x000000000057f1bd in Analyzer::operator() (this=0xf33de00, ps=<optimized out>, run_num=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:762
#35 0x00007ffff4a2bb73 in execute_native_thread_routine () from /lib64/libstdc++.so.6
#36 0x00007ffff71a32de in start_thread () from /lib64/libpthread.so.0
#37 0x00007ffff4108e83 in clone () from /lib64/libc.so.6
________________________________
From: Russ Combs (rucombs) <rucombs () cisco com>
Sent: Monday, August 31, 2020 5:24 PM
To: snort-devel () lists snort org <snort-devel () lists snort org>; Y M <snort () outlook com>
Subject: Re: Snort 3 - Inconsistent segmentation faults

Hey YM,

Thanks for reporting the issue.  Please send the repro foo to me and we'll get you a fix.

FWIW, the variations will probably go away if you add -H.

Russ

________________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Y M via Snort-devel <snort-devel () lists snort 
org>
Sent: Monday, August 31, 2020 10:00 AM
To: snort-devel () lists snort org
Subject: [Snort-devel] Snort 3 - Inconsistent segmentation faults

Hello,

While running against the same set of PCAPs, on the first run, they were all processed and Snort exits cleanly. On the 
second run, Snort core dumped (no debugging at this point) after processing all PCAPs. On subsequent runs on with same 
configurations, sometimes processing would complete as expected, while segfaults other times. Oddly, the same PCAP file 
that was processed successfully on a previous run may result in a segfault in subsequent runs. However, at least one 
PCAP file generated the same segfault twice after a number of successful runs. I can provide the PCAPs and Snort 
configurations that were used.

Thank you.
YM

OS:
# cat /etc/centos-release
CentOS Linux release 8.2.2004 (Core)
# uname -a
Linux devo.local 4.18.0-193.14.2.el8_2.x86_64 #1 SMP Sun Jul 26 03:54:29 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Memory: 4GB

Snort configure:
--enable-tcmalloc --enable-large-pcap --enable-shell

Snort version:
# snort -V

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.0.2 (Build 5)
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.0
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 1.1.1c FIPS  28 May 2019
           Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
           Using PCRE version 8.42 2018-03-20
           Using ZLIB version 1.2.11
           Using FlatBuffers 1.12.0
           Using Hyperscan version 5.3.0 2020-08-10
           Using LZMA version 5.2.4

Run command:
snort -c snort.lua --plugin-path extra/ -l logs/ --pcap-dir pcaps/ --pcap-show -k none

Rules: all rules are enabled using pulledpork.

Example segfaults (the last segfault is consistent when the disk is full):

[New Thread 0x7ffff0b80700 (LWP 16688)]

