Actions
Bug #7360
openBUG_ON triggered from GetLeftEdge
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi! During fuzz testing an assert was identified in the GetLeftEdge function.
Stack trace is
./fuzz_predefpcap_aware: Running 1 inputs 1 time(s) each.
Running: crash-769f80750c1dc3bbf5706dee2e740a356fc4fbca
fuzz_predefpcap_aware: stream-tcp-list.c:835: uint64_t GetLeftEdge(Flow *, TcpSession *, TcpStream *): Assertion `!((last_ack_abs < left_edge && !StreamTcpInlineMode() && !f->ffr && ssn->state < TCP_CLOSED))' failed.
==27034== ERROR: libFuzzer: deadly signal
#0 0x57bd0b91a884 in __sanitizer_print_stack_trace /llvm-project-llvmorg-18.1.8/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3
#1 0x57bd0b8ee098 in fuzzer::PrintStackTrace() /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x57bd0b8d3953 in fuzzer::Fuzzer::CrashCallback() /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:231:3
#3 0x717953d2151f (/lib/x86_64-linux-gnu/libc.so.6+0x4251f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#4 0x717953d759fb in pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fb) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#5 0x717953d21475 in gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42475) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#6 0x717953d077f2 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f2) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#7 0x717953d0771a (/lib/x86_64-linux-gnu/libc.so.6+0x2871a) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#8 0x717953d18e95 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x39e95) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#9 0x57bd0ba11bcf in GetLeftEdge /suricata/src/stream-tcp-list.c:834:5
#10 0x57bd0ba11633 in StreamTcpPruneSession /suricata/src/stream-tcp-list.c:928:32
#11 0x57bd0b9ba011 in FlowWorker /suricata/src/flow-worker.c:659:13
#12 0x57bd0b91c10a in LLVMFuzzerTestOneInput /suricata/src/tests/fuzz/fuzz_predefpcap_aware.c:140:13
#13 0x57bd0b8d4f43 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#14 0x57bd0b8bea6f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#15 0x57bd0b8c478a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#16 0x57bd0b8eea22 in main /llvm-project-llvmorg-18.1.8/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#17 0x717953d08d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#18 0x717953d08e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#19 0x57bd0b8b9434 in _start (/suricata/src/fuzz_predefpcap_aware+0x154434)
Build info:
This is Suricata version 8.0.0-dev (3a7eef812 2024-10-28)
Features: DEBUG_VALIDATION PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LUA HAVE_JA3 HAVE_JA4 HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST POPCNT64
SIMD support: SSE_2
Atomic intrinsics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version Clang 18.1.8, C version 201112
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.49, linked against LibHTP v0.5.49
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: no
DPDK support: no
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
PCRE jit: yes
GeoIP2 support: yes
JA3 support: yes
JA4 support: yes
Non-bundled htp: no
Hyperscan support: no
Libnet support: yes
liblz4 support: no
Landlock support: yes
Systemd support: yes
Rust support: yes
Rust strict mode: no
Rust compiler path: /root/.cargo/bin/rustc
Rust compiler version: rustc 1.82.0 (f6e511eec 2024-10-15)
Cargo path: /root/.cargo/bin/cargo
Cargo version: cargo 1.82.0 (8f40fc59f 2024-08-21)
Python support: no
Python path: not set
Install suricatactl: requires python
Install suricatasc: requires python
Install suricata-update: no, not bundled
Profiling enabled: no
Profiling locks enabled: no
Profiling rules enabled: no
Plugin support (experimental): yes
DPDK Bond PMD: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: yes
Fuzz targets enabled: yes
Generic build parameters:
Installation prefix: /usr/local
Configuration directory: /usr/local/etc/suricata/
Log directory: /usr/local/var/log/suricata/
--prefix /usr/local
--sysconfdir /usr/local/etc
--localstatedir /usr/local/var
--datarootdir /usr/local/share
Host: x86_64-pc-linux-gnu
Compiler: clang (exec name) / clang++ (real)
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -fPIC -DOS_LINUX -std=c11 -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist -I../rust/gen
PCAP_CFLAGS
SECCFLAGS
Files
No data to display
Actions