Project

General

Profile

Actions

Bug #2202

closed

BUG_ON asserts in AppLayerIncFlowCounter

Added by Kitae Kim about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata receives SIGABRT from the BUG_ON assertion in AppLayerIncFlowCounter.

  • Version: 4.0.0 (stable)
  • Mode: IPS
  • Engine: AF_PACKET
  • Config: attached
  • GDB log:
    (gdb)
    #0  0x00007f798f05e428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
    #1  0x00007f798f06002a in __GI_abort () at abort.c:89
    #2  0x00007f798f056bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x75ce68 "!((id < 1) || (id > pca->size))", file=file@entry=0x75cc8e "counters.c", line=line@entry=165,
        function=function@entry=0x75d0c8 <__PRETTY_FUNCTION__.17604> "StatsIncr") at assert.c:92
    #3  0x00007f798f056c82 in __GI___assert_fail (assertion=assertion@entry=0x75ce68 "!((id < 1) || (id > pca->size))", file=file@entry=0x75cc8e "counters.c", line=line@entry=165,
        function=function@entry=0x75d0c8 <__PRETTY_FUNCTION__.17604> "StatsIncr") at assert.c:101
    #4  0x00000000004c191a in StatsIncr (tv=tv@entry=0x95b14d80, id=<optimized out>) at counters.c:165
    #5  0x000000000041b105 in AppLayerIncFlowCounter (f=0xce5c5f0, f=0xce5c5f0, tv=0x95b14d80) at app-layer.c:101
    #6  TCPProtoDetect (tv=tv@entry=0x95b14d80, ra_ctx=ra_ctx@entry=0x7f79482a1be0, app_tctx=app_tctx@entry=0x7f79482a1c10, p=p@entry=0x7f794826abb0, f=0xce5c5f0, ssn=ssn@entry=0x7f792836ea00, stream=0x7f792836ea10,
        data=0x7f7948377040 "", data_len=252, flags=9 '\t') at app-layer.c:350
    #7  0x000000000041c220 in AppLayerHandleTCPData (tv=tv@entry=0x95b14d80, ra_ctx=ra_ctx@entry=0x7f79482a1be0, p=p@entry=0x7f794826abb0, f=<optimized out>, ssn=ssn@entry=0x7f792836ea00, stream=stream@entry=0x7f792836ea10,
        data=0x7f7948377040 "", data_len=252, flags=9 '\t') at app-layer.c:577
    #8  0x00000000006c13b1 in ReassembleUpdateAppLayer (dir=UPDATE_DIR_PACKET, p=0x7f794826abb0, stream=0x7f792836ea10, ssn=0x7f792836ea00, ra_ctx=0x7f79482a1be0, tv=0x95b14d80) at stream-tcp-reassemble.c:1030
    #9  StreamTcpReassembleAppLayer (tv=tv@entry=0x95b14d80, ra_ctx=ra_ctx@entry=0x7f79482a1be0, ssn=ssn@entry=0x7f792836ea00, stream=stream@entry=0x7f792836ea10, p=p@entry=0x7f794826abb0, dir=dir@entry=UPDATE_DIR_PACKET)
        at stream-tcp-reassemble.c:1102
    #10 0x00000000006c5692 in StreamTcpReassembleHandleSegment (tv=tv@entry=0x95b14d80, ra_ctx=0x7f79482a1be0, ssn=ssn@entry=0x7f792836ea00, stream=stream@entry=0x7f792836ea10, p=p@entry=0x7f794826abb0,
        pq=pq@entry=0x7f79482a1908) at stream-tcp-reassemble.c:1718
    #11 0x000000000067d6d4 in HandleEstablishedPacketToClient (tv=tv@entry=0x95b14d80, ssn=ssn@entry=0x7f792836ea00, p=p@entry=0x7f794826abb0, pq=pq@entry=0x7f79482a1908, stt=0x7f79482a1900) at stream-tcp.c:2265
    #12 0x000000000067f93a in StreamTcpPacketStateEstablished (tv=tv@entry=0x95b14d80, p=p@entry=0x7f794826abb0, stt=stt@entry=0x7f79482a1900, ssn=ssn@entry=0x7f792836ea00, pq=pq@entry=0x7f79482a1908) at stream-tcp.c:2502
    #13 0x00000000006aadf7 in StreamTcpPacket (tv=tv@entry=0x95b14d80, p=p@entry=0x7f794826abb0, stt=stt@entry=0x7f79482a1900, pq=pq@entry=0x7f7948290ce0) at stream-tcp.c:4548
    #14 0x00000000006b1316 in StreamTcp (tv=tv@entry=0x95b14d80, p=p@entry=0x7f794826abb0, data=0x7f79482a1900, pq=pq@entry=0x7f7948290ce0, postpq=postpq@entry=0x0) at stream-tcp.c:4919
    #15 0x00000000005d1423 in FlowWorker (tv=0x95b14d80, p=0x7f794826abb0, data=0x7f7948290cc0, preq=0x95b15390, unused=<optimized out>) at flow-worker.c:215
    #16 0x00000000006d2222 in TmThreadsSlotVarRun (tv=tv@entry=0x95b14d80, p=p@entry=0x7f794826abb0, slot=<optimized out>) at tm-threads.c:130
    #17 0x00000000006d2259 in TmThreadsSlotVarRun (tv=tv@entry=0x95b14d80, p=p@entry=0x7f794826bf10, slot=slot@entry=0x98c31ea0) at tm-threads.c:156
    #18 0x00000000006499a2 in TmThreadsSlotProcessPkt (p=0x7f794826bf10, s=0x98c31ea0, tv=0x95b14d80) at tm-threads.h:147
    #19 AFPReadFromRing (ptv=ptv@entry=0x7f794826c8c0) at source-af-packet.c:945
    #20 0x000000000064e4d0 in ReceiveAFPLoop (tv=0x95b14d80, data=0x7f794826c8c0, slot=<optimized out>) at source-af-packet.c:1479
    #21 0x00000000006d3b6a in TmThreadsSlotPktAcqLoop (td=0x95b14d80) at tm-threads.c:334
    #22 0x00007f798f8896ba in start_thread (arg=0x7f794e51b700) at pthread_create.c:333
    #23 0x00007f798f1303dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
    

The assertion has been occurred as the id parameter of StatsIncr was 0.


Files

suricata.yaml (65.5 KB) suricata.yaml Kitae Kim, 08/20/2017 09:54 PM
config.log (141 KB) config.log Kitae Kim, 08/20/2017 10:21 PM
Actions #1

Updated by Kitae Kim about 4 years ago

Here is the config.log.

It was created by suricata configure 4.0.0, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/data/var/ --enable-debug --enable-nfqueue --enable-af-packet --enable-geoip \
--enable-pfring --with-libpfring-libraries=/usr/local/pfring/lib --with-libpcap-includes=/usr/local/pfring/include --with-libpcap-libraries=/usr/local/pfring/lib \
--with-libjansson-includes=/usr/include --with-libjansson-libraries=/usr/lib

## --------- ##
## Platform. ##
## --------- ##

hostname = suricata6F
uname -m = x86_64
uname -r = 4.4.0-83-generic
uname -s = Linux
uname -v = #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017
Actions #2

Updated by Andreas Herz about 4 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #3

Updated by Victor Julien almost 4 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 4.1beta1
Actions

Also available in: Atom PDF