Crash in acquireSession due to invalid iterator access

Crash due to not validating the iterator after a decrement.

```
[Current thread is 1 (LWP 8739)]
(gdb) bt
#0  0x00002b5603a3f22a in strsignal () from /lib64/libc.so.6
#1  0x00002b56010c4822 in signal_format_siginfo (signo=signo@entry=11, info=info@entry=0x2b560e504170, msg=0xaaf4a4 <appVersionInfo+132> "traffic_server") at signals.cc:168
#2  0x00000000004c3dd1 in crash_logger_invoke (signo=11, info=0x2b560e504170, ctx=0x2b560e504040) at traffic_server/Crash.cc:172
#3  <signal handler called>
#4  0x0000000000000000 in ?? ()
#5  0x0000000000000000 in ?? ()
(gdb)

(gdb) thr 14
[Switching to thread 14 (Thread 0x2b52c6305700 (LWP 19308))]
#0  0x00002b52bf77106f in _Unwind_IteratePhdrCallback (info=<optimized out>, size=<optimized out>, ptr=0x2b52c6302e00) at ../.././libgcc/unwind-dw2-fde-dip.c:398
398     in ../.././libgcc/unwind-dw2-fde-dip.c
(gdb)

(gdb) bt
#0  0x00002b56037ac06f in _Unwind_IteratePhdrCallback (info=<optimized out>, size=<optimized out>, ptr=0x2b560a0fe380) at ../.././libgcc/unwind-dw2-fde-dip.c:398
#1  0x00002b5603aed42c in dl_iterate_phdr () from /lib64/libc.so.6
#2  0x00002b56037ac501 in _Unwind_Find_FDE (pc=0x2b562b119c90 <HostOverridePostRemapPlugin::handleReadRequestHeadersPostRemap(atscppapi::Transaction&)+124>, bases=bases@entry=0x2b560a0fe508) at ../.././libgcc/unwind-dw2-fde-dip.c:469
#3  0x00002b56037a8a43 in uw_frame_state_for (context=context@entry=0x2b560a0fe460, fs=fs@entry=0x2b560a0fe550) at ../.././libgcc/unwind-dw2.c:1249
#4  0x00002b56037aa988 in _Unwind_Backtrace (trace=0x2b5603ac4da0 <backtrace_helper>, trace_argument=0x2b560a0fe710) at ../.././libgcc/unwind.inc:290
#5  0x00002b5603ac4f16 in backtrace () from /lib64/libc.so.6
#6  0x00002b56010afa43 in ink_stack_trace_dump () at ink_stack_trace.cc:63
#7  0x00002b56010c48b3 in signal_crash_handler (signo=signo@entry=11) at signals.cc:180
#8  0x00000000004c3dde in crash_logger_invoke (signo=11, info=0x2b560a0fecb0, ctx=0x2b560a0feb80) at traffic_server/Crash.cc:173
#9  <signal handler called>
#10 Http1ServerSession::get_server_ip (this=this@entry=0x0) at Http1ServerSession.cc:223
#11 0x000000000056108c in ServerSessionPool::acquireSession (this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at HttpSessionManager.cc:159
#12 0x00000000005618d1 in HttpSessionManager::acquire_session (this=0xacdee0 <httpSessionManager>, ip=0x2b56a6912410, hostname=0x2b5614a03019 "lva1-app52756.prod.linkedin.com", ua_txn=<optimized out>, sm=sm@entry=0x2b56a6911ce0) at HttpSessionManager.cc:398
#13 0x00000000005540cc in HttpSM::do_http_server_open (this=this@entry=0x2b56a6911ce0, raw=raw@entry=false) at HttpSM.cc:5029
#14 0x0000000000556d60 in HttpSM::set_next_state (this=0x2b56a6911ce0) at HttpSM.cc:7559
#15 0x0000000000541302 in HttpSM::call_transact_and_set_next_state (this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
#16 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at HttpSM.cc:1634
#17 0x000000000054d7ee in HttpSM::state_api_callout (this=0x2b56a6911ce0, event=<optimized out>, data=<optimized out>) at HttpSM.cc:1566
#18 0x0000000000556d73 in HttpSM::set_next_state (this=0x2b56a6911ce0) at HttpSM.cc:7396
#19 0x0000000000541302 in HttpSM::call_transact_and_set_next_state (this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
#20 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at HttpSM.cc:1634
#21 0x000000000054d7ee in HttpSM::state_api_callout (this=0x2b56a6911ce0, event=<optimized out>, data=<optimized out>) at HttpSM.cc:1566
#22 0x0000000000556d73 in HttpSM::set_next_state (this=0x2b56a6911ce0) at HttpSM.cc:7396
#23 0x0000000000541302 in HttpSM::call_transact_and_set_next_state (this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
#24 0x0000000000543d3a in HttpSM::do_hostdb_lookup (this=this@entry=0x2b56a6911ce0) at HttpSM.cc:4252
#25 0x0000000000556e1a in HttpSM::set_next_state (this=0x2b56a6911ce0) at HttpSM.cc:7712
#26 0x0000000000541302 in HttpSM::call_transact_and_set_next_state (this=this@entry=0x2b56a6911ce0, f=f@entry=0x0) at HttpSM.cc:7362
#27 0x0000000000551c9a in HttpSM::handle_api_return (this=0x2b56a6911ce0) at HttpSM.cc:1634
#28 0x000000000054d7ee in HttpSM::state_api_callout (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1566
#29 0x0000000000550a34 in HttpSM::state_api_callback (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1366
#30 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
#31 0x00002b562b119c91 in HostOverridePostRemapPlugin::handleReadRequestHeadersPostRemap (this=0x2b56193fffd0, transaction=...) at host_override.cpp:189
#32 0x00002b561ac22ea8 in invokePluginForEvent (event=TS_EVENT_HTTP_POST_REMAP, ats_txn_handle=0x2b56a6911ce0, plugin=0x2b56193fffd0) at utils_internal.cc:156
#33 atscppapi::utils::internal::invokePluginForEvent (plugin=plugin@entry=0x2b56193fffd0, ats_txn_handle=ats_txn_handle@entry=0x2b56a6911ce0, event=event@entry=TS_EVENT_HTTP_POST_REMAP) at utils_internal.cc:247
#34 0x00002b561ac1f2f5 in (anonymous namespace)::handleTransactionPluginEvents (cont=0x2b56bf5d13c0, event=TS_EVENT_HTTP_POST_REMAP, edata=0x2b56a6911ce0) at TransactionPlugin.cc:53
#35 0x00000000004d7231 in INKContInternal::handle_event (this=0x2b56bf5d13c0, event=60017, edata=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1096
#36 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b56bf5d13c0, event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at /home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
#37 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b560c2179a0, event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
#38 0x000000000054d2b7 in HttpSM::state_api_callout (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1499
#39 0x0000000000550a34 in HttpSM::state_api_callback (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1366
#40 0x00000000004eba3a in TSHttpTxnReenable (txnp=txnp@entry=0x2b56a6911ce0, event=event@entry=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
#41 0x00002b563cca6cd9 in TxnOpenCloseHandler (contp=<optimized out>, event=<optimized out>, edata=0x2b56a6911ce0) at adaptor.cc:1697
#42 0x00000000004d7231 in INKContInternal::handle_event (this=0x2b5636fc9840, event=60017, edata=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1096
#43 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5636fc9840, event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at /home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
#44 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75ae0, event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
#45 0x000000000054d2b7 in HttpSM::state_api_callout (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1499
#46 0x0000000000550a34 in HttpSM::state_api_callback (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1366
#47 0x00000000004eba3a in TSHttpTxnReenable (txnp=txnp@entry=0x2b56a6911ce0, event=event@entry=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
#48 0x00002b563a384db9 in TxnOpenCloseHandler (contp=<optimized out>, event=<optimized out>, edata=0x2b56a6911ce0) at adaptor.cc:1718
#49 0x00000000004d7231 in INKContInternal::handle_event (this=0x2b5636fc98e0, event=60017, edata=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1096
#50 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5636fc98e0, event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at /home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
#51 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75b20, event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
#52 0x000000000054d2b7 in HttpSM::state_api_callout (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1499
#53 0x0000000000550a34 in HttpSM::state_api_callback (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1366
#54 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096
#55 0x00002b56326ed625 in geoip_logic::GeoipLogic::handleReadRequestHeadersPostRemap (this=0x2b5607752b00, transaction=...) at GeoipLogic.cc:157
#56 0x00002b561ac14c07 in (anonymous namespace)::handleGlobalPluginEvents (cont=<optimized out>, event=TS_EVENT_HTTP_POST_REMAP, edata=0x2b56a6911ce0) at GlobalPlugin.cc:65
#57 0x00000000004d7231 in INKContInternal::handle_event (this=0x2b5606f54340, event=60017, edata=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1096
#58 0x00000000004ef7e6 in Continuation::handleEvent (this=0x2b5606f54340, event=event@entry=60017, data=data@entry=0x2b56a6911ce0) at /home/svinukon/Traffic/ATS/ats9/ats-core_trunk/ats9/src/iocore/eventsystem/I_Continuation.h:193
#59 0x00000000004e9517 in APIHook::invoke (this=this@entry=0x2b5604d75b40, event=60017, edata=edata@entry=0x2b56a6911ce0) at traffic_server/InkAPI.cc:1333
#60 0x000000000054d2b7 in HttpSM::state_api_callout (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1499
#61 0x0000000000550a34 in HttpSM::state_api_callback (this=this@entry=0x2b56a6911ce0, event=event@entry=60000, data=data@entry=0x0) at HttpSM.cc:1366
#62 0x00000000004eba3a in TSHttpTxnReenable (txnp=0x2b56a6911ce0, event=TS_EVENT_HTTP_CONTINUE) at traffic_server/InkAPI.cc:6096


(gdb) f 11
#11 0x000000000056108c in ServerSessionPool::acquireSession (this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at HttpSessionManager.cc:159
159     HttpSessionManager.cc: No such file or directory.
(gdb) up
#12 0x00000000005618d1 in HttpSessionManager::acquire_session (this=0xacdee0 <httpSessionManager>, ip=0x2b56a6912410, hostname=0x2b5614a03019 "lva1-app52756.prod.linkedin.com", ua_txn=<optimized out>, sm=sm@entry=0x2b56a6911ce0) at HttpSessionManager.cc:398
398     in HttpSessionManager.cc
(gdb) p last
No symbol "last" in current context.
(gdb) down
#11 0x000000000056108c in ServerSessionPool::acquireSession (this=0x2b56048ac900, addr=addr@entry=0x2b56a6912410, hostname_hash=..., match_style=match_style@entry=TS_SERVER_SESSION_SHARING_MATCH_MASK_HOSTONLY, sm=sm@entry=0x2b56a6911ce0, to_return=@0x2b560a0ff910: 0x0) at HttpSessionManager.cc:159
159     in HttpSessionManager.cc
(gdb) p last
$1 = {<ts::IntrusiveDList<Http1ServerSession::FQDNLinkage>::const_iterator> = {_list = 0x2b56048ac998, _v = 0x0}, <No data fields>}
(gdb) p first

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Crash in acquireSession due to invalid iterator access #6864

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Crash in acquireSession due to invalid iterator access #6864

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions