Suricata

ulimit -c unlimited; src/suricata -c suricata.yaml -r ./ctf_dc17-segv-7890.pcap011-fuzz-2010-01-13-06-51-08 -l ./
...
TmqDebugList: id 0, name 'pickup-queue', len 50
TmqDebugList: id 1, name 'decode-queue1', len 0
TmqDebugList: id 2, name 'stream-queue1', len 0
TmqDebugList: id 3, name 'alert-queue1', len 0
Segmentation fault (core dumped)

coz@coz-desktop:~/downloads/suricatafuzz2$ gdb src/suricata core
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/&gt;...
Reading symbols from /home/coz/downloads/suricatafuzz2/src/suricata...done.
[New Thread 21799]
[New Thread 21797]
[New Thread 21804]
[New Thread 21802]
[New Thread 21801]
[New Thread 21803]
[New Thread 21798]
[New Thread 21806]
[New Thread 21805]

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libhtp-0.1.so.1...done.
Loaded symbols for /usr/lib/libhtp-0.1.so.1
Reading symbols from /usr/lib/libpcap.so.0.8...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpcap.so.0.8
Reading symbols from /usr/local/lib/libpfring.so...done.
Loaded symbols for /usr/local/lib/libpfring.so
Reading symbols from /usr/lib/libnet.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnet.so.1
Reading symbols from /lib/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/libpthread-2.10.1.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libyaml-0.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libyaml-0.so.1
Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/libpcre.so.3
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.10.1.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.10.1.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `src/suricata c suricata.yaml -r ./ctf_dc17-segv-7890.pcap011-fuzz-2010-01-13-0'.
Program terminated with signal 11, Segmentation fault.
#0 0x00000000004805d3 in StreamMsgDequeue (q=0x2b5c280) at stream.c:79
79 q>bot->next = NULL;
(gdb) bt full
#0 0x00000000004805d3 in StreamMsgDequeue (q=0x2b5c280) at stream.c:79
s = 0x38b8e70
#1 0x000000000048071a in StreamMsgGetFromQueue (q=0x2b5c280) at stream.c:121
s = 0x0
#2 0x0000000000489fbe in StreamTcpReassembleProcessAppLayer (ra_ctx=0x281d2d0) at stream-tcp-reassemble.c:1498
smsg = 0x38b8c10
r = 0
#3 0x00000000004854c4 in StreamTcpPacket (tv=0x28335c0, p=0x2408cd0, stt=0x2b5be00) at stream-tcp.c:2407
ssn = 0x386cbe0
#4 0x000000000048555e in StreamTcp (tv=0x28335c0, p=0x2408cd0, data=0x2b5be00, pq=0x28336c0) at stream-tcp.c:2425
stt = 0x2b5be00
ret = TM_ECODE_OK
#5 0x000000000047724c in TmThreadsSlot1 (td=0x28335c0) at tm-threads.c:325
tv = 0x28335c0
s = 0x2833690
p = 0x2408cd0
run = 1 '\001'
r = TM_ECODE_OK
#6 0x00007fa20b6a6a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7fa2099c7910
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140333922679056, -271256966946645996, 140735291470304, 0, 0, 3, 250053138385180692, 250050853218523156}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#7 0x00007fa20afc180d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#8 0x0000000000000000 in ?? ()
No symbol table info available.