Reading network traffic from "pcaps//1.pcap" with snaplen = 1518

Thread 1029 "snort" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0b80700 (LWP 16688)]
acsm_search_dfa_full_all (acsm=<optimized out>, Tx=0x141c7af0 "text/plain", n=<optimized out>, match=0x681780 
<content_pattern_match(void*, void*, int, void*, void*)>, context=<optimized out>, current_state=0x7ffff0b4948c) at 
/root/sources/snort3/src/search_engines/acsmx2.cc:1805
1805        if ( mlist->nocase || (memcmp (mlist->casepatrn, T - mlist->n, mlist->n) == 0))
(gdb) bt
#0  acsm_search_dfa_full_all (acsm=<optimized out>, Tx=0x141c7af0 "text/plain", n=<optimized out>, match=0x681780 
<content_pattern_match(void*, void*, int, void*, void*)>, context=<optimized out>, current_state=0x7ffff0b4948c) at 
/root/sources/snort3/src/search_engines/acsmx2.cc:1805
#1  0x00000000005ebf26 in snort::SearchTool::find_all (this=this@entry=0x170f6388, str=0x141c7af0 "text/plain", len=10, 
mf=mf@entry=0x681780 <content_pattern_match(void*, void*, int, void*, void*)>, confine=confine@entry=false, 
user_data=user_data@entry=0x7ffff0b494d8) at /root/sources/snort3/src/framework/mpse_batch.h:43
#2  0x0000000000682db8 in HttpPatternMatchers::get_appid_by_content_type (this=this@entry=0x170f62a8, data=<optimized 
out>, size=<optimized out>) at 
/root/sources/snort3/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc:1442
#3  0x00000000006521d6 in AppIdHttpSession::process_http_packet (this=this@entry=0xff54c00, 
direction=direction@entry=APP_ID_FROM_RESPONDER, change_bits=std::bitset = {...}, http_matchers=...) at 
/usr/include/c++/8/bits/basic_string.h:2290
#4  0x000000000065f251 in HttpEventHandler::handle (this=<optimized out>, event=..., flow=0x1c85d4a0) at 
/root/sources/snort3/src/network_inspectors/appid/appid_config.h:155
#5  0x0000000000533ba3 in snort::DataBus::_publish (this=<optimized out>, key=<optimized out>, e=..., f=0x1c85d4a0) at 
/root/sources/snort3/src/framework/data_bus.cc:171
#6  0x0000000000533ca2 in snort::DataBus::publish (key=<optimized out>, e=..., f=<optimized out>) at 
/root/sources/snort3/src/framework/data_bus.cc:124
#7  0x00000000006e767c in HttpMsgHeader::publish (this=0xccb68c0) at 
/root/sources/snort3/src/service_inspectors/http_inspect/http_msg_header.cc:63
#8  0x00000000006e3487 in HttpInspect::process (this=<optimized out>, data=<optimized out>, dsize=<optimized out>, 
flow=<optimized out>, source_id=HttpCommon::SRC_SERVER, buf_owner=<optimized out>) at 
/root/sources/snort3/src/service_inspectors/http_inspect/http_inspect.cc:555
#9  0x00000000006e3883 in HttpInspect::eval (this=0x401cbc0, p=0x1c93f9e0) at 
/root/sources/snort3/src/service_inspectors/http_inspect/http_inspect.cc:448
#10 0x000000000059805b in snort::InspectorManager::full_inspection<false> (p=p@entry=0x1c93f9e0) at 
/root/sources/snort3/src/protocols/packet.h:204
#11 0x0000000000598668 in snort::InspectorManager::internal_execute<false> (p=p@entry=0x1c93f9e0) at 
/root/sources/snort3/src/flow/flow.h:344
#12 0x0000000000595c69 in snort::InspectorManager::execute (p=p@entry=0x1c93f9e0) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1161
#13 0x000000000050231c in snort::DetectionEngine::inspect (p=0x1c93f9e0) at 
/root/sources/snort3/src/detection/detection_engine.cc:590
#14 0x0000000000576aeb in Analyzer::inspect_rebuilt (this=<optimized out>, p=p@entry=0x1c93f9e0) at 
/root/sources/snort3/src/main/analyzer.cc:495
#15 0x000000000060575e in TcpReassembler::_flush_to_seq (this=this@entry=0x1994bb0, trs=..., bytes=bytes@entry=150, 
p=<optimized out>, p@entry=0x1c93f320, pkt_flags=pkt_flags@entry=832) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:572
#16 0x000000000060754b in TcpReassembler::flush_to_seq (pkt_flags=832, p=0x1c93f320, bytes=150, trs=..., 
this=0x1994bb0) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:638
#17 TcpReassembler::flush_to_seq (pkt_flags=832, p=0x1c93f320, bytes=<optimized out>, trs=..., this=0x1994bb0) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:608
#18 TcpReassembler::flush_on_ack_policy (this=0x1994bb0, trs=..., p=0x1c93f320) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:1138
#19 0x000000000060b280 in TcpStateCloseWait::ack_sent (this=<optimized out>, tsd=..., trk=...) at 
/root/sources/snort3/src/stream/tcp/tcp_state_close_wait.cc:50
#20 0x000000000060d53a in TcpStateMachine::eval (this=0x1a43730, tsd=...) at 
/root/sources/snort3/src/stream/tcp/tcp_state_machine.cc:97
#21 0x000000000060a547 in TcpSession::process_tcp_packet (this=0x1e065900, tsd=...) at 
/root/sources/snort3/src/stream/tcp/tcp_session.cc:1067
#22 0x000000000060ade4 in TcpSession::process (this=0x1e065900, p=0x1c93f320) at 
/root/sources/snort3/src/stream/tcp/tcp_session.cc:1116
#23 0x00000000005986cd in snort::InspectorManager::internal_execute<false> (p=p@entry=0x1c93f320) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1066
#24 0x0000000000595c69 in snort::InspectorManager::execute (p=p@entry=0x1c93f320) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1161
#25 0x000000000050231c in snort::DetectionEngine::inspect (p=0x1c93f320) at 
/root/sources/snort3/src/detection/detection_engine.cc:590
#26 0x0000000000575971 in process_packet (p=0x1c93f320) at /root/sources/snort3/src/main/analyzer.cc:206
#27 process_packet (p=0x1c93f320) at /root/sources/snort3/src/main/analyzer.cc:188
#28 0x000000000057642a in Analyzer::process_daq_pkt_msg (this=0xfca3e00, msg=0x17f87bf8, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:435
#29 0x0000000000576a28 in Analyzer::process_daq_msg (this=0xfca3e00, msg=0x17f87bf8, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:452
#30 0x0000000000577ac8 in Analyzer::process_messages (this=0xfca3e00) at /root/sources/snort3/src/main/analyzer.cc:884
#31 0x0000000000578065 in Analyzer::analyze (this=this@entry=0xfca3e00) at /root/sources/snort3/src/main/analyzer.cc:916
#32 0x00000000005781ad in Analyzer::operator() (this=0xfca3e00, ps=<optimized out>, run_num=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:762
#33 0x00007ffff4a2bb73 in execute_native_thread_routine () from /lib64/libstdc++.so.6
#34 0x00007ffff71a32de in start_thread () from /lib64/libpthread.so.0
#35 0x00007ffff4108e83 in clone () from /lib64/libc.so.6
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
[New Thread 0x7ffff0b80700 (LWP 26369)]

Reading network traffic from "pcaps//2.pcap" with snaplen = 1518

Thread 985 "snort" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0b80700 (LWP 26369)]
sfeventq_free (eq=0x48456f4261645149) at /root/sources/snort3/src/events/sfeventq.cc:142
142    if (eq->node_mem != nullptr)
(gdb) bt
#0  sfeventq_free (eq=0x48456f4261645149) at /root/sources/snort3/src/events/sfeventq.cc:142
#1  0x00000000005134d7 in snort::IpsContext::~IpsContext (this=0x22fa2000, __in_chrg=<optimized out>) at 
/root/sources/snort3/src/detection/ips_context.cc:85
#2  0x0000000000500780 in ContextSwitcher::~ContextSwitcher (this=0x1e88b080, __in_chrg=<optimized out>) at 
/root/sources/snort3/src/detection/context_switcher.cc:54
#3  0x000000000057e151 in Analyzer::term (this=<optimized out>) at /root/sources/snort3/src/main/analyzer.cc:707
#4  0x000000000057f1d5 in Analyzer::operator() (this=0xf4c3e00, ps=<optimized out>, run_num=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:765
#5  0x00007ffff4a2bb73 in execute_native_thread_routine () from /lib64/libstdc++.so.6
#6  0x00007ffff71a32de in start_thread () from /lib64/libpthread.so.0
#7  0x00007ffff4108e83 in clone () from /lib64/libc.so.6
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
[New Thread 0x7ffff0b80700 (LWP 26405)]
Reading network traffic from "pcaps//3.pcap" with snaplen = 1518

Thread 2 "snort" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0b80700 (LWP 26405)]
0x00007ffff407ed72 in fwrite () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff407ed72 in fwrite () from /lib64/libc.so.6
#1  0x000000000056fcfe in snort::TextLog_Flush (txt=0x1b9f7200) at /root/sources/snort3/src/log/text_log.cc:190
#2  0x000000000056ff4a in snort::TextLog_Write (txt=txt@entry=0x1b9f7200, str=str@entry=0x7ffff0b495b0 
"10/29-16:07:21.258970", len=21) at /root/sources/snort3/src/log/text_log.cc:227
#3  0x000000000056c3be in TextLog_Puts (str=0x7ffff0b495b0 "10/29-16:07:21.258970", txt=0x1b9f7200) at 
/root/sources/snort3/src/log/text_log.h:76
#4  snort::LogTimeStamp (log=0x1b9f7200, p=p@entry=0x19018120) at /root/sources/snort3/src/log/log_text.cc:62
#5  0x0000000000573d12 in FastLogger::alert (this=0x1a6d810, p=0x19018120, msg=0x686cdb0 "\"DELETED BAD-TRAFFIC same 
SRC/DST\"", event=...) at /root/sources/snort3/src/loggers/alert_fast.cc:220
#6  0x000000000059a2b3 in EventManager::call_alerters (idx=<optimized out>, pkt=pkt@entry=0x19018120, message=0x686cdb0 
"\"DELETED BAD-TRAFFIC same SRC/DST\"", event=...) at /root/sources/snort3/src/managers/event_manager.cc:243
#7  0x00000000005010e2 in CallAlertFuncs (p=p@entry=0x19018120, otn=otn@entry=0x68bc690, head=<optimized out>) at 
/usr/include/c++/8/bits/basic_string.h:2290
#8  0x0000000000550dad in alert (p=p@entry=0x19018120, otn=otn@entry=0x68bc690) at 
/root/sources/snort3/src/actions/actions.cc:59
#9  0x0000000000550eec in snort::Actions::execute (action=<optimized out>, p=0x19018120, otn=0x68bc690, 
event_id=<optimized out>) at /root/sources/snort3/src/actions/actions.cc:138
#10 0x000000000050a179 in fpLogEvent (rtn=0x6026dc0, otn=otn@entry=0x68bc690, p=p@entry=0x19018120) at 
/root/sources/snort3/src/detection/fp_detect.cc:232
#11 0x00000000005012fb in log_events (user=0x19018120, event=0x190856c0) at 
/root/sources/snort3/src/detection/detection_engine.cc:676
#12 log_events (event=0x190856c0, user=0x19018120) at /root/sources/snort3/src/detection/detection_engine.cc:661
#13 0x000000000051ca00 in sfeventq_action (eq=0x1b919e80, action_func=action_func@entry=0x5012d0 <log_events(void*, 
void*)>, user=user@entry=0x19018120) at /root/sources/snort3/src/events/sfeventq.cc:257
#14 0x000000000050193c in snort::DetectionEngine::log_events (p=0x19018120) at 
/root/sources/snort3/src/detection/detection_engine.cc:693
#15 snort::DetectionEngine::finish_inspect (p=0x19018120, inspected=<optimized out>) at 
/root/sources/snort3/src/detection/detection_engine.cc:218
#16 0x0000000000503201 in snort::DetectionEngine::inspect (p=0x19018120) at 
/root/sources/snort3/src/detection/detection_engine.cc:601
#17 0x000000000057da9b in Analyzer::inspect_rebuilt (this=<optimized out>, p=p@entry=0x19018120) at 
/root/sources/snort3/src/main/analyzer.cc:495
#18 0x00000000006103db in TcpReassembler::_flush_to_seq (this=this@entry=0x19bebb0, trs=..., bytes=bytes@entry=16338, 
p=p@entry=0x19018240, pkt_flags=pkt_flags@entry=832) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:572
#19 0x00000000006122ab in TcpReassembler::flush_to_seq (pkt_flags=832, p=0x19018240, bytes=16338, trs=..., 
this=0x19bebb0) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:638
#20 TcpReassembler::flush_to_seq (pkt_flags=832, p=0x19018240, bytes=<optimized out>, trs=..., this=0x19bebb0) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:608
#21 TcpReassembler::flush_on_ack_policy (this=0x19bebb0, trs=..., p=0x19018240) at 
/root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:1138
#22 0x0000000000616910 in TcpStateEstablished::ack_sent (this=<optimized out>, tsd=..., trk=...) at 
/root/sources/snort3/src/stream/tcp/tcp_state_established.cc:69
#23 0x000000000061851a in TcpStateMachine::eval (this=0x1a6d730, tsd=...) at 
/root/sources/snort3/src/stream/tcp/tcp_state_machine.cc:97
#24 0x00000000006154c7 in TcpSession::process_tcp_packet (this=0x16161200, tsd=...) at 
/root/sources/snort3/src/stream/tcp/tcp_session.cc:1067
#25 0x0000000000615d9d in TcpSession::process (this=0x16161200, p=0x19018240) at 
/root/sources/snort3/src/stream/tcp/tcp_session.cc:1116
#26 0x000000000059fa5d in snort::InspectorManager::internal_execute<false> (p=p@entry=0x19018240) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1066
#27 0x000000000059cfd9 in snort::InspectorManager::execute (p=p@entry=0x19018240) at 
/root/sources/snort3/src/managers/inspector_manager.cc:1161
#28 0x000000000050322c in snort::DetectionEngine::inspect (p=0x19018240) at 
/root/sources/snort3/src/detection/detection_engine.cc:590
#29 0x000000000057c8e1 in process_packet (p=p@entry=0x19018240) at /root/sources/snort3/src/main/analyzer.cc:206
#30 0x000000000057d3da in Analyzer::process_daq_pkt_msg (this=0xf23fe00, msg=0x178dec28, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:435
#31 0x000000000057d9d8 in Analyzer::process_daq_msg (this=0xf23fe00, msg=0x178dec28, retry=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:452
#32 0x000000000057eac8 in Analyzer::process_messages (this=0xf23fe00) at /root/sources/snort3/src/main/analyzer.cc:884
#33 0x000000000057f075 in Analyzer::analyze (this=this@entry=0xf23fe00) at /root/sources/snort3/src/main/analyzer.cc:916
#34 0x000000000057f1bd in Analyzer::operator() (this=0xf23fe00, ps=<optimized out>, run_num=<optimized out>) at 
/root/sources/snort3/src/main/analyzer.cc:762
#35 0x00007ffff4a2bb73 in execute_native_thread_routine () from /lib64/libstdc++.so.6
#36 0x00007ffff71a32de in start_thread () from /lib64/libpthread.so.0
#37 0x00007ffff4108e83 in clone () from /lib64/libc.so.6
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Current thread:

Snort 3 - Inconsistent segmentation faults Y M via Snort-devel (Aug 31)
- Re: Snort 3 - Inconsistent segmentation faults Russ Combs (rucombs) via Snort-devel (Aug 31)
  - Re: Snort 3 - Inconsistent segmentation faults Y M via Snort-devel (Aug 31)
    - Re: Snort 3 - Inconsistent segmentation faults Russ Combs (rucombs) via Snort-devel (Sep 01)
    - Re: Snort 3 - Inconsistent segmentation faults Y M via Snort-devel (Sep 01)