[tor-bugs] #24806 [Core Tor/Tor]: LTS branch leaks memory continuously under stress/attack, requires back-port of 0.3.2.8-rc fixes to remain viable

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 20 15:24:57 UTC 2018 

#24806: LTS branch leaks memory continuously under stress/attack, requires back-
port of 0.3.2.8-rc fixes to remain viable
--------------------------+----------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by starlight):

 Relay came under attack again and total memory utilization went from 1.6GB
 (drifted up from 1.5GB) to 2GB in matter of hours.  This is 0.3.2.8-rc I'm
 talking about with MaxMemInQueues=1024MB.

 Fiddling with it, suspended the daemon for a few minutes to see if that
 would shake off attack circuits and unfortunately this resulted in an
 immediate socket buffer memory consumption surge and kernel OOPS.  So was
 unable to try a gdb-assisted shutdown and obtain pre-exit() statistics.
 The LSAN build has some problem causing it to trap so no progress on
 identifying the exact leak(s).  I am now nearly convinced this a memory
 leak.  Have iptables blocking direct connections from abusive clients, so
 it's clearly distributed circuit-extend attack.  Two crypto threads were
 at 35% CPU each while the main event thread was pegged at 100%.

 Also observed an attack on my exit in recent days and it survived, having
 16GB of RAM--throwing hardware at it is one mitigation.  Don't have time
 right now to deploy the replacement for the "temporary," ancient box
 swapped in due to a hardware failure last summer, so setting
 MaxMemInQueues=512MB and will try again with existing box.  Will try to
 prepare a functional LSAN image.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24806#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list