Comments (5)
Thanks for your suggestion. But we're still on haproxy v2.0.34 and not v2.9. Also, in our case it's not the haproxy process that uses 100% cpu but it's the coraza-spoa daemon process that "goes nuts" and consumes all available cpu and memory. Hence I don't think that the issue is in haproxy but it's rather either coraza itself or the coraza-spoa wrapper...
from coraza-spoa.
from coraza-spoa.
Hi José,
thanks for your reply. I don't think that it is a "classic" memory leak because the memory consumption does not gradually increase over time. Rather, it is a very sudden event. So normally the coraraz-spoa daemon actually consumes very little memory but when "it goes nuts" it's suddenly allocating GBs of memory within seconds and all available system memory gets quickly used up until the process gets killed by the OOM killer.
Also, as mentioned, those events seem to happen (when they happen) with high time correlation across multiple of our load-balancers. So I'm suspecting it may be kind of a regexp denial of service, so that certain requests cause coraza to go into an endless loop. Or cause a deadlock so that processing of requests get stuck and just the queue with new incoming requests still gets filled up (but never emptied anymore) so that memory consumption just keeps increasing without limit (but I don't know the internal architecture of coraza and coraza-spoa - so would something like this be possible at all?).
I can try enabling go with profiling but if it's such an issue as I suspect then the profiling information may not help us much, right? But is there some way to debug on which request coraza got stuck (if that's what is happening)? Most of the time I can't witness the issue "live" because by the time I receive an alert about the excessive memory usage from our monitoring the coraza-spoa daemon then got already killed until I can connect to the machine. So this really happens quite fast...
from coraza-spoa.
From your description, the symptoms looks exactly like bug in HAProxy v2.9.1. If you used HAProxy version 2.9.1, please downgrade to 2.9.0 because of this issue: haproxy/haproxy#2395. It will be fixed in next 2.9.x version.
from coraza-spoa.
I'm now seeing also the following stack traces when it crashes and it seems to be always the same crash reason. So it looks like it's actually crashing inside corazawaf itself then, right?
2024-02-04T01:46:26.969159+00:00 hostname.com coraza-spoa[26925]: panic: runtime error: slice bounds out of range [:-1]
2024-02-04T01:46:26.970724+00:00 hostname.com coraza-spoa[26925]: goroutine 347 [running]:
2024-02-04T01:46:26.970881+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).GetField(0xc0036894a0?, {0x0, 0x29, 0x0, {0x0, 0x0}, {0xc001c579e0, 0x2, 0x2}})
2024-02-04T01:46:26.971027+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/transaction.go:574 +0x41d
2024-02-04T01:46:26.971174+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).doEvaluate(0xc00249c788, 0xc001c560c0?, 0xc001c54000, 0x0?, 0x0, 0x4e?)
2024-02-04T01:46:26.971324+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rule.go:234 +0xd77
2024-02-04T01:46:26.971476+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).Evaluate(...)
2024-02-04T01:46:26.971624+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rule.go:171
2024-02-04T01:46:26.971789+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*RuleGroup).Eval(0xc000154010, 0x2, 0xc001c54000)
2024-02-04T01:46:26.971938+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rulegroup.go:219 +0x37e
2024-02-04T01:46:26.972086+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).ProcessRequestBody(0xc001c54000)
2024-02-04T01:46:26.972232+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/transaction.go:1003 +0x3b2
2024-02-04T01:46:26.972382+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza-spoa/internal.(*SPOA).processRequest(0xc0035f6c00?, 0x6dcde0?)
2024-02-04T01:46:26.972581+00:00 hostname.com coraza-spoa[26925]: /builds/user/coraza-spoa-build/coraza-spoa/internal/spoa.go:316 +0xe6e
2024-02-04T01:46:26.972754+00:00 hostname.com coraza-spoa[26925]: github.com/corazawaf/coraza-spoa/internal.(*SPOA).Start.func1(0xc0035f6c00)
2024-02-04T01:46:26.972907+00:00 hostname.com coraza-spoa[26925]: /builds/user/coraza-spoa-build/coraza-spoa/internal/spoa.go:49 +0xd8
2024-02-04T01:46:26.973056+00:00 hostname.com coraza-spoa[26925]: github.com/criteo/haproxy-spoe-go.(*conn).handleNotify(0xc00293efa0, {0x3, 0x1, 0x4e63081, 0x1, {0xc000d6800b, 0x1da, 0x3ff1}, {0xc000d68000, 0x3ffc, ...}}, ...)
2024-02-04T01:46:26.973206+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/criteo/[email protected]/notify.go:109 +0xd9
2024-02-04T01:46:26.973352+00:00 hostname.com coraza-spoa[26925]: github.com/criteo/haproxy-spoe-go.(*conn).runWorker(0xc00293efa0, {0x3, 0x1, 0x4bed6e1, 0x1af, {0xc00294600c, 0x3bf, 0x3ff0}, {0xc002946000, 0x3ffc, ...}}, ...)
