Project

General

Profile

Actions

Bug #1848

closed

crash if disk is full

Added by Victor Julien over 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

[32683] 15/7/2016 -- 09:24:36 - (suricata.c:2644) <Notice> (main) -- Signature(s) loaded, Detect thread(s) activated.
[32686] 20/7/2016 -- 00:00:00 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
[3022] 20/7/2016 -- 00:00:01 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
[32690] 20/7/2016 -- 00:00:01 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
[32691] 20/7/2016 -- 00:00:02 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
[32685] 20/7/2016 -- 00:00:03 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
[32688] 20/7/2016 -- 00:00:03 - (log-pcap.c:301) <Info> (PcapLogOpenHandles) -- Error opening dump file /nsm_data/c2758/dailylogs/2016-07-20/snort.log.1468965600: No such file or directory
=================================================================
==32683==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310008fb810 at pc 0x0000004bf98e bp 0x7f828bce6930 sp 0x7f828bce6920
READ of size 8 at 0x6310008fb810 thread T14 (CS)
    #0 0x4bf98d in StatsOutput /home/victor/dev/suricata/src/counters.c:732
    #1 0x4bc872 in StatsMgmtThread /home/victor/dev/suricata/src/counters.c:385
    #2 0x7f8297bbf6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
    #3 0x7f8296d33b5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x106b5c)

0x6310008fb810 is located 4624 bytes to the right of 73216-byte region [0x6310008e8800,0x6310008fa600)
allocated by thread T14 (CS) here:
    #0 0x7f82995856e9 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x986e9)
    #1 0x4be62b in StatsOutput /home/victor/dev/suricata/src/counters.c:628
    #2 0x4bc872 in StatsMgmtThread /home/victor/dev/suricata/src/counters.c:385
    #3 0x7f8297bbf6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)

Thread T14 (CS) created by T0 (Suricata-Main) here:
    #0 0x7f8299523253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7d5333 in TmThreadSpawn /home/victor/dev/suricata/src/tm-threads.c:1855
    #2 0x4c0d85 in StatsSpawnThreads /home/victor/dev/suricata/src/counters.c:870
    #3 0x7c00f6 in main /home/victor/dev/suricata/src/suricata.c:2619
    #4 0x7f8296c4d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/victor/dev/suricata/src/counters.c:732 StatsOutput
Shadow bytes around the buggy address:
  0x0c62801176b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801176c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801176d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801176e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801176f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c6280117700: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6280117710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6280117720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6280117730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6280117740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c6280117750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==32683==ABORTING

Related issues 2 (1 open1 closed)

Related to Suricata - Bug #1817: Suricata 3.1RC1 crashingClosedActions
Related to Suricata - Task #2278: tracking: failing betterNewOISF DevActions
Actions #1

Updated by Andreas Herz over 7 years ago

  • Assignee set to Victor Julien
  • Target version set to TBD

Is this also related to #1817 at least similar?

Actions #2

Updated by Victor Julien almost 6 years ago

  • Related to Bug #1817: Suricata 3.1RC1 crashing added
Actions #3

Updated by Victor Julien almost 6 years ago

  • Assignee deleted (Victor Julien)
Actions #4

Updated by Victor Julien about 5 years ago

  • Assignee set to OISF Dev
  • Target version changed from TBD to 70
Actions #5

Updated by Victor Julien over 4 years ago

  • Related to Task #2278: tracking: failing better added
Actions #6

Updated by Victor Julien over 3 years ago

  • Status changed from New to Closed
  • Assignee deleted (OISF Dev)
  • Target version deleted (70)

I haven't seen this anymore in a long time, despite quite a few tests with disks filling up.

Actions

Also available in: Atom PDF