Project

General

Profile

Actions

Bug #2888

closed

4.1.3 core in HCBDCreateSpace

Added by Andy Wick almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Getting many cores

#0  0x00007fe6de5a5207 in raise () from /lib64/libc.so.6
#1  0x00007fe6de5a68f8 in abort () from /lib64/libc.so.6
#2  0x00007fe6de5e7d27 in __libc_message () from /lib64/libc.so.6
#3  0x00007fe6de5ee5d4 in malloc_printerr () from /lib64/libc.so.6
#4  0x00007fe6de5f49e9 in realloc () from /lib64/libc.so.6
#5  0x00000000004b3b80 in HCBDCreateSpace (det_ctx=0x7fe695be5a50, size=<optimized out>) at detect-engine-hcbd.c:80
#6  0x00000000004b3ea7 in DetectEngineHCBDGetBufferForTX (tx=0x7fe696d6d370, tx_id=184, det_ctx=det_ctx@entry=0x7fe695be5a50, flags=flags@entry=132 '\204', buffer_len=buffer_len@entry=0x7fe69fffd738,
stream_start_offset=stream_start_offset@entry=0x7fe69fffd73c, htp_state=<optimized out>, f=<optimized out>, de_ctx=0x0) at detect-engine-hcbd.c:140
#7  0x00000000004b40a2 in PrefilterTxHttpRequestBody (det_ctx=0x7fe695be5a50, pectx=0x7fe6c320d300, p=<optimized out>, f=<optimized out>, txv=<optimized out>, idx=<optimized out>, flags=132 '\204')
at detect-engine-hcbd.c:241
#8  0x00000000004c32f1 in DetectRunPrefilterTx (det_ctx=det_ctx@entry=0x7fe695be5a50, sgh=sgh@entry=0x7fe6c301d640, p=p@entry=0x7fe695afed50, ipproto=ipproto@entry=6 '\006', flow_flags=flow_flags@entry=132 '\204',
alproto=alproto@entry=1, alstate=alstate@entry=0x7fe6969a1830, tx=tx@entry=0x7fe69fffd960) at detect-engine-prefilter.c:117
#9  0x000000000048a67a in DetectRunTx (scratch=0x7fe69fffd920, f=0x7fe60f0aebc0, p=0x8, det_ctx=0x7fe695be5a50, de_ctx=0x2c80680, tv=0x7fe6cf339b10) at detect.c:1398
#10 DetectRun (th_v=th_v@entry=0x7fe6cf339b10, de_ctx=0x2c80680, det_ctx=0x7fe695be5a50, p=p@entry=0x7fe695afed50) at detect.c:141
#11 0x000000000048b843 in DetectRun (p=0x7fe695afed50, det_ctx=<optimized out>, de_ctx=<optimized out>, th_v=0x7fe6cf339b10) at detect.c:1641
#12 DetectNoFlow (p=<optimized out>, det_ctx=<optimized out>, de_ctx=<optimized out>, tv=<optimized out>) at detect.c:1679
#13 Detect (tv=tv@entry=0x7fe6cf339b10, p=p@entry=0x7fe695afed50, data=data@entry=0x7fe695be5a50, pq=pq@entry=0x0, postpq=postpq@entry=0x0) at detect.c:1739
#14 0x000000000051cccb in FlowWorker (tv=0x7fe6cf339b10, p=0x7fe695afed50, data=0x7fe695b13be0, preq=0x7fe6cf36bc90, unused=<optimized out>) at flow-worker.c:260
#15 0x000000000059accd in TmThreadsSlotVarRun (tv=tv@entry=0x7fe6cf339b10, p=p@entry=0x7fe695afed50, slot=slot@entry=0x3a31f930) at tm-threads.c:145
#16 0x0000000000575c3e in TmThreadsSlotProcessPkt (p=0x7fe695afed50, s=0x3a31f930, tv=0x7fe6cf339b10) at tm-threads.h:147
#17 AFPReadFromRing (ptv=0x7fe695aff700) at source-af-packet.c:1016
#18 0x0000000000578fbe in ReceiveAFPLoop (tv=0x7fe6cf339b10, data=0x7fe695aff700, slot=<optimized out>) at source-af-packet.c:1579
#19 0x000000000059d432 in TmThreadsSlotPktAcqLoop (td=0x7fe6cf339b10) at tm-threads.c:348
#20 0x00007fe6df1f1dd5 in start_thread () from /lib64/libpthread.so.0
#21 0x00007fe6de66cead in clone () from /lib64/libc.so.6

This valgrind maybe is related

==21521== Thread 12 W#11-ens5f1:
==21521== Invalid write of size 8
==21521==    at 0x5FF596: StreamingBufferGetDataAtOffset (util-streaming-buffer.c:875)
==21521==    by 0x4B3FCD: DetectEngineHCBDGetBufferForTX.isra.1 (detect-engine-hcbd.c:203)
==21521==    by 0x4B40A1: PrefilterTxHttpRequestBody (detect-engine-hcbd.c:241)
==21521==    by 0x4C32F0: DetectRunPrefilterTx (detect-engine-prefilter.c:117)
==21521==    by 0x48A679: DetectRunTx (detect.c:1398)
==21521==    by 0x48A679: DetectRun.part.19 (detect.c:141)
==21521==    by 0x48B842: DetectRun (detect.c:1641)
==21521==    by 0x48B842: DetectNoFlow (detect.c:1679)
==21521==    by 0x48B842: Detect (detect.c:1739)
==21521==    by 0x51CCCA: FlowWorker (flow-worker.c:260)
==21521==    by 0x59ACCC: TmThreadsSlotVarRun (tm-threads.c:145)
==21521==    by 0x575C8E: TmThreadsSlotProcessPkt (tm-threads.h:176)
==21521==    by 0x575C8E: AFPReadFromRing (source-af-packet.c:1016)
==21521==    by 0x578FBD: ReceiveAFPLoop (source-af-packet.c:1579)
==21521==    by 0x59D431: TmThreadsSlotPktAcqLoop (tm-threads.c:348)
==21521==    by 0x6044DD4: start_thread (in /usr/lib64/libpthread-2.17.so)
==21521==  Address 0xa047b0f8 is 24 bytes after a block of size 2,464 in arena "client" 
==21521==
==21521== Invalid write of size 4
==21521==    at 0x5FF599: StreamingBufferGetDataAtOffset (util-streaming-buffer.c:876)
==21521==    by 0x4B3FCD: DetectEngineHCBDGetBufferForTX.isra.1 (detect-engine-hcbd.c:203)
==21521==    by 0x4B40A1: PrefilterTxHttpRequestBody (detect-engine-hcbd.c:241)
==21521==    by 0x4C32F0: DetectRunPrefilterTx (detect-engine-prefilter.c:117)
==21521==    by 0x48A679: DetectRunTx (detect.c:1398)
==21521==    by 0x48A679: DetectRun.part.19 (detect.c:141)
==21521==    by 0x48B842: DetectRun (detect.c:1641)
==21521==    by 0x48B842: DetectNoFlow (detect.c:1679)
==21521==    by 0x48B842: Detect (detect.c:1739)
==21521==    by 0x51CCCA: FlowWorker (flow-worker.c:260)
==21521==    by 0x59ACCC: TmThreadsSlotVarRun (tm-threads.c:145)
==21521==    by 0x575C8E: TmThreadsSlotProcessPkt (tm-threads.h:176)
==21521==    by 0x575C8E: AFPReadFromRing (source-af-packet.c:1016)
==21521==    by 0x578FBD: ReceiveAFPLoop (source-af-packet.c:1579)
==21521==    by 0x59D431: TmThreadsSlotPktAcqLoop (tm-threads.c:348)
==21521==    by 0x6044DD4: start_thread (in /usr/lib64/libpthread-2.17.so)
==21521==  Address 0xa047b10c is 20 bytes before a block of size 2,000 alloc'd
==21521==    at 0x4C29B0D: malloc (vg_replace_malloc.c:298)
==21521==    by 0x4C2BAD9: realloc (vg_replace_malloc.c:785)
==21521==    by 0x4B3B7F: HCBDCreateSpace (detect-engine-hcbd.c:80)
==21521==    by 0x4B3EF3: DetectEngineHCBDGetBufferForTX.isra.1 (detect-engine-hcbd.c:125)
==21521==    by 0x4B40A1: PrefilterTxHttpRequestBody (detect-engine-hcbd.c:241)
==21521==    by 0x4C32F0: DetectRunPrefilterTx (detect-engine-prefilter.c:117)
==21521==    by 0x48A679: DetectRunTx (detect.c:1398)
