Suricata crashes in nfnetlink library

gsrinivas · September 9, 2025, 4:02am

Suricata crashing in nfnetlink library, when the system appears to be in idle state

(gdb) bt
#0 0x00007f07b3465222 in nfnl_handle_packet () from /lib/x86_64-linux-gnu/libnfnetlink.so.0
#1 0x00000000006505ab in NFQRecvPkt (t=0x1572db8, tv=0x1572ac0) at source-nfq.c:984
#2 ReceiveNFQLoop (tv=0x63c82b0, data=0x1572ac0, slot=) at source-nfq.c:1016
#3 0x000000000056e557 in TmThreadsSlotPktAcqLoop (td=0x63c82b0) at tm-threads.c:318
#4 0x00007f07b3235609 in start_thread (arg=) at pthread_create.c:477
#5 0x00007f07b2740353 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

All other threads are idle. No packet processing or command processing is in progress

2 Thread 0x7f07abfff700 (LWP 87) futex_wait_cancelable (private=, expected=0, futex_word=0x16a2398) at ../sysdeps/nptl/futex-internal.h:183
3 Thread 0x7f07b23dc640 (LWP 53) 0x00007f07b26fe23f in __GI___clock_nanosleep (clock_id=clock_id@entry=0, flags=flags@entry=0, req=req@entry=0x7ffc33eaa290, rem=rem@entry=0x0) at ../sysdeps/unix/sysv/linux/clock_nanosleep.c:78
4 Thread 0x7f0783fff700 (LWP 111) __libc_recv (flags=, len=70000, buf=0x7f077e848b40, fd=12) at ../sysdeps/unix/sysv/linux/recv.c:28
5 Thread 0x7f07a97fa700 (LWP 109) __libc_recv (flags=, len=70000, buf=0x7f0786848b40, fd=10) at ../sysdeps/unix/sysv/linux/recv.c:28
6 Thread 0x7f07837fe700 (LWP 112) __libc_recv (flags=, len=70000, buf=0x7f0776848b40, fd=13) at ../sysdeps/unix/sysv/linux/recv.c:28
7 Thread 0x7f07ab7fe700 (LWP 105) __libc_recv (flags=, len=70000, buf=0x7f0796848b40, fd=6) at ../sysdeps/unix/sysv/linux/recv.c:28
8 Thread 0x7f07a9ffb700 (LWP 108) __libc_recv (flags=, len=70000, buf=0x7f0792848b40, fd=9) at ../sysdeps/unix/sysv/linux/recv.c:28
9 Thread 0x7f07aaffd700 (LWP 106) __libc_recv (flags=, len=70000, buf=0x7f079a848b40, fd=7) at ../sysdeps/unix/sysv/linux/recv.c:28
10 Thread 0x7f07b0d50700 (LWP 86) futex_wait_cancelable (private=, expected=0, futex_word=0x16a2358) at ../sysdeps/nptl/futex-internal.h:183
11 Thread 0x7f0781ffb700 (LWP 115) futex_abstimed_wait_cancelable (private=, abstime=0x7f0781ffa420, clockid=, expected=0, futex_word=0x63c9698) at ../sysdeps/nptl/futex-internal.h:320
12 Thread 0x7f07827fc700 (LWP 114) futex_abstimed_wait_cancelable (private=, abstime=0x7f07827fb3a0, clockid=, expected=0, futex_word=0xe6668c <flow_recycler_ctrl_cond+44>)
at ../sysdeps/nptl/futex-internal.h:320
13 Thread 0x7f07aa7fc700 (LWP 107) __libc_recv (flags=, len=70000, buf=0x7f078e848b40, fd=8) at ../sysdeps/unix/sysv/linux/recv.c:28
14 Thread 0x7f0782ffd700 (LWP 113) futex_abstimed_wait_cancelable (private=, abstime=0x7f0782ffc3b0, clockid=, expected=0, futex_word=0xe66648 <flow_manager_ctrl_cond+40>)
at ../sysdeps/nptl/futex-internal.h:320
15 Thread 0x7f07817fa700 (LWP 116) futex_abstimed_wait_cancelable (private=, abstime=0x7f07817f9420, clockid=, expected=0, futex_word=0x63c9998) at ../sysdeps/nptl/futex-internal.h:320
16 Thread 0x7f0780ff9700 (LWP 117) 0x00007f07b27361eb in __GI___select (nfds=15, readfds=0x7f0780ff8190, writefds=writefds@entry=0x0, exceptfds=exceptfds@entry=0x0, timeout=timeout@entry=0x7f0780ff8180)
at ../sysdeps/unix/sysv/linux/select.c:41

Has anyone faced this issue?

suricata --build-info

This is Suricata version 7.0.6 RELEASE
Features: NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_JA3 HAVE_JA4 HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST POPCNT64
SIMD support: SSE_2
Atomic intrinsics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version 14.1.0, C version 201112
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.48, linked against LibHTP v0.5.48

Command

suricata -c suricata.yaml -k none -q0:7 --pidfile /var/suricata/suricata.pid