Bug #3378
closedftp: asan detects leaks of expectations
Description
I can consistently reproduce the below upon exit/stopping Suricata on live traffic.
(it seems related to - https://redmine.openinfosecfoundation.org/issues/3118 )
[39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [9/1846] [39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache ================================================================= ==39354==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea) #1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11 #2 0x63a89c in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:633:51 #3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13 #4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17 #5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11 #6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12 #7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9 #8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9 #9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9 #10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13 #11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17 #12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13 #13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11 #14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9 #15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17 #16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9 #17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9 #18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15 #19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15 #20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17 #21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13 #22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) Indirect leak of 61 byte(s) in 1 object(s) allocated from: #0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea) #1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11 #2 0x63a984 in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:638:39 #3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13 #4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17 #5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11 #6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12 #7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9 #8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9 #9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9 #10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13 #11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17 #12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13 #13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11 #14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9 #15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17 #16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9 #17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9 #18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15 #19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15 #20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17 #21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13 #22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) SUMMARY: AddressSanitizer: 93 byte(s) leaked in 2 allocation(s).
Suri info
suricata --build-info This is Suricata version 5.0.1-dev (4343d1bc0 2019-11-30) Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC RUST SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrinsics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final), C version 199901 compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.31, linked against LibHTP v0.5.31 Suricata Configuration: AF_PACKET support: yes eBPF support: yes XDP support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no WinDivert enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libnss support: yes libnspr support: yes libjansson support: yes hiredis support: no hiredis async with libevent: no Prelude support: no PCRE jit: yes LUA support: yes, through luajit libluajit: yes GeoIP2 support: yes Non-bundled htp: no Old barnyard2 support: no Hyperscan support: yes Libnet support: yes liblz4 support: yes Rust support: yes Rust strict mode: yes Rust compiler path: /root/.cargo/bin/rustc Rust compiler version: rustc 1.39.0 (4560ea788 2019-11-04) Cargo path: /root/.cargo/bin/cargo Cargo version: cargo 1.39.0 (1c6ec66d5 2019-09-30) Python support: yes Python path: /usr/bin/python3 Python distutils yes Python yaml no Install suricatactl: yes Install suricatasc: yes Install suricata-update: not bundled Profiling enabled: no Profiling locks enabled: no Development settings: Coccinelle / spatch: no Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Generic build parameters: Installation prefix: /usr Configuration directory: /etc/suricata/ Log directory: /var/log/suricata/ --prefix /usr --sysconfdir /etc --localstatedir /var --datarootdir /usr/share Host: x86_64-pc-linux-gnu Compiler: clang (exec name) / clang (real) GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -ggdb -O0 -Werror -Wchar-subscripts -Wshadow -Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native -I${srcdir}/../rust/gen/c-headers PCAP_CFLAGS -I/usr/include SECCFLAGS [10/1483]
Updated by Victor Julien about 5 years ago
- Status changed from New to Assigned
- Assignee set to Jeff Lucovsky
- Priority changed from Normal to High
- Target version set to 5.0.1
Updated by Jeff Lucovsky about 5 years ago
Peter .. Can you apply the diff from 3118 and rerun to see if that's the culprit?
Updated by Peter Manev about 5 years ago
Yep - did that now chasing it. Will report back - hopefully today.