2024-02-04T01:46:26.973495+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/criteo/[email protected]/conn.go:162 +0x1db
2024-02-04T01:46:26.973656+00:00 hostname.com coraza-spoa[26925]: created by github.com/criteo/haproxy-spoe-go.(*conn).run
2024-02-04T01:46:26.973852+00:00 hostname.com coraza-spoa[26925]: /root/go/pkg/mod/github.com/criteo/[email protected]/conn.go:136 +0xb50
2024-02-04T03:40:17.817002+00:00 hostname.com coraza-spoa[15038]: panic: runtime error: slice bounds out of range [:-1]
2024-02-04T03:40:17.818713+00:00 hostname.com coraza-spoa[15038]: goroutine 606 [running]:
2024-02-04T03:40:17.818921+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).GetField(0xc0033b1410?, {0x0, 0x29, 0x0, {0x0, 0x0}, {0xc0031038f0, 0x2, 0x2}})
2024-02-04T03:40:17.819076+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/transaction.go:574 +0x41d
2024-02-04T03:40:17.819218+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).doEvaluate(0xc00251c788, 0xc001457d70?, 0xc003b9ac00, 0x0?, 0x0, 0x4e?)
2024-02-04T03:40:17.819361+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rule.go:234 +0xd77
2024-02-04T03:40:17.819511+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Rule).Evaluate(...)
2024-02-04T03:40:17.819671+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rule.go:171
2024-02-04T03:40:17.819817+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*RuleGroup).Eval(0xc0001da010, 0x2, 0xc003b9ac00)
2024-02-04T03:40:17.819968+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/rulegroup.go:219 +0x37e
2024-02-04T03:40:17.820111+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza/v3/internal/corazawaf.(*Transaction).ProcessRequestBody(0xc003b9ac00)
2024-02-04T03:40:17.820255+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/corazawaf/coraza/[email protected]/internal/corazawaf/transaction.go:1003 +0x3b2
2024-02-04T03:40:17.820405+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza-spoa/internal.(*SPOA).processRequest(0xc0038675c0?, 0x6dcde0?)
2024-02-04T03:40:17.820548+00:00 hostname.com coraza-spoa[15038]: /builds/user/coraza-spoa-build/coraza-spoa/internal/spoa.go:316 +0xe6e
2024-02-04T03:40:17.820712+00:00 hostname.com coraza-spoa[15038]: github.com/corazawaf/coraza-spoa/internal.(*SPOA).Start.func1(0xc0038675c0)
2024-02-04T03:40:17.820856+00:00 hostname.com coraza-spoa[15038]: /builds/user/coraza-spoa-build/coraza-spoa/internal/spoa.go:49 +0xd8
2024-02-04T03:40:17.821002+00:00 hostname.com coraza-spoa[15038]: github.com/criteo/haproxy-spoe-go.(*conn).handleNotify(0xc0036681e0, {0x3, 0x1, 0x4fc63ab, 0x1, {0xc00360c00b, 0x1da, 0x3ff1}, {0xc00360c000, 0x3ffc, ...}}, ...)
2024-02-04T03:40:17.821150+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/criteo/[email protected]/notify.go:109 +0xd9
2024-02-04T03:40:17.821296+00:00 hostname.com coraza-spoa[15038]: github.com/criteo/haproxy-spoe-go.(*conn).runWorker(0xc0036681e0, {0x3, 0x1, 0x4f11a2b, 0x6, {0xc00414400b, 0x513, 0x3ff1}, {0xc004144000, 0x3ffc, ...}}, ...)
2024-02-04T03:40:17.821440+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/criteo/[email protected]/conn.go:162 +0x1db
2024-02-04T03:40:17.821585+00:00 hostname.com coraza-spoa[15038]: created by github.com/criteo/haproxy-spoe-go.(*conn).run
2024-02-04T03:40:17.821746+00:00 hostname.com coraza-spoa[15038]: /root/go/pkg/mod/github.com/criteo/[email protected]/conn.go:136 +0xb50
from coraza-spoa.
Related Issues (20)
- Systemd service failed
- SPOE deprecated in haproxy 3.1 HOT 2
- Add unit tests for internal package
- Adds readme/command to run a example application HOT 1
- Panic on empty Application name
- Adds support for FTW
- Drop logger, logLevel and use coraza's
- Argument version and headers not found HOT 11
- Use github.com/corazawaf/coraza/v3/http/e2e for E2E tests
- coraza-spoa always returns "-" on verdict %[var(txn.coraza.fail) instead of "1" as per documentation HOT 5
- Garbarge in client and hostname fields in Coraza's log
- MYSQL Injection Not Detected HOT 5
- Log to Syslog HOT 7
- Support json format as loglevel in config.yaml HOT 9
- Multiple domains - backend HOT 3
- Error sample_app, error: Key not found HOT 1
- Fetch methods for app parameter HOT 4
- Runtime error checking header user-agent HOT 1
- Listen "server" on .sock
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-spoa.