Actions
Bug #4085
closedAssertion from AdjustToAcked
Affected Versions:
Effort:
Difficulty:
Label:
Description
Suricata 6.0 asserts in AdjustToAcked.
~25Gbps of live traffic (educational setting)
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007f2667af2631 in __GI_abort () at abort.c:79
#2 0x00007f2667ae9dba in __assert_fail_base (fmt=0x7f2667c3e438 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5616cd971e85 "!(adjusted > check)",
file=file@entry=0x5616cd971e38 "stream-tcp-reassemble.c", line=line@entry=1066, function=function@entry=0x5616cd971fe0 <__PRETTY_FUNCTION__.27033> "AdjustToAcked") at assert.c:92
#3 0x00007f2667ae9e32 in __GI___assert_fail (assertion=assertion@entry=0x5616cd971e85 "!(adjusted > check)", file=file@entry=0x5616cd971e38 "stream-tcp-reassemble.c", line=line@entry=1066,
function=function@entry=0x5616cd971fe0 <__PRETTY_FUNCTION__.27033> "AdjustToAcked") at assert.c:101
#4 0x00005616cd6aa07f in AdjustToAcked (p=0x7f25cfe73600, data_len=<optimized out>, app_progress=200, stream=<optimized out>, ssn=0x7f24492e14c0) at stream-tcp-reassemble.c:1066
#5 ReassembleUpdateAppLayer (dir=UPDATE_DIR_PACKET, p=0x7f25cfe73600, stream=0x7f25d1efaf98, ssn=0x7f24492e14c0, ra_ctx=0x7f25cfefa000, tv=0x7f263cde6940) at stream-tcp-reassemble.c:1100
#6 StreamTcpReassembleAppLayer (tv=tv@entry=0x7f263cde6940, ra_ctx=ra_ctx@entry=0x7f25cfefa000, ssn=ssn@entry=0x7f24492e14c0, stream=<optimized out>, stream@entry=0x7f24492e14d0, p=p@entry=0x7f25cfe73600,
dir=dir@entry=UPDATE_DIR_PACKET) at stream-tcp-reassemble.c:1231
#7 0x00005616cd6aa893 in StreamTcpReassembleHandleSegment (tv=tv@entry=0x7f263cde6940, ra_ctx=0x7f25cfefa000, ssn=ssn@entry=0x7f24492e14c0, stream=0x7f24492e14d0, p=0x7f25cfe73600, pq=<optimized out>)
at stream-tcp-reassemble.c:1893
#8 0x00005616cd69cd6a in StreamTcpPacketStateCloseWait (tv=0x7f263cde6940, p=0x7f25cfe73600, ssn=0x7f24492e14c0, pq=0x7f25cfef9008, stt=<optimized out>) at stream-tcp.c:3995
#9 0x00005616cd6a123a in StreamTcpStateDispatch (tv=0x7f263cde6940, p=0x7f25cfe73600, stt=0x7f25cfef9000, ssn=0x7f24492e14c0, pq=<optimized out>, state=<optimized out>) at stream-tcp.c:4696
#10 0x00005616cd6a3a15 in StreamTcpPacket (tv=0x7f263cde6940, p=0x7f25cfe73600, stt=0x7f25cfef9000, pq=0x7f25cfebc030) at stream-tcp.c:4858
#11 0x00005616cd6a4607 in StreamTcp (tv=tv@entry=0x7f263cde6940, p=p@entry=0x7f25cfe73600, data=<optimized out>, pq=pq@entry=0x7f25cfebc030) at stream-tcp.c:5194
#12 0x00005616cd65b7d8 in FlowWorkerStreamTCPUpdate (detect_thread=0x7f25cf5ba000, p=0x7f25cfe73600, fw=0x7f25cfebc000, tv=0x7f263cde6940) at flow-worker.c:364
#13 FlowWorker (tv=0x7f263cde6940, p=0x7f25cfe73600, data=0x7f25cfebc000) at flow-worker.c:524
#14 0x00005616cd6b262b in TmThreadsSlotVarRun (tv=0x7f263cde6940, p=0x7f25cfe73600, slot=<optimized out>) at tm-threads.c:127
#15 0x00005616cd695b45 in TmThreadsSlotProcessPkt (p=0x7f25cfe73600, s=<optimized out>, tv=0x7f263cde6940) at tm-threads.h:192
#16 NapatechPacketLoop (tv=0x7f263cde6940, data=0x7f25cfe74000, slot=<optimized out>) at source-napatech.c:1062
#17 0x00005616cd6b480f in TmThreadsSlotPktAcqLoop (td=0x7f263cde6940) at tm-threads.c:322
#18 0x00007f2669729c9a in start_thread (arg=0x7f25d1eff700) at pthread_create.c:486
#19 0x00007f2667bb32cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Occurred with an optimized build so local vars from this occurrence were not available.
With an unoptimized build, was able to retrieve local vars and the stream pointer from frame 4
gdb) p *stream
$1 = {flags = 128, wscale = 14, os_policy = 12 '\f', tcp_flags = 24 '\030', isn = 1896269993, next_seq = 1896269994, last_ack = 1896270095, next_win = 2024474794, window = 128204800, last_ts = 0,
last_pkt_ts = 0, base_seq = 1896269994, app_progress_rel = 302, raw_progress_rel = 0, log_progress_rel = 0, min_inspect_depth = 0, data_required = 0, sb = {cfg = 0x55aca2f5aa90 <stream_config+48>,
stream_offset = 0, buf = 0x7fdbd390d800 "\027\003\003", buf_size = 2048, buf_offset = 101, sbb_tree = {rbh_root = 0x0}, head = 0x0}, seg_tree = {rbh_root = 0x7fda80f83080}, segs_right_edge = 1896270095,
sack_size = 0, sack_tree = {rbh_root = 0x0}}
(gdb) info locals
check = 0
last_ack_abs = 101
adjusted = 4294967095
__PRETTY_FUNCTION__ = "AdjustToAcked"
(gdb)
Actions