Actions
Bug #1944
closedrules: ASAN mem leak - 3.2dev (rev f9f5e8a)
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
/opt/suricata-asan/bin/suricata --build-info This is Suricata version 3.2dev (rev f9f5e8a) Features: UNITTESTS PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS SIMD support: SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.2.1 Compatible Clang 3.8.0 (tags/RELEASE_380/final), C version 199901 compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: yes libnspr support: yes libjansson support: yes hiredis support: no Prelude support: no PCRE jit: yes LUA support: yes, through luajit libluajit: yes libgeoip: yes Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Hyperscan support: no Libnet support: yes Suricatasc install: yes Profiling enabled: no Profiling locks enabled: no Development settings: Coccinelle / spatch: no Unit tests enabled: yes Debug output enabled: no Debug validation enabled: no Generic build parameters: Installation prefix: /opt/suricata-asan Configuration directory: /opt/suricata-asan/etc/suricata/ Log directory: /opt/suricata-asan/var/log/suricata/ --prefix /opt/suricata-asan --sysconfdir /opt/suricata-asan/etc --localstatedir /opt/suricata-asan/var Host: x86_64-unknown-linux-gnu Compiler: clang-3.8 (exec name) / clang (real) GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Position Independent Executable enabled: yes CFLAGS -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native PCAP_CFLAGS -I/usr/include SECCFLAGS
=================================================================
==31730==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 448 byte(s) in 14 object(s) allocated from:
#0 0x7f48f5a66c18 in malloc (/opt/suricata-asan/bin/suricata+0x34bc18)
#1 0x7f48f66226a6 in SigMatchAlloc /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:317:20
#2 0x7f48f5f12246 in DetectAppLayerEventSetupP1 /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:309:10
#3 0x7f48f66277a4 in SigParseOptions /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:658:9
#4 0x7f48f6625c8f in SigParse /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:978:19
#5 0x7f48f662ca03 in SigInitHelper /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1511:9
#6 0x7f48f662c79e in SigInit /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1688:16
#7 0x7f48f662f12a in DetectEngineAppendSig /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1955:22
#8 0x7f48f6004d4c in DetectLoadSigFile /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:343:15
#9 0x7f48f5f8a990 in ProcessSigFiles /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:408:13
#10 0x7f48f5f890c1 in SigLoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:483:15
#11 0x7f48f6a6f5f6 in LoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2139:9
#12 0x7f48f6a5e870 in main /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2533:17
#13 0x7f48f200df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
Indirect leak of 318 byte(s) in 14 object(s) allocated from:
#0 0x7f48f5a1cceb in __interceptor_strdup (/opt/suricata-asan/bin/suricata+0x301ceb)
#1 0x7f48f5f1c663 in DetectAppLayerEventParseAppP1 /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:249:17
#2 0x7f48f5f13f6c in DetectAppLayerEventParse /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:275:16
#3 0x7f48f5f12227 in DetectAppLayerEventSetupP1 /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:305:12
#4 0x7f48f66277a4 in SigParseOptions /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:658:9
#5 0x7f48f6625c8f in SigParse /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:978:19
#6 0x7f48f662ca03 in SigInitHelper /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1511:9
#7 0x7f48f662c79e in SigInit /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1688:16
#8 0x7f48f662f12a in DetectEngineAppendSig /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1955:22
#9 0x7f48f6004d4c in DetectLoadSigFile /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:343:15
#10 0x7f48f5f8a990 in ProcessSigFiles /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:408:13
#11 0x7f48f5f890c1 in SigLoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:483:15
#12 0x7f48f6a6f5f6 in LoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2139:9
#13 0x7f48f6a5e870 in main /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2533:17
#14 0x7f48f200df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
Indirect leak of 224 byte(s) in 14 object(s) allocated from:
#0 0x7f48f5a66c18 in malloc (/opt/suricata-asan/bin/suricata+0x34bc18)
#1 0x7f48f5f1c126 in DetectAppLayerEventParseAppP1 /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:244:12
#2 0x7f48f5f13f6c in DetectAppLayerEventParse /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:275:16
#3 0x7f48f5f12227 in DetectAppLayerEventSetupP1 /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-app-layer-event.c:305:12
#4 0x7f48f66277a4 in SigParseOptions /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:658:9
#5 0x7f48f6625c8f in SigParse /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:978:19
#6 0x7f48f662ca03 in SigInitHelper /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1511:9
#7 0x7f48f662c79e in SigInit /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1688:16
#8 0x7f48f662f12a in DetectEngineAppendSig /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect-parse.c:1955:22
#9 0x7f48f6004d4c in DetectLoadSigFile /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:343:15
#10 0x7f48f5f8a990 in ProcessSigFiles /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:408:13
#11 0x7f48f5f890c1 in SigLoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/detect.c:483:15
#12 0x7f48f6a6f5f6 in LoadSignatures /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2139:9
#13 0x7f48f6a5e870 in main /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf/src/suricata.c:2533:17
#14 0x7f48f200df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
SUMMARY: AddressSanitizer: 990 byte(s) leaked in 42 allocation(s).
Pcap privatively shared.
Updated by Victor Julien over 7 years ago
Bt doesn't look pcap related, but rule related. How did you run suri and with what rules?
Updated by Peter Manev over 7 years ago
Standard run with wirefuzz with all decoder events rules(only) enabled.
I did a few runs now - but it does not trigger it again.
Updated by Peter Manev over 7 years ago
command used:
LSAN_OPTIONS=suppressions=/home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf-current/qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-3.8/bin/llvm-symbolizer /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf-current/qa/wirefuzz.pl -r=/home/pmanev/sandnet-qa/test/asan-ginfiz-runs/logs/2000026.pcap-fuzz-2016-11-03-10-20-53 -c=/home/sandnet/bin/ruleset_load/suricata.sandnet.socket.yaml -e=0.05 -p=/opt/suricata-asan/bin/suricata -l=/home/pmanev/sandnet-qa/test/asan-ginfiz-runs/logs/ N=1 -S=/opt/suricata-git-rctests/etc/suricata/rules/events-allenabled.rules
Updated by Victor Julien over 7 years ago
If you can't reproduce we can close this. Please reopen when you have the exact command to reproduce.
Updated by Peter Manev over 7 years ago
- Status changed from Closed to New
Reopening -since i got it to a reproducible state with -
LSAN_OPTIONS=suppressions=/home/pmanev/sandnet-qa/test/asan-ginfiz-runs/oisf-current/qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-3.8/bin/llvm-symbolizer /opt/suricata-asan/bin/suricata -c /home/sandnet/bin/ruleset_load/suricata.sandnet.socket.yaml -r /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/logs/2000026.pcap-fuzz-2016-11-03-10-20-53 -l /home/pmanev/sandnet-qa/test/asan-ginfiz-runs/logs/tmp/ -S /opt/suricata-git-rctests/etc/suricata/rules/events-allenabled.rules
Updated by Victor Julien about 7 years ago
- Assignee set to Andreas Herz
- Target version set to 70
Updated by Victor Julien about 7 years ago
- Subject changed from ASAN mem leak - 3.2dev (rev f9f5e8a) to rules: ASAN mem leak - 3.2dev (rev f9f5e8a)
Updated by Victor Julien almost 6 years ago
- Status changed from New to Closed
- Assignee deleted (
Andreas Herz) - Target version deleted (
70)
Looks identical to #2515.
Actions