Actions
Bug #2125
closedASAN SEGV - Suricata version 4.0dev (rev 922a27e)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Suricata version 4.0dev (rev 922a27e)
AFPv3 listening on 3 interfaces with vlans
Chasing a SEGV -
[32136] 1/6/2017 -- 12:49:32 - (source-af-packet.c:1687) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10527 frame_size=1680 frame_nr=200013 (mem: 344948736)
[32137] 1/6/2017 -- 12:49:32 - (source-af-packet.c:1687) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10527 frame_size=1680 frame_nr=200013 (mem: 344948736)
[32138] 1/6/2017 -- 12:49:32 - (source-af-packet.c:1687) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=3450 frame_size=1680 frame_nr=65550 (mem: 113049600)
[32138] 1/6/2017 -- 12:49:32 - (source-af-packet.c:476) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running.
ASAN:DEADLYSIGNAL
=================================================================
==32007==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000050 (pc 0x000000967f24 bp 0x7faedcc73e00 sp 0x7faedcc73dd0 T13)
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
ASAN:DEADLYSIGNAL
ASAN:DEADLYSIGNAL
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
==32007==AddressSanitizer: while reporting a bug found another one. Ignoring.
#0 0x967f23 in FlowChangeProto /home/pevman/tests/git/oisf/src/flow.c:209:9
#1 0x99d201 in FlowWorker /home/pevman/tests/git/oisf/src/flow-worker.c:218:13
#2 0xbefccd in TmThreadsSlotVarRun /home/pevman/tests/git/oisf/src/tm-threads.c:130:17
#3 0xb23b2b in TmThreadsSlotProcessPkt /home/pevman/tests/git/oisf/src/./tm-threads.h:147:9
#4 0xb23831 in AFPParsePacketV3 /home/pevman/tests/git/oisf/src/source-af-packet.c:1036:9
#5 0xb22420 in AFPWalkBlock /home/pevman/tests/git/oisf/src/source-af-packet.c:1051:13
#6 0xb14ef1 in AFPReadFromRingV3 /home/pevman/tests/git/oisf/src/source-af-packet.c:1090:13
#7 0xb11f41 in ReceiveAFPLoop /home/pevman/tests/git/oisf/src/source-af-packet.c:1479:17
#8 0xc01747 in TmThreadsSlotPktAcqLoop /home/pevman/tests/git/oisf/src/tm-threads.c:334:13
#9 0x7faf061656b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#10 0x7faf0395d82c in clone /build/glibc-9tT8Do/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/pevman/tests/git/oisf/src/flow.c:209:9 in FlowChangeProto
Thread T13 (W#05-eth3) created by T0 (Suricata-Main) here:
#0 0x430749 in pthread_create (/usr/local/bin/suricata+0x430749)
#1 0xbfc015 in TmThreadSpawn /home/pevman/tests/git/oisf/src/tm-threads.c:1903:14
#2 0xd7ebd9 in RunModeSetLiveCaptureWorkersForDevice /home/pevman/tests/git/oisf/src/util-runmodes.c:340:13
#3 0xd7db0d in RunModeSetLiveCaptureWorkers /home/pevman/tests/git/oisf/src/util-runmodes.c:372:9
#4 0xae00dc in RunModeIdsAFPWorkers /home/pevman/tests/git/oisf/src/runmode-af-packet.c:687:11
#5 0xb0509b in RunModeDispatch /home/pevman/tests/git/oisf/src/runmodes.c:384:5
#6 0xbc74f1 in main /home/pevman/tests/git/oisf/src/suricata.c:2853:5
#7 0x7faf0387782f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
==32007==ABORTING
Updated by Peter Manev over 7 years ago
Suricata is build with:
root@suricata:/home/pevman/tests/git/oisf# suricata --build-info This is Suricata version 4.0dev (rev 922a27e) Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.2.1 Compatible Clang 3.8.0 (tags/RELEASE_380/final), C version 199901 compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libnss support: yes libnspr support: yes libjansson support: yes hiredis support: no hiredis async with libevent: no Prelude support: no PCRE jit: yes LUA support: yes, through luajit libluajit: yes libgeoip: yes Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Hyperscan support: yes Libnet support: yes Suricatasc install: yes Profiling enabled: no Profiling locks enabled: no Development settings: Coccinelle / spatch: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Generic build parameters: Installation prefix: /usr/local Configuration directory: /usr/local/etc/suricata/ Log directory: /usr/local/var/log/suricata/ --prefix /usr/local --sysconfdir /usr/local/etc --localstatedir /usr/local/var Host: x86_64-pc-linux-gnu Compiler: clang-3.8 (exec name) / clang (real) GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native PCAP_CFLAGS -I/usr/include SECCFLAGS root@suricata:/home/pevman/tests/git/oisf#
Updated by Victor Julien over 7 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 4.0beta1
I think I see the issue. Looks like it was introduced with the starttls work. I think it requires some flow engine stress (memcap reached) to trigger. Will do a patch.
Updated by Peter Manev over 7 years ago
I will try to manually trigger it (flow memcap reached) as well - see if we can get some useful backtrace if needed.
Updated by Victor Julien over 7 years ago
- Status changed from Assigned to Closed
Should be fixed by https://github.com/inliniac/suricata/pull/2737
Actions