Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3743

Crash Under Heavy Load and Sending Plugin Error Page

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • None
    • 7.1.0
    • Core

    Description

      One of the tests done on the IronBee plugin for TrafficServer is to send a OWASP Zap scan through the proxy at a DokuWiki server. When this is done TrafficServer will crash. The crash is not always at the same point in the scan, but is always when IronBee is generating a custom block page. We've reviewed IronBee and cannot find anything it is doing to provoke the crash.

      The crash is always in HttpTunnel::producer_run (this=this@entry=0xaf6021c8, p=p@entry=0xaf6022f8) and in all cases c->vc is invalid.

      Our investigations correlated the crash with HttpSM's ua_session->m_active being false. More specifically we suspect that Http::SM::setup_internal_transfer() starts with ua_session->m_active as true and then closes it – setting ua_session->m_active to false – before tunnel.tunnel_run(p) is called at the end of the function.

      Please refer to two attachments. The first is a copy of the stack trace we've been working off of. Every crash has a remarkably similar call stack. The second attachment is a patch that is working in our labs.

      This crash also appears in the TrafficServer 4.x code, and the same patch seems to resolve it.

      Attachments

        1. TS-3743.patch
          0.9 kB
          Sam Baskinger
        2. stacktrace.txt
          5 kB
          Sam Baskinger

        Issue Links

          Activity

            People

              nick@webthing.com Nick Kew
              basking2 Sam Baskinger
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1.5h
                  1.5h