Project

General

Profile

Actions

Bug #4499

open

Sudden and enormous memory leak

Added by Gianni Tedesco over 3 years ago. Updated 2 months ago.

Status:
Feedback
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,

We have a large installed base of suricata 6.0.2. We're seeing a memory leak that can consume unbounded amounts of memory (even hundreds of gigabytes over a few days). The leak appears suddenly in bursts, not gradually over time. This is affecting between 15% and 20% of all our suricata instances.

We cannot find anything in common between the leaky instances other than that they all see the following protocols: TLS, DNS, HTTP and DCE-RPC.

Attached a graph showing various telemetry memuse stats over time alongside resident set size.

We were seeing the issue also in 6.0.1, and we think we were also seeing it with 6.0.0 judging by some OOM kernel panics we saw...


Files

leak.png (151 KB) leak.png Gianni Tedesco, 05/20/2021 06:42 AM
build.txt (4.13 KB) build.txt suricata --build Gianni Tedesco, 05/20/2021 07:05 AM
config.txt (15.8 KB) config.txt suricata --dump-config Gianni Tedesco, 05/20/2021 07:05 AM
malloc-trim.png (171 KB) malloc-trim.png malloc_trim(0) only trims a few hundred MB Gianni Tedesco, 05/24/2021 07:51 AM
Actions

Also available in: Atom PDF