This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[INFO-141] Http proxy not running - restarted notification + segfaults in kernel log since this morning

Update 11:27 Sophos official workaround https://community.sophos.com/kb/en-us/127257
Update 13:48 Sophos fix: https://community.sophos.com/kb/en-us/127257 A new pattern called u2d-appctrl43-9-42 was recently released to resolve this issue. Please enable application control again. Manual Cleanup required /var/storages/cores could contain large coredump files that need to be manually removed.

Good morning,

 

This morning we received multiple  [INFO-141] Http proxy not running - restarted notifications around 09:11


When looking in the log's it seemed it occured straight after an up2date pattern update.

Looking in the kernel logs:

2017:08:07-09:11:17 gateway-1 kernel: [1448439.994411] NAVLWorker_01[31756]: segfault at 18b09499 ip 00000000f68495da sp 00000000e8cc0fec error 4 in libc-2.11.3.so[f67cd000+16c000]
2017:08:07-09:24:28 gateway-1 kernel: [1449231.586930] NAVLWorker_10[32179]: segfault at e78ba000 ip 00000000f68045e1 sp 00000000c36d8fbc error 4 in libc-2.11.3.so[f6788000+16c000]
2017:08:07-09:25:09 gateway-1 kernel: [1449272.038211] NAVLWorker_01[5095]: segfault at e9122000 ip 00000000f68875e1 sp 00000000bed45fbc error 4 in libc-2.11.3.so[f680b000+16c000]
2017:08:07-09:26:18 gateway-1 kernel: [1449341.488162] NAVLWorker_08[5501]: segfault at 4ca50b2b ip 00000000f68625df sp 00000000e7ed2fbc error 4 in libc-2.11.3.so[f67e6000+16c000]





This thread was automatically locked due to age.
Parents
  • I now get a lot of (from the customers):

    Data Disk is filling up - please check. Current usage: 82%

    For several of our managed UTM's, this is due to this bug with HTTPPROXY Core dumps.

    As the bug is going to be fixed, you can safely backup or delete the dumps, (I deleted them :-) )

    As you can see the httpproxy.NAVLWorker files are huge!

    I just did a "rm *" in the /var/storage/cores folder and all is good, as I do not need the other dumps either, else you can just delete with "rm httpproxy.*":

    HTH :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • A new pattern called u2d-appctrl43-9-42 was recently released to resolve this issue.

    Source: https://community.sophos.com/kb/en-us/127257

     

    I checked my up2date logs: it installed around 10 minutes ago with pattern update# 130311

Reply Children
  • looks like issue is fixed with pattern 130311

  • my cluster installed fix too.. Make sure you enable application control first then update patterns...

    Cluster is working "fine" again... no memory consumption, no slow surfing... no phone calls "all is slow"... looking good ;-)

     

    2017:08:07-13:59:11 vpn-2 auisys[14144]: Install u2d packages <aptp>
    2017:08:07-13:59:11 vpn-2 auisys[14144]: Starting installing up2date packages for type 'aptp'
    2017:08:07-13:59:11 vpn-2 auisys[14144]: Installing up2date package: /var/up2date/aptp/u2d-aptp-9.24553.tgz.gpg



    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • I checked my up2date log to make sure we have received the new application control pattern u2d-appctrl43-9-42 (as mentioned in https://community.sophos.com/kb/en-us/127257) and can confirm that it has resolved the problem here.

  • Our UTM Appliances have now upgraded the Pattern Version to Version 130311.

    I have re-enabled Application Control and I'm monitoring the Kernel Log live.

    So far, in the fifteen minutes or so since I re-enabled Application Control there have been no further 'segfault' entries in the log file.

    Looks like the issue has been resolved.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive