Bug #2155: engine file logging race condition - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2155

closed

engine file logging race condition

Added by Peter Manev over 7 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

4.0rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Observing the following with ASAN on live traffic while using - 4.0.0-dev (rev 7c119cc)

==31026==ERROR: AddressSanitizer: attempting double-free on 0x61600000f380 in thread T18 (FM#01):
    #0 0x4bf210 in __interceptor_cfree.localalias.0 (/usr/local/bin/suricata+0x4bf210)
    #1 0x7fe8f245f362 in fclose /build/glibc-9tT8Do/glibc-2.23/libio/iofclose.c:84
    #2 0x4bd768 in __interceptor_fclose (/usr/local/bin/suricata+0x4bd768)
    #3 0xc3bbed in SCLogReopen /home/pevman/tests/git/oisf/src/util-debug.c:518:5
    #4 0xc39a87 in SCLogMessage /home/pevman/tests/git/oisf/src/util-debug.c:581:25
    #5 0x986a1a in FlowManager /home/pevman/tests/git/oisf/src/flow-manager.c:769:17
    #6 0xc066e1 in TmThreadsManagement /home/pevman/tests/git/oisf/src/tm-threads.c:709:9
    #7 0x7fe8f47ed6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #8 0x7fe8f24f882c in clone /build/glibc-9tT8Do/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109

0x61600000f380 is located 0 bytes inside of 552-byte region [0x61600000f380,0x61600000f5a8)
freed by thread T19 (FM#02) here:
    #0 0x4bf210 in __interceptor_cfree.localalias.0 (/usr/local/bin/suricata+0x4bf210)
    #1 0x7fe8f245f362 in fclose /build/glibc-9tT8Do/glibc-2.23/libio/iofclose.c:84

previously allocated by thread T0 (Suricata-Main) here:
    #0 0x4bf398 in __interceptor_malloc (/usr/local/bin/suricata+0x4bf398)
    #1 0x7fe8f245fcdc in __fopen_internal /build/glibc-9tT8Do/glibc-2.23/libio/iofopen.c:69

Thread T18 (FM#01) created by T0 (Suricata-Main) here:
    #0 0x4317a9 in pthread_create (/usr/local/bin/suricata+0x4317a9)
    #1 0xc00215 in TmThreadSpawn /home/pevman/tests/git/oisf/src/tm-threads.c:1903:14
    #2 0x981fee in FlowManagerThreadSpawn /home/pevman/tests/git/oisf/src/flow-manager.c:850:13
    #3 0xb042af in RunModeDispatch /home/pevman/tests/git/oisf/src/runmodes.c:399:9
    #4 0xbcb6d4 in main /home/pevman/tests/git/oisf/src/suricata.c:2882:5
    #5 0x7fe8f241282f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Thread T19 (FM#02) created by T0 (Suricata-Main) here:
    #0 0x4317a9 in pthread_create (/usr/local/bin/suricata+0x4317a9)
    #1 0xc00215 in TmThreadSpawn /home/pevman/tests/git/oisf/src/tm-threads.c:1903:14
    #2 0x981fee in FlowManagerThreadSpawn /home/pevman/tests/git/oisf/src/flow-manager.c:850:13
    #3 0xb042af in RunModeDispatch /home/pevman/tests/git/oisf/src/runmodes.c:399:9
    #4 0xbcb6d4 in main /home/pevman/tests/git/oisf/src/suricata.c:2882:5
    #5 0x7fe8f241282f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: double-free (/usr/local/bin/suricata+0x4bf210) in __interceptor_cfree.localalias.0
==31026==ABORTING

No core is produced. Details attached.

Files

ASAN-ABRT (9.98 KB) ASAN-ABRT

Peter Manev, 06/22/2017 03:34 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2155

engine file logging race condition

Updated by Victor Julien over 7 years ago

Updated by Victor Julien over 7 years ago

Updated by Victor Julien over 7 years ago

Updated by Victor Julien over 7 years ago