-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heavy use of TLSSocket + tls.connect crashes with SIGSEGV/SIGABRT #17475
Comments
Thanks, this is all around a very nice bug report. I could reproduce with your repo! |
Debugging this seems pretty hard but here’s some hint at the root cause: valgrind + node debug build output
|
disregard meEdit: This was misguided, I confused @pimterry This is a potential fix, it would be cool if you could verify that? diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index 3b899ea12d50..7babba40e24c 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -101,6 +101,7 @@ TLSWrap::~TLSWrap() {
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
sni_context_.Reset();
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ set_destruct_cb({ nullptr, nullptr });
}
Could you try this? diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index 3b899ea12d50..4367420c0239 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -101,6 +101,14 @@ TLSWrap::~TLSWrap() {
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
sni_context_.Reset();
#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ if (stream_ != nullptr) {
+ stream_->set_destruct_cb({ nullptr, nullptr });
+ stream_->set_after_write_cb({ nullptr, nullptr });
+ stream_->set_alloc_cb({ nullptr, nullptr });
+ stream_->set_read_cb({ nullptr, nullptr });
+ stream_->set_destruct_cb({ nullptr, nullptr });
+ stream_->Unconsume();
+ }
}
I’m going to open a PR with that in a few minutes, it’s a correct change anyway (I think). |
@addaleax I've done some testing, it's obviously hard to tell if it totally resolves the issue, but I haven't seen any crashes in 10 mins or so of heavy use, so it's certainly a huge improvement! Thanks for this. I'll ping here if I see the issue again on this build, but if I don't hit it within a day or two I think this can be considered fixed. Will this get backported to node 6 & 8 too? |
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. Fixes: nodejs#17475
Hi @addaleax, thanks for fixing this! We're also hitting it quite a lot, I wonder whether you would be so kind to open your landed commit as a pull request against the |
Answered in #17478 (comment) so we can keep the discussion in the PR, @odinho , @pimterry , or anyone else in this thread please feel free to reply there. |
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
When the TLS stream is destroyed for whatever reason, we should unset all callbacks on the underlying transport stream. PR-URL: #17478 Fixes: #17475 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Jan Krems <jan.krems@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
tls
I've filed a repo with a full repro and details here: https://github.com/pimterry/node-tls-crash.
The specific code that's crashing is https://github.com/pimterry/node-tls-crash/blob/master/proxy.js
To summarize:
new TLSSocket
to handle incoming HTTP CONNECT sockets, usestls.connect
to create upstream connections, and pipes between the two.https://cnn.com
in a browser a few times), with one of a variety of pointer errors, seemingly always inCRYPTO_free
.v8.9.1
,v6.12.0
andv9.2.0
I've pulled this out of a larger project, and tried to shrink the repro down as much as possible. It's pretty small and standalone, but still not tiny tiny, as I haven't found a way to reproduce this without a real working browser session. Happy to shrink it further if you have any suggestions for doing so.
The text was updated successfully, but these errors were encountered: