Bug #1163
Updated by Victor Julien over 10 years ago
HTP Segfaults - irregular period of time between incidents (have observed cores within as little as 2 minutes or as long as 18+ hours) <pre> Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffb743f700 (LWP 23342)] 0x00007ffff7bcdf8c in htp_connp_REQ_CONNECT_WAIT_RESPONSE (connp=0x7ffdebef14d0) at htp_request.c:322 322 if (connp->in_tx->response_progress <= HTP_RESPONSE_LINE) { (gdb) (gdb) bt #0 0x00007ffff7bcdf8c in htp_connp_REQ_CONNECT_WAIT_RESPONSE (connp=0x7ffdebef14d0) at htp_request.c:322 #1 0x00007ffff7bce3f9 in htp_connp_req_data (connp=0x7ffdebef14d0, timestamp=<value optimized out>, data=<value optimized out>, len=<value optimized out>) at htp_request.c:851 #2 0x00000000004230b1 in HTPHandleRequestData (f=<value optimized out>, htp_state=0x7fff90e4b130, pstate=0x7fff3043f900, input=0x7fffb743c920 "CONNECT tools.google.com:443 HTTP/1.0\r\nHost: tools.google.com\r\nContent-Length: 0\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Negotiate TlRMTVNTUAADAAAAAQABAGIAAAAAAAAAYwAAAAAAAABIAAAAAAAAAEgAA"..., input_len=<value optimized out>, local_data=<value optimized out>) at app-layer-htp.c:720 #3 0x0000000000427d7a in AppLayerParserParse (alp_tctx=<value optimized out>, f=0x7fff5c98baf0, alproto=1, flags=6 '\006', input=<value optimized out>, input_len=<value optimized out>) at app-layer-parser.c:818 #4 0x0000000000410219 in AppLayerHandleTCPData (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, p=0x3738460, f=0x7fff5c98baf0, ssn=0x7ffe90debd90, stream=<value optimized out>, data=0x7fffb743c920 "CONNECT tools.google.com:443 HTTP/1.0\r\nHost: tools.google.com\r\nContent-Length: 0\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Negotiate TlRMTVNTUAADAAAAAQABAGIAAAAAAAAAYwAAAAAAAABIAAAAAAAAAEgAA"..., data_len=279, flags=6 '\006') at app-layer.c:360 #5 0x0000000000517875 in StreamTcpReassembleAppLayer (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debde0, p=0x3738460) at stream-tcp-reassemble.c:3199 #6 0x0000000000517d00 in StreamTcpReassembleHandleSegmentUpdateACK (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debde0, p=0x3738460) at stream-tcp-reassemble.c:3545 #7 0x0000000000519e9a in StreamTcpReassembleHandleSegment (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debd98, p=0x3738460, pq=<value optimized out>) at stream-tcp-reassemble.c:3573 #8 0x00000000005146e5 in StreamTcpPacket (tv=0x1390ed00, p=0x43734a0, stt=0x7fffb0012f00, pq=0x137ecb20) at stream-tcp.c:4363 #9 0x0000000000515cec in StreamTcp (tv=0x1390ed00, p=0x43734a0, data=0x7fffb0012f00, pq=0x137ecb20, postpq=<value optimized out>) at stream-tcp.c:4485 #10 0x000000000052a4d0 in TmThreadsSlotVarRun (tv=0x1390ed00, p=0x43734a0, slot=<value optimized out>) at tm-threads.c:559 #11 0x000000000050bdef in TmThreadsSlotProcessPkt (tv=0x1390ed00, data=<value optimized out>, slot=<value optimized out>) at tm-threads.h:142 #12 ReceivePfringLoop (tv=0x1390ed00, data=<value optimized out>, slot=<value optimized out>) at source-pfring.c:361 #13 0x000000000052a11e in TmThreadsSlotPktAcqLoop (td=0x1390ed00) at tm-threads.c:703 #14 0x00007ffff51be9d1 in start_thread (arg=0x7fffb743f700) at pthread_create.c:301 #15 0x00007ffff4d07b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 </pre> --build-info: <pre> This is Suricata version 2.0 RELEASE Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUAJIT HAVE_LIBJANSSON PROFILING SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.4.7 20120313 (Red Hat 4.4.7-4), C version 199901 compiled with -fstack-protector compiled with _FORTIFY_SOURCE=2 L1 cache line size (CLS)=64 compiled with LibHTP v0.5.10, linked against LibHTP v0.5.10 Suricata Configuration: AF_PACKET support: no PF_RING support: yes NFQueue support: no IPFW support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: yes libnspr support: yes libjansson support: yes Prelude support: no PCRE jit: yes libluajit: yes libgeoip: yes Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: yes Profiling locks enabled: no Coccinelle / spatch: no Generic build parameters: Installation prefix (--prefix): [ REDACTED ] Configuration directory (--sysconfdir): [ REDACTED ] Log directory (--localstatedir) : [ REDACTED ] Host: x86_64-unknown-linux-gnu GCC binary: gcc GCC Protect enabled: yes GCC march native enabled: yes GCC Profile enabled: no </pre> Other configuration items of interest: -Using PF_RING build 7180 w/ DNA driver on Intel 82599 NIC -Suricata is using runmode: workers and cluster_flow -Included IRQ affinity script is being used -ixgbe parameters: MQ=1,1 RSS=16,16 FdirPballoc=3,3 num_rx_slots=32768 mtu=1500 -pf_ring parameters: transparent_mode=2 quick_mode=1 enable_frag_coherence=1 min_num_slots=65536 enable_tx_capture=0 enable_ip_defrag=0