Bug #1528
closedTilera: suricata segfaults in streamTcpReassembleAppLayer
Description
Periodically suricata segfaults, and core dumps.
sh-4.1# ./suricata --build-info
This is Suricata version 2.1beta4 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS TLS
SIMD support: Tilera
Atomic intrisics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version 4.4.7 20131017 (Tilera 4.4.7-3), C version 199901
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.17, linked against LibHTP v0.5.17
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: no
Detection enabled: yes
libnss support: yes
libnspr support: yes
libjansson support: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: noSuricatasc install: yesUnit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: noGeneric build parameters:
Installation prefix (--prefix): /usr/local
Configuration directory (--sysconfdir): /usr/local/etc/suricata/
Log directory (--localstatedir) : /usr/local/var/log/suricata/
########################################################################
Host: tilegx-unknown-linux-gnu
GCC binary: gcc
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: noProgram terminated with signal 11, Segmentation fault.
#0 StreamTcpReassembleAppLayer (tv=0x73cb800, ra_ctx=0x1feadb5b480,
ssn=0x1fe89bca5a0, stream=0x1fe89bca5f0, p=0x1ffa3d7f500)
at stream-tcp-reassemble.c:2912
2912 if (!(p->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
Files
Updated by Victor Julien almost 10 years ago
- Target version set to 3.0RC1
Strange, it looks like the packet pointer "p" is corrupted somehow.
Updated by Hardik Mehta almost 10 years ago
inputs after code read
pointer p gets updated from
ReceiveMpipeLoop->MpipeProcessPacket line:3 of function
Packet p = (Packet *)(pkt - sizeof(Packet) - headroom/*2/);
i dint find proper comment/explanation for subtracting headroom from pkt pointer. headroom is assigned value 2, in source-mpipe.c line 91. it's not used anywhere else
Also, in frame 9 examining the stack, rank goes negative as shown below, i am not sure this helps or not. please, lmk if need more details..
#9 ReceiveMpipeLoop (tv=0x73cb7e8, data=0x1feadb588e0, slot=<optimized out>)
at source-mpipe.c:394
i = <optimized out>
m = 1
idesc = <optimized out>
n = <optimized out>
p = 0x1ffa3d7f500
rank = -1380611810
max_queued = 1208090632
ctype = 0x73cb800 "\360\355\177\316\376\001"
FUNCTION = "ReceiveMpipeLoop"
iqueue = 0x1fe48020028
update_counter = 199
last_packet_time = <optimized out>
Updated by Victor Julien almost 10 years ago
Have you been able to get this resolved? Someone from Tilera should have contacted you.
Updated by Hardik Mehta almost 10 years ago
Not yet, working with Tilera/ezchip guys. will keep you posted.
Updated by Victor Julien almost 10 years ago
- Subject changed from suricata segfaults in streamTcpReassembleAppLayer to Tilera: suricata segfaults in streamTcpReassembleAppLayer
- Target version deleted (
3.0RC1)
Any update?