Actions
Bug #3890
closedAddressSanitizer: SEGV on unknown address - failed to setup/expand stream segment pool.
Affected Versions:
Effort:
Difficulty:
Label:
Description
There is descriptive enough message of what potentially could be the problem - which in this case it is:
stream.reassembly.segment-prealloc = 2000048
is too big for the stream.reassembly.memcap. However , wondering if such a calculation should not be made prior and just fail to start?
[245610] 23/8/2020 -- 12:06:33 - (stream-tcp-reassemble.c:467) <Error> (StreamTcpReassembleInitThreadCtx) -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - failed to setup/expand stream segment pool. Expand stream.reassembly.memcap?
AddressSanitizer:DEADLYSIGNAL
=================================================================
==245498==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5630cf6ec3f9 bp 0x7f9ddc06d660 sp 0x7f9ddc06d640 T4)
==245498==The signal is caused by a READ memory access.
==245498==Hint: address points to the zero page.
#0 0x5630cf6ec3f8 in StreamTcpReassembleFreeThreadCtx /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/stream-tcp-reassemble.c:478
#1 0x5630cf6d5a31 in StreamTcpThreadDeinit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/stream-tcp.c:5280
#2 0x5630cf5b340c in FlowWorkerThreadDeinit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/flow-worker.c:307
#3 0x5630cf5b2f63 in FlowWorkerThreadInit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/flow-worker.c:266
#4 0x5630cf7116c0 in TmThreadsSlotVar /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/tm-threads.c:394
#5 0x7f9deb171ea6 in start_thread nptl/pthread_create.c:477
#6 0x7f9dea516eae in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdeae)
Full info bellow:
pevma@~/inthetrenches/Suricata/suricomp$ /opt/suritest/bin/suricata -S "rules/*.rules" -l logs/ -k none -r any.pcap
[245498] 23/8/2020 -- 12:03:11 - (suricata.c:1065) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (ac491c6e8 2020-08-07) running in USER mode
[245498] 23/8/2020 -- 12:03:12 - (flow.c:635) <Notice> (FlowInitConfig) -- flow size 328, memcap allows for 409200 flows. Per hash row in perfect conditions 6
[245498] 23/8/2020 -- 12:04:09 - (detect-flowbits.c:588) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
[245498] 23/8/2020 -- 12:04:09 - (detect-flowbits.c:588) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
[245498] 23/8/2020 -- 12:04:09 - (detect-flowbits.c:588) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
[245498] 23/8/2020 -- 12:04:09 - (detect-flowbits.c:588) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
[245610] 23/8/2020 -- 12:06:33 - (util-pool.c:168) <Error> (PoolInit) -- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
[245610] 23/8/2020 -- 12:06:33 - (util-pool-thread.c:136) <Error> (PoolThreadExpand) -- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
[245610] 23/8/2020 -- 12:06:33 - (stream-tcp-reassemble.c:467) <Error> (StreamTcpReassembleInitThreadCtx) -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - failed to setup/expand stream segment pool. Expand stream.reassembly.memcap?
AddressSanitizer:DEADLYSIGNAL
=================================================================
==245498==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5630cf6ec3f9 bp 0x7f9ddc06d660 sp 0x7f9ddc06d640 T4)
==245498==The signal is caused by a READ memory access.
==245498==Hint: address points to the zero page.
#0 0x5630cf6ec3f8 in StreamTcpReassembleFreeThreadCtx /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/stream-tcp-reassemble.c:478
#1 0x5630cf6d5a31 in StreamTcpThreadDeinit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/stream-tcp.c:5280
#2 0x5630cf5b340c in FlowWorkerThreadDeinit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/flow-worker.c:307
#3 0x5630cf5b2f63 in FlowWorkerThreadInit /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/flow-worker.c:266
#4 0x5630cf7116c0 in TmThreadsSlotVar /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/tm-threads.c:394
#5 0x7f9deb171ea6 in start_thread nptl/pthread_create.c:477
#6 0x7f9dea516eae in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdeae)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/stream-tcp-reassemble.c:478 in StreamTcpReassembleFreeThreadCtx
Thread T4 (W#03) created by T0 (Suricata-Main) here:
#0 0x7f9deba679b2 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x399b2)
#1 0x5630cf717a92 in TmThreadSpawn /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/tm-threads.c:1721
#2 0x5630cf66f650 in RunModeFilePcapAutoFp /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/runmode-pcap-file.c:227
#3 0x5630cf677a0a in RunModeDispatch /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/runmodes.c:391
#4 0x5630cf707338 in SuricataMain /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/suricata.c:2805
#5 0x5630cf31cad3 in main /home/pevma/inthetrenches/Suricata/suricomp/suricata/src/main.c:22
#6 0x7f9dea43fcc9 in __libc_start_main ../csu/libc-start.c:308
==245498==ABORTING
real 3m23.002s
user 3m13.314s
sys 0m8.912s
pevma@~/inthetrenches/Suricata/suricomp$
pevma@~/inthetrenches/Suricata/suricomp$ /opt/suritest/bin/suricata --dump-config |grep preall
defrag.prealloc = yes
flow.prealloc = 10000
stream.reassembly.segment-prealloc = 2000048
host.prealloc = 1000
pevma@~/inthetrenches/Suricata/suricomp$ /opt/suritest/bin/suricata --build-info
This is Suricata version 6.0.0-dev (ac491c6e8 2020-08-07)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 9.3.0, C version 201112
compiled with -fstack-protector-all
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.33, linked against LibHTP v0.5.33
Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: yes
Non-bundled htp: no
Old barnyard2 support:
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Rust support: yes
Rust strict mode: yes
Rust compiler path: /home/pevma/.cargo/bin/rustc
Rust compiler version: rustc 1.45.2 (d3fb005a3 2020-07-31)
Cargo path: /home/pevma/.cargo/bin/cargo
Cargo version: cargo 1.45.1 (f242df6ed 2020-07-22)
Cargo vendor: yes
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml yes
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Plugin support (experimental): yes
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /opt/suritest
Configuration directory: /opt/suritest/etc/suricata/
Log directory: /opt/suritest/var/log/suricata/
--prefix /opt/suritest
--sysconfdir /opt/suritest/etc
--localstatedir /opt/suritest/var
--datarootdir /opt/suritest/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -std=c11 -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS -I/usr/include
SECCFLAGS
Updated by Victor Julien about 5 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 6.0.0rc1
- Private changed from Yes to No
Until we know earlier in the startup process how many threads we intend to spawn this won't be possible. We shouldn't SEGV in any case though.
Updated by Victor Julien about 5 years ago
- Status changed from Assigned to Closed
Actions