Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 3.0 occasionaly coredumps (SIGSEGV), traces included

From: Alan Kayahan via Snort-users <snort-users () lists snort org>
Date: Fri, 20 Jul 2018 15:30:11 +0200
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.4 LTS
Release:        16.04
Codename:       xenial

  ,,_     -*> Snort++ <*-
  o"  )~   Version 3.0.0 (Build 245) from 2.9.11
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights
reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 2.2.2
           Using LuaJIT version 2.0.4
           Using OpenSSL 1.0.2g  1 Mar 2016
           Using libpcap version 1.7.4
           Using PCRE version 8.38 2015-11-23
           Using ZLIB version 1.2.8
           Using FlatBuffers 1.8.0
           Using Hyperscan version 4.7.0 2018-05-30
           Using LZMA version 5.1.0alpha

Above is the setup we are using, plus the latest OpenAppID database. It
operates inline with NFQ.
Following are couple of stack traces.

 PID: 16540 (snort)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Wed 2018-07-11 23:54:27 UTC (1 weeks 1 days ago)
  Command Line: /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -R
/usr/local/etc/snort/rules/local.rules --plugin-path=/usr/local/lib/snort_extra
-Q -D
    Executable: /usr/local/bin/snort
 Control Group: /
         Slice: -.slice
       Boot ID: 39148e30bd89408ea9bdd073a5392201
    Machine ID: bd068ebb16484c349fa66b8e69e1c05a
      Hostname: snort
       Message: Process 16540 (snort) of user 0 dumped core.

                Stack trace of thread 16547:
                #0  0x00007fd3902bc256 _ZNKSt7__cxx1112basic_
stringIcSt11char_traitsIcESaIcEE7compareERKS4_ (libstdc++.so.6)
                #1  0x0000000000575843 _ZStltIcSt11char_
traitsIcESaIcEEbRKNSt7__cxx1112basic_stringIT_T0_T1_EESA_ (snort)
                #2  0x0000000000575305 _ZNKSt4lessINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_S8_ (snort)
                #3  0x0000000000588cf0 _ZNSt8_Rb_treeINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_
St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_
ESt4lessIS5_ESaISE_EE14_M_lower_boundEPSt13_Rb_tree_nodeISE_ESN_RS7_ (snort)
                #4  0x000000000058803c _ZNSt8_Rb_treeINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_
St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_
ESt4lessIS5_ESaISE_EE4findERS7_ (snort)
                #5  0x00000000005875cb _ZNSt3mapINSt7__cxx1112basic_
stringIcSt11char_traitsIcESaIcEEESt6vectorIPN5snort11DataHandlerESaIS9_
EESt4lessIS5_ESaISt4pairIKS5_SB_EEE4findERSF_ (snort)
                #6  0x0000000000586d8d _ZN5snort7DataBus8_
publishEPKcRNS_9DataEventEPNS_4FlowE (snort)
                #7  0x0000000000586823
_ZN5snort7DataBus7publishEPKcRNS_9DataEventEPNS_4FlowE
(snort)
                #8  0x000000000058695d
_ZN5snort7DataBus7publishEPKcPNS_6PacketEPNS_4FlowE
(snort)
                #9  0x00000000005ecfa0 _ZN5snort5Snort11thread_idleEv
(snort)
                #10 0x00000000005d7616 _ZN8Analyzer7analyzeEv (snort)
                #11 0x00000000005d73bb _ZN8AnalyzerclEP7Swappert (snort)
                #12 0x0000000000547cda _ZSt8__invokeI8AnalyzerJP7SwappertEEN
St9enable_ifIXaaaantsrSt17is_member_pointerIT_E5valuentsrSt11is_functionIS5_
E5valuentsrS7_INSt14remove_pointerIS5_E4typeEE5valueENSt9result_
ofIFRS5_DpOT0_EE4typeEE4typeESE_SH_ (snort)
                #13 0x0000000000547c79 _ZNKSt17reference_
wrapperI8AnalyzerEclIJP7SwappertEEENSt9result_ofIFRS0_DpOT_EE4typeES9_
(snort)
                #14 0x0000000000547c21 _ZNSt12_Bind_simpleIFSt17reference_
wrapperI8AnalyzerEP7SwappertEE9_M_invokeIJLm0ELm1EEEEvSt12_Index_tupleIJXspT_EEE
(snort)
                #15 0x0000000000547ad8 _ZNSt12_Bind_simpleIFSt17reference_
wrapperI8AnalyzerEP7SwappertEEclEv (snort)
                #16 0x0000000000547a68 _ZNSt6thread5_ImplISt12_Bind_
simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEE6_M_runEv (snort)
                #17 0x00007fd390253c80 n/a (libstdc++.so.6)
                #18 0x00007fd3918ce6ba start_thread (libpthread.so.0)
                #19 0x00007fd38fbcf41d __clone (libc.so.6)

                Stack trace of thread 16540:
                #0  0x00007fd3918d7c1d __nanosleep (libpthread.so.0)
                #1  0x000000000054392c service_check (snort)
                #2  0x0000000000543f0d main_loop (snort)
                #3  0x0000000000544012 snort_main (snort)
                #4  0x00000000005440d9 main (snort)
                #5  0x00007fd38fae8830 __libc_start_main (libc.so.6)
                #6  0x00000000005421e9 _start (snort)
                Refusing to dump core to tty.

