Bug #1528
closedTilera: suricata segfaults in streamTcpReassembleAppLayer
Description
Periodically suricata segfaults, and core dumps.
sh-4.1# ./suricata --build-info
This is Suricata version 2.1beta4 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS TLS
SIMD support: Tilera
Atomic intrisics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version 4.4.7 20131017 (Tilera 4.4.7-3), C version 199901
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.17, linked against LibHTP v0.5.17
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: no
Detection enabled: yes
libnss support: yes
libnspr support: yes
libjansson support: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: noSuricatasc install: yesUnit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: noGeneric build parameters:
Installation prefix (--prefix): /usr/local
Configuration directory (--sysconfdir): /usr/local/etc/suricata/
Log directory (--localstatedir) : /usr/local/var/log/suricata/
########################################################################
Host: tilegx-unknown-linux-gnu
GCC binary: gcc
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: noProgram terminated with signal 11, Segmentation fault.
#0 StreamTcpReassembleAppLayer (tv=0x73cb800, ra_ctx=0x1feadb5b480,
ssn=0x1fe89bca5a0, stream=0x1fe89bca5f0, p=0x1ffa3d7f500)
at stream-tcp-reassemble.c:2912
2912 if (!(p->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
Files
Updated by Victor Julien over 8 years ago
- Target version set to 3.0RC1
Strange, it looks like the packet pointer "p" is corrupted somehow.
Updated by Hardik Mehta over 8 years ago
inputs after code read
pointer p gets updated from
ReceiveMpipeLoop->MpipeProcessPacket line:3 of function
Packet p = (Packet *)(pkt - sizeof(Packet) - headroom/*2/);
i dint find proper comment/explanation for subtracting headroom from pkt pointer. headroom is assigned value 2, in source-mpipe.c line 91. it's not used anywhere else
Also, in frame 9 examining the stack, rank goes negative as shown below, i am not sure this helps or not. please, lmk if need more details..
#9 ReceiveMpipeLoop (tv=0x73cb7e8, data=0x1feadb588e0, slot=<optimized out>)
at source-mpipe.c:394
i = <optimized out>
m = 1
idesc = <optimized out>
n = <optimized out>
p = 0x1ffa3d7f500
rank = -1380611810
max_queued = 1208090632
ctype = 0x73cb800 "\360\355\177\316\376\001"
FUNCTION = "ReceiveMpipeLoop"
iqueue = 0x1fe48020028
update_counter = 199
last_packet_time = <optimized out>
Updated by Victor Julien over 8 years ago
Have you been able to get this resolved? Someone from Tilera should have contacted you.
Updated by Hardik Mehta over 8 years ago
Not yet, working with Tilera/ezchip guys. will keep you posted.
Updated by Victor Julien over 8 years ago
- Subject changed from suricata segfaults in streamTcpReassembleAppLayer to Tilera: suricata segfaults in streamTcpReassembleAppLayer
- Target version deleted (
3.0RC1)
Any update?