Actions
Bug #8239
openhyperscan: Segfault in hyperscan when running Suricata 8.0.3/8.0.1 on Fedora 43
Affected Versions:
Effort:
Difficulty:
Label:
Description
Recently upgraded our systems to Fedora 43 and Suricata v8.0.3 and noticed a segfault in hyperscan.
Could this ticket be related? https://redmine.openinfosecfoundation.org/issues/7824
We then rolled back to version 8.0.1 and seen the same issue, running v8.0.1 on Fedora 42 we do not see this issue, see our findings below:
Summary:| OS version | Suricata Version | Status |
|---|---|---|
| F41 | 8.0.1 | OK |
| F42 | 8.0.1 | OK |
| F43 | 8.0.1 | CRASH |
| F43 | 8.0.3 | CRASH |
| F42 | 8.0.3 | AWAITING RESULTS |
Gcc version during build: 15.2.1
Suricata is built with:
gcc -DHAVE_CONFIG_H -I. -I./../rust/gen -I./../rust/dist -I../rust/gen -I/usr/include/hs -D__SCFILENAME__=\"main\" -Wextra -Werror-implicit-function-declaration -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Wall -Wno-unused-parameter -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -march=westmere -mpclmul -fPIC -DOS_LINUX -std=c11 -c -o main.o main.c
And run with:
/usr/bin/suricata -c /var/lib/sensor/config/suricata.conf --init-errors-fatal -k none -l /run/magpie --user 65534 --group 65534 --af-packet=ens192
Suricata output during build:
[2026-01-14T10:52:28.181Z] configure: WARNING: unrecognized options: --enable-jansson, --enable-libnss, --disable-lua, --disable-prelude [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Suricata Configuration: [2026-01-14T10:52:28.181Z] AF_PACKET support: yes [2026-01-14T10:52:28.181Z] AF_XDP support: no [2026-01-14T10:52:28.181Z] DPDK support: no [2026-01-14T10:52:28.181Z] eBPF support: no [2026-01-14T10:52:28.181Z] XDP support: no [2026-01-14T10:52:28.181Z] PF_RING support: no [2026-01-14T10:52:28.181Z] NFQueue support: no [2026-01-14T10:52:28.181Z] NFLOG support: no [2026-01-14T10:52:28.181Z] IPFW support: no [2026-01-14T10:52:28.181Z] Netmap support: no [2026-01-14T10:52:28.181Z] DAG enabled: no [2026-01-14T10:52:28.181Z] Napatech enabled: no [2026-01-14T10:52:28.181Z] WinDivert enabled: no [2026-01-14T10:52:28.181Z] Npcap support: [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Unix socket enabled: no [2026-01-14T10:52:28.181Z] Detection enabled: yes [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Libmagic support: no [2026-01-14T10:52:28.181Z] libjansson support: yes [2026-01-14T10:52:28.181Z] hiredis support: no [2026-01-14T10:52:28.181Z] hiredis async with libevent: no [2026-01-14T10:52:28.181Z] PCRE jit: yes [2026-01-14T10:52:28.181Z] GeoIP2 support: no [2026-01-14T10:52:28.181Z] JA3 support: yes [2026-01-14T10:52:28.181Z] JA4 support: yes [2026-01-14T10:52:28.181Z] Hyperscan support: yes [2026-01-14T10:52:28.181Z] Hwloc support: no [2026-01-14T10:52:28.181Z] Libnet support: no [2026-01-14T10:52:28.181Z] liblz4 support: no [2026-01-14T10:52:28.181Z] Landlock support: yes [2026-01-14T10:52:28.181Z] Systemd support: yes [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Rust strict mode: no [2026-01-14T10:52:28.181Z] Rust compiler path: /usr/sbin/rustc [2026-01-14T10:52:28.181Z] Rust compiler version: rustc 1.92.0 (ded5c06cf 2025-12-08) (Fedora 1.92.0-1.fc43) [2026-01-14T10:52:28.181Z] Cargo path: /usr/sbin/cargo [2026-01-14T10:52:28.181Z] Cargo version: cargo 1.92.0 (344c4567c 2025-10-21) (Fedora 1.92.0-1.fc43) [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Python support: yes [2026-01-14T10:52:28.181Z] Python path: /usr/sbin/python3 [2026-01-14T10:52:28.181Z] Install suricatactl: yes [2026-01-14T10:52:28.181Z] Install suricatasc: yes [2026-01-14T10:52:28.181Z] Install suricata-update: no, not bundled [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Profiling enabled: no [2026-01-14T10:52:28.181Z] Profiling locks enabled: no [2026-01-14T10:52:28.181Z] Profiling rules enabled: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Plugin support (experimental): yes [2026-01-14T10:52:28.181Z] DPDK Bond PMD: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Plugins: [2026-01-14T10:52:28.181Z] nDPI: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Development settings: [2026-01-14T10:52:28.181Z] Coccinelle / spatch: no [2026-01-14T10:52:28.181Z] Unit tests enabled: no [2026-01-14T10:52:28.181Z] Debug output enabled: no [2026-01-14T10:52:28.181Z] Debug validation enabled: no [2026-01-14T10:52:28.181Z] Fuzz targets enabled: no [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Generic build parameters: [2026-01-14T10:52:28.181Z] Installation prefix: /usr [2026-01-14T10:52:28.181Z] Configuration directory: /etc/suricata/ [2026-01-14T10:52:28.181Z] Log directory: /var/log/suricata/ [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] --prefix /usr [2026-01-14T10:52:28.181Z] --sysconfdir /etc [2026-01-14T10:52:28.181Z] --localstatedir /var [2026-01-14T10:52:28.181Z] --datarootdir /usr/share [2026-01-14T10:52:28.181Z] [2026-01-14T10:52:28.181Z] Host: x86_64-redhat-linux-gnu [2026-01-14T10:52:28.181Z] Compiler: gcc (exec name) / g++ (real) [2026-01-14T10:52:28.181Z] GCC Protect enabled: yes [2026-01-14T10:52:28.181Z] GCC march native enabled: no [2026-01-14T10:52:28.181Z] GCC Profile enabled: no [2026-01-14T10:52:28.181Z] Position Independent Executable enabled: no [2026-01-14T10:52:28.181Z] CFLAGS -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -march=westmere -mpclmul -fPIC -DOS_LINUX -std=c11 [2026-01-14T10:52:28.181Z] PCAP_CFLAGS [2026-01-14T10:52:28.181Z] SECCFLAGS -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
Observed Segfault:
suricata: INFO: suricata received signal SIGSEGV
2026-01-15 14:26:18.502926
Thread 6 (Thread 0x7efd0a7866c0 (LWP 280) "CS"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62ac5af1 in StatsMgmtThread ()
#5 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#6 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 5 (Thread 0x7efd0af876c0 (LWP 279) "CW"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62ac5419 in StatsWakeupThread ()
#5 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#6 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 4 (Thread 0x7efd0b7886c0 (LWP 278) "FR#01"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62b46b51 in FlowRecycler.lto_priv.0 ()
#5 0x0000563f62a8af64 in TmThreadsManagement ()
#6 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#7 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 3 (Thread 0x7efd0bf896c0 (LWP 277) "FM#01"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e3be2ac in __futex_abstimed_wait_common () from /lib64/libc.so.6
#3 0x00007efd0e3c0b88 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libc.so.6
#4 0x0000563f62b41e02 in FlowManager.lto_priv.0 ()
#5 0x0000563f62a8af64 in TmThreadsManagement ()
#6 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#7 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 2 (Thread 0x7efd0c78a6c0 (LWP 276) "W#01-ens192"):
#0 0x00007efd0ed9ceca in unsigned char const* shuftiDoubleExecReal<(unsigned short)64>(long long __vector(2), long long __vector(2), long long __vector(2), long long __vector(2), unsigned char const*, unsigned char const*) () from /lib64/libhs.so.5
#1 0x00007efd0ed12ef8 in avx512_run_accel () from /lib64/libhs.so.5
#2 0x00007efd0ed71ae4 in avx512_nfaExecMcClellan8_B () from /lib64/libhs.so.5
#3 0x00007efd0ecdac3d in avx512_hs_scan () from /lib64/libhs.so.5
#4 0x0000563f62a9cdf4 in SCHSSearch ()
#5 0x0000563f62ae56f6 in DetectRunPrefilterTx ()
#6 0x0000563f62b39b4e in DetectRun ()
#7 0x0000563f62b3b1fc in Detect ()
#8 0x0000563f62b42be7 in FlowWorkerStreamTCPUpdate ()
#9 0x0000563f62b46dfb in FlowWorker.lto_priv.0 ()
#10 0x0000563f62a87054 in TmThreadsSlotVarRun ()
#11 0x0000563f62b62df5 in AFPReadFromRingV3 ()
#12 0x0000563f62b65823 in ReceiveAFPLoop.lto_priv.0 ()
#13 0x0000563f62a8c6c0 in TmThreadsSlotPktAcqLoop ()
#14 0x00007efd0e3c1464 in start_thread () from /lib64/libc.so.6
#15 0x00007efd0e4445ac in __clone3 () from /lib64/libc.so.6
Thread 1 (Thread 0x7efd0dff5600 (LWP 273) "Suricata-Main"):
#0 0x00007efd0e3c9982 in __syscall_cancel_arch () from /lib64/libc.so.6
#1 0x00007efd0e3bdc3c in __internal_syscall_cancel () from /lib64/libc.so.6
#2 0x00007efd0e40db62 in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6
#3 0x00007efd0e419b37 in nanosleep () from /lib64/libc.so.6
#4 0x00007efd0e44413a in usleep () from /lib64/libc.so.6
#5 0x0000563f62a898fa in SuricataMainLoop ()
#6 0x0000563f62a7ebd6 in main ()
Updated by Victor Julien 1 day ago
I've tried to recreate the setup in docker with F43 and the same configure options, but not seeing the issue yet. Are you able to reproduce it with a pcap? I ran the whole SV suite and it just passes w/o issues.
Actions