[Snort-devel] segmentation fault in snort 3.0.0-a3 with hyperscan search engine

Ramya Potluri ramya.potluri293 at ...2499...
Mon Feb 15 05:03:33 EST 2016


Hi

I am trying to run snort3 with hyperscan as the search method by adding
search_engine =
{
     search_method = 'hyperscan',
}
to the snort.lua, I tried remaining all methods like
ac_full,ac_bnfa,ac_banded,ac_sparse,ac_sparse_bands in this search method,
all these were fine but the hyperscan option was causing segmentation
fault. and my machine configurations are
linux 3.10.0-123.el7.x86_64
snort: snort 3.0.0-a3
daq: daq-2.0.6
hyperscan: hyperscan-4.0.1
regel: ragel-6.9
here I am adding the log that I got with hyperscan search method and the
gdb log
can you please help me out

regards,
Ramya Potluri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160215/6611b102/attachment.html>
-------------- next part --------------
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, main (argc=7, argv=0x7fffffffdd58) at main.cc:862
862	{
Missing separate debuginfos, use: debuginfo-install glibc-2.17-55.el7.x86_64 libgcc-4.8.5-4.el7.x86_64 libstdc++-4.8.2-16.el7.x86_64 openssl-libs-1.0.1e-34.el7.x86_64 pcre-8.32-15.el7.x86_64 xz-libs-5.1.2-8alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) n
863	    const char* s = getenv("SNORT_PROMPT");
(gdb) 
862	{
(gdb) 
863	    const char* s = getenv("SNORT_PROMPT");
(gdb) 
865	    if ( s )
(gdb) 
868	    Snort::setup(argc, argv);
(gdb) 
--------------------------------------------------
o")~   Snort++ 3.0.0-a3-186
--------------------------------------------------
Loading snort-ac.lua:
	ssh
	rpc_decode
	pop
	stream_user
	stream_tcp
	smtp
	ftp_data
	ssl
	gtp_inspect
	stream_ip
	stream_icmp
	telnet
	ftp_server
	reputation
	stream_udp
	search_engine
	file_id
	back_orifice
	classifications
	port_scan
	dnp3
	perf_monitor
	ftp_client
	http_inspect
	stream
	references
	arp_spoof
	sip
	wizard
	dns
	imap
	stream_file
Finished snort-ac.lua.
Loading rules:
Loading /home/rpotluri/snort3_instl/etc/snort/sample.rules:
Finished /home/rpotluri/snort3_instl/etc/snort/sample.rules.
Finished rules.
--------------------------------------------------
rule counts
       total rules loaded: 3974
               text rules: 3974
            option chains: 3974
            chain headers: 187
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ip
     any     119      31      29      26
     src    1685       4       0       0
     dst    1927     232       0       0
    both       0       1       0       0
    slow       1       0       1       0
   total    3732     268      30      26
--------------------------------------------------
flowbits
                  defined: 124
              not checked: 9
                  not set: 2
*** Error in `/home/rpotluri/snort3_instl/snort-hyp/bin/snort': free(): invalid size: 0x0000000002a65c50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7d56d)[0x7ffff5d3156d]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0xa4afdc]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue213fdrBuildTableERKSt6vectorINS_11hwlmLiteralESaIS1_EEbRKNS_8target_tERKNS_4GreyEPNS_20hwlmStreamingControlE+0x149)[0xa4b749]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue29hwlmBuildERKSt6vectorINS_11hwlmLiteralESaIS1_EEPNS_20hwlmStreamingControlEbRKNS_14CompileContextEy+0xea)[0x9d054a]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue213RoseBuildImpl16buildFinalEngineEj+0x1b8)[0xa35248]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue213RoseBuildImpl9buildRoseEj+0x22cb)[0x7a52ab]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue25buildERNS_2NGEPj+0x30)[0x5b7400]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(_ZN3ue220hs_compile_multi_intEPKPKcPKjS5_PKPK11hs_expr_extjjPK16hs_platform_infoPP11hs_databasePP16hs_compile_errorRKNS_4GreyE+0x29a)[0x5b5b4a]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort(hs_compile_multi+0x70)[0x5b6260]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x52b0ac]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x550ca9]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x550f2c]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x551031]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x551b79]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x5385b0]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x53734f]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x5377ba]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x48a8e3]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff5cd5af5]
/home/rpotluri/snort3_instl/snort-hyp/bin/snort[0x48d165]
======= Memory map: ========
00400000-00bb5000 r-xp 00000000 08:02 3684453                            /home/rpotluri/snort3_instl/snort-hyp/bin/snort
00db5000-00db7000 r--p 007b5000 08:02 3684453                            /home/rpotluri/snort3_instl/snort-hyp/bin/snort
00db7000-00dba000 rw-p 007b7000 08:02 3684453                            /home/rpotluri/snort3_instl/snort-hyp/bin/snort
00dba000-02b44000 rw-p 00000000 00:00 0                                  [heap]
40000000-400a0000 rw-p 00000000 00:00 0 
7ffff4d6d000-7ffff5676000 rw-p 00000000 00:00 0 
7ffff5676000-7ffff5681000 r-xp 00000000 08:02 3936255                    /usr/lib64/libnss_files-2.17.so
7ffff5681000-7ffff5880000 ---p 0000b000 08:02 3936255                    /usr/lib64/libnss_files-2.17.so
7ffff5880000-7ffff5881000 r--p 0000a000 08:02 3936255                    /usr/lib64/libnss_files-2.17.so
7ffff5881000-7ffff5882000 rw-p 0000b000 08:02 3936255                    /usr/lib64/libnss_files-2.17.so
7ffff5882000-7ffff5cb4000 rw-p 00000000 00:00 0 
7ffff5cb4000-7ffff5e6a000 r-xp 00000000 08:02 3936237                    /usr/lib64/libc-2.17.so
7ffff5e6a000-7ffff606a000 ---p 001b6000 08:02 3936237                    /usr/lib64/libc-2.17.so
7ffff606a000-7ffff606e000 r--p 001b6000 08:02 3936237                    /usr/lib64/libc-2.17.so
7ffff606e000-7ffff6070000 rw-p 001ba000 08:02 3936237                    /usr/lib64/libc-2.17.so
7ffff6070000-7ffff6075000 rw-p 00000000 00:00 0 
7ffff6075000-7ffff608b000 r-xp 00000000 08:02 3936263                    /usr/lib64/libpthread-2.17.so
7ffff608b000-7ffff628b000 ---p 00016000 08:02 3936263                    /usr/lib64/libpthread-2.17.so
7ffff628b000-7ffff628c000 r--p 00016000 08:02 3936263                    /usr/lib64/libpthread-2.17.so
7ffff628c000-7ffff628d000 rw-p 00017000 08:02 3936263                    /usr/lib64/libpthread-2.17.so
7ffff628d000-7ffff6291000 rw-p 00000000 00:00 0 
7ffff6291000-7ffff62a6000 r-xp 00000000 08:02 3937469                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff62a6000-7ffff64a5000 ---p 00015000 08:02 3937469                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff64a5000-7ffff64a6000 r--p 00014000 08:02 3937469                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff64a6000-7ffff64a7000 rw-p 00015000 08:02 3937469                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff64a7000-7ffff65a8000 r-xp 00000000 08:02 3936245                    /usr/lib64/libm-2.17.so
7ffff65a8000-7ffff67a7000 ---p 00101000 08:02 3936245                    /usr/lib64/libm-2.17.so
7ffff67a7000-7ffff67a8000 r--p 00100000 08:02 3936245                    /usr/lib64/libm-2.17.so
7ffff67a8000-7ffff67a9000 rw-p 00101000 08:02 3936245                    /usr/lib64/libm-2.17.so
7ffff67a9000-7ffff6892000 r-xp 00000000 08:02 3936281                    /usr/lib64/libstdc++.so.6.0.19
7ffff6892000-7ffff6a91000 ---p 000e9000 08:02 3936281                    /usr/lib64/libstdc++.so.6.0.19
7ffff6a91000-7ffff6a99000 r--p 000e8000 08:02 3936281                    /usr/lib64/libstdc++.so.6.0.19
7ffff6a99000-7ffff6a9b000 rw-p 000f0000 08:02 3936281                    /usr/lib64/libstdc++.so.6.0.19
7ffff6a9b000-7ffff6ab0000 rw-p 00000000 00:00 0 
7ffff6ab0000-7ffff6c6b000 r-xp 00000000 08:02 3946823                    /usr/lib64/libcrypto.so.1.0.1e
7ffff6c6b000-7ffff6e6b000 ---p 001bb000 08:02 3946823                    /usr/lib64/libcrypto.so.1.0.1e
7ffff6e6b000-7ffff6e85000 r--p 001bb000 08:02 3946823                    /usr/lib64/libcrypto.so.1.0.1e
7ffff6e85000-7ffff6e91000 rw-p 001d5000 08:02 3946823                    /usr/lib64/libcrypto.so.1.0.1e
7ffff6e91000-7ffff6e95000 rw-p 00000000 00:00 0 
7ffff6e95000-7ffff6eb9000 r-xp 00000000 08:02 3936407                    /usr/lib64/liblzma.so.5.0.99
7ffff6eb9000-7ffff70b8000 ---p 00024000 08:02 3936407                    /usr/lib64/liblzma.so.5.0.99
7ffff70b8000-7ffff70b9000 r--p 00023000 08:02 3936407                    /usr/lib64/liblzma.so.5.0.99
7ffff70b9000-7ffff70ba000 rw-p 00024000 08:02 3936407                    /usr/lib64/liblzma.so.5.0.99
7ffff70ba000-7ffff70cf000 r-xp 00000000 08:02 3936421                    /usr/lib64/libz.so.1.2.7
7ffff70cf000-7ffff72ce000 ---p 00015000 08:02 3936421                    /usr/lib64/libz.so.1.2.7
7ffff72ce000-7ffff72cf000 r--p 00014000 08:02 3936421                    /usr/lib64/libz.so.1.2.7
7ffff72cf000-7ffff72d0000 rw-p 00015000 08:02 3936421                    /usr/lib64/libz.so.1.2.7
7ffff72d0000-7ffff72f4000 r-xp 00000000 08:02 3976537                    /usr/local/lib/libsfbpf.so.0.0.1
7ffff72f4000-7ffff74f4000 ---p 00024000 08:02 3976537                    /usr/local/lib/libsfbpf.so.0.0.1
7ffff74f4000-7ffff74f5000 r--p 00024000 08:02 3976537                    /usr/local/lib/libsfbpf.so.0.0.1
7ffff74f5000-7ffff74f6000 rw-p 00025000 08:02 3976537                    /usr/local/lib/libsfbpf.so.0.0.1
7ffff74f6000-7ffff74f7000 rw-p 00000000 00:00 0 
7ffff74f7000-7ffff74fa000 r-xp 00000000 08:02 3936243                    /usr/lib64/libdl-2.17.so
7ffff74fa000-7ffff76f9000 ---p 00003000 08:02 3936243                    /usr/lib64/libdl-2.17.so
7ffff76f9000-7ffff76fa000 r--p 00002000 08:02 3936243                    /usr/lib64/libdl-2.17.so
7ffff76fa000-7ffff76fb000 rw-p 00003000 08:02 3936243                    /usr/lib64/libdl-2.17.so
7ffff76fb000-7ffff7768000 r-xp 00000000 08:02 3951684                    /usr/local/lib/libluajit-5.1.so.2.0.4
7ffff7768000-7ffff7967000 ---p 0006d000 08:02 3951684                    /usr/local/lib/libluajit-5.1.so.2.0.4
7ffff7967000-7ffff7969000 r--p 0006c000 08:02 3951684                    /usr/local/lib/libluajit-5.1.so.2.0.4
7ffff7969000-7ffff796a000 rw-p 0006e000 08:02 3951684                    /usr/local/lib/libluajit-5.1.so.2.0.4
7ffff796a000-7ffff79ca000 r-xp 00000000 08:02 3976568                    /usr/lib64/libpcre.so.1.2.0
7ffff79ca000-7ffff7bc9000 ---p 00060000 08:02 3976568                    /usr/lib64/libpcre.so.1.2.0
7ffff7bc9000-7ffff7bca000 r--p 0005f000 08:02 3976568                    /usr/lib64/libpcre.so.1.2.0
7ffff7bca000-7ffff7bcb000 rw-p 00060000 08:02 3976568                    /usr/lib64/libpcre.so.1.2.0
7ffff7bcb000-7ffff7bd8000 r-xp 00000000 08:02 3976579                    /usr/local/lib/libdnet.1.0.1
7ffff7bd8000-7ffff7dd7000 ---p 0000d000 08:02 3976579                    /usr/local/lib/libdnet.1.0.1
7ffff7dd7000-7ffff7dd9000 r--p 0000c000 08:02 3976579                    /usr/local/lib/libdnet.1.0.1
7ffff7dd9000-7ffff7dda000 rw-p 0000e000 08:02 3976579                    /usr/local/lib/libdnet.1.0.1
7ffff7dda000-7ffff7ddc000 rw-p 00000000 00:00 0 
7ffff7ddc000-7ffff7dfd000 r-xp 00000000 08:02 3936230                    /usr/lib64/ld-2.17.so
7ffff7dfd000-7ffff7fd3000 rw-p 00000000 00:00 0 
7ffff7ff7000-7ffff7ffa000 rw-p 00000000 00:00 0 
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 08:02 3936230                    /usr/lib64/ld-2.17.so
7ffff7ffd000-7ffff7ffe000 rw-p 00021000 08:02 3936230                    /usr/lib64/ld-2.17.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffd9000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff5ce9989 in raise () from /lib64/libc.so.6
(gdb) 
Single stepping until exit from function raise,
which has no line number information.
oops_handler (signal=6) at process.cc:164
164	{
(gdb) 
166	    if ( !is_main_thread )
(gdb) 
164	{
(gdb) 
166	    if ( !is_main_thread )
(gdb) 
167	        Snort::capture_packet();
(gdb) 

Program received signal SIGTRAP, Trace/breakpoint trap.
Snort::capture_packet () at snort.cc:576
576	    if ( snort_main_thread_pid == gettid() )
(gdb) 

Program received signal SIGTRAP, Trace/breakpoint trap.
0x000000000047dca6 in syscall at plt ()
(gdb) 
Single stepping until exit from function syscall at plt,
which has no line number information.
0x000000000047dbd0 in ?? ()
(gdb) 
Cannot find bounds of current function
(gdb) 
Cannot find bounds of current function

-------------- next part --------------
A non-text attachment was scrubbed...
Name: segfault.log
Type: text/x-log
Size: 9961 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160215/6611b102/attachment.bin>


More information about the Snort-devel mailing list