GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-115.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/sbin/suricata...Reading symbols from /usr/lib/debug/usr/sbin/suricata.debug...done. done. [New LWP 4791] [New LWP 4778] [New LWP 4796] [New LWP 4697] [New LWP 4797] [New LWP 4798] [New LWP 4794] [New LWP 4795] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/sbin/suricata -c /etc/suricata/cluster0.yaml --pidfile /var/run/suricata/clust'. Program terminated with signal 11, Segmentation fault. #0 0x000055efde4e7c08 in StorageGetById (storage=storage@entry=0x128, type=type@entry=STORAGE_FLOW, id=1) at util-storage.c:224 224 return storage[id]; Missing separate debuginfos, use: debuginfo-install hiredis-0.12.1-1.el7.x86_64 (gdb) Thread 8 (Thread 0x7f5d6137b700 (LWP 4795)): #0 0x00007f5d654e680d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007f5d655170e4 in usleep (useconds=useconds@entry=100) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 100000} #2 0x000055efde44d8d4 in FlowRecycler (th_v=0x55efe6e5c830, thread_data=0x7f5d400008c0) at flow-manager.c:1210 list = {top = 0x0, bot = 0x0, len = 0} bail = 0 f = 0x0 ts = {tv_sec = 1604507536, tv_usec = 657810} recycled_cnt = 345501 ftd = 0x7f5d400008c0 __PRETTY_FUNCTION__ = "FlowRecycler" fr_passes = startts = {tv_sec = 1604501420, tv_usec = 542587} __FUNCTION__ = "FlowRecycler" #3 0x000055efde4a977d in TmThreadsManagement (td=0x55efe6e5c830) at tm-threads.c:541 tv = 0x55efe6e5c830 s = 0x55efe820edd0 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007f5d65c10e65 in start_thread (arg=0x7f5d6137b700) at pthread_create.c:307 __res = pd = 0x7f5d6137b700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039039727360, 2079613956237855573, 0, 8392704, 0, 140039039727360, -2132868180622668971, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 7 (Thread 0x7f5d61b7c700 (LWP 4794)): #0 0x00007f5d654e680d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007f5d655170e4 in usleep (useconds=useconds@entry=100) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 100000} #2 0x000055efde44e2a9 in FlowManager (th_v=0x55efe59f8df0, thread_data=0x7f5d4c0008c0) at flow-manager.c:1014 ts_ms = 1604507536657 rt = 1604507536 emerge_p = ftd = 0x7f5d4c0008c0 ts = {tv_sec = 1604507536, tv_usec = 657903} emerg = false prev_emerg = false other_last_sec = 1604507536 flow_last_sec = 1604507536 hash_passes = hash_row_checks = hash_passes_chunks = hash_full_passes = pass_in_sec = 240 startts = {tv_sec = 1604501420, tv_usec = 542362} hash_pass_iter = 116 emerg_over_cnt = 0 next_run_ms = 1604507537015 __FUNCTION__ = "FlowManager" #3 0x000055efde4a977d in TmThreadsManagement (td=0x55efe59f8df0) at tm-threads.c:541 tv = 0x55efe59f8df0 s = 0x55efe92bf300 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007f5d65c10e65 in start_thread (arg=0x7f5d61b7c700) at pthread_create.c:307 __res = pd = 0x7f5d61b7c700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039048120064, 2079613956237855573, 0, 8392704, 0, 140039048120064, -2132869280671167659, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 6 (Thread 0x7f5d5fb78700 (LWP 4798)): #0 0x00007f5d65516953 in select () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x000055efde4acc97 in UnixMain (this=0x55efdeb11240 ) at unix-manager.c:650 tv = {tv_sec = 0, tv_usec = 125023} ret = tclient = select_set = {fds_bits = {16384, 0 }} uclient = 0x0 #2 UnixManager (th_v=0x55efe4b9ce60, thread_data=) at unix-manager.c:1125 __FUNCTION__ = "UnixManager" #3 0x000055efde4a977d in TmThreadsManagement (td=0x55efe4b9ce60) at tm-threads.c:541 tv = 0x55efe4b9ce60 s = 0x55efe8943820 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007f5d65c10e65 in start_thread (arg=0x7f5d5fb78700) at pthread_create.c:307 __res = pd = 0x7f5d5fb78700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039014549248, 2079613956237855573, 0, 8392704, 0, 140039014549248, -2132741735174861995, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 5 (Thread 0x7f5d60379700 (LWP 4797)): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238 No locals. #1 0x000055efde3d50e0 in StatsMgmtThread (arg=0x55efe4b9cae0) at counters.c:415 cur_timev = {tv_sec = 1604507533, tv_usec = 9781} cond_time = {tv_sec = 1604507541, tv_nsec = 9781000} tv_local = 0x55efe4b9cae0 __FUNCTION__ = "StatsMgmtThread" __PRETTY_FUNCTION__ = "StatsMgmtThread" r = #2 0x00007f5d65c10e65 in start_thread (arg=0x7f5d60379700) at pthread_create.c:307 __res = pd = 0x7f5d60379700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039022941952, 2079613956237855573, 0, 8392704, 0, 140039022941952, -2132870378572182699, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #3 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 4 (Thread 0x7f5d699b6b00 (LWP 4697)): #0 0x00007f5d654e680d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007f5d655170e4 in usleep (useconds=useconds@entry=10000) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 10000000} #2 0x000055efde4a5c67 in SuricataMainLoop (suri=) at suricata.c:2660 No locals. #3 SuricataMain (argc=, argv=) at suricata.c:2821 vlan_tracking = 1 __FUNCTION__ = "SuricataMain" #4 0x00007f5d65443505 in __libc_start_main (main=0x55efde3a2b20
, argc=6, argv=0x7ffe71e92f68, init=, fini=, rtld_fini=, stack_end=0x7ffe71e92f58) at ../csu/libc-start.c:266 result = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 2079613956237855573, 94488713898789, 140730809528160, 0, 0, -2080480450284844203, -2132859767222531243}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7f5d697bf973 <_dl_init+275>, 0x7f5d699d3150}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1769732467}}} not_first_call = #5 0x000055efde3a2b4e in _start () No symbol table info available. Thread 3 (Thread 0x7f5d60b7a700 (LWP 4796)): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238 No locals. #1 0x000055efde3d4a37 in StatsWakeupThread (arg=0x55efe4b9c760) at counters.c:487 cur_timev = {tv_sec = 1604507534, tv_usec = 665566} cond_time = {tv_sec = 1604507537, tv_nsec = 665566000} tv = tv_local = 0x55efe4b9c760 __FUNCTION__ = "StatsWakeupThread" #2 0x00007f5d65c10e65 in start_thread (arg=0x7f5d60b7a700) at pthread_create.c:307 __res = pd = 0x7f5d60b7a700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039031334656, 2079613956237855573, 0, 8392704, 0, 140039031334656, -2132871478620681387, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #3 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 2 (Thread 0x7f5d630dc700 (LWP 4778)): #0 0x00007f5d654e680d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007f5d655170e4 in usleep (useconds=) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 1000} #2 0x00007f5d67d4256a in pfring_mod_zc_spsc_poll () from /usr/lib/libpfring.so.7 No symbol table info available. #3 0x00007f5d67d427ce in pfring_mod_zc_spsc_recv () from /usr/lib/libpfring.so.7 No symbol table info available. #4 0x00007f5d67d2edf0 in pfring_recv () from /usr/lib/libpfring.so.7 No symbol table info available. #5 0x000055efde492d74 in ReceivePfringLoop (tv=0x55efe59f8a70, data=, slot=) at source-pfring.c:390 r = ptv = p = 0x7f5d5026ff00 hdr = {ts = {tv_sec = 0, tv_usec = 0}, caplen = 253, len = 253, extended_hdr = {timestamp_ns = 1604507536653815150, flags = 0, rx_direction = 1 '\001', port_id = 0 '\000', device_id = 0, if_index = 1661844016, pkt_hash = 3398633535, tx = {bounce_interface = -498593600, reserved = 0x55efe59f8b30}, parsed_pkt = {dmac = "\000\307\rc]\177", smac = "\000\000\334jJe", eth_type = 32605, vlan_id = 0, qinq_vlan_id = 45216, ip_version = 115 's', l3_proto = 80 'P', ip_tos = 93 ']', ip_src = {v6 = {__in6_u = {__u6_addr8 = "\177\000\000(\000\000\000\000\000\000\000\060\031tP]", __u6_addr16 = {127, 10240, 0, 0, 0, 12288, 29721, 23888}, __u6_addr32 = {671088767, 0, 805306368, 1565553689}}}, v4 = 671088767}, ip_dst = {v6 = {__in6_u = { __u6_addr8 = "\177\000\000->M\336\357U\000\000\060\272\rc]", __u6_addr16 = {127, 11520, 19774, 61406, 85, 12288, 3514, 23907}, __u6_addr32 = {754974847, 4024323390, 805306453, 1566772666}}}, v4 = 754974847}, l4_src_port = 127, l4_dst_port = 49152, icmp_type = 16 '\020', icmp_code = 72 'H', tcp = {flags = 226 '\342', seq_num = 0, ack_num = 0}, tunnel = {tunnel_id = 1028566272, tunneled_ip_version = 222 '\336', tunneled_proto = 239 '\357', tunneled_ip_src = {v6 = {__in6_u = {__u6_addr8 = "U\000\000\000\000\rc]\177\000\000\300\070\261\336", , __u6_addr16 = {85, 0, 3328, 23907, 127, 49152, 45368, 61406}, __u6_addr32 = {85, 1566772480, 3221225599, 4024348984}}}, v4 = 85}, tunneled_ip_dst = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\020\200\000\000\000\000\000\000=\251\250Y", __u6_addr16 = {85, 0, 32784, 0, 0, 0, 43325, 22952}, __u6_addr32 = {85, 32784, 0, 1504225597}}}, v4 = 85}, tunneled_l4_src_port = 5661, tunneled_l4_dst_port = 28892}, last_matched_rule_id = -270164086, offset = {eth_offset = 85, vlan_offset = 12288, l3_offset = -24693, l4_offset = -4123, payload_offset = 85}}}} s = last_dump = 1604507536 buffer_size = pkt_buffer = 0x0 rc = __FUNCTION__ = "ReceivePfringLoop" #6 0x000055efde4a9b5e in TmThreadsSlotPktAcqLoop (td=0x55efe59f8a70) at tm-threads.c:312 tv = 0x55efe59f8a70 s = 0x55efe1f7c080 run = 1 '\001' r = slot = __FUNCTION__ = "TmThreadsSlotPktAcqLoop" #7 0x00007f5d65c10e65 in start_thread (arg=0x7f5d630dc700) at pthread_create.c:307 __res = pd = 0x7f5d630dc700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039070533376, 2079613956237855573, 0, 8392704, 0, 140039070533376, -2132872493306705067, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #8 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 1 (Thread 0x7f5d6262c700 (LWP 4791)): #0 0x000055efde4e7c08 in StorageGetById (storage=storage@entry=0x128, type=type@entry=STORAGE_FLOW, id=1) at util-storage.c:224 No locals. #1 0x000055efde44f513 in FlowGetStorageById (f=f@entry=0x0, id=) at flow-storage.c:41 No locals. #2 0x000055efde47accf in EveAddCommonOptions (cfg=cfg@entry=0x55efe135a2e0, p=p@entry=0x7f5d4826ff00, f=, js=js@entry=0x7f5d482823d0) at output-json.c:451 ms = #3 0x000055efde461ec1 in AlertJson (aft=aft@entry=0x7f5d48430260, p=p@entry=0x7f5d4826ff00, tv=) at output-json-alert.c:622 xff_cfg = 0x55efe1359b70 have_xff_ip = 0 jb = 0x7f5d482823d0 pa = 0x7f5d482700b8 addr = {src_ip = "95.130.232.190", '\000' , dst_ip = "189.194.58.119", '\000' , sp = 0, dp = 0, proto = "ICMP", '\000' } xff_buffer = "\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\360\350\253I]\177\000\000\004\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000i\321\000\204\001" i = 0 payload = 0x7f5d484402b0 json_output_ctx = 0x55efe135a2c0 #4 0x000055efde462d59 in JsonAlertLogger (tv=, thread_data=0x7f5d48430260, p=0x7f5d4826ff00) at output-json-alert.c:767 aft = 0x7f5d48430260 #5 0x000055efde47772c in OutputPacketLog (tv=0x55efe1ea3a70, p=0x7f5d4826ff00, thread_data=) at output-packet.c:116 op_thread_data = logger = 0x55efe135a270 store = 0x7f5d48441440 #6 0x000055efde45e294 in OutputLoggerLog (tv=tv@entry=0x55efe1ea3a70, p=p@entry=0x7f5d4826ff00, thread_data=) at output.c:882 thread_store = logger = 0x55efe135bb40 thread_store_node = 0x7f5d484414a0 #7 0x000055efde4516a0 in FlowWorker (tv=0x55efe1ea3a70, p=0x7f5d4826ff00, data=0x7f5d48274900) at flow-worker.c:545 fw = 0x7f5d48274900 detect_thread = 0x7f5d48346c80 #8 0x000055efde4a82ce in TmThreadsSlotVarRun (tv=tv@entry=0x55efe1ea3a70, p=p@entry=0x7f5d4826ff00, slot=) at tm-threads.c:117 r = s = 0x55efe9234c50 #9 0x000055efde492ea1 in TmThreadsSlotProcessPkt (p=0x7f5d4826ff00, s=, tv=0x55efe1ea3a70) at tm-threads.h:192 r = #10 ReceivePfringLoop (tv=0x55efe1ea3a70, data=, slot=) at source-pfring.c:415 r = ptv = p = 0x7f5d4826ff00 hdr = {ts = {tv_sec = 1604507536, tv_usec = 646030}, caplen = 94, len = 94, extended_hdr = {timestamp_ns = 1604507536646030816, flags = 0, rx_direction = 1 '\001', port_id = 0 '\000', device_id = 0, if_index = 1650637360, pkt_hash = 107982778, tx = {bounce_interface = -448317888, reserved = 0x55efe1ea3b30}, parsed_pkt = {dmac = "\000\307bb]\177", smac = "\000\000\334jJe", eth_type = 32605, vlan_id = 0, qinq_vlan_id = 47664, ip_version = 98 'b', l3_proto = 98 'b', ip_tos = 93 ']', ip_src = {v6 = {__in6_u = {__u6_addr8 = "\177\000\000(\000\000\000\000\000\000\000\060\031tP]", __u6_addr16 = {127, 10240, 0, 0, 0, 12288, 29721, 23888}, __u6_addr32 = {671088767, 0, 805306368, 1565553689}}}, v4 = 671088767}, ip_dst = {v6 = {__in6_u = { __u6_addr8 = "\177\000\000->M\336\357U\000\000@\315K\340", , __u6_addr16 = {127, 11520, 19774, 61406, 85, 16384, 19405, 61408}, __u6_addr32 = {754974847, 4024323390, 1073741909, 4024454093}}}, v4 = 754974847}, l4_src_port = 85, l4_dst_port = 12288, icmp_type = 186 '\272', icmp_code = 98 'b', tcp = {flags = 98 'b', seq_num = 0, ack_num = 0}, tunnel = {tunnel_id = 1028566272, tunneled_ip_version = 222 '\336', tunneled_proto = 239 '\357', tunneled_ip_src = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\000bb]\177\000\000\300\070\261\336", , __u6_addr16 = {85, 0, 25088, 23906, 127, 49152, 45368, 61406}, __u6_addr32 = {85, 1566728704, 3221225599, 4024348984}}}, v4 = 85}, tunneled_ip_dst = {v6 = {__in6_u = {__u6_addr8 = "U\000\000\000\020\200\000\000\000\000\000\000=\251\250Y", __u6_addr16 = {85, 0, 32784, 0, 0, 0, 43325, 22952}, __u6_addr32 = {85, 32784, 0, 1504225597}}}, v4 = 85}, tunneled_l4_src_port = 5661, tunneled_l4_dst_port = 28892}, last_matched_rule_id = -270407110, offset = { eth_offset = 85, vlan_offset = 12288, l3_offset = -5573, l4_offset = -4127, payload_offset = 85}}}} s = last_dump = 1604507536 buffer_size = pkt_buffer = 0x2aaab01dc940
rc = __FUNCTION__ = "ReceivePfringLoop" #11 0x000055efde4a9b5e in TmThreadsSlotPktAcqLoop (td=0x55efe1ea3a70) at tm-threads.c:312 tv = 0x55efe1ea3a70 s = 0x55efe5662700 run = 1 '\001' r = slot = __FUNCTION__ = "TmThreadsSlotPktAcqLoop" #12 0x00007f5d65c10e65 in start_thread (arg=0x7f5d6262c700) at pthread_create.c:307 __res = pd = 0x7f5d6262c700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140039059326720, 2079613956237855573, 0, 8392704, 0, 140039059326720, -2132875422474400939, -2132860839540389035}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #13 0x00007f5d6551f88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. (gdb) quit