Bug #3885
closed6.0.0-beta1 stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed
Files
Updated by Anonymous over 3 years ago
Hello,
Able to configure, compile and link 6.0.0-beta1, config file check was successful, starts via systemctl start suricata , but core dumps after a few seconds (config and rules are all loaded so it start to process in my opinion)
Core dump file is available (160Mb).
Kind regards,
Andre
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 7.8 (Maipo)
Release: 7.8
Codename: Maipo
Linux scomp1185.wurnet.nl 3.10.0-1127.18.2.el7.x86_64 #1 SMP Mon Jul 20 22:32:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
PF_RING Version : 7.5.0 (unknown)
Total rings : 28
Standard (non ZC) Options
Ring slots : 32767
Slot version : 17
Capture TX : No [RX only]
IP Defragment : No
Socket Mode : Standard
Cluster Fragment Queue : 68
Cluster Fragment Discard : 0
Aug 18 15:27:58 scomp1185.wurnet.nl systemd1: Starting Suricata Intrusion Detection Service...
Aug 18 15:27:58 scomp1185.wurnet.nl systemd1: Started Suricata Intrusion Detection Service.
Aug 18 15:27:58 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:27:58 - <Notice> - This is Suricata version 6.0.0-beta1 RELEASE running in SYSTEM mode
Aug 18 15:27:58 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:27:58 - <Notice> - flow size 320, memcap allows for 3355443 flows. Per hash row in perfect conditions 3
Aug 18 15:27:58 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:27:58 - <Notice> - JsonMQTTLog logger not enabled: protocol mqtt is disabled
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Notice> - FM FM#01/0 starting. min_timeout 10s. Full hash pass in 80s
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Notice> - all 60 packet processing threads, 4 management threads initialized, engine started.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:16 scomp1185.wurnet.nl suricata57058: 18/8/2020 -- 15:28:16 - <Warning> - [ERRCODE: SC_ERR_PF_RING_VLAN(304)] - no VLAN header in the raw packet. See #2355.
Aug 18 15:28:33 scomp1185.wurnet.nl suricata57058: suricata: stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed.
Aug 18 15:28:37 scomp1185.wurnet.nl systemd1: suricata.service: main process exited, code=killed, status=6/ABRT
Aug 18 15:28:37 scomp1185.wurnet.nl systemd1: Unit suricata.service entered failed state.
Aug 18 15:28:37 scomp1185.wurnet.nl systemd1: suricata.service failed
Updated by Peter Manev over 3 years ago
Seems other users are experiencing this as well. some report that changing
use-for-tracking: true -> use-for-tracking: false
improves things.
https://github.com/StamusNetworks/SELKS/issues/248#issuecomment-675321482
Updated by Anonymous over 3 years ago
Peter Manev wrote in #note-2:
Seems other users are experiencing this as well. some report that changing
use-for-tracking: true -> use-for-tracking: false
improves things.https://github.com/StamusNetworks/SELKS/issues/248#issuecomment-675321482
vlan:
# Bug 3885 20200818, set to false to improve
use-for-tracking: false
#use-for-tracking: true
To no avail, runs a few seconds after processing config and core dumps:
Aug 19 09:52:29 suricata45212: suricata: stream-tcp-reassemble.c:1066: AdjustToAcked: Assertion `!(adjusted > check)' failed.
Aug 19 09:52:33 systemd1: suricata.service: main process exited, code=killed, status=6/ABRT
Updated by Peter Manev over 3 years ago
ok - it seems the vlan switching is not helping at all, thanks for checking.
Attached gdb provided from one user on the SELKS forum (link above)
Updated by Peter Manev over 3 years ago
- File sigabrt-info sigabrt-info added
I mange to consistently reproduce this on live traffic -
Additional info and coredump trace attached.
[109170] 23/8/2020 -- 08:56:20 - (source-af-packet.c:1785) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=1048576 block_nr=1270 frame_size=1664 frame_nr=800100 (mem: 1331691520) [109171] 23/8/2020 -- 08:56:20 - (source-af-packet.c:1785) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=1048576 block_nr=1270 frame_size=1664 frame_nr=800100 (mem: 1331691520) [109172] 23/8/2020 -- 08:56:21 - (source-af-packet.c:1785) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=1048576 block_nr=1270 frame_size=1664 frame_nr=800100 (mem: 1331691520) [109172] 23/8/2020 -- 08:56:21 - (source-af-packet.c:508) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running. suricata: stream-tcp-reassemble.c:1066: uint32_t AdjustToAcked(const Packet *, const TcpSession *, const TcpStream *, const uint64_t, const uint32_t): Assertion `!(adjusted > check)' failed. Aborted (core dumped)
Updated by Victor Julien over 3 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 6.0.0rc1
Updated by Victor Julien over 3 years ago
Updated by Victor Julien over 3 years ago
- Status changed from Assigned to Closed