Project

General

Profile

Actions

Bug #5132

closed

segfault: master - HTPFileCloseHandleRange

Added by Peter Manev almost 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Reproducible at a live setup without direct access.

Please see the attached two files for more details.

 7.0.0-dev (579d7dcc0 2022-01-20)
Thread 1 (Thread 0x7fc49fa74700 (LWP 58647)):
#0  0x000000000054b9a5 in HttpRangeClose (c=0x7fb10797f120, flags=0) at app-layer-htp-range.c:530
#1  0x00000000005488a2 in HTPFileCloseHandleRange (files=0x7fb3cfaffec0, flags=0, c=0x7fb10797f120, data=0x0, data_len=0) at app-layer-htp-file.c:360
#2  0x0000000000548a20 in HTPFileClose (s=0x7fb1f884a290, data=0x0, data_len=0, flags=0 '\000', direction=8 '\b') at app-layer-htp-file.c:418
#3  0x000000000054473e in HTPCallbackResponseComplete (tx=0x7fb1fa34d360) at app-layer-htp.c:2255
#4  0x00007fc830bdeb61 in htp_hook_run_all (hook=0x1c5b340, user_data=0x7fb1fa34d360) at htp_hooks.c:127
#5  0x00007fc830be711b in htp_tx_state_response_complete_ex (tx=0x7fb1fa34d360, hybrid_mode=0) at htp_transaction.c:1219
#6  0x00007fc830be493a in htp_connp_res_data (connp=0x7faea5759050, timestamp=<optimized out>, data=<optimized out>, len=<optimized out>) at htp_response.c:1321
#7  0x0000000000543281 in HTPHandleResponseData (f=0x7fb483265450, htp_state=0x7fb1f884a290, pstate=0x7fb2a31837a0, stream_slice=..., local_data=0x0) at app-layer-htp.c:942
#8  0x000000000054f1fe in AppLayerParserParse (tv=0x7fc6baa60690, alp_tctx=0x7fc49259db30, f=0x7fb483265450, alproto=1, flags=26 '\032', input=0x0, input_len=6516) at app-layer-parser.c:1304
#9  0x000000000053506c in AppLayerHandleTCPData (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, p=0x7fc4924fec10, f=0x7fb483265450, ssn=0x7fb5a6e02500, stream=0x7fc49fa734f0, data=0x0, data_len=6516, flags=26 '\032') at app-layer.c:633
#10 0x000000000067b54f in ReassembleUpdateAppLayer (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fc49fa734f0, p=0x7fc4924fec10, dir=UPDATE_DIR_PACKET) at stream-tcp-reassemble.c:1133
#11 0x000000000067b240 in StreamTcpReassembleAppLayer (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fb5a6e02510, p=0x7fc4924fec10, dir=UPDATE_DIR_PACKET) at stream-tcp-reassemble.c:1264
#12 0x000000000067cf60 in StreamTcpReassembleHandleSegment (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fb5a6e02510, p=0x7fc4924fec10, pq=0x7fc49253b120) at stream-tcp-reassemble.c:1930
#13 0x00000000006617d2 in StreamTcpPacket (tv=0x7fc6baa60690, p=0x7fc4924fec10, stt=0x7fc497fffc70, pq=0x7fc49253b120) at stream-tcp.c:4936
#14 0x0000000000664136 in StreamTcp (tv=0x7fc6baa60690, p=0x7fc4924fec10, data=0x7fc497fffc70, pq=0x7fc49253b120) at stream-tcp.c:5312
#15 0x0000000000611bb3 in FlowWorkerStreamTCPUpdate (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, p=0x7fc4924fec10, detect_thread=0x7fc487882740, timeout=true) at flow-worker.c:370
#16 0x0000000000612438 in FlowWorkerFlowTimeout (tv=0x7fc6baa60690, p=0x7fc4924fec10, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740) at flow-worker.c:413
#17 0x00000000006123d8 in FlowFinish (tv=0x7fc6baa60690, f=0x7fb483265450, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740) at flow-worker.c:157
#18 0x000000000061208c in CheckWorkQueue (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740, counters=0x7fc49fa73768, fq=0x7fc49fa73790) at flow-worker.c:177
#19 0x0000000000611ed9 in FlowWorkerProcessInjectedFlows (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, p=0x7fc4924ff660, detect_thread=0x7fc487882740) at flow-worker.c:460
#20 0x000000000061189b in FlowWorker (tv=0x7fc6baa60690, p=0x7fc4924ff660, data=0x7fc49253b0f0) at flow-worker.c:590
#21 0x0000000000501c84 in TmThreadsSlotVarRun (tv=0x7fc6baa60690, p=0x7fc4924ff660, slot=0x7fc6b9f3f660) at tm-threads.c:117
#22 0x0000000000655a9e in TmThreadsSlotProcessPkt (tv=0x7fc6baa60690, s=0x7fc6b9f3f660, p=0x7fc4924ff660) at ./tm-threads.h:195
#23 0x0000000000655928 in AFPParsePacketV3 (ptv=0x7fc497fff680, pbd=0x7fbed7200000, ppd=0x7fbed7288fd8) at source-af-packet.c:983
#24 0x00000000006555f2 in AFPWalkBlock (ptv=0x7fc497fff680, pbd=0x7fbed7200000) at source-af-packet.c:996
#25 0x000000000065449c in AFPReadFromRingV3 (ptv=0x7fc497fff680) at source-af-packet.c:1043
#26 0x00000000006538f2 in ReceiveAFPLoop (tv=0x7fc6baa60690, data=0x7fc497fff680, slot=0x7fc6b7a20370) at source-af-packet.c:1393
#27 0x0000000000506e3a in TmThreadsSlotPktAcqLoop (td=0x7fc6baa60690) at tm-threads.c:312
#28 0x00007fc830983609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#29 0x00007fc82fdec293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Files

current_build.txt (3.76 KB) current_build.txt Peter Manev, 02/19/2022 02:01 PM
gdb.txt (138 KB) gdb.txt Peter Manev, 02/19/2022 02:01 PM
current_build_2022-02-24.txt (3.72 KB) current_build_2022-02-24.txt Peter Manev, 02/25/2022 09:30 AM
gdb-private-2022-02-24.txt (266 KB) gdb-private-2022-02-24.txt Peter Manev, 02/25/2022 09:30 AM
Actions #1

Updated by Peter Manev almost 3 years ago

  • Affected Versions git master added
Actions #2

Updated by Victor Julien almost 3 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine
Actions #3

Updated by Peter Manev almost 3 years ago

  • File sgefault-private.tar.xz added

Latest git master crash info attached as well.
This is reproducible but suricata needs to run for 1-2 days at least.

Please let me know if you need any more info.

Actions #4

Updated by Peter Manev almost 3 years ago

  • File deleted (sgefault-private.tar.xz)
Actions #6

Updated by Philippe Antoine almost 3 years ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Philippe Antoine almost 3 years ago

  • Target version changed from TBD to 7.0.0-beta1
  • Affected Versions 6.0.4 added
  • Affected Versions deleted (git master)
Actions #8

Updated by Peter Manev almost 3 years ago

I will feedback on the PR, I've asked to be tested

Actions #9

Updated by Philippe Antoine almost 3 years ago

You can now feedback on latest master ;-)

Actions #10

Updated by Peter Manev almost 3 years ago

Fix seems to be working good!

> The stability has been great since the install of that fork.
Actions #11

Updated by Philippe Antoine almost 3 years ago

  • Status changed from In Review to Closed

Thanks Peter

Actions #12

Updated by Philippe Antoine about 2 years ago

bfcd6cb46a2163f00479620a3dc3ec48f9de4fa0 and 3fd8e908f83602ce4c025f9f14536b90bd91f599 are the commits fixing this

Actions #13

Updated by Victor Julien about 1 year ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF