Project

General

Profile

Download (5.95 KB)

Bug #1528 ยป crash_suricata.txt

gdb debug of core dump - Hardik Mehta, 08/13/2015 02:15 PM

 
core dump

Program terminated with signal 11, Segmentation fault.
#0 StreamTcpReassembleAppLayer (tv=0x73cb800, ra_ctx=0x1feadb5b480,
ssn=0x1fe89bca5a0, stream=0x1fe89bca5f0, p=0x1ffa3d7f500)
at stream-tcp-reassemble.c:2912
2912 if (!(p->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
(gdb) bt
#0 StreamTcpReassembleAppLayer (tv=0x73cb800, ra_ctx=0x1feadb5b480,
ssn=0x1fe89bca5a0, stream=0x1fe89bca5f0, p=0x1ffa3d7f500)
at stream-tcp-reassemble.c:2912
#1 0x00000000011ab678 in StreamTcpReassembleHandleSegmentUpdateACK (
tv=0x73cb800, ra_ctx=0x1feadb5b480, ssn=0x1fe89bca5a0,
stream=0x1fe89bca5f0, p=0x1ffa3d7f500) at stream-tcp-reassemble.c:3336
#2 0x00000000011ac0c8 in StreamTcpReassembleHandleSegment (tv=0x73cb800,
ra_ctx=0x1feadb5b480, ssn=0x1fe89bca5a0, stream=0x1fe89bca5a8,
p=0x1ffa3d7f500, pq=<optimized out>) at stream-tcp-reassemble.c:3364
#3 0x0000000001197a18 in HandleEstablishedPacketToClient (pq=<optimized out>,
stt=<optimized out>, p=<optimized out>, ssn=<optimized out>,
tv=<optimized out>) at stream-tcp.c:2215
#4 StreamTcpPacketStateEstablished (tv=0x73cb800, p=0x1ffa3d7f500,
stt=<optimized out>, ssn=0x1fe89bca5a0, pq=0x1feadb5adf0)
at stream-tcp.c:2461
#5 0x00000000011a13f0 in StreamTcpPacket (tv=0x73cb800, p=0x1ffa3d7f500,
stt=0x1feadb5ade0, pq=0x63ed760) at stream-tcp.c:4549
#6 0x00000000011a34d0 in StreamTcp (tv=0x73cb800, p=0x1ffa3d7f500,
data=0x1feadb5ade0, pq=<optimized out>, postpq=<optimized out>)
at stream-tcp.c:5054
#7 0x00000000011c1940 in TmThreadsSlotVarRun (tv=0x73cb800, p=0x1ffa3d7f500,
slot=<optimized out>) at tm-threads.c:132
#8 0x0000000001186f00 in TmThreadsSlotProcessPkt (p=0x1ffa3d7f500,
---Type <return> to continue, or q <return> to quit---
s=0x63ed680, tv=0x73cb800) at tm-threads.h:146
#9 ReceiveMpipeLoop (tv=0x73cb7e8, data=0x1feadb588e0, slot=<optimized out>)
at source-mpipe.c:394
#10 0x00000000011c2788 in TmThreadsSlotPktAcqLoop (td=0x73cb800)
at tm-threads.c:338
#11 0x000001fff77c8f48 in start_thread () from /lib/libpthread.so.0
#12 0x000001fff76b2740 in clone () from /lib/libc.so.6

