Suricata-7 crashed while processing a packet, even before Initialisation

gsrinivas · July 15, 2025, 1:18pm

I am running Suricata-7 in NFQ mode

It crashed during Init

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000005b859e in StatsIncr (tv=tv@entry=0x6988280, id=) at counters.c:181

[Current thread is 1 (Thread 0x7ff542ffd700 (LWP 108))]
(gdb) bt
#0 0x00000000005b859e in StatsIncr (tv=tv@entry=0x6988280, id=) at counters.c:181
#1 0x00000000005bebc3 in CaptureStatsUpdate (tv=0x6988280, p=0x7ff53a847e60) at decode.c:912
#2 0x000000000056c1a5 in TmqhOutputPacketpool (t=0x6988280, p=0x7ff53a847e60) at tmqh-packetpool.c:383
#3 0x00000000006511a9 in TmThreadsSlotProcessPkt (tv=0x6988280, s=, p=0x7ff53a847e60) at /__w/suricata-inline/suricata-inline/oisf/src/tm-threads.h:196
#4 NFQCallBack (qh=0x7ff53a848b10, nfmsg=, nfa=0x7ff542ffa120, data=0x1b46a60) at source-nfq.c:565
#5 0x00007ff55c4e12a9 in ?? () from /lib/x86_64-linux-gnu/libnetfilter_queue.so.1
#6 0x00007ff55c4d8bea in ?? () from /lib/x86_64-linux-gnu/libnfnetlink.so.0
#7 0x00007ff55c4d93a0 in nfnl_process () from /lib/x86_64-linux-gnu/libnfnetlink.so.0
#8 0x00007ff55c4d973e in nfnl_catch () from /lib/x86_64-linux-gnu/libnfnetlink.so.0
#9 0x00007ff55c4e19a5 in nfq_set_queue_maxlen () from /lib/x86_64-linux-gnu/libnetfilter_queue.so.1
#10 0x0000000000650c7d in NFQInitThread (t=0x1b46a60, queue_maxlen=64384) at source-nfq.c:635
#11 ReceiveNFQThreadInit (tv=, initdata=0x1b46a60, data=0x7ff542ffc420) at source-nfq.c:718
#12 0x000000000056e4ca in TmThreadsSlotPktAcqLoop (td=0x6988280) at tm-threads.c:264
#13 0x00007ff55c2a9609 in start_thread (arg=) at pthread_create.c:477
#14 0x00007ff55b7b4353 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

(gdb) p tv->perf_private_ctx
$6 = {
head = 0x0,
size = 0,
initialized = 0
}

Usual Init workflow seems to be:
TmThreadsSlotPktAcqLoop() is invoked through SlotThreadInit()
Init flag is set when done: TmThreadsSetFlag(tv, THV_INIT_DONE)
ReceiveNFQLoop() is invoked to receive packets through NFQCallBack()

In the crash case, I see the following:
TmThreadsSlotPktAcqLoop() is invoked through SlotThreadInit()
ReceiveNFQThreadInit() is still in progress
NFQCallBack() gets called with uninitialised thread variables

Does anyone have any pointers to figure out what’s happening?

Thanks in advance!