Bug #6239: ASAN: double free when multi-tenancy enabled and configured - Suricata - Open Information Security Foundation

Bug #6239

Updated by Jeff Lucovsky over 1 year ago

Using 7.0 with multi-tenancy configured, running the suricata-verify tests yields multiple ASAN double free issues.   

 Several of the tests fail and the error output looks similar:    the following is from the bug-2917 test 

 <pre> 
 ================================================================= 
 ==1966376==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): 
     #0 0x7ffb0dadc517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 
     #1 0x7ffb0cd33da6 in _IO_deallocate_file libio/libioP.h:862 
     #2 0x7ffb0cd33da6 in _IO_new_fclose libio/iofclose.c:74 
     #3 0x7ffb0dab8e48 in __interceptor_fclose ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:6233 
     #4 0x7ffb0dab8e48 in __interceptor_fclose ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:6228 
     #5 0x55f4d71b7a8f in CleanupRuleAnalyzer /home/jlucovsky/src/jal/suricata/src/detect-engine-analyzer.c:423 
     #6 0x55f4d6985feb in SigLoadSignatures /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:391 
     #7 0x55f4d693e05c in DetectEngineMultiTenantLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3848 
     #8 0x55f4d693e786 in DetectLoaderFuncLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3929 
     #9 0x55f4d6986e5b in DetectLoader /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:602 
     #10 0x55f4d661c3fb in TmThreadsManagement /home/jlucovsky/src/jal/suricata/src/tm-threads.c:555 
     #11 0x7ffb0cd49b42 in start_thread nptl/pthread_create.c:442 
     #12 0x7ffb0cddb9ff    (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff) 

 0x615000296100 is located 0 bytes inside of 472-byte region [0x615000296100,0x6150002962d8) 
 freed by thread T1 (DL#01) here: 
     #0 0x7ffb0dadc517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 
     #1 0x7ffb0cd33da6 in _IO_deallocate_file libio/libioP.h:862 
     #2 0x7ffb0cd33da6 in _IO_new_fclose libio/iofclose.c:74 

 previously allocated by thread T3 (DL#03) here: 
     #0 0x7ffb0dadc867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 
     #1 0x7ffb0cd346cd in __fopen_internal libio/iofopen.c:65 
     #2 0x7ffb0cd346cd in _IO_new_fopen libio/iofopen.c:86 

 Thread T2 (DL#02) created by T0 (Suricata-Main) here: 
     #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 
     #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 
     #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 
     #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 
     #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 
     #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 
     #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 
     #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 

 Thread T1 (DL#01) created by T0 (Suricata-Main) here: 
     #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 
     #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 
     #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 
     #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 
     #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 
     #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 
     #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 
     #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 

 Thread T3 (DL#03) created by T0 (Suricata-Main) here: 
     #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 
     #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 
     #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 
     #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 
     #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 
     #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 
     #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 
     #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 

 SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 ==1966376==ABORTING 
 </pre> 


 Failing s-v tests due to the double-free issue: 
 <pre> 
 $ grep -r -e double-free 
 detect-bytejump-03/output/stderr:==2001013==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T1 (DL#01): 
 detect-strip_whitespace-01/output/stderr:==2003286==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): 
 bug-2917/output/stderr:==1992623==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): 
 bug-2917/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 bug-3463/output/stderr:==1992906==ERROR: AddressSanitizer: attempting double-free on 0x6150002b5f00 in thread T3 (DL#03): 
 bug-3515/output/stderr:==1992972==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): 
 bug-3515/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 detect-bytejump-04/output/stderr:==2001063==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): 
 detect-bytejump-04/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 datarep-03-bad-reputation/output/stderr:==1997955==ERROR: AddressSanitizer: attempting double-free on 0x6150002a5d80 in thread T1 (DL#01): 
 datarep-03-bad-reputation/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 rules/dce_stub_data/output/stderr:==2051998==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): 
 rules/http_uri/output/stderr:==2052205==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): 
 rules/http_uri/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free 
 detect-compress_whitespace-01/output/stderr:==2001731==ERROR: AddressSanitizer: attempting double-free on 0x6150002c6080 in thread T2 (DL#02): 
 </pre>

Back

Project

General

Profile

Suricata

Bug #6239