[GitHub] [trafficserver] sudheerv opened a new issue #6864: Crash in acquireSession due to invalid iterator access

GitBox Tue, 09 Jun 2020 09:18:26 -0700


sudheerv opened a new issue #6864:
URL: https://github.com/apache/trafficserver/issues/6864



   Crash due to not validating the iterator after a decrement.
   
   ```
   [Current thread is 1 (LWP 8739)]
   (gdb) bt
   #0  0x00002b5603a3f22a in strsignal () from /lib64/libc.so.6
   #1  0x00002b56010c4822 in signal_format_siginfo (signo=signo@entry=11, 
info=info@entry=0x2b560e504170, msg=0xaaf4a4 <appVersionInfo+132> 
"traffic_server") at signals.cc:168
   #2  0x00000000004c3dd1 in crash_logger_invoke (signo=11, 
info=0x2b560e504170, ctx=0x2b560e504040) at traffic_server/Crash.cc:172
   #3  <signal handler called>
   #4  0x0000000000000000 in ?? ()
   #5  0x0000000000000000 in ?? ()
   (gdb)
   
   (gdb) thr 14
   [Switching to thread 14 (Thread 0x2b52c6305700 (LWP 19308))]
   #0  0x00002b52bf77106f in _Unwind_IteratePhdrCallback (info=<optimized out>, 
size=<optimized out>, ptr=0x2b52c6302e00) at 
../.././libgcc/unwind-dw2-fde-dip.c:398
   398     in ../.././libgcc/unwind-dw2-fde-dip.c
   (gdb)
   
   (gdb) bt
   #0  0x00002b56037ac06f in _Unwind_IteratePhdrCallback (info=<optimized out>, 
size=<optimized out>, ptr=0x2b560a0fe380) at 
../.././libgcc/unwind-dw2-fde-dip.c:398
   #1  0x00002b5603aed42c in dl_iterate_phdr () from /lib64/libc.so.6
   #2  0x00002b56037ac501 in _Unwind_Find_FDE (pc=0x2b562b119c90 
<HostOverridePostRemapPlugin::handleReadRequestHeadersPostRemap(atscppapi::Transaction&)+124>,
 bases=bases@entry=0x2b560a0fe508) at ../.././libgcc/unwind-dw2-fde-dip.c:469
   #3  0x00002b56037a8a43 in uw_frame_state_for 
(context=context@entry=0x2b560a0fe460, fs=fs@entry=0x2b560a0fe550) at 
../.././libgcc/unwind-dw2.c:1249
   #4  0x00002b56037aa988 in _Unwind_Backtrace (trace=0x2b5603ac4da0 
<backtrace_helper>, trace_argument=0x2b560a0fe710) at 
../.././libgcc/unwind.inc:290
   #5  0x00002b5603ac4f16 in backtrace () from /lib64/libc.so.6
   #6  0x00002b56010afa43 in ink_stack_trace_dump () at ink_stack_trace.cc:63
   #7  0x00002b56010c48b3 in signal_crash_handler (signo=signo@entry=11) at 
signals.cc:180
   #8  0x00000000004c3dde in crash_logger_invoke (signo=11, 
info=0x2b560a0fecb0, ctx=0x2b560a0feb80) at traffic_server/Crash.cc:173
   #9  <signal handler called>
   #10 Http1ServerSession::get_server_ip (this=this@entry=0x0) at 
Http1ServerSession.cc:223
   #11 0x000000000056108c in ServerSessionPool::acquireSession 
(this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., 
match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, 
sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at 
HttpSessionManager.cc:159
   #12 0x00000000005618d1 in HttpSessionManager::acquire_session (this=0xacdee0 
<httpSessionManager>, ip=0x2b56a6912410, hostname=0x2b5614a03019 
"lva1-app52756.prod.linkedin.com", ua_txn=<optimized out>, 
sm=sm@entry=0x2b56a6911ce0) at HttpSessionManager.cc:398
   #13 0x00000000005540cc in HttpSM::do_http_server_open 
(this=this@entry=0x2b56a6911ce0, raw=raw@entry=false) at HttpSM.cc:5029
   #14 0x0000000000556d60 in HttpSM::set_next_state (this=0x2b56a6911ce0) at 
HttpSM.cc:7559
   #15 0x0000000000541302 in HttpSM::call_transact_and_set_next_state 
(this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
   #16 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at 
HttpSM.cc:1634
   #17 0x000000000054d7ee in HttpSM::state_api_callout (this=0x2b56a6911ce0, 
event=<optimized out>, data=<optimized out>) at HttpSM.cc:1566
   #18 0x0000000000556d73 in HttpSM::set_next_state (this=0x2b56a6911ce0) at 
HttpSM.cc:7396
   #19 0x0000000000541302 in HttpSM::call_transact_and_set_next_state 
(this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
   #20 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at 
HttpSM.cc:1634
   #21 0x000000000054d7ee in HttpSM::state_api_callout (this=0x2b56a6911ce0, 
event=<optimized out>, data=<optimized out>) at HttpSM.cc:1566
   #22 0x0000000000556d73 in HttpSM::set_next_state (this=0x2b56a6911ce0) at 
HttpSM.cc:7396
   #23 0x0000000000541302 in HttpSM::call_transact_and_set_next_state 
(this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
   #24 0x0000000000543d3a in HttpSM::do_hostdb_lookup 
(this=this@entry=0x2b56a6911ce0) at HttpSM.cc:4252
   #25 0x0000000000556e1a in HttpSM::set_next_state (this=0x2b56a6911ce0) at 
HttpSM.cc:7712
   #26 0x0000000000541302 in HttpSM::call_transact_and_set_next_state 
(this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
   #27 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at 
HttpSM.cc:1634
   #28 0x000000000054d7ee in HttpSM::state_api_callout 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1566
   #29 0x0000000000550a34 in HttpSM::state_api_callback 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1366
   #30 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, 
event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
   #31 0x00002b562b119c91 in 
HostOverridePostRemapPlugin::handleReadRequestHeadersPostRemap 
(this=0x2b56193fffd0, transaction=...) at host_override.cpp:189
   #32 0x00002b561ac22ea8 in invokePluginForEvent 
(event=TS_EVENT_HTTP_POST_REMAP, ats_txn_handle=0x2b56a6911ce0, 
plugin=0x2b56193fffd0) at utils_internal.cc:156
   #33 atscppapi::utils::internal::invokePluginForEvent 
(plugin=plugin@entry=0x2b56193fffd0, 
ats_txn_handle=ats_txn_handle@entry=0x2b56a6911ce0, 
event=event@entry=TS_EVENT_HTTP_POST_REMAP) at utils_internal.cc:247
   #34 0x00002b561ac1f2f5 in (anonymous 
namespace)::handleTransactionPluginEvents (cont=0x2b56bf5d13c0, 
event=TS_EVENT_HTTP_POST_REMAP, edata=0x2b56a6911ce0) at TransactionPlugin.cc:53
   #35 0x00000000004d7231 in INKContInternal::handle_event 
(this=0x2b56bf5d13c0, event=60017, edata=0x2b56a6911ce0) at 
traffic_server/InkAPI.cc:1096
   #36 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b56bf5d13c0, 
event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at 
/home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
   #37 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b560c2179a0, 
event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
   #38 0x000000000054d2b7 in HttpSM::state_api_callout 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1499
   #39 0x0000000000550a34 in HttpSM::state_api_callback 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1366
   #40 0x00000000004eba3a in TSHttpTxnReenable (txnp=txnp@entry=0x2b56a6911ce0, 
event=event@entry=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
   #41 0x00002b563cca6cd9 in TxnOpenCloseHandler (contp=<optimized out>, 
event=<optimized out>, edata=0x2b56a6911ce0) at adaptor.cc:1697
   #42 0x00000000004d7231 in INKContInternal::handle_event 
(this=0x2b5636fc9840, event=60017, edata=0x2b56a6911ce0) at 
traffic_server/InkAPI.cc:1096
   #43 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5636fc9840, 
event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at 
/home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
   #44 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75ae0, 
event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
   #45 0x000000000054d2b7 in HttpSM::state_api_callout 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1499
   #46 0x0000000000550a34 in HttpSM::state_api_callback 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1366
   #47 0x00000000004eba3a in TSHttpTxnReenable (txnp=txnp@entry=0x2b56a6911ce0, 
event=event@entry=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
   #48 0x00002b563a384db9 in TxnOpenCloseHandler (contp=<optimized out>, 
event=<optimized out>, edata=0x2b56a6911ce0) at adaptor.cc:1718
   #49 0x00000000004d7231 in INKContInternal::handle_event 
(this=0x2b5636fc98e0, event=60017, edata=0x2b56a6911ce0) at 
traffic_server/InkAPI.cc:1096
   #50 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5636fc98e0, 
event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at 
/home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
   #51 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75b20, 
event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
   #52 0x000000000054d2b7 in HttpSM::state_api_callout 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1499
   #53 0x0000000000550a34 in HttpSM::state_api_callback 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1366
   #54 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, 
event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
   #55 0x00002b56326ed625 in 
geoip_logic::GeoipLogic::handleReadRequestHeadersPostRemap 
(this=0x2b5607752b00, transaction=...) at GeoipLogic.cc:157
   #56 0x00002b561ac14c07 in (anonymous namespace)::handleGlobalPluginEvents 
(cont=<optimized out>, event=TS_EVENT_HTTP_POST_REMAP, edata=0x2b56a6911ce0) at 
GlobalPlugin.cc:65
   #57 0x00000000004d7231 in INKContInternal::handle_event 
(this=0x2b5606f54340, event=60017, edata=0x2b56a6911ce0) at 
traffic_server/InkAPI.cc:1096
   #58 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5606f54340, 
event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at 
/home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
   #59 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75b40, 
event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
   #60 0x000000000054d2b7 in HttpSM::state_api_callout 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1499
   #61 0x0000000000550a34 in HttpSM::state_api_callback 
(this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) 
at HttpSM.cc:1366
   #62 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, 
event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
   
   
   (gdb) f 11
   #11 0x000000000056108c in ServerSessionPool::acquireSession 
(this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., 
match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, 
sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at 
HttpSessionManager.cc:159
   159     HttpSessionManager.cc: No such file or directory.
   (gdb) up
   #12 0x00000000005618d1 in HttpSessionManager::acquire_session (this=0xacdee0 
<httpSessionManager>, ip=0x2b56a6912410, hostname=0x2b5614a03019 
"lva1-app52756.prod.linkedin.com", ua_txn=<optimized out>, 
sm=sm@entry=0x2b56a6911ce0) at HttpSessionManager.cc:398
   398     in HttpSessionManager.cc
   (gdb) p last
   No symbol "last" in current context.
   (gdb) down
   #11 0x000000000056108c in ServerSessionPool::acquireSession 
(this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., 
match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, 
sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at 
HttpSessionManager.cc:159
   159     in HttpSessionManager.cc
   (gdb) p last
   $1 = {<ts::IntrusiveDList<Http1ServerSession::FQDNLinkage>::const_iterator> 
= {_list = 0x2b56048ac998, _v = 0x0}, <No data fields>}
   (gdb) p first
   
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [trafficserver] sudheerv opened a new issue #6864: Crash in acquireSession due to invalid iterator access

Reply via email to