Actions
Bug #6239
closedASAN: double free when multi-tenancy enabled and configured
Affected Versions:
Effort:
Difficulty:
Label:
Description
Using 7.0 with multi-tenancy configured, running the suricata-verify tests yields multiple ASAN double free issues.
Several of the tests fail and the error output looks similar: the following is from the bug-2917 test
================================================================= ==1966376==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): #0 0x7ffb0dadc517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7ffb0cd33da6 in _IO_deallocate_file libio/libioP.h:862 #2 0x7ffb0cd33da6 in _IO_new_fclose libio/iofclose.c:74 #3 0x7ffb0dab8e48 in __interceptor_fclose ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:6233 #4 0x7ffb0dab8e48 in __interceptor_fclose ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:6228 #5 0x55f4d71b7a8f in CleanupRuleAnalyzer /home/jlucovsky/src/jal/suricata/src/detect-engine-analyzer.c:423 #6 0x55f4d6985feb in SigLoadSignatures /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:391 #7 0x55f4d693e05c in DetectEngineMultiTenantLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3848 #8 0x55f4d693e786 in DetectLoaderFuncLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3929 #9 0x55f4d6986e5b in DetectLoader /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:602 #10 0x55f4d661c3fb in TmThreadsManagement /home/jlucovsky/src/jal/suricata/src/tm-threads.c:555 #11 0x7ffb0cd49b42 in start_thread nptl/pthread_create.c:442 #12 0x7ffb0cddb9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff) 0x615000296100 is located 0 bytes inside of 472-byte region [0x615000296100,0x6150002962d8) freed by thread T1 (DL#01) here: #0 0x7ffb0dadc517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7ffb0cd33da6 in _IO_deallocate_file libio/libioP.h:862 #2 0x7ffb0cd33da6 in _IO_new_fclose libio/iofclose.c:74 previously allocated by thread T3 (DL#03) here: #0 0x7ffb0dadc867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x7ffb0cd346cd in __fopen_internal libio/iofopen.c:65 #2 0x7ffb0cd346cd in _IO_new_fopen libio/iofopen.c:86 Thread T2 (DL#02) created by T0 (Suricata-Main) here: #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Thread T1 (DL#01) created by T0 (Suricata-Main) here: #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Thread T3 (DL#03) created by T0 (Suricata-Main) here: #0 0x7ffb0da80685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x55f4d66215c6 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1670 #2 0x55f4d69873d4 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:648 #3 0x55f4d693fcd2 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:4143 #4 0x55f4d6612371 in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2553 #5 0x55f4d6614198 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2976 #6 0x55f4d6603f5b in main /home/jlucovsky/src/jal/suricata/src/main.c:22 #7 0x7ffb0ccded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free ==1966376==ABORTING
Failing s-v tests due to the double-free issue:
$ grep -r -e double-free detect-bytejump-03/output/stderr:==2001013==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T1 (DL#01): detect-strip_whitespace-01/output/stderr:==2003286==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): bug-2917/output/stderr:==1992623==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): bug-2917/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free bug-3463/output/stderr:==1992906==ERROR: AddressSanitizer: attempting double-free on 0x6150002b5f00 in thread T3 (DL#03): bug-3515/output/stderr:==1992972==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): bug-3515/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free detect-bytejump-04/output/stderr:==2001063==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): detect-bytejump-04/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free datarep-03-bad-reputation/output/stderr:==1997955==ERROR: AddressSanitizer: attempting double-free on 0x6150002a5d80 in thread T1 (DL#01): datarep-03-bad-reputation/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free rules/dce_stub_data/output/stderr:==2051998==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T3 (DL#03): rules/http_uri/output/stderr:==2052205==ERROR: AddressSanitizer: attempting double-free on 0x615000296100 in thread T2 (DL#02): rules/http_uri/output/stderr:SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free detect-compress_whitespace-01/output/stderr:==2001731==ERROR: AddressSanitizer: attempting double-free on 0x6150002c6080 in thread T2 (DL#02):
Actions