GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-115.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/sbin/suricata...Reading symbols from /usr/lib/debug/usr/sbin/suricata.debug...done. done. [New LWP 454] [New LWP 467] [New LWP 442] [New LWP 472] [New LWP 474] [New LWP 470] [New LWP 473] [New LWP 471] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/sbin/suricata -c /etc/suricata/cluster0.yaml --pidfile /var/run/suricata/clust'. Program terminated with signal 11, Segmentation fault. #0 0x000055d506e60c08 in StorageGetById (storage=storage@entry=0x128, type=type@entry=STORAGE_FLOW, id=1) at util-storage.c:224 224 return storage[id]; Missing separate debuginfos, use: debuginfo-install hiredis-0.12.1-1.el7.x86_64 (gdb) Thread 8 (Thread 0x7fc0d57f5700 (LWP 471)): #0 0x00007fc0d995080d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007fc0d99810e4 in usleep (useconds=useconds@entry=100) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 100000} #2 0x000055d506dc68d4 in FlowRecycler (th_v=0x55d50f63b9c0, thread_data=0x7fc0b80008c0) at flow-manager.c:1210 list = {top = 0x0, bot = 0x0, len = 0} bail = 0 f = 0x0 ts = {tv_sec = 1604842672, tv_usec = 915282} recycled_cnt = 0 ftd = 0x7fc0b80008c0 __PRETTY_FUNCTION__ = "FlowRecycler" fr_passes = startts = {tv_sec = 1604842641, tv_usec = 225100} __FUNCTION__ = "FlowRecycler" #3 0x000055d506e2277d in TmThreadsManagement (td=0x55d50f63b9c0) at tm-threads.c:541 tv = 0x55d50f63b9c0 s = 0x55d5100fe200 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d57f5700) at pthread_create.c:307 __res = pd = 0x7fc0d57f5700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466192340736, -8289937718712929116, 0, 8392704, 0, 140466192340736, 8319717993948968100, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 7 (Thread 0x7fc0d47f3700 (LWP 473)): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238 No locals. #1 0x000055d506d4e0e0 in StatsMgmtThread (arg=0x55d50d334d50) at counters.c:415 cur_timev = {tv_sec = 1604842665, tv_usec = 228285} cond_time = {tv_sec = 1604842673, tv_nsec = 228285000} tv_local = 0x55d50d334d50 __FUNCTION__ = "StatsMgmtThread" __PRETTY_FUNCTION__ = "StatsMgmtThread" r = #2 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d47f3700) at pthread_create.c:307 __res = pd = 0x7fc0d47f3700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466175555328, -8289937718712929116, 0, 8392704, 0, 140466175555328, 8319715793851970724, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #3 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 6 (Thread 0x7fc0d5ff6700 (LWP 470)): #0 0x00007fc0d995080d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007fc0d99810e4 in usleep (useconds=useconds@entry=100) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 100000} #2 0x000055d506dc72a9 in FlowManager (th_v=0x55d50f63b640, thread_data=0x7fc0c40008c0) at flow-manager.c:1014 ts_ms = 1604842672915 rt = 1604842672 emerge_p = ftd = 0x7fc0c40008c0 ts = {tv_sec = 1604842672, tv_usec = 915137} emerg = false prev_emerg = false other_last_sec = 1604842672 flow_last_sec = 1604842672 hash_passes = hash_row_checks = hash_passes_chunks = hash_full_passes = pass_in_sec = 240 startts = {tv_sec = 1604842641, tv_usec = 224835} hash_pass_iter = 31 emerg_over_cnt = 0 next_run_ms = 1604842673242 __FUNCTION__ = "FlowManager" #3 0x000055d506e2277d in TmThreadsManagement (td=0x55d50f63b640) at tm-threads.c:541 tv = 0x55d50f63b640 s = 0x55d50fee0340 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d5ff6700) at pthread_create.c:307 __res = pd = 0x7fc0d5ff6700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466200733440, -8289937718712929116, 0, 8392704, 0, 140466200733440, 8319716894974211236, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 5 (Thread 0x7fc0d3ff2700 (LWP 474)): #0 0x00007fc0d9980953 in select () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x000055d506e25c97 in UnixMain (this=0x55d50748a240 ) at unix-manager.c:650 tv = {tv_sec = 0, tv_usec = 132856} ret = tclient = select_set = {fds_bits = {32768, 0 }} uclient = 0x0 #2 UnixManager (th_v=0x55d50e8ed0a0, thread_data=) at unix-manager.c:1125 __FUNCTION__ = "UnixManager" #3 0x000055d506e2277d in TmThreadsManagement (td=0x55d50e8ed0a0) at tm-threads.c:541 tv = 0x55d50e8ed0a0 s = 0x55d50bf77870 r = __PRETTY_FUNCTION__ = "TmThreadsManagement" __FUNCTION__ = "TmThreadsManagement" #4 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d3ff2700) at pthread_create.c:307 __res = pd = 0x7fc0d3ff2700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466167162624, -8289937718712929116, 0, 8392704, 0, 140466167162624, 8319730086966260900, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #5 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 4 (Thread 0x7fc0d4ff4700 (LWP 472)): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238 No locals. #1 0x000055d506d4da37 in StatsWakeupThread (arg=0x55d50d3349d0) at counters.c:487 cur_timev = {tv_sec = 1604842671, tv_usec = 228211} cond_time = {tv_sec = 1604842674, tv_nsec = 228211000} tv = tv_local = 0x55d50d3349d0 __FUNCTION__ = "StatsWakeupThread" #2 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d4ff4700) at pthread_create.c:307 __res = pd = 0x7fc0d4ff4700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466183948032, -8289937718712929116, 0, 8392704, 0, 140466183948032, 8319714694877213860, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #3 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 3 (Thread 0x7fc0dde20b00 (LWP 442)): #0 0x00007fc0d995080d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007fc0d99810e4 in usleep (useconds=useconds@entry=10000) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 10000000} #2 0x000055d506e1ec67 in SuricataMainLoop (suri=) at suricata.c:2660 No locals. #3 SuricataMain (argc=, argv=) at suricata.c:2821 vlan_tracking = 1 __FUNCTION__ = "SuricataMain" #4 0x00007fc0d98ad505 in __libc_start_main (main=0x55d506d1bb20
, argc=6, argv=0x7ffe99bcd7f8, init=, fini=, rtld_fini=, stack_end=0x7ffe99bcd7e8) at ../csu/libc-start.c:266 result = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -8289937718712929116, 94373430803237, 140731477710832, 0, 0, 8289168583724954788, 8319708189188355236}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fc0ddc29973 <_dl_init+275>, 0x7fc0dde3d150}, data = {prev = 0x0, cleanup = 0x0, canceltype = -574449293}}} not_first_call = #5 0x000055d506d1bb4e in _start () No symbol table info available. Thread 2 (Thread 0x7fc0d6aa6700 (LWP 467)): #0 0x00007fc0d995080d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 No locals. #1 0x00007fc0d99810e4 in usleep (useconds=) at ../sysdeps/unix/sysv/linux/usleep.c:32 ts = {tv_sec = 0, tv_nsec = 1000} #2 0x00007fc0dc1ac56a in pfring_mod_zc_spsc_poll () from /usr/lib/libpfring.so.7 No symbol table info available. #3 0x00007fc0dc1ac7ce in pfring_mod_zc_spsc_recv () from /usr/lib/libpfring.so.7 No symbol table info available. #4 0x00007fc0dc198df0 in pfring_recv () from /usr/lib/libpfring.so.7 No symbol table info available. #5 0x000055d506e0bd74 in ReceivePfringLoop (tv=0x55d50bad2c90, data=, slot=) at source-pfring.c:390 r = ptv = p = 0x7fc0c026ff00 hdr = {ts = {tv_sec = 0, tv_usec = 0}, caplen = 60, len = 60, extended_hdr = {timestamp_ns = 1604842672913624547, flags = 0, rx_direction = 1 '\001', port_id = 0 '\000', device_id = 0, if_index = -693478864, pkt_hash = 3240145137, tx = {bounce_interface = 288800848, reserved = 0x55d50bad2d50}, parsed_pkt = {dmac = "\000g\252\326\300\177", smac = "\000\000\334\n\221", , eth_type = 32704, vlan_id = 0, qinq_vlan_id = 23088, ip_version = 170 '\252', l3_proto = 214 '\326', ip_tos = 192 '\300', ip_src = {v6 = { __in6_u = {__u6_addr8 = "\177\000\000(\000\000\000\000\000\000\000\000\022x\310\300", __u6_addr16 = {127, 10240, 0, 0, 0, 0, 30738, 49352}, __u6_addr32 = {671088767, 0, 0, 3234363410}}}, v4 = 671088767}, ip_dst = {v6 = {__in6_u = { __u6_addr8 = "\177\000\000-\316\344\006\325U\000\000н\330", , __u6_addr16 = {127, 11520, 58574, 54534, 85, 53248, 55485, 54535}, __u6_addr32 = {754974847, 3573998798, 3489661013, 3574061245}}}, v4 = 754974847}, l4_src_port = 85, l4_dst_port = 12288, icmp_type = 90 'Z', icmp_code = 170 '\252', tcp = {flags = 214 '\326', seq_num = 0, ack_num = 0}, tunnel = { tunnel_id = 3571363072, tunneled_ip_version = 6 '\006', tunneled_proto = 213 '\325', tunneled_ip_src = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\000\252\326\300\177\000\000\300\310H", , __u6_addr16 = {85, 0, 43520, 49366, 127, 49152, 18632, 54535}, __u6_addr32 = {85, 3235293696, 3221225599, 3574024392}}}, v4 = 85}, tunneled_ip_dst = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\020\200\000\000\000\000\000\000\376\302\331\b", __u6_addr16 = {85, 0, 32784, 0, 0, 0, 49918, 2265}, __u6_addr32 = {85, 32784, 0, 148488958}}}, v4 = 85}, tunneled_l4_src_port = 40875, tunneled_l4_dst_port = 37061}, last_matched_rule_id = -720655060, offset = {eth_offset = 85, vlan_offset = 20480, l3_offset = -21203, l4_offset = -10997, payload_offset = 85}}}} s = last_dump = 1604842672 buffer_size = pkt_buffer = 0x0 rc = __FUNCTION__ = "ReceivePfringLoop" #6 0x000055d506e22b5e in TmThreadsSlotPktAcqLoop (td=0x55d50bad2c90) at tm-threads.c:312 tv = 0x55d50bad2c90 s = 0x55d50c13e9a0 run = 1 '\001' r = slot = __FUNCTION__ = "TmThreadsSlotPktAcqLoop" #7 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d6aa6700) at pthread_create.c:307 __res = pd = 0x7fc0d6aa6700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466211940096, -8289937718712929116, 0, 8392704, 0, 140466211940096, 8319719463364654244, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #8 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. Thread 1 (Thread 0x7fc0d7556700 (LWP 454)): #0 0x000055d506e60c08 in StorageGetById (storage=storage@entry=0x128, type=type@entry=STORAGE_FLOW, id=1) at util-storage.c:224 No locals. #1 0x000055d506dc8513 in FlowGetStorageById (f=f@entry=0x0, id=) at flow-storage.c:41 No locals. #2 0x000055d506df3ccf in EveAddCommonOptions (cfg=cfg@entry=0x55d508c29290, p=p@entry=0x7fc0c826ff00, f=, js=js@entry=0x7fc0c88f76d0) at output-json.c:451 ms = #3 0x000055d506ddaec1 in AlertJson (aft=aft@entry=0x7fc0c85f7e30, p=p@entry=0x7fc0c826ff00, tv=) at output-json-alert.c:622 xff_cfg = 0x55d508c28bd0 have_xff_ip = 0 jb = 0x7fc0c88f76d0 pa = 0x7fc0c82700b8 addr = {src_ip = "116.90.231.16", '\000' , dst_ip = "95.130.237.126", '\000' , sp = 0, dp = 0, proto = "TCP", '\000' } xff_buffer = "\000\000\000\000\000\000\000\000 \000\000\310\300\177\000\000\001\000\000\000\000\000\000\000\360\037\000\000\000\000\000\000\070\000\000\000\000\000\000\000\020\200\217\310\300\177" i = 0 payload = 0x7fc0c8607e80 json_output_ctx = 0x55d508c29270 #4 0x000055d506ddbd59 in JsonAlertLogger (tv=, thread_data=0x7fc0c85f7e30, p=0x7fc0c826ff00) at