Actions
Bug #3597
closedftp: asan detects leaks of expectations
Affected Versions:
Effort:
Difficulty:
Label:
Description
I can consistently reproduce the below upon exit/stopping Suricata on live traffic.
(it seems related to - https://redmine.openinfosecfoundation.org/issues/3118 )
[39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [9/1846]
[39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache
=================================================================
==39354==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea)
#1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11
#2 0x63a89c in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:633:51
#3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13
#4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17
#5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11
#6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12
#7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9
#8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9
#9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9
#10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13
#11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17
#12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13
#13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11
#14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9
#15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17
#16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9
#17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9
#18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15
#19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15
#20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17
#21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13
#22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
Indirect leak of 61 byte(s) in 1 object(s) allocated from:
#0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea)
#1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11
#2 0x63a984 in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:638:39
#3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13
#4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17
#5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11
#6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12
#7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9
#8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9
#9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9
#10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13
#11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17
#12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13
#13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11
#14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9
#15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17
#16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9
#17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9
#18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15
#19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15
#20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17
#21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13
#22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
SUMMARY: AddressSanitizer: 93 byte(s) leaked in 2 allocation(s).
Suri info
suricata --build-info
This is Suricata version 5.0.1-dev (4343d1bc0 2019-11-30)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.31, linked against LibHTP v0.5.31
Suricata Configuration:
AF_PACKET support: yes
eBPF support: yes
XDP support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: yes
Non-bundled htp: no
Old barnyard2 support: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Rust support: yes
Rust strict mode: yes
Rust compiler path: /root/.cargo/bin/rustc
Rust compiler version: rustc 1.39.0 (4560ea788 2019-11-04)
Cargo path: /root/.cargo/bin/cargo
Cargo version: cargo 1.39.0 (1c6ec66d5 2019-09-30)
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml no
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: not bundled
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: clang (exec name) / clang (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -ggdb -O0 -Werror -Wchar-subscripts -Wshadow -Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native -I${srcdir}/../rust/gen/c-headers
PCAP_CFLAGS -I/usr/include
SECCFLAGS [10/1483]
Updated by Jeff Lucovsky over 4 years ago
- Copied from Bug #3378: ftp: asan detects leaks of expectations added
Updated by Victor Julien over 4 years ago
- Target version changed from 5.0.3 to 5.0.4
Updated by Victor Julien over 4 years ago
- Status changed from Assigned to Closed
- Target version changed from 5.0.4 to 5.0.3
Updated by Victor Julien over 4 years ago
Closed as explained in https://redmine.openinfosecfoundation.org/issues/3378#note-15
Actions