Actions
Bug #8308
openplugins/ndpi: SIGSEGV in DetectnDPIProtocolPacketMatch
Affected Versions:
Effort:
Difficulty:
Label:
Description
I've been running Suricata 8.0.2 with nDPI in NFQ/IPS mode and the behavior is inconsistent. Sometimes it crashes repeatedly every ~2-5 minutes, other times it runs for days without any issues.
Environment:
- Suricata 8.0.2 + nDPI 4.14
- AArch64 / NixOS
The flow pointer passed to StorageGetById (x19) is NULL, which faults immediately on dereference. Looking at plugins/ndpi/ndpi.c, both DetectnDPIProtocolPacketMatch and DetectnDPIRiskPacketMatch call FlowGetStorageById(f, flow_storage_id) where f = p->flow. Both functions do have a f == NULL check but it appears after the storage lookup rather than before it. p->flow can be null? Which is what I think is triggering this.
PID: 355516 (Suricata-Main)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Wed 2026-02-18 14:07:02 UTC (4h 51min ago)
Command Line: /nix/store/4jdc5hyisvm448qn9ywbhg0ra2l3w8fs-suricata-8.0.2/bin/suricata -v -c /var/lib/suricata/suricata-nix.yaml -q 0
Executable: /nix/store/4jdc5hyisvm448qn9ywbhg0ra2l3w8fs-suricata-8.0.2/bin/suricata
Control Group: /system.slice/suricata.service
Unit: suricata.service
Slice: system.slice
Boot ID: 75497d86995e42b5aca1ffb346b021c2
Machine ID: 1ebfe5d0b2ed4b0b9c6dabaae9d0113f
Hostname: nixos
Storage: /var/lib/systemd/coredump/core.Suricata-Main.0.75497d86995e42b5aca1ffb346b021c2.355516.1771423622000000.zst (present)
Size on Disk: 112.4M
Message: Process 355516 (Suricata-Main) of user 0 dumped core.
Stack trace of thread 355710:
#0 0x0000aaaad7e9f6ac n/a (n/a + 0x0)
#1 0x0000ffff8ff066f8 n/a (n/a + 0x0)
#2 0x0000ffff8ff066f8 n/a (n/a + 0x0)
#3 0x0000aaaad7edebc0 n/a (n/a + 0x0)
#4 0x0000aaaad7ee2394 n/a (n/a + 0x0)
#5 0x0000aaaad7f1bc24 n/a (n/a + 0x0)
#6 0x0000aaaad7f1c880 n/a (n/a + 0x0)
#7 0x0000aaaad7f1e328 n/a (n/a + 0x0)
#8 0x0000aaaad7f25b18 n/a (n/a + 0x0)
#9 0x0000aaaad7e828f4 n/a (n/a + 0x0)
#10 0x0000aaaad7e84654 n/a (n/a + 0x0)
#11 0x0000ffff906201ec n/a (n/a + 0x0)
#12 0x0000ffff9069034c n/a (n/a + 0x0)
ELF object binary architecture: AARCH64
#0 0x0000aaaad7e9f6ac in StorageGetById ()
#1 0x0000ffff8ff066f8 in DetectnDPIProtocolPacketMatch () from /var/lib/chimera/ndpi.so
#2 0x0000aaaad7edebc0 in DetectEngineInspectRulePacketMatches ()
#3 0x0000aaaad7ee2394 in DetectEnginePktInspectionRun ()
#4 0x0000aaaad7f1bc24 in DetectRulePacketRules ()
#5 0x0000aaaad7f1c880 in DetectRun ()
#6 0x0000aaaad7f1e328 in Detect ()
#7 0x0000aaaad7f25b18 in FlowWorker ()
#8 0x0000aaaad7e828f4 in TmThreadsSlotVarRun ()
#9 0x0000aaaad7e84654 in TmThreadsSlotVar ()
#10 0x0000ffff906201ec in start_thread () from /nix/store/nl55hbsk5fjq2kyz3rkry1flndqfr3ry-glibc-2.40-66/lib/libc.so.6
#11 0x0000ffff9069034c in thread_start () from /nix/store/nl55hbsk5fjq2kyz3rkry1flndqfr3ry-glibc-2.40-66/lib/libc.so.6
x0 0x118 280
x1 0x1 1
x2 0x1 1
x3 0xaaab30f2d160 187652237349216
x4 0xffff8ff066d0 281473096640208
x5 0xaaaaffc57fe0 187651412295648
x6 0xaaaad7edeb60 187650743855968
x7 0xd 13
x8 0xffff7854ee40 281472700575296
x9 0xaaab30f01220 187652237169184
x10 0x80 128
x11 0xffffffff 4294967295
x12 0xffffffff 4294967295
x13 0x8 8
x14 0xaaab31971800 187652248115200
x15 0x0 0
x16 0xffff9006ef88 281473098117000
x17 0xaaaad7f23b60 187650744138592
x18 0xffff7854e2d4 281472700572372
x19 0x0 0
x20 0xaaab30f2d160 187652237349216
x21 0xffff801acf70 281472830984048
x22 0xffff78532e20 281472700460576
x23 0xaaaad88441c0 187650753708480
x24 0x4 4
x25 0x0 0
x26 0xaaab30f06f00 187652237192960
x27 0xffff801acf70 281472830984048
x28 0xffff7854ee40 281472700575296
x29 0xffff877ed530 281472954979632
x30 0xffff8ff066f8 281473096640248
sp 0xffff877ed530 0xffff877ed530
pc 0xaaaad7e9f6ac 0xaaaad7e9f6ac <StorageGetById+12>
cpsr 0x60001000 [ EL=0 BTYPE=0 SSBS C Z ]
fpsr 0x10 [ IXC ]
Actions