output-json-alert.c:767 aft = 0x7fc0c85f7e30 #5 0x000055d506df072c in OutputPacketLog (tv=0x55d50bd6ff80, p=0x7fc0c826ff00, thread_data=) at output-packet.c:116 op_thread_data = logger = 0x55d508c292d0 store = 0x7fc0c8608ea0 #6 0x000055d506dd7294 in OutputLoggerLog (tv=tv@entry=0x55d50bd6ff80, p=p@entry=0x7fc0c826ff00, thread_data=) at output.c:882 thread_store = logger = 0x55d508c2ac60 thread_store_node = 0x7fc0c8618f20 #7 0x000055d506dca6a0 in FlowWorker (tv=0x55d50bd6ff80, p=0x7fc0c826ff00, data=0x7fc0c842b680) at flow-worker.c:545 fw = 0x7fc0c842b680 detect_thread = 0x7fc0c850dba0 #8 0x000055d506e212ce in TmThreadsSlotVarRun (tv=tv@entry=0x55d50bd6ff80, p=p@entry=0x7fc0c826ff00, slot=) at tm-threads.c:117 r = s = 0x55d5090f8aa0 #9 0x000055d506e0bea1 in TmThreadsSlotProcessPkt (p=0x7fc0c826ff00, s=, tv=0x55d50bd6ff80) at tm-threads.h:192 r = #10 ReceivePfringLoop (tv=0x55d50bd6ff80, data=, slot=) at source-pfring.c:415 r = ptv = p = 0x7fc0c826ff00 hdr = {ts = {tv_sec = 1604842672, tv_usec = 903303}, caplen = 60, len = 60, extended_hdr = {timestamp_ns = 1604842672903303007, flags = 0, rx_direction = 1 '\001', port_id = 0 '\000', device_id = 0, if_index = -682272208, pkt_hash = 162507659, tx = {bounce_interface = 165064736, reserved = 0x55d50bd70040}, parsed_pkt = {dmac = "\000gU\327\300\177", smac = "\000\000\334\n\221", , eth_type = 32704, vlan_id = 0, qinq_vlan_id = 43296, ip_version = 119 'w', l3_proto = 200 '\310', ip_tos = 192 '\300', ip_src = {v6 = { __in6_u = {__u6_addr8 = "\177\000\000(\000\000\000\000\000\000\000\000\022x\310\300", __u6_addr16 = {127, 10240, 0, 0, 0, 0, 30738, 49352}, __u6_addr32 = {671088767, 0, 0, 3234363410}}}, v4 = 671088767}, ip_dst = {v6 = {__in6_u = { __u6_addr8 = "\177\000\000-\316\344\006\325U\000\000\060ZU\327\300", __u6_addr16 = {127, 11520, 58574, 54534, 85, 12288, 21850, 49367}, __u6_addr32 = {754974847, 3573998798, 805306453, 3235337562}}}, v4 = 754974847}, l4_src_port = 127, l4_dst_port = 8192, icmp_type = 176 '\260', icmp_code = 214 '\326', tcp = {flags = 9 '\t', seq_num = 0, ack_num = 0}, tunnel = {tunnel_id = 3571363072, tunneled_ip_version = 6 '\006', tunneled_proto = 213 '\325', tunneled_ip_src = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\000U\327\300\177\000\000\300\310H", , __u6_addr16 = {85, 0, 21760, 49367, 127, 49152, 18632, 54535}, __u6_addr32 = {85, 3235337472, 3221225599, 3574024392}}}, v4 = 85}, tunneled_ip_dst = {v6 = {__in6_u = { __u6_addr8 = "U\000\000\000\020\200\000\000\000\000\000\000\376\302\331\b", __u6_addr16 = {85, 0, 32784, 0, 0, 0, 49918, 2265}, __u6_addr32 = {85, 32784, 0, 148488958}}}, v4 = 85}, tunneled_l4_src_port = 40875, tunneled_l4_dst_port = 32965}, last_matched_rule_id = -720644353, offset = {eth_offset = 85, vlan_offset = 16384, l3_offset = -10496, l4_offset = -10997, payload_offset = 85}}}} s = last_dump = 1604842672 buffer_size = pkt_buffer = 0x2aaab42a34c0
rc = __FUNCTION__ = "ReceivePfringLoop" #11 0x000055d506e22b5e in TmThreadsSlotPktAcqLoop (td=0x55d50bd6ff80) at tm-threads.c:312 tv = 0x55d50bd6ff80 s = 0x55d510a35280 run = 1 '\001' r = slot = __FUNCTION__ = "TmThreadsSlotPktAcqLoop" #12 0x00007fc0da07ae65 in start_thread (arg=0x7fc0d7556700) at pthread_create.c:307 __res = pd = 0x7fc0d7556700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140466223146752, -8289937718712929116, 0, 8392704, 0, 140466223146752, 8319722169194050724, 8319711597561574564}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = pagesize_m1 = sp = freesize = #13 0x00007fc0d998988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. (gdb) quit