Project

General

Profile

Actions

Bug #6549

closed

multi-tenancy: ASAN error on engine analysis

Added by Victor Julien about 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata-verify/pull/1478

AddressSanitizer:DEADLYSIGNAL
=================================================================
==614052==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000c0 (pc 0x7f5555d9e078 bp 0x000000000000 sp 0x7f55414fba40 T2)
==614052==The signal is caused by a READ memory access.
==614052==Hint: address points to the zero page.
    #0 0x7f5555d9e078 in __vfprintf_internal stdio-common/vfprintf-internal.c:1218
    #1 0x7f5556ca988f in __interceptor_vfprintf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1664
    #2 0x7f5556ca99ce in __interceptor_fprintf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1721
    #3 0x5654cc5d5e68 in EngineAnalysisFP /home/victor/devel/suricata-6.0.x/src/detect-engine-analyzer.c:172
    #4 0x5654cc65827e in DetectLoadSigFile /home/victor/devel/suricata-6.0.x/src/detect-engine-loader.c:174
    #5 0x5654cc658abc in ProcessSigFiles /home/victor/devel/suricata-6.0.x/src/detect-engine-loader.c:252
    #6 0x5654cc6592b2 in SigLoadSignatures /home/victor/devel/suricata-6.0.x/src/detect-engine-loader.c:312
    #7 0x5654cc593518 in DetectEngineMultiTenantLoadTenant /home/victor/devel/suricata-6.0.x/src/detect-engine.c:3337
    #8 0x5654cc593cd4 in DetectLoaderFuncLoadTenant /home/victor/devel/suricata-6.0.x/src/detect-engine.c:3418
    #9 0x5654cc65a8e0 in DetectLoader /home/victor/devel/suricata-6.0.x/src/detect-engine-loader.c:590
    #10 0x5654cce010ad in TmThreadsManagement /home/victor/devel/suricata-6.0.x/src/tm-threads.c:558
    #11 0x7f5555dbdac2 in start_thread nptl/pthread_create.c:442
    #12 0x7f5555e4fa3f  (/lib/x86_64-linux-gnu/libc.so.6+0x126a3f)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV stdio-common/vfprintf-internal.c:1218 in __vfprintf_internal
Thread T2 (DL#02) created by T0 (Suricata-Main) here:
    #0 0x7f5556ca3685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x5654cce06c2d in TmThreadSpawn /home/victor/devel/suricata-6.0.x/src/tm-threads.c:1749
    #2 0x5654cc65ae22 in DetectLoaderThreadSpawn /home/victor/devel/suricata-6.0.x/src/detect-engine-loader.c:632
    #3 0x5654cc59522f in DetectEngineMultiTenantSetup /home/victor/devel/suricata-6.0.x/src/detect-engine.c:3635
    #4 0x5654ccdef789 in PostConfLoadedDetectSetup /home/victor/devel/suricata-6.0.x/src/suricata.c:2424
    #5 0x5654ccdf1d18 in SuricataMain /home/victor/devel/suricata-6.0.x/src/suricata.c:2896
    #6 0x5654cc196c6b in main /home/victor/devel/suricata-6.0.x/src/main.c:22
    #7 0x7f5555d52d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

==614052==ABORTING

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6239: ASAN: double free when multi-tenancy enabled and configuredClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien about 1 year ago

  • Related to Bug #6239: ASAN: double free when multi-tenancy enabled and configured added
Actions #2

Updated by Victor Julien about 1 year ago

Same issue as #6239. Multiple threads accessing analyzer globals. Fixed in 7/master by https://github.com/OISF/suricata/commit/c8615bcd4798a1c53323b4591e787cbf0358811c

Actions #3

Updated by Victor Julien about 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions #4

Updated by Jeff Lucovsky 12 months ago

  • Status changed from Assigned to In Review
Actions #5

Updated by Jeff Lucovsky 11 months ago

  • Status changed from In Review to Closed
Actions #6

Updated by Jeff Lucovsky 11 months ago

  • Status changed from Closed to In Review

Reopened due to issue raised in https://github.com/OISF/suricata-verify/pull/1562:

suricata: util-var-name.c:138: VarNameStoreDestroy: Assertion `!((vn->ref_cnt > 0))' failed.

Actions #7

Updated by Victor Julien 10 months ago

  • Status changed from In Review to Resolved
Actions #8

Updated by Victor Julien 10 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF