Project

General

Profile

Actions

Bug #5954

open

redis: output crash on Mac

Added by jia mo over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

the depend lib `otool -l ` like


    /System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 60420.60.24)
    /usr/local/opt/lz4/lib/liblz4.1.dylib (compatibility version 1.0.0, current version 1.9.4)
    /usr/local/opt/libevent/lib/libevent_pthreads-2.1.7.dylib (compatibility version 8.0.0, current version 8.1.0)
    /usr/local/opt/libevent/lib/libevent-2.1.7.dylib (compatibility version 8.0.0, current version 8.1.0)
    /usr/local/opt/hiredis/lib/libhiredis.1.0.0.dylib (compatibility version 0.0.0, current version 0.0.0)
    /usr/local/opt/libmagic/lib/libmagic.1.dylib (compatibility version 2.0.0, current version 2.0.0)
    /usr/lib/libpcap.A.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/opt/jansson/lib/libjansson.4.dylib (compatibility version 19.0.0, current version 19.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.0.0)
    /usr/local/opt/libyaml/lib/libyaml-0.2.dylib (compatibility version 3.0.0, current version 3.9.0)
    /usr/local/opt/pcre2/lib/libpcre2-8.0.dylib (compatibility version 12.0.0, current version 12.2.0)
    /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
    @rpath/libhs.5.dylib (compatibility version 5.0.0, current version 5.4.0)@

Some crash and bt

* thread #8, stop reason = signal SIGABRT
  * frame #0: 0x00007ff81db2600e libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007ff81db5c1ff libsystem_pthread.dylib`pthread_kill + 263
    frame #2: 0x00007ff81daa7d24 libsystem_c.dylib`abort + 123
    frame #3: 0x00007ff81d985357 libsystem_malloc.dylib`malloc_vreport + 551
    frame #4: 0x00007ff81d98852b libsystem_malloc.dylib`malloc_report + 151
    frame #5: 0x00000001086c1150 libhiredis.1.0.0.dylib`sdsMakeRoomFor + 484
    frame #6: 0x00000001086c1790 libhiredis.1.0.0.dylib`sdscatlen + 92
    frame #7: 0x00000001086c05ee libhiredis.1.0.0.dylib`__redisAppendCommand + 21
    frame #8: 0x00000001086c449e libhiredis.1.0.0.dylib`__redisAsyncCommand + 312
    frame #9: 0x00000001086c4342 libhiredis.1.0.0.dylib`redisvAsyncCommand + 59
    frame #10: 0x00000001086c4780 libhiredis.1.0.0.dylib`redisAsyncCommand + 116
    frame #11: 0x0000000107671a9e suricata`LogFileWriteRedis [inlined] SCLogRedisWriteAsync(file_ctx=0x00007f9840e44ff0, string=<unavailable>, string_len=<unavailable>) at util-log-redis.c:272:5 [opt]
    frame #12: 0x0000000107671a5f suricata`LogFileWriteRedis(lf_ctx=0x00007f9840e44ff0, string="{\"timestamp\":\"2023-03-29T22:07:56.041516+0800\",\"flow_id\":2211838813884549,\"in_iface\":\"en0\",\"event_type\":\"flow\",\"src_ip\":\"10.10.10.205\",\"src_port\":58630,\"dest_ip\":\"8.8.8.8\",\"dest_port\":443,\"proto\":\"TCP\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_tos"..., string_len=<unavailable>) at util-log-redis.c:445:16 [opt]
    frame #13: 0x00000001076715df suricata`LogFileWrite(file_ctx=0x00007f9840e44ff0, buffer=0x00007f984130c000) at util-logopenfile.c:985:9 [opt]
    frame #14: 0x0000000107623980 suricata`OutputJsonBuilderBuffer(js=0x0000600002de36c0, ctx=0x0000600003888d60) at output-json.c:960:5 [opt]
    frame #15: 0x000000010762a085 suricata`JsonFlowLogger(tv=<unavailable>, thread_data=0x0000600003888d60, f=<unavailable>) at output-json-flow.c:339:5 [opt]
    frame #16: 0x000000010761ec2d suricata`OutputFlowLog(tv=0x00007f98430bc060, thread_data=<unavailable>, f=0x00007f9840e0cba0) at output-flow.c:108:9 [opt]
    frame #17: 0x000000010760ec25 suricata`FlowWorker [inlined] CheckWorkQueue(tv=<unavailable>, fw=0x0000600000d38a80, detect_thread=0x00007f9841270db0, counters=<unavailable>, fq=0x0000600000d38ae8, max_work=<unavailable>) at flow-worker.c:196:19 [opt]
    frame #18: 0x000000010760ea33 suricata`FlowWorker [inlined] FlowWorkerProcessLocalFlows(tv=<unavailable>, fw=0x0000600000d38a80, p=<unavailable>, detect_thread=0x00007f9841270db0) at flow-worker.c:496:9 [opt]
    frame #19: 0x000000010760e9f6 suricata`FlowWorker(tv=<unavailable>, p=<unavailable>, data=0x0000600000d38a80) at flow-worker.c:615:5 [opt]
    frame #20: 0x000000010765745d suricata`TmThreadsSlotVarRun(tv=0x00007f98430bc060, p=0x00007f983e990800, slot=<unavailable>) at tm-threads.c:119:21 [opt]
    frame #21: 0x000000010765a021 suricata`TmThreadsSlotVar(td=0x00007f98430bc060) at tm-threads.c:466:17 [opt]
    frame #22: 0x00007ff81db5c4e1 libsystem_pthread.dylib`_pthread_start + 125
    frame #23: 0x00007ff81db57f6b libsystem_pthread.dylib`thread_start + 15

another one

* frame #0: 0x00007ff81db2600e libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007ff81db5c1ff libsystem_pthread.dylib`pthread_kill + 263
    frame #2: 0x00007ff81daa7d24 libsystem_c.dylib`abort + 123
    frame #3: 0x00007ff81d985357 libsystem_malloc.dylib`malloc_vreport + 551
    frame #4: 0x00007ff81d999308 libsystem_malloc.dylib`malloc_zone_error + 178
    frame #5: 0x00007ff81d9780e8 libsystem_malloc.dylib`nanov2_allocate_from_block + 582
    frame #6: 0x00007ff81d977677 libsystem_malloc.dylib`nanov2_allocate + 130
    frame #7: 0x00007ff81d97968f libsystem_malloc.dylib`nanov2_calloc + 126
    frame #8: 0x00007ff81d993b75 libsystem_malloc.dylib`_malloc_zone_calloc + 60
    frame #9: 0x00000001002c07bc suricata`jb_set_string [inlined] alloc::alloc::alloc_zeroed::h26a377e0a6a55801 at alloc.rs:166:14 [opt]
    frame #10: 0x00000001002c07af suricata`jb_set_string at alloc.rs:177:43 [opt]
    frame #11: 0x00000001002c07af suricata`jb_set_string [inlined] _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate_zeroed::h2157e7ce62d5ac1c(self=<unavailable>, layout=Layout @ 0x0000600002aff560) at alloc.rs:242:9 [opt]
    frame #12: 0x00000001002c07af suricata`jb_set_string at raw_vec.rs:186:38 [opt]
    frame #13: 0x00000001002c079a suricata`jb_set_string [inlined] alloc::raw_vec::RawVec$LT$T$C$A$GT$::with_capacity_zeroed_in::h3a1aec9cdf261947 at raw_vec.rs:139:9 [opt]
    frame #14: 0x00000001002c079a suricata`jb_set_string [inlined] _$LT$u8$u20$as$u20$alloc..vec..spec_from_elem..SpecFromElem$GT$::from_elem::h63dcbb614b2f8fa4(elem='\0', n=8, alloc=<unavailable>) at spec_from_elem.rs:52:31 [opt]
    frame #15: 0x00000001002c0797 suricata`jb_set_string [inlined] alloc::vec::from_elem::h5a5e8b4c34870222(elem='\0', n=8) at mod.rs:2557:5 [opt]
    frame #16: 0x00000001002c0797 suricata`jb_set_string at macros.rs:47:36 [opt]
    frame #17: 0x00000001002c06f8 suricata`jb_set_string [inlined] suricata::jsonbuilder::JsonBuilder::set_string::h8abb79bec1eb5558 at jsonbuilder.rs:455:9 [opt]
    frame #18: 0x00000001002c063d suricata`jb_set_string(js=0x000060000182ce00, key=<unavailable>, val=<unavailable>) at jsonbuilder.rs:741:20 [opt]
    frame #19: 0x00000001000d4b4f suricata`JsonFlowLogger [inlined] CreateEveHeaderFromFlow(f=<unavailable>) at output-json-flow.c:104:9 [opt]
    frame #20: 0x00000001000d49e5 suricata`JsonFlowLogger(tv=<unavailable>, thread_data=0x00006000003242c0, f=0x000000010602f6d0) at output-json-flow.c:332:23 [opt]
    frame #21: 0x00000001000c9c2d suricata`OutputFlowLog(tv=0x000000010220c630, thread_data=<unavailable>, f=0x000000010602f6d0) at output-flow.c:108:9 [opt]
    frame #22: 0x00000001000b6fb9 suricata`FlowRecycler [inlined] Recycler(tv=0x000000010220c630, ftd=0x000060000182c6c0, f=0x000000010602f6d0) at flow-manager.c:1030:11 [opt]
    frame #23: 0x00000001000b6f9e suricata`FlowRecycler(th_v=0x000000010220c630, thread_data=<unavailable>) at flow-manager.c:1076:13 [opt]
    frame #24: 0x000000010010567d suricata`TmThreadsManagement(td=0x000000010220c630) at tm-threads.c:552:9 [opt]
    frame #25: 0x00007ff81db5c4e1 libsystem_pthread.dylib`_pthread_start + 125
    frame #26: 0x00007ff81db57f6b libsystem_pthread.dylib`thread_start + 15

the eve config is:

  - eve-log:
      enabled: yes
      filetype: redis
      # filename: /Users/jiamo/engine/diting_suricata/flow.log
      ethernet: true
      redis:
        server: 127.0.0.1
        port: 6379
        async: true ## if redis replies are read asynchronously
        mode: rpush ## possible values: list|lpush (default), rpush, channel|publish
        key: suricata_flow ## key or channel to use (default to suricata)
        pipelining:
          enabled: yes ## set enable to yes to enable query pipelining
          batch-size: 10 ## number of entries to keep in buffer
      community-id: true      # Seed value for the ID output. Valid values are 0-65535.      
      community-id-seed: 1    
      types:        
        - flow
Actions #1

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.0-rc2 to TBD
  • Affected Versions deleted (7.0.0-rc2)
Actions #2

Updated by Victor Julien over 1 year ago

  • Subject changed from mac + redis output crash to redis: output crash on Mac
Actions #3

Updated by Jeff Lucovsky over 1 year ago

@jia mo
- What's the Suricata version?
- Can you post part of your suricata.log?

Actions

Also available in: Atom PDF