Actions
Bug #8239
openhyperscan: Segfault in hyperscan when running Suricata 8.0.3/8.0.1 on Fedora 43
Affected Versions:
Effort:
Difficulty:
Label:
Description
Recently upgraded our systems to Fedora 43 and Suricata v8.0.3 and noticed a segfault in hyperscan.
Could this ticket be related? https://redmine.openinfosecfoundation.org/issues/7824
We then rolled back to version 8.0.1 and seen the same issue, running v8.0.1 on Fedora 42 we do not see this issue, see our findings below:
Summary:| OS version | Suricata Version | Status |
|---|---|---|
| F41 | 8.0.1 | OK |
| F42 | 8.0.1 | OK |
| F43 | 8.0.1 | CRASH |
| F43 | 8.0.3 | CRASH |
| F42 | 8.0.3 | AWAITING RESULTS |
Gcc version during build: 15.2.1
Suricata is built with:
gcc -DHAVE_CONFIG_H -I. -I./../rust/gen -I./../rust/dist -I../rust/gen -I/usr/include/hs -D__SCFILENAME__=\"main\" -Wextra -Werror-implicit-function-declaration -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Wall -Wno-unused-parameter -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -march=westmere -mpclmul -fPIC -DOS_LINUX -std=c11 -c -o main.o main.c
And run with:
/usr/bin/suricata -c /var/lib/sensor/config/suricata.conf --init-errors-fatal -k none -l /run/magpie --user 65534 --group 65534 --af-packet=ens192
Suricata output during build:
[2026-01-14T10:52:28.181Z] configure: WARNING: unrecognized options: --enable-jansson, --enable-libnss, --disable-lua, --disable-prelude [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Suricata Configuration: [2026-01-14T10:52:28.181Z] AF_PACKET support: yes [2026-01-14T10:52:28.181Z] AF_XDP support: no [2026-01-14T10:52:28.181Z] DPDK support: no [2026-01-14T10:52:28.181Z] eBPF support: no [2026-01-14T10:52:28.181Z] XDP support: no [2026-01-14T10:52:28.181Z] PF_RING support: no [2026-01-14T10:52:28.181Z] NFQueue support: no [2026-01-14T10:52:28.181Z] NFLOG support: no [2026-01-14T10:52:28.181Z] IPFW support: no [2026-01-14T10:52:28.181Z] Netmap support: no [2026-01-14T10:52:28.181Z] DAG enabled: no [2026-01-14T10:52:28.181Z] Napatech enabled: no [2026-01-14T10:52:28.181Z] WinDivert enabled: no [2026-01-14T10:52:28.181Z] Npcap support: [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Unix socket enabled: no [2026-01-14T10:52:28.181Z] Detection enabled: yes [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Libmagic support: no [2026-01-14T10:52:28.181Z] libjansson support: yes [2026-01-14T10:52:28.181Z] hiredis support: no [2026-01-14T10:52:28.181Z] hiredis async with libevent: no [2026-01-14T10:52:28.181Z] PCRE jit: yes [2026-01-14T10:52:28.181Z] GeoIP2 support: no [2026-01-14T10:52:28.181Z] JA3 support: yes [2026-01-14T10:52:28.181Z] JA4 support: yes [2026-01-14T10:52:28.181Z] Hyperscan support: yes [2026-01-14T10:52:28.181Z] Hwloc support: no [2026-01-14T10:52:28.181Z] Libnet support: no [2026-01-14T10:52:28.181Z] liblz4 support: no [2026-01-14T10:52:28.181Z] Landlock support: yes [2026-01-14T10:52:28.181Z] Systemd support: yes [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Rust strict mode: no [2026-01-14T10:52:28.181Z] Rust compiler path: /usr/sbin/rustc [2026-01-14T10:52:28.181Z] Rust compiler version: rustc 1.92.0 (ded5c06cf 2025-12-08) (Fedora 1.92.0-1.fc43) [2026-01-14T10:52:28.181Z] Cargo path: /usr/sbin/cargo [2026-01-14T10:52:28.181Z] Cargo version: cargo 1.92.0 (344c4567c 2025-10-21) (Fedora 1.92.0-1.fc43) [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Python support: yes [2026-01-14T10:52:28.181Z] Python path: /usr/sbin/python3 [2026-01-14T10:52:28.181Z] Install suricatactl: yes [2026-01-14T10:52:28.181Z] Install suricatasc: yes [2026-01-14T10:52:28.181Z] Install suricata-update: no, not bundled [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Profiling enabled: no [2026-01-14T10:52:28.181Z] Profiling locks enabled: no [2026-01-14T10:52:28.181Z] Profiling rules enabled: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Plugin support (experimental): yes [2026-01-14T10:52:28.181Z] DPDK Bond PMD: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Plugins: [2026-01-14T10:52:28.181Z] nDPI: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Development settings: [2026-01-14T10:52:28.181Z] Coccinelle / spatch: no [2026-01-14T10:52:28.181Z] Unit tests enabled: no [2026-01-14T10:52:28.181Z] Debug output enabled: no [2026-01-14T10:52:28.181Z] Debug validation enabled: no [2026-01-14T10:52:28.181Z] Fuzz targets enabled: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Generic build parameters: [2026-01-14T10:52:28.181Z] Installation prefix: /usr [2026-01-14T10:52:28.181Z] Configuration directory: /etc/suricata/ [2026-01-14T10:52:28.181Z] Log directory: /var/log/suricata/ [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] --prefix /usr [2026-01-14T10:52:28.181Z] --sysconfdir /etc [2026-01-14T10:52:28.181Z] --localstatedir /var [2026-01-14T10:52:28.181Z] --datarootdir /usr/share [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Host: x86_64-redhat-linux-gnu [2026-01-14T10:52:28.181Z] Compiler: gcc (exec name) / g++ (real) [2026-01-14T10:52:28.181Z] GCC Protect enabled: yes [2026-01-14T10:52:28.181Z] GCC march native enabled: no [2026-01-14T10:52:28.181Z] GCC Profile enabled: no [2026-01-14T10:52:28.181Z] Position Independent Executable enabled: no [2026-01-14T10:52:28.181Z] CFLAGS -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -march=westmere -mpclmul -fPIC -DOS_LINUX -std=c11 [2026-01-14T10:52:28.181Z] PCAP_CFLAGS [2026-01-14T10:52:28.181Z] SECCFLAGS -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
Observed Segfault:
suricata: INFO: suricata received signal SIGSEGV
2026-01-15 14:26:18.502926
Thread 6 (Thread 0x7efd0a7866c0 (LWP 280) "CS"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62ac5af1 in StatsMgmtThread ()
#5 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#6 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 5 (Thread 0x7efd0af876c0 (LWP 279) "CW"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62ac5419 in StatsWakeupThread ()
#5 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#6 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 4 (Thread 0x7efd0b7886c0 (LWP 278) "FR#01"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62b46b51 in FlowRecycler.lto_priv.0 ()
#5 0x0000563f62a8af64 in TmThreadsManagement ()
#6 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#7 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 3 (Thread 0x7efd0bf896c0 (LWP 277) "FM#01"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62b41e02 in FlowManager.lto_priv.0 ()
#5 0x0000563f62a8af64 in TmThreadsManagement ()
#6 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#7 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 2 (Thread 0x7efd0c78a6c0 (LWP 276) "W#01-ens192"):
#0 0x00007efd0ed9ceca in unsigned char const* shuftiDoubleExecReal<(unsigned short)64>(long long __vector(2), long long __vector(2), long long __vector(2), long long __vector(2), unsigned char const*, unsigned char const*) () from /lib64/libhs.so.5
#1 0x00007efd0ed12ef8 in avx512_run_accel () from /lib64/libhs.so.5
#2 0x00007efd0ed71ae4 in avx512_nfaExecMcClellan8_B () from /lib64/libhs.so.5
#3 0x00007efd0ecdac3d in avx512_hs_scan () from /lib64/libhs.so.5
#4 0x0000563f62a9cdf4 in SCHSSearch ()
#5 0x0000563f62ae56f6 in DetectRunPrefilterTx ()
#6 0x0000563f62b39b4e in DetectRun ()
#7 0x0000563f62b3b1fc in Detect ()
#8 0x0000563f62b42be7 in FlowWorkerStreamTCPUpdate ()
#9 0x0000563f62b46dfb in FlowWorker.lto_priv.0 ()
#10 0x0000563f62a87054 in TmThreadsSlotVarRun ()
#11 0x0000563f62b62df5 in AFPReadFromRingV3 ()
#12 0x0000563f62b65823 in ReceiveAFPLoop.lto_priv.0 ()
#13 0x0000563f62a8c6c0 in TmThreadsSlotPktAcqLoop ()
#14 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#15 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 1 (Thread 0x7efd0dff5600 (LWP 273) "Suricata-Main"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e40db62 in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6
#3 0x00007efd0e419b37 in nanosleep () from /lib64/libc.so.6
#4 0x00007efd0e44413a in usleep () from /lib64/libc.so.6
#5 0x0000563f62a898fa in SuricataMainLoop ()
#6 0x0000563f62a7ebd6 in main ()
Updated by Victor Julien about 23 hours ago
I've tried to recreate the setup in docker with F43 and the same configure options, but not seeing the issue yet. Are you able to reproduce it with a pcap? I ran the whole SV suite and it just passes w/o issues.
Actions