Actions
Bug #5132
closedsegfault: master - HTPFileCloseHandleRange
Affected Versions:
Effort:
Difficulty:
Label:
Description
Reproducible at a live setup without direct access.
Please see the attached two files for more details.
7.0.0-dev (579d7dcc0 2022-01-20)
Thread 1 (Thread 0x7fc49fa74700 (LWP 58647)): #0 0x000000000054b9a5 in HttpRangeClose (c=0x7fb10797f120, flags=0) at app-layer-htp-range.c:530 #1 0x00000000005488a2 in HTPFileCloseHandleRange (files=0x7fb3cfaffec0, flags=0, c=0x7fb10797f120, data=0x0, data_len=0) at app-layer-htp-file.c:360 #2 0x0000000000548a20 in HTPFileClose (s=0x7fb1f884a290, data=0x0, data_len=0, flags=0 '\000', direction=8 '\b') at app-layer-htp-file.c:418 #3 0x000000000054473e in HTPCallbackResponseComplete (tx=0x7fb1fa34d360) at app-layer-htp.c:2255 #4 0x00007fc830bdeb61 in htp_hook_run_all (hook=0x1c5b340, user_data=0x7fb1fa34d360) at htp_hooks.c:127 #5 0x00007fc830be711b in htp_tx_state_response_complete_ex (tx=0x7fb1fa34d360, hybrid_mode=0) at htp_transaction.c:1219 #6 0x00007fc830be493a in htp_connp_res_data (connp=0x7faea5759050, timestamp=<optimized out>, data=<optimized out>, len=<optimized out>) at htp_response.c:1321 #7 0x0000000000543281 in HTPHandleResponseData (f=0x7fb483265450, htp_state=0x7fb1f884a290, pstate=0x7fb2a31837a0, stream_slice=..., local_data=0x0) at app-layer-htp.c:942 #8 0x000000000054f1fe in AppLayerParserParse (tv=0x7fc6baa60690, alp_tctx=0x7fc49259db30, f=0x7fb483265450, alproto=1, flags=26 '\032', input=0x0, input_len=6516) at app-layer-parser.c:1304 #9 0x000000000053506c in AppLayerHandleTCPData (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, p=0x7fc4924fec10, f=0x7fb483265450, ssn=0x7fb5a6e02500, stream=0x7fc49fa734f0, data=0x0, data_len=6516, flags=26 '\032') at app-layer.c:633 #10 0x000000000067b54f in ReassembleUpdateAppLayer (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fc49fa734f0, p=0x7fc4924fec10, dir=UPDATE_DIR_PACKET) at stream-tcp-reassemble.c:1133 #11 0x000000000067b240 in StreamTcpReassembleAppLayer (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fb5a6e02510, p=0x7fc4924fec10, dir=UPDATE_DIR_PACKET) at stream-tcp-reassemble.c:1264 #12 0x000000000067cf60 in StreamTcpReassembleHandleSegment (tv=0x7fc6baa60690, ra_ctx=0x7fc492573c30, ssn=0x7fb5a6e02500, stream=0x7fb5a6e02510, p=0x7fc4924fec10, pq=0x7fc49253b120) at stream-tcp-reassemble.c:1930 #13 0x00000000006617d2 in StreamTcpPacket (tv=0x7fc6baa60690, p=0x7fc4924fec10, stt=0x7fc497fffc70, pq=0x7fc49253b120) at stream-tcp.c:4936 #14 0x0000000000664136 in StreamTcp (tv=0x7fc6baa60690, p=0x7fc4924fec10, data=0x7fc497fffc70, pq=0x7fc49253b120) at stream-tcp.c:5312 #15 0x0000000000611bb3 in FlowWorkerStreamTCPUpdate (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, p=0x7fc4924fec10, detect_thread=0x7fc487882740, timeout=true) at flow-worker.c:370 #16 0x0000000000612438 in FlowWorkerFlowTimeout (tv=0x7fc6baa60690, p=0x7fc4924fec10, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740) at flow-worker.c:413 #17 0x00000000006123d8 in FlowFinish (tv=0x7fc6baa60690, f=0x7fb483265450, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740) at flow-worker.c:157 #18 0x000000000061208c in CheckWorkQueue (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, detect_thread=0x7fc487882740, counters=0x7fc49fa73768, fq=0x7fc49fa73790) at flow-worker.c:177 #19 0x0000000000611ed9 in FlowWorkerProcessInjectedFlows (tv=0x7fc6baa60690, fw=0x7fc49253b0f0, p=0x7fc4924ff660, detect_thread=0x7fc487882740) at flow-worker.c:460 #20 0x000000000061189b in FlowWorker (tv=0x7fc6baa60690, p=0x7fc4924ff660, data=0x7fc49253b0f0) at flow-worker.c:590 #21 0x0000000000501c84 in TmThreadsSlotVarRun (tv=0x7fc6baa60690, p=0x7fc4924ff660, slot=0x7fc6b9f3f660) at tm-threads.c:117 #22 0x0000000000655a9e in TmThreadsSlotProcessPkt (tv=0x7fc6baa60690, s=0x7fc6b9f3f660, p=0x7fc4924ff660) at ./tm-threads.h:195 #23 0x0000000000655928 in AFPParsePacketV3 (ptv=0x7fc497fff680, pbd=0x7fbed7200000, ppd=0x7fbed7288fd8) at source-af-packet.c:983 #24 0x00000000006555f2 in AFPWalkBlock (ptv=0x7fc497fff680, pbd=0x7fbed7200000) at source-af-packet.c:996 #25 0x000000000065449c in AFPReadFromRingV3 (ptv=0x7fc497fff680) at source-af-packet.c:1043 #26 0x00000000006538f2 in ReceiveAFPLoop (tv=0x7fc6baa60690, data=0x7fc497fff680, slot=0x7fc6b7a20370) at source-af-packet.c:1393 #27 0x0000000000506e3a in TmThreadsSlotPktAcqLoop (td=0x7fc6baa60690) at tm-threads.c:312 #28 0x00007fc830983609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #29 0x00007fc82fdec293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Files
Updated by Victor Julien almost 3 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Peter Manev almost 3 years ago
- File sgefault-private.tar.xz added
Latest git master crash info attached as well.
This is reproducible but suricata needs to run for 1-2 days at least.
Please let me know if you need any more info.
Updated by Peter Manev almost 3 years ago
- File deleted (
sgefault-private.tar.xz)
Actions
#5
Updated by Peter Manev almost 3 years ago
Updated by Philippe Antoine almost 3 years ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine almost 3 years ago
- Target version changed from TBD to 7.0.0-beta1
- Affected Versions 6.0.4 added
- Affected Versions deleted (
git master)
Updated by Peter Manev almost 3 years ago
I will feedback on the PR, I've asked to be tested
Updated by Philippe Antoine almost 3 years ago
You can now feedback on latest master ;-)
Updated by Peter Manev almost 3 years ago
Fix seems to be working good!
> The stability has been great since the install of that fork.
Updated by Philippe Antoine about 2 years ago
bfcd6cb46a2163f00479620a3dc3ec48f9de4fa0 and 3fd8e908f83602ce4c025f9f14536b90bd91f599 are the commits fixing this
Actions