Bug #4797
Updated by Victor Julien over 1 year ago
Note: this issue has been created as a private issue -- I think we can remove the private setting since this is not traffic induced.
When configuring Suricata 7.x/@master@ with multi-tenants, a @SIGSEGV@ occurs:
<pre>
[3076103] 30/10/2021 -- 11:11:22 - (detect-reference.c:142) <Warning> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "bid"
#0 0x7ff765683c5a in memcpy (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a)
#1 0x7ff76638636e (/lib/x86_64-linux-gnu/libasan.so.5+0x9b36e)
#2 0x7ff76603c9ca in pcre2_substring_copy_bynumber_8 (/lib/x86_64-linux-gnu/libpcre2-8.so.0+0x649ca)
#3 0x56074d7f8f1b in SCClassConfAddClasstype /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:264
#4 0x56074d7f965c in SCClassConfParseFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:358
#5 0x56074d7f9e85 in SCClassConfLoadClassficationConfigFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:541
#6 0x56074db5c026 in DetectEngineCtxInitReal /home/jlucovsky/src/jal/suricata/src/detect-engine.c:1994
#7 0x56074db5c21b in DetectEngineCtxInitWithPrefix /home/jlucovsky/src/jal/suricata/src/detect-engine.c:2033
#8 0x56074db63359 in DetectEngineMultiTenantLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3287
#9 0x56074db63baf in DetectLoaderFuncLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3380
#10 0x56074dba465d in DetectLoader /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:593
#11 0x56074d7dffc7 in TmThreadsManagement /home/jlucovsky/src/jal/suricata/src/tm-threads.c:552
#12 0x7ff766095608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#13 0x7ff7656e7292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a) in memcpy
Thread T1 (DL#01) created by T0 (Suricata-Main) here:
#0 0x7ff766325805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x56074d7e53e9 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1733
#2 0x56074dba4b94 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:635
#3 0x56074db65073 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3597
#4 0x56074d7d3e8b in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2333
#5 0x56074d7d5eb5 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2787
#6 0x56074d7c7cfb in main /home/jlucovsky/src/jal/suricata/src/main.c:22
#7 0x7ff7655ec0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
==3076088==ABORTING
</pre> <pre>
The same configuration does not crash with @master-6.0.x@
I've attached the configuration files that I'm using -- they contain pathnames that will require modification
Add @include: /path/to/tenant.haml@ to @suricata.yaml@