(gdb) f 0
#0 StreamTcpReassembleAppLayer (tv=0x73cb800, ra_ctx=0x1feadb5b480,
ssn=0x1fe89bca5a0, stream=0x1fe89bca5f0, p=0x1ffa3d7f500)
at stream-tcp-reassemble.c:2912
2912 if (!(p->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
(gdb) print *ssn
$2 = {res = 62, state = 4 '\004', queue_len = 0 '\000',
data_first_seen_dir = -13 '\363', tcp_packet_flags = 26 '\032',
flags = 4104, server = {flags = 128, wscale = 0, os_policy = 2 '\002',
tcp_flags = 26 '\032', isn = 1121534642, next_seq = 1121616978,
last_ack = 1121616978, next_win = 1121666210, window = 49232,
last_ts = 3090975820, last_pkt_ts = 1439432548,
ra_app_base_seq = 1121534710, ra_raw_base_seq = 1121616977,
seg_list = 0x1ff01ce46c0, seg_list_tail = 0x1feb9c53ac0, sack_head = 0x0,
sack_tail = 0x0}, client = {flags = 160, wscale = 0, os_policy = 2 '\002',
tcp_flags = 26 '\032', isn = 708098623, next_seq = 708099076,
last_ack = 708099076, next_win = 708117900, window = 18824,
last_ts = 3090797228, last_pkt_ts = 1439432548,
ra_app_base_seq = 708098623, ra_raw_base_seq = 708098623,
seg_list = 0x1ff3dbb1050, seg_list_tail = 0x1fe95cf2990, sack_head = 0x0,
sack_tail = 0x0}, toserver_smsg_head = 0x0, toserver_smsg_tail = 0x0,
toclient_smsg_head = 0x1feddd641a0, toclient_smsg_tail = 0x1fed1d2eb90,
queue = 0x0}
(gdb) print ra_base_seq
No symbol "ra_base_seq" in current context.
(gdb) print payload_offset
No symbol "payload_offset" in current context.
(gdb) print *seg
$3 = {
payload = 0x1ff3dccaf00 "\023BitTorrent protocol\004\004\004\004\004\004\004\004\215N|\024\024\237\062Gh\232A9\341*d\304tFH\333-OT8537-763064184418",
payload_len = 68, pool_size = 112, seq = 708098624, next = 0x1ffc1cc92a0,
prev = 0x0, flags = 0 '\000'}
(gdb) print *copy_size
No symbol "copy_size" in current context.
(gdb) print *p
Cannot access memory at address 0x1ffa3d7f500
(gdb) info local
seg_tail = 0x1fe95cf2990
rd = {ra_base_seq = 708098623, data_len = 0,
data = "\000\000\001\000\000\000\000\000\020\001a\367\377\001\000\000 \266\177\316\376\001\000\000\020\001a\367\377\001\000\000\060\266\177\316\376\001\000\000G\300\177\316\376\001\000\000\000-\267\255\376\001\000\000\b-\267\255\376\001\000\000\n-\267\255\376\001\000\000\000\270<\a\000\000\000\000\200\264\265\255\376\001\000\000\000\000\002\000\000\000\000\000\001\000\000\000\000\000\000\000\350\240\032\001\000\000\000\000\200\276\177\316\376\001\000\000\270W\032\001\000\000\000\000\200\276\177\316\376\001\000\000H\276B\a\000\000\000\000\000\000\064\367\377\001\000\000\220\275B\a\000\000\000\000\200\275B\a\000\000\000\000\360\275B\a\000\000\000\000H\270\177\316\376\001\000\000\310\t`\367\377\001\000\000`\375w\367\377\001\000\000"..., partial = 0, data_sent = 0}
next_seq = 708098624
seg = 0x1ff3dbb1050
__PRETTY_FUNCTION__ = "StreamTcpReassembleAppLayer"
(gdb) set print pretty
(gdb) info local
seg_tail = 0x1fe95cf2990
rd = {
ra_base_seq = 708098623,
data_len = 0,
data = "\000\000\001\000\000\000\000\000\020\001a\367\377\001\000\000 \266\177\316\376\001\000\000\020\001a\367\377\001\000\000\060\266\177\316\376\001\000\000G\300\177\316\376\001\000\000\000-\267\255\376\001\000\000\b-\267\255\376\001\000\000\n-\267\255\376\001\000\000\000\270<\a\000\000\000\000\200\264\265\255\376\001\000\000\000\000\002\000\000\000\000\000\001\000\000\000\000\000\000\000\350\240\032\001\000\000\000\000\200\276\177\316\376\001\000\000\270W\032\001\000\000\000\000\200\276\177\316\376\001\000\000H\276B\a\000\000\000\000\000\000\064\367\377\001\000\000\220\275B\a\000\000\000\000\200\275B\a\000\000\000\000\360\275B\a\000\000\000\000H\270\177\316\376\001\000\000\310\t`\367\377\001\000\000`\375w\367\377\001\000\000"...,
partial = 0,
data_sent = 0
}
next_seq = 708098624
seg = 0x1ff3dbb1050
__PRETTY_FUNCTION__ = "StreamTcpReassembleAppLayer"
(gdb)
    (1-1/1)