Multiple all_task process crashes with dataplane restarts

Multiple all_task process crashes with dataplane restarts

30572
Created On 03/05/21 16:09 PM - Last Modified 04/14/21 20:35 PM


Symptom


  • Multiple all_task processes crash in masterd.log
INFO: all_task_1: exited, Core: True, Exit signal: SIGSEGV
INFO: all_task_1: saved core file all_task_1_9.0.12_0.core
INFO: all_task_1: process running with pid 10432
INFO: all_task_2: exited, Core: True, Exit signal: SIGSEGV
INFO: all_task_2: saved core file all_task_2_9.0.12_0.core
  • dataplane restarts in system log
INFO: data_plane: exited
INFO: data_plane: unable to send early dp down (slot 1); retry in 2 seconds
INFO: logrcvr: exited, Core: False, Exit code: 0
INFO: devsrvr: exited, Core: False, Exit code: 0
INFO: data_plane: unable to send early dp down (slot 1); retry in 2 seconds
  • HA failovers in the system log
 Warning:  ha_event_log(src/ha_event.c:47): HA Group 1: All HA1 connections down
 debug: ha_sysd_haX_link_change(src/ha_sysd.c:2331): Seeing HA1 peer link unknown, waiting hold
 debug: ha_sysd_haX_link_change(src/ha_sysd.c:2331): Seeing HA1-Backup peer link unknown, waiting hold
 HA2 peer link unknown
 HA2-Backup peer link unknown
 HA3 peer link unknown
  • all_task process crash backtrace refers to pan_proxy_process
Thread 1 (Thread 0x7ffff7fe4900 (LWP 4311)):
#0  pan_fptcp_input (fptcp=0x55555598d388, tcb=tcb@entry=0x20, conn=conn@entry=0x7fffffffe7c0, 
    wqe=wqe@entry=0xe0562a9f40, proc_opq=proc_opq@entry=0x7fffffffe7b0) at pan_fptcp.c:1957
#1  0x00007ffff759fe09 in pan_proxy_process_ingress_inline (work=0xe0562a9f40, conn=0xe0152a7680, 
    sp=sp@entry=0xe15d55b680) at pan_proxy.c:3758
#2  0x00007ffff759ff7e in pan_proxy_process_ingress_proxy (work=<optimized out>, conn=<optimized out>, 
    sp=0xe15d55b680, proc_data=<optimized out>) at pan_proxy.c:3805
#3  0x00007ffff75a2b6c in pan_proxy_process_ingress (work=work@entry=0xe0562a9f40) at pan_proxy.c:4021
#4  0x00007ffff7308cdd in pan_flow_proc_flags (work=work@entry=0xe0562a9f40, sp=sp@entry=0xe15d55b680,
    b_packet_done=b_packet_done@entry=0x7fffffffe9f0) at src/pan_flow_proc.c:2691
#5  0x00007ffff730a50d in pan_flow_process_fastpath (work=<optimized out>) at src/pan_flow_proc.c:3993
#6  0x000055555555761c in main (ac=<optimized out>, av=<optimized out>) at pan_task.c:460

 

Environment


  • Palo Alto Firewalls.
  • PAN-OS 9.0.12
  • Active / Passive HA


 

Cause


  • Processing of mail traffic (smtp and pop3) with multipart filenames that use long filenames generally seen when ISO encoding is used for non-English languages, causes buffer overflow that corrupts the data.

Resolution


Upgrade to PAN-OS versions 8.1.19, 9.0.13, 9.1.7, 10.0.3 which all have the fix.  Refer PAN-150852 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UiJCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language