==21521==    by 0x48A679: DetectRun.part.19 (detect.c:141)
==21521==    by 0x48B842: DetectRun (detect.c:1641)
==21521==    by 0x48B842: DetectNoFlow (detect.c:1679)
==21521==    by 0x48B842: Detect (detect.c:1739)
==21521==    by 0x51CCCA: FlowWorker (flow-worker.c:260)
==21521==    by 0x59ACCC: TmThreadsSlotVarRun (tm-threads.c:145)
==21521==    by 0x575C3D: TmThreadsSlotProcessPkt (tm-threads.h:147)
==21521==    by 0x575C3D: AFPReadFromRing (source-af-packet.c:1016)
==21521==    by 0x578FBD: ReceiveAFPLoop (source-af-packet.c:1579)
==21521==
==21521== Invalid write of size 8
==21521==    at 0x4B3FDE: DetectEngineHCBDGetBufferForTX.isra.1 (detect-engine-hcbd.c:206)
==21521==    by 0x4B40A1: PrefilterTxHttpRequestBody (detect-engine-hcbd.c:241)
==21521==    by 0x4C32F0: DetectRunPrefilterTx (detect-engine-prefilter.c:117)
==21521==    by 0x48A679: DetectRunTx (detect.c:1398)
==21521==    by 0x48A679: DetectRun.part.19 (detect.c:141)
==21521==    by 0x48B842: DetectRun (detect.c:1641)
==21521==    by 0x48B842: DetectNoFlow (detect.c:1679)
==21521==    by 0x48B842: Detect (detect.c:1739)
==21521==    by 0x51CCCA: FlowWorker (flow-worker.c:260)
==21521==    by 0x59ACCC: TmThreadsSlotVarRun (tm-threads.c:145)
==21521==    by 0x575C8E: TmThreadsSlotProcessPkt (tm-threads.h:176)
==21521==    by 0x575C8E: AFPReadFromRing (source-af-packet.c:1016)
==21521==    by 0x578FBD: ReceiveAFPLoop (source-af-packet.c:1579)
==21521==    by 0x59D431: TmThreadsSlotPktAcqLoop (tm-threads.c:348)
==21521==    by 0x6044DD4: start_thread (in /usr/lib64/libpthread-2.17.so)
==21521==    by 0x6C04EAC: clone (in /usr/lib64/libc-2.17.so)
==21521==  Address 0xa047b118 is 8 bytes before a block of size 2,000 alloc'd
==21521==    at 0x4C29B0D: malloc (vg_replace_malloc.c:298)
==21521==    by 0x4C2BAD9: realloc (vg_replace_malloc.c:785)
==21521==    by 0x4B3B7F: HCBDCreateSpace (detect-engine-hcbd.c:80)
==21521==    by 0x4B3EF3: DetectEngineHCBDGetBufferForTX.isra.1 (detect-engine-hcbd.c:125)
==21521==    by 0x4B40A1: PrefilterTxHttpRequestBody (detect-engine-hcbd.c:241)
==21521==    by 0x4C32F0: DetectRunPrefilterTx (detect-engine-prefilter.c:117)
==21521==    by 0x48A679: DetectRunTx (detect.c:1398)
==21521==    by 0x48A679: DetectRun.part.19 (detect.c:141)
==21521==    by 0x48B842: DetectRun (detect.c:1641)
==21521==    by 0x48B842: DetectNoFlow (detect.c:1679)
==21521==    by 0x48B842: Detect (detect.c:1739)
==21521==    by 0x51CCCA: FlowWorker (flow-worker.c:260)
==21521==    by 0x59ACCC: TmThreadsSlotVarRun (tm-threads.c:145)
==21521==    by 0x575C3D: TmThreadsSlotProcessPkt (tm-threads.h:147)
==21521==    by 0x575C3D: AFPReadFromRing (source-af-packet.c:1016)
==21521==    by 0x578FBD: ReceiveAFPLoop (source-af-packet.c:1579)
==21521==


Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2936: Several crashes past week Suricata 4.1.3 , last : double free or corruptionClosedActions
Actions

Also available in: Atom PDF