Skip to main content
ssanga
Staff & Editor
ssanga
Staff & Editor
October 21, 2024

Troubleshooting Tip: WAD Daemon may crash while redirecting web filter HTTPS sessions

  • October 21, 2024
  • 0 replies
  • 1232 views
Description This article describes a solution to an issue where the WAD daemon crashes when redirecting web filter HTTPS sessions.
Scope FortiGate v7.0.9, v7.0.10, v7.0.11, v7.0.12, v7.0.13, v7.0.14.
FortiProxy v7.0.7, v7.0.8, v7.0.12.
Solution

In the output of the 'diagnose debug crashlog read' command, crashes related to WAD may be observed.

16333: 2024-08-26 09:54:14 <32007> firmware FortiGate-501E v7.2.7,build1577b1577,240131 (GA.M) (Release)
16334: 2024-08-26 09:54:14 <32007> application wad
16335: 2024-08-26 09:54:14 <32007> *** signal 11 (Segmentation fault) received ***
16336: 2024-08-26 09:54:14 <32007> AVDB 92.06844(08/26/0024 05:26)
16337: 2024-08-26 09:54:14 <32007> ETDB 92.06844(08/26/0024 05:25)
16338: 2024-08-26 09:54:14 <32007> AVSO 04000000AVEN007010629323041913
16339: 2024-08-26 09:54:14 <32007> Register dump:
16340: 2024-08-26 09:54:14 <32007> RAX: 0000000000000000 RBX: 00007fcd1b737a18
16341: 2024-08-26 09:54:14 <32007> RCX: 0000000000000000 RDX: 0000000000000001
16342: 2024-08-26 09:54:14 <32007> R08: 0000000000000000 R09: 0000000000000214
16343: 2024-08-26 09:54:14 <32007> R10: 000000007fffffff R11: 0000000000000246
16344: 2024-08-26 09:54:14 <32007> R12: 00007fcd1b737a18 R13: 00007fcd019c9698
16345: 2024-08-26 09:54:14 <32007> R14: 0000000000000001 R15: 0000000005c4c360
16346: 2024-08-26 09:54:14 <32007> RSI: 00007fcd035117d0 RDI: 00007fcd032384a0
16347: 2024-08-26 09:54:14 <32007> RBP: 00007fff1f8d6c70 RSP: 00007fff1f8d6c40
16348: 2024-08-26 09:54:14 <32007> RIP: 0000000001db9523 EFLAGS: 0000000000010202
16349: 2024-08-26 09:54:14 <32007> CS: 0033 FS: 0000 GS: 0000
16350: 2024-08-26 09:54:14 <32007> Trap: 000000000000000e Error: 0000000000000004
16351: 2024-08-26 09:54:14 <32007> OldMask: 0000000000000000
16352: 2024-08-26 09:54:14 <32007> CR2: 00000000000000e0
16353: 2024-08-26 09:54:14 <32007> stack: 0x7fff1d6c40 - 0x7fff1f7090
16354: 2024-08-26 09:54:14 <32007> Backtrace:
16355: 2024-08-26 09:54:14 <32007> [0x01db952] => /bin/wad
16356: 2024-08-26 09:54:14 <32007> [0x01c1a53] => /bin/wad
16357: 2024-08-26 09:54:14 <32007> [0x01bdd96] => /bin/wad
16358: 2024-08-26 09:54:14 <32007> [0x01c1a5a] => /bin/wad
16359: 2024-08-26 09:54:14 <32007> [0x01e4773] => /bin/wad
16360: 2024-08-26 09:54:14 <32007> [0x01d563f] => /bin/wad
16361: 2024-08-26 09:54:14 <32007> [0x01d5688] => /bin/wad
16362: 2024-08-26 09:54:14 <32007> [0x01d54b7] => /bin/wad
16363: 2024-08-26 09:54:14 <32007> [0x01e0344] => /bin/wad
16364: 2024-08-26 09:54:14 <32007> [0x0044979] => /bin/wad
16365: 2024-08-26 09:54:14 <32007> [0x7fcd23f3eb] => /usr/lib/x86_64-linux-gnu/libc.so.6
16366: 2024-08-26 09:54:14 (__libc_start_main+0x000000eb) liboffset 00023deb
16367: 2024-08-26 09:54:14 <32007> [0x0044513a] => /bin/wad
16368: 2024-08-26 09:54:14 <32007> fortidev 6.0.1.0005
16369: 2024-08-26 09:54:14 <32007> process=wad type=2 idx=1 av-scanning=no total=16047 free=9334
16370: 2024-08-26 09:54:14 mmu=160851029 mu=61577717 m=1047748648 f=1047444154 r=0
16371: 2024-08-26 09:54:14 <32007> cur_bank=(nil) curl_tl=0x5c496e0 curl_tm=0x7fcd1ed6c048
16372: 2024-08-26 09:54:14 <32007> (session info) http session: vf=0 session-id=1310478834 app_type=1
16373: 2024-08-26 09:54:14 dyn_type=0 non_tp=0, pol_id=36, h2=1, src/port=172.1.35.49:5313,
16374: 2024-08-26 09:54:14 dst/port=13.91.96.185:443, usr/grp=(fortinet/standard FortiStandard)
16375: 2024-08-26 09:54:14 req_pol_id(36), is_first/is_close(1/0) svr_addr(13.91.96.185:443)
16376: 2024-08-26 09:54:14 scheme/method(https/1) host:dl-edge.smartscreen.microsoft.com
16377: 2024-08-26 09:54:14 url:/api/browser/edge/download/3, body_len=1729
16378: 2024-08-26 09:54:14 [AV Engine <32007>] AV Engine version: 6.4.293
16379: 2024-08-26 09:54:14 [AV Engine <32007>] Last file info:
16380: 2024-08-26 09:54:14 [AV Engine <32007>] filename: , filesize: 0, filebuffer: (nil)
16381: 2024-08-26 09:54:14 [AV Engine <32007>] Native script imagebase: 0x7fcd1c82f000
16382: 2024-08-26 09:54:14 [AV Engine <32007>] Native script imagesize: 0x9000
16383: 2024-08-26 09:54:14 [AV Engine <32007>] AV Engine imagebase: 0x7fcd1e623000
16384: 2024-08-26 10:54:16 wad crashed 1 times. The latest crash was at 2024-08-26 09:54:14.
Crash log interval is 3600 seconds
Max crash log line number: 16384

Specifically, references to wad_ssl_cache_ssl_redir_server can be seen in the backtrace after decoding the crash logs.

This issue has been resolved in FortiOS versions 7.0.14, 7.2.8, 7.4.2 and FortiProxy versions 7.0.14, 7.2.8

Logs required by FortiGate TAC for investigation:

TAC Report:

 

execute tac report

 

Additionally, the configuration file of the FortiGate is required.
    Terms & ConditionsAccessibility statement