Updated by Jeff Lucovsky about 5 years ago
- Related to Bug #2458: memleak: gitmaster - 4.1.0-dev (rev c60decd) added
Updated by Victor Julien about 5 years ago
- Target version changed from 5.0.1 to 5.0.2
Updated by Victor Julien almost 5 years ago
- Target version changed from 5.0.2 to 5.0.3
Updated by Victor Julien over 4 years ago
- Subject changed from ftp asan leak to ftp: asan detects leaks of expectations
- Status changed from Assigned to Closed
- Assignee changed from Jeff Lucovsky to Eric Leblond
- Priority changed from High to Normal
- Target version changed from 5.0.3 to 6.0.0beta1
- Label Needs backport to 4.1, Needs backport to 5.0 added
Updated by Victor Julien over 4 years ago
- Has duplicate Bug #3455: asan ftp related leaks on the current gitmaster added
Updated by Peter Manev over 4 years ago
Still see that with - Suricata version 6.0.0-dev (09a21545c 2020-04-03)
[99654] 4/4/2020 -- 10:10:09 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [228/1905] [99654] 4/4/2020 -- 10:10:09 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache ================================================================= ==99654==ERROR: LeakSanitizer: detected memory leaks Direct leak of 29088 byte(s) in 909 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f61f3ba342e (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x842e) Direct leak of 180 byte(s) in 18 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f61f3910d84 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x28d84) Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4cf63a in calloc (/usr/bin/suricata+0x4cf63a) #1 0x625be4 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:220:11 #2 0x61f1db in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:635:51 #3 0x66b887 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1238:30 #4 0x519b45 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:665:17 #5 0xd9fa2d in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1098:11 #6 0xd9dfdb in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1155:12 #7 0xda57a7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1729:9 #8 0xda5430 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1772:9 #9 0xd78ffb in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2448:9 #10 0xd3a50b in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2685:13 #11 0xd1c5b9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4690:17 #12 0xd12ca3 in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4879:13 #13 0xd1d74c in StreamTcp /opt/suricata/src/stream-tcp.c:5215:11 #14 0xac7068 in FlowWorker /opt/suricata/src/flow-worker.c:241:9 #15 0xde7f71 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:117:21 #16 0xcc8f92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:192:17 #17 0xcbe6f5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1127:9 #18 0xcbcc47 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1142:15 #19 0xcb0e06 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1192:15 #20 0xcac5fc in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1585:17 #21 0xdfe813 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:300:13 #22 0x7f61f3b81fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) Indirect leak of 3105 byte(s) in 207 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x32332e383730 (<unknown module>) Indirect leak of 1666 byte(s) in 119 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3430312e2f (<unknown module>) Indirect leak of 1176 byte(s) in 84 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
Updated by Victor Julien over 4 years ago
- Status changed from Closed to Assigned
Ok, so not fixed. Btw there are more leaks in there around eve.json.
Updated by Peter Manev over 4 years ago
Yes.
So in a different angle of the chase of this leak. I simply reverted the search and started Suricata with BP filter that negates ftp and ftp-data
not port ftp or ftp-data
After some runs and back and forts I came up with this leak (it seems non related to the issue here) - wondering if it is connected somehow or it needs its separate issue.
[9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [114/1991] [9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache ================================================================= ==9040==ERROR: LeakSanitizer: detected memory leaks Direct leak of 53728 byte(s) in 1679 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32b142e (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x842e) Direct leak of 180 byte(s) in 18 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc301ed84 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x28d84) Direct leak of 116 byte(s) in 1 object(s) allocated from: #0 0x4cf862 in realloc (/usr/bin/suricata+0x4cf862) #1 0x111af9f in alloc::alloc::realloc::hc365b4bd1305efa1 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:125:4 #2 0x111af9f in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Alloc$GT$::realloc::h5274617238b8c05e /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:184:21 #3 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_internal::hf92e901fa5ea2fc3 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:659:20 #4 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_exact::h259e82a6cdf740c7 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:399:14 #5 0x111af9f in alloc::vec::Vec$LT$T$GT$::reserve_exact::hca57a6f378cdea21 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/vec.rs:518:8 #6 0x111af9f in std::ffi::c_str::CString::from_vec_unchecked::h22f92dc651d3e09f /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/libstd/ffi/c_str.rs:381:8 #7 0x6b68b3 in SSLv3ParseHandshakeType /opt/suricata/src/app-layer-ssl.c:1452:18 #8 0x6b31ce in SSLv3ParseHandshakeProtocol /opt/suricata/src/app-layer-ssl.c:1596:14 #9 0x6af642 in SSLv3Decode /opt/suricata/src/app-layer-ssl.c:2269:22 #10 0x6ab3ff in SSLDecode /opt/suricata/src/app-layer-ssl.c:2436:30 #11 0x6a79b3 in SSLParseServerRecord /opt/suricata/src/app-layer-ssl.c:2530:12 #12 0x66b887 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1238:30 #13 0x51b28e in TCPProtoDetect /opt/suricata/src/app-layer.c:451:17 #14 0x5195e5 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:620:13 #15 0xd9fa2d in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1098:11 #16 0xd9dfdb in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1155:12 #17 0xda57a7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1729:9 #18 0xda5430 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1772:9 #19 0xd75187 in HandleEstablishedPacketToServer /opt/suricata/src/stream-tcp.c:2297:9 #20 0xd3a3fd in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2671:13 #21 0xd1c5b9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4690:17 #22 0xd12ca3 in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4879:13 #23 0xd1d74c in StreamTcp /opt/suricata/src/stream-tcp.c:5215:11 #24 0xac7068 in FlowWorker /opt/suricata/src/flow-worker.c:241:9 #25 0xde7f71 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:117:21 #26 0xcc8f92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:192:17 #27 0xcbe6f5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1127:9 #28 0xcbcc47 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1142:15 #29 0xcb0e06 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1192:15 #30 0xcac5fc in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1585:17 #31 0xdfe813 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:300:13 #32 0x7f9cc328ffa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) Indirect leak of 16081 byte(s) in 1237 object(s) allocated from: [65/1991] #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x31352e30 (<unknown module>) Indirect leak of 1200 byte(s) in 80 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3934312e3632 (<unknown module>) Indirect leak of 770 byte(s) in 55 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3133322e34 (<unknown module>) Indirect leak of 770 byte(s) in 55 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3739312e31 (<unknown module>) Indirect leak of 742 byte(s) in 53 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3834312e33 (<unknown module>) Indirect leak of 658 byte(s) in 47 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x38322e3933 (<unknown module>) Indirect leak of 546 byte(s) in 39 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x39322e3933 (<unknown module>) Indirect leak of 285 byte(s) in 19 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3839312e3030 (<unknown module>) Indirect leak of 252 byte(s) in 21 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x352e2f (<unknown module>) Indirect leak of 238 byte(s) in 17 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3737312e2f (<unknown module>) Indirect leak of 182 byte(s) in 13 object(s) allocated from: [15/1991] #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x30332e3634 (<unknown module>) Indirect leak of 150 byte(s) in 10 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x32332e383730 (<unknown module>) Indirect leak of 126 byte(s) in 9 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x39332e3531 (<unknown module>) Indirect leak of 84 byte(s) in 7 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x333230 (<unknown module>) Indirect leak of 70 byte(s) in 5 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3330312e2f (<unknown module>) Indirect leak of 48 byte(s) in 3 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3336312e343030 (<unknown module>) Indirect leak of 30 byte(s) in 2 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x35342e393730 (<unknown module>) Indirect leak of 20 byte(s) in 2 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x660030 in ModbusParseWriteRequest /opt/suricata/src/app-layer-modbus.c:789:33 Indirect leak of 16 byte(s) in 1 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3434312e343231 (<unknown module>) Indirect leak of 13 byte(s) in 1 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x3333312d (<unknown module>) Indirect leak of 12 byte(s) in 1 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x30322d (<unknown module>) Indirect leak of 12 byte(s) in 1 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x30312d (<unknown module>) Indirect leak of 11 byte(s) in 1 object(s) allocated from: #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443) #1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14) #2 0x352d (<unknown module>) SUMMARY: AddressSanitizer: 76340 byte(s) leaked in 3377 allocation(s).
Updated by Peter Manev over 4 years ago
Opened a separate issue here - https://redmine.openinfosecfoundation.org/issues/3595 for that last update above (https://redmine.openinfosecfoundation.org/issues/3378#note-11).
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3596: ftp: asan detects leaks of expectations added
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3597: ftp: asan detects leaks of expectations added
Updated by Victor Julien over 4 years ago
- Status changed from Assigned to Closed
Despite trying hard none of us have been able to reproduce this either in targeted testing or in our general sensors. So considering fixed.