Bug #4499: Sudden and enormous memory leak - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4499

open

Sudden and enormous memory leak

Added by Gianni Tedesco over 3 years ago. Updated 11 days ago.

Status:

Feedback

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Affected Versions:

6.0.1, 6.0.2

Effort:

Difficulty:

Label:

Description

Hi,

We have a large installed base of suricata 6.0.2. We're seeing a memory leak that can consume unbounded amounts of memory (even hundreds of gigabytes over a few days). The leak appears suddenly in bursts, not gradually over time. This is affecting between 15% and 20% of all our suricata instances.

We cannot find anything in common between the leaky instances other than that they all see the following protocols: TLS, DNS, HTTP and DCE-RPC.

Attached a graph showing various telemetry memuse stats over time alongside resident set size.

We were seeing the issue also in 6.0.1, and we think we were also seeing it with 6.0.0 judging by some OOM kernel panics we saw...

Files

Download all files

leak.png (151 KB) leak.png		Gianni Tedesco, 05/20/2021 06:42 AM
build.txt (4.13 KB) build.txt	suricata --build	Gianni Tedesco, 05/20/2021 07:05 AM
config.txt (15.8 KB) config.txt	suricata --dump-config	Gianni Tedesco, 05/20/2021 07:05 AM
malloc-trim.png (171 KB) malloc-trim.png	malloc_trim(0) only trims a few hundred MB	Gianni Tedesco, 05/24/2021 07:51 AM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4499

Sudden and enormous memory leak

Updated by Gianni Tedesco over 3 years ago

Updated by Gianni Tedesco over 3 years ago

Updated by Gianni Tedesco over 3 years ago

Updated by Victor Julien over 3 years ago

Updated by Victor Julien over 1 year ago

Updated by Philippe Antoine 5 months ago

Updated by Philippe Antoine 4 months ago

Updated by Gianni Tedesco 14 days ago · Edited

Updated by Victor Julien 11 days ago