Another trace

          PID: 13618 (snort)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Wed 2018-07-11 00:44:51 UTC (1 weeks 2 days ago)
  Command Line: /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -R
/usr/local/etc/snort/rules/local.rules --plugin-path=/usr/local/lib/snort_extra
-Q -D
    Executable: /usr/local/bin/snort
 Control Group: /
         Slice: -.slice
       Boot ID: 39148e30bd89408ea9bdd073a5392201
    Machine ID: bd068ebb16484c349fa66b8e69e1c05a
      Hostname: snort
       Message: Process 13618 (snort) of user 0 dumped core.

                Stack trace of thread 13625:
                #0  0x00007fdbc7dbd256 _ZNKSt7__cxx1112basic_
stringIcSt11char_traitsIcESaIcEE7compareERKS4_ (libstdc++.so.6)
                #1  0x0000000000575843 _ZStltIcSt11char_
traitsIcESaIcEEbRKNSt7__cxx1112basic_stringIT_T0_T1_EESA_ (snort)
                #2  0x0000000000575305 _ZNKSt4lessINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_S8_ (snort)
                #3  0x0000000000588cf0 _ZNSt8_Rb_treeINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_
St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_
ESt4lessIS5_ESaISE_EE14_M_lower_boundEPSt13_Rb_tree_nodeISE_ESN_RS7_ (snort)
                #4  0x000000000058803c _ZNSt8_Rb_treeINSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_
St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_
ESt4lessIS5_ESaISE_EE4findERS7_ (snort)
                #5  0x00000000005875cb _ZNSt3mapINSt7__cxx1112basic_
stringIcSt11char_traitsIcESaIcEEESt6vectorIPN5snort11DataHandlerESaIS9_
EESt4lessIS5_ESaISt4pairIKS5_SB_EEE4findERSF_ (snort)
                #6  0x0000000000586d8d _ZN5snort7DataBus8_
publishEPKcRNS_9DataEventEPNS_4FlowE (snort)
                #7  0x0000000000586823
_ZN5snort7DataBus7publishEPKcRNS_9DataEventEPNS_4FlowE
(snort)
                #8  0x000000000058695d
_ZN5snort7DataBus7publishEPKcPNS_6PacketEPNS_4FlowE
(snort)
                #9  0x00000000005ecfa0 _ZN5snort5Snort11thread_idleEv
(snort)
                #10 0x00000000005d7616 _ZN8Analyzer7analyzeEv (snort)
                #11 0x00000000005d73bb _ZN8AnalyzerclEP7Swappert (snort)
                #12 0x0000000000547cda _ZSt8__invokeI8AnalyzerJP7SwappertEEN
St9enable_ifIXaaaantsrSt17is_member_pointerIT_E5valuentsrSt11is_functionIS5_
E5valuentsrS7_INSt14remove_pointerIS5_E4typeEE5valueENSt9result_
ofIFRS5_DpOT0_EE4typeEE4typeESE_SH_ (snort)
                #13 0x0000000000547c79 _ZNKSt17reference_
wrapperI8AnalyzerEclIJP7SwappertEEENSt9result_ofIFRS0_DpOT_EE4typeES9_
(snort)
                #14 0x0000000000547c21 _ZNSt12_Bind_simpleIFSt17reference_
wrapperI8AnalyzerEP7SwappertEE9_M_invokeIJLm0ELm1EEEEvSt12_Index_tupleIJXspT_EEE
(snort)
                #15 0x0000000000547ad8 _ZNSt12_Bind_simpleIFSt17reference_
wrapperI8AnalyzerEP7SwappertEEclEv (snort)
                #16 0x0000000000547a68 _ZNSt6thread5_ImplISt12_Bind_
simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEE6_M_runEv (snort)
                #17 0x00007fdbc7d54c80 n/a (libstdc++.so.6)
                #18 0x00007fdbc93cf6ba start_thread (libpthread.so.0)
                #19 0x00007fdbc76d041d __clone (libc.so.6)

                Stack trace of thread 13618:
                #0  0x00007fdbc93d8c1d __nanosleep (libpthread.so.0)
                #1  0x000000000054392c service_check (snort)
                #2  0x0000000000543f0d main_loop (snort)
                #3  0x0000000000544012 snort_main (snort)
                #4  0x00000000005440d9 main (snort)
                #5  0x00007fdbc75e9830 __libc_start_main (libc.so.6)
                #6  0x00000000005421e9 _start (snort)
                Refusing to dump core to tty.

Any ideas?

Regards,
Alan

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: