Bug #7201
open
Thread 178 "W#21-84:00.0" received signal SIGSEGV, Segmentation fault.
Added by Andre ten Bohmer 5 months ago.
Updated 5 months ago.
Description
$ gdb --args /bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --user root --dpdk -vvv
...
Info: unix-manager: unix socket '/var/run/suricata/suricata-command.socket' [UnixNew:unix-manager.c:136]
[New Thread 0x7ffa1e7fc700 (LWP 426474)]
Perf: threads: Setting prio 0 for thread "US", thread id 426474 [TmThreadSetupOptions:tm-threads.c:880]
Notice: threads: Threads created -> W: 102 FM: 5 FR: 5 Engine started. [TmThreadWaitOnThreadRunning:tm-threads.c:1905]
Perf: hugepages: 1048576kB hugepages on NUMA node 0 are unused and can be deallocated [SystemHugepageEvaluateHugepages:util-hugepages.c:392]
Perf: hugepages: 1048576kB hugepages on NUMA node 1 are unused and can be deallocated [SystemHugepageEvaluateHugepages:util-hugepages.c:392]
$ var/log/messages
Aug 6 13:16:02 scomp1720 suricata[429004]: Error: suricata: stacktrace:sig 11:_ZN7asn1_rs3ber6parser16parse_identifier17h706e4bbd499420bdE+0x00000009;_ZN68_$LT$asn1_rs..header..Header$u20$as$u20$asn1_rs..traits..FromBer$GT$8from_ber17h0289b4881648c0c8E+0x0000001b;_ZN74_$LT$asn1_rs..asn1_types..any..Any$u20$as$u20$asn1_rs..traits..FromBer$GT$8from_ber17hc55d0e1b3f054bd2E+0x0000001a;_ZN7asn1_rs10asn1_types8sequence8Sequence17from_ber_and_then17h01edd81d2a595c9fE+0x0000001f;_ZN11ldap_parser6parser122_$LT$impl$u20$asn1_rs..traits..FromBer$LT$ldap_parser..error..LdapError$GT$$u20$for$u20$ldap_parser..ldap..LdapMessage$GT$8from_ber17ha3d978c010061d90E+0x00000009;SCLdapParseResponse+0x0000008d;AppLayerParserParse+0x000002e2;AppLayerHandleTCPData+0x000000e8;StreamTcpReassembleAppLayer+0x000005e1;StreamTcpReassembleHandleSegment+0x0000013f;StreamTcpPacketStateEstablished+0x0000043d;StreamTcpStateDispatch+0x000002b8;StreamTcpPacket+0x0000069d;StreamTcp+0x0000009f;FlowWorker+0x000001df;TmThreadsSlotVarRun+0x00000037;ReceiveDPDKLoop+0x000002a5;TmThreadsSlotPktAcqLoop+0x0000019c;start_thread+0x000000ea;clone+0x00000043 [SignalHandlerUnexpected:suricata.c:327]
Aug 6 13:16:04 scomp1720 systemd[1]: suricata.service: Main process exited, code=killed, status=11/SEGV
Thread 178 "W#21-84:00.0" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffd65428700 (LWP 426330)]
asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119
119 let mut c = u32::from(i[0] & 0b0001_1111);
Missing separate debuginfos, use: yum debuginfo-install bzip2-libs-1.0.6-26.el8.x86_64 file-libs-5.33-26.el8.x86_64 glibc-2.28-251.el8_10.2.x86_64 jansson-2.14-1.el8.x86_64 libacl-2.2.53-3.el8.x86_64 libarchive-3.3.3-5.el8.x86_64 libatomic-8.5.0-22.el8_10.x86_64 libattr-2.4.48-3.el8.x86_64 libbsd-0.12.2-1.el8.x86_64 libcap-ng-0.7.11-1.el8.x86_64 libgcc-8.5.0-22.el8_10.x86_64 libibverbs-2304mlnx44-1.2304113.x86_64 libmaxminddb-1.2.0-10.el8_9.1.x86_64 libmd-1.1.0-1.el8.x86_64 libnl3-3.7.0-1.el8.x86_64 libpcap-1.9.1-5.el8.x86_64 libstdc++-8.5.0-22.el8_10.x86_64 libunwind-1.3.1-3.el8.x86_64 libxml2-2.9.7-18.el8_10.1.x86_64 libyaml-0.1.7-5.el8.x86_64 lz4-libs-1.8.3-3.el8_4.x86_64 pcre2-10.32-3.el8_6.x86_64 xz-libs-5.2.4-4.el8_6.x86_64 zlib-1.2.11-25.el8.x86_64
~]# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: RedHatEnterprise
Description: Red Hat Enterprise Linux release 8.10 (Ootpa)
Release: 8.10
~]# uname -a
Linux scomp1720 4.18.0-553.8.1.el8_10.x86_64 #1 SMP Fri Jun 14 03:19:37 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux
~]# getenforce
Permissive
~]# suricata -V
This is Suricata version 8.0.0-dev (61cb14d27 2024-08-04)
~]# dpdk-proc-info -v
EAL: RTE Version: 'DPDK 24.03.0'
Files
$ gdb --args /bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --user root --dpdk -vvv
Perf: threads: Setting prio 0 for thread "CW", thread id 431663 [TmThreadSetupOptions:tm-threads.c:880]
[New Thread 0x7ffa1effd700 (LWP 431664)]
Perf: threads: Setting prio 0 for thread "CS", thread id 431664 [TmThreadSetupOptions:tm-threads.c:880]
Info: unix-manager: unix socket '/var/run/suricata/suricata-command.socket' [UnixNew:unix-manager.c:136]
[New Thread 0x7ffa1e7fc700 (LWP 431665)]
Perf: threads: Setting prio 0 for thread "US", thread id 431665 [TmThreadSetupOptions:tm-threads.c:880]
Notice: threads: Threads created -> W: 102 FM: 5 FR: 5 Engine started. [TmThreadWaitOnThreadRunning:tm-threads.c:1905]
Perf: hugepages: 1048576kB hugepages on NUMA node 0 are unused and can be deallocated [SystemHugepageEvaluateHugepages:util-hugepages.c:392]
$ systemctl start suricata
$ tail -f -s0 /var/log/messages
...
Aug 6 13:25:26 scomp1720 suricata[431990]: TELEMETRY: No legacy callbacks, legacy socket not created
Aug 6 13:25:26 scomp1720 suricata[431990]: TELEMETRY: No legacy callbacks, legacy socket not created
Aug 6 13:25:26 scomp1720 suricata[431990]: Warning: dpdk: 0000:10:00.0: device queue descriptors adjusted (RX: from 32768 to 4096, TX: from 32768 to 4096) [DeviceConfigure:runmode-dpdk.c:1490]
Aug 6 13:25:26 scomp1720 suricata[431990]: Notice: log-pcap: Ring buffer initialized with 722 files. [PcapLogInitRingBuffer:log-pcap.c:986]
Aug 6 13:25:28 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:28 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:30 scomp1720 suricata[431990]: Warning: dpdk: 0000:84:00.0: device queue descriptors adjusted (RX: from 32768 to 4096, TX: from 32768 to 4096) [DeviceConfigure:runmode-dpdk.c:1490]
Aug 6 13:25:32 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:32 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:34 scomp1720 suricata[431990]: Warning: dpdk: 0000:10:00.1: device queue descriptors adjusted (RX: from 32768 to 4096, TX: from 32768 to 4096) [DeviceConfigure:runmode-dpdk.c:1490]
Aug 6 13:25:35 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:35 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:35 scomp1720 suricata[431990]: Warning: dpdk: 0000:0f:00.0: device queue descriptors adjusted (RX: from 32768 to 4096, TX: from 32768 to 4096) [DeviceConfigure:runmode-dpdk.c:1490]
Aug 6 13:25:37 scomp1720 suricata[431990]: Warning: dpdk: 0000:84:00.1: device queue descriptors adjusted (RX: from 32768 to 4096, TX: from 32768 to 4096) [DeviceConfigure:runmode-dpdk.c:1490]
Aug 6 13:25:39 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:39 scomp1720 suricata[431990]: ice_vsi_config_outer_vlan_stripping(): Single VLAN mode (SVM) does not support qinq
Aug 6 13:25:39 scomp1720 suricata[431990]: Notice: threads: Threads created -> W: 102 FM: 5 FR: 5 Engine started. [TmThreadWaitOnThreadRunning:tm-threads.c:1905]
Aug 6 13:25:41 scomp1720 suricata[431990]: Error: suricata: stacktrace:sig 11:_ZN7asn1_rs3ber6parser16parse_identifier17h706e4bbd499420bdE+0x00000009;_ZN68_$LT$asn1_rs..header..Header$u20$as$u20$asn1_rs..traits..FromBer$GT$8from_ber17h0289b4881648c0c8E+0x0000001b;_ZN74_$LT$asn1_rs..asn1_types..any..Any$u20$as$u20$asn1_rs..traits..FromBer$GT$8from_ber17hc55d0e1b3f054bd2E+0x0000001a;_ZN7asn1_rs10asn1_types8sequence8Sequence17from_ber_and_then17h01edd81d2a595c9fE+0x0000001f;_ZN11ldap_parser6parser122_$LT$impl$u20$asn1_rs..traits..FromBer$LT$ldap_parser..error..LdapError$GT$$u20$for$u20$ldap_parser..ldap..LdapMessage$GT$8from_ber17ha3d978c010061d90E+0x00000009;SCLdapParseRequest+0x0000009d;AppLayerParserParse+0x000002e2;AppLayerHandleTCPData+0x000000e8;StreamTcpReassembleAppLayer+0x000005e1;StreamTcpReassembleHandleSegment+0x0000013f;StreamTcpPacketStateEstablished+0x0000043d;StreamTcpStateDispatch+0x000002b8;StreamTcpPacket+0x0000069d;StreamTcp+0x0000009f;FlowWorker+0x000001df;TmThreadsSlotVarRun+0x00000037;ReceiveDPDKLoop+0x000002a5;TmThreadsSlotPktAcqLoop+0x0000019c;start_thread+0x000000ea;clone+0x00000043 [SignalHandlerUnexpected:suricata.c:327]
Aug 6 13:25:43 scomp1720 systemd[1]: suricata.service: Main process exited, code=killed, status=11/SEGV
Aug 6 13:25:43 scomp1720 systemd[1]: suricata.service: Failed with result 'signal'.
Perf: hugepages: 1048576kB hugepages on NUMA node 1 are unused and can be deallocated [SystemHugepageEvaluateHugepages:util-hugepages.c:392]
Thread 178 "W#21-84:00.0" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffd65428700 (LWP 431561)]
asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119
119 let mut c = u32::from(i[0] & 0b0001_1111);
Missing separate debuginfos, use: yum debuginfo-install bzip2-libs-1.0.6-26.el8.x86_64 file-libs-5.33-26.el8.x86_64 glibc-2.28-251.el8_10.2.x86_64 jansson-2.14-1.el8.x86_64 libacl-2.2.53-3.el8.x86_64 libarchive-3.3.3-5.el8.x86_64 libatomic-8.5.0-22.el8_10.x86_64 libattr-2.4.48-3.el8.x86_64 libbsd-0.12.2-1.el8.x86_64 libcap-ng-0.7.11-1.el8.x86_64 libgcc-8.5.0-22.el8_10.x86_64 libibverbs-2304mlnx44-1.2304113.x86_64 libmaxminddb-1.2.0-10.el8_9.1.x86_64 libmd-1.1.0-1.el8.x86_64 libnl3-3.7.0-1.el8.x86_64 libpcap-1.9.1-5.el8.x86_64 libstdc++-8.5.0-22.el8_10.x86_64 libunwind-1.3.1-3.el8.x86_64 libxml2-2.9.7-18.el8_10.1.x86_64 libyaml-0.1.7-5.el8.x86_64 lz4-libs-1.8.3-3.el8_4.x86_64 pcre2-10.32-3.el8_6.x86_64 xz-libs-5.2.4-4.el8_6.x86_64 zlib-1.2.11-25.el8.x86_64
Prio can be lowered: working fallback to
~]# suricatasc -c version
{"message": "7.0.6 RELEASE", "return": "OK"}
- Priority changed from Immediate to High
- Description updated (diff)
I think this is duplicate is #7176. You could work around this by disabling ldap in the yaml.
ldap is not enabled due to older suricata.yaml config (so also time to update this ;)
Can you post the full bt
output from gdb
?
See attached file, full script session of gdb with bt at the end.
LDAP is apparently enabled anyway:
#5 0x00000000008b2329 in ldap_parser::parser::<impl asn1_rs::traits::FromBer<ldap_parser::error::LdapError> for ldap_parser::ldap::LdapMessage>::from_ber (bytes=...) at src/parser.rs:232
#6 0x0000000000780aad in suricata::ldap::types::ldap_parse_msg (input=...) at src/ldap/types.rs:644
#7 suricata::ldap::ldap::LdapState::parse_response (self=0x7ffed6411430, input=...) at src/ldap/ldap.rs:201
#8 suricata::ldap::ldap::SCLdapParseResponse (_flow=<optimized out>, state=0x7ffed6411430, pstate=<optimized out>, stream_slice=..., _data=<optimized out>) at src/ldap/ldap.rs:338
#9 0x0000000000518aa2 in AppLayerParserParse (tv=tv@entry=0x25c1e160, alp_tctx=0x7ffed5a806f0, f=f@entry=0x7ff9b99b9bd0, alproto=<optimized out>, flags=flags@entry=24 '\030', input=input@entry=0x0, input_len=84)
at app-layer-parser.c:1362
Probably by default:
]# grep -i ldap /etc/suricata/suricata.yaml -c
0
]# suricata -V
This is Suricata version 8.0.0-dev (564a6c9a2 2024-08-07)
Running smooth again. Also modified suricata.yaml to reflect latest v8 config instead of the v7 setup. ldap is disabled
Also available in: Atom
PDF