Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic Term Hash function during evaluation #601

Closed
tsandall opened this issue Feb 7, 2018 · 0 comments
Closed

Panic Term Hash function during evaluation #601

tsandall opened this issue Feb 7, 2018 · 0 comments
Labels
bug

Comments

@tsandall
Copy link
Member

tsandall commented Feb 7, 2018
edited
Loading

Reported by Alexey on Slack.

Hi, I got 
*http: panic serving [::1]:61712: runtime error: invalid memory address or nil pointer dereference*

Here is my scenario:
• upload a simple policy curl -X PUT --data-binary @test.rego localhost:8181/v1/policies/test/state
Here is the content of the policy file:
``` package test.state
 size = 3e+10```
• checked the data curl -X GET localhost:8181/v1/data/test/state, which returned {“result”:{“size”:3e+10}}
• tried to update the data curl -X PUT -H “Content-Type: application/json”  --data-binary ‘{“size” : 4 }’  -i localhost:8181/v1/data/test/state
the request returned 204 without any content
• now, tried to check the data again curl -X GET -i localhost:8181/v1/data/test/state
the response was curl: (52) Empty reply from server
in the OPA server logs there was “http: panic” error, see logs below. (edited)

OPA logs:

/opa run -s -l debug
INFO[2018-02-07T12:54:12+02:00] First line of log stream.                     addr=":8181" insecure_addr=
INFO[2018-02-07T12:54:23+02:00] Received request.                             client_addr="[::1]:61880" req_body="package test.state\n\nsize = 3e+10  \n\n\n\n" req_id=1 req_method=PUT req_params="map[]" req_path=/v1/policies/test/state
INFO[2018-02-07T12:54:23+02:00] Sent response.                                client_addr="[::1]:61880" req_id=1 req_method=PUT req_path=/v1/policies/test/state resp_body="{}" resp_bytes=2 resp_duration=2.137 resp_status=200
INFO[2018-02-07T12:54:27+02:00] Received request.                             client_addr="[::1]:61881" req_body= req_id=2 req_method=GET req_params="map[]" req_path=/v1/data/test/state
INFO[2018-02-07T12:54:27+02:00] Sent response.                                client_addr="[::1]:61881" req_id=2 req_method=GET req_path=/v1/data/test/state resp_body="{\"result\":{\"size\":3e+10}}" resp_bytes=25 resp_duration=1.53 resp_status=200
INFO[2018-02-07T12:54:38+02:00] Received request.                             client_addr="[::1]:61884" req_body="{\"size\" : 4 }" req_id=3 req_method=PUT req_params="map[]" req_path=/v1/data/test/state
INFO[2018-02-07T12:54:38+02:00] Sent response.                                client_addr="[::1]:61884" req_id=3 req_method=PUT req_path=/v1/data/test/state resp_body= resp_bytes=0 resp_duration=0.135 resp_status=204
INFO[2018-02-07T12:55:41+02:00] Received request.                             client_addr="[::1]:61888" req_body= req_id=4 req_method=GET req_params="map[]" req_path=/v1/data/test/state
2018/02/07 12:55:41 http: panic serving [::1]:61888: runtime error: invalid memory address or nil pointer dereference
goroutine 5 [running]:
net/http.(*conn).serve.func1(0xc42023e140)
    /usr/local/go/src/net/http/server.go:1721 +0xd0
panic(0x1530940, 0x184d6e0)
    /usr/local/go/src/runtime/panic.go:489 +0x2cf
github.com/open-policy-agent/opa/ast.(*Term).Hash(0xc4202d5c80, 0x696b289d5a328541)
    /go/src/github.com/open-policy-agent/opa/ast/term.go:317 +0x25
github.com/open-policy-agent/opa/topdown.newBindings.func2(0x157ccc0, 0xc4202d5c80, 0x696b289d5a328541)
    /go/src/github.com/open-policy-agent/opa/topdown/bindings.go:54 +0x3c
github.com/open-policy-agent/opa/util.(*HashMap).Get(0xc4202d5820, 0x157ccc0, 0xc4202d5c80, 0x0, 0x0, 0xc4202bea00)
    /go/src/github.com/open-policy-agent/opa/util/hashmap.go:64 +0x42
github.com/open-policy-agent/opa/topdown.(*bindings).get(0xc4202da420, 0xc4202d5c80, 0x0, 0x0, 0xc4202d8a00)
    /go/src/github.com/open-policy-agent/opa/topdown/bindings.go:152 +0x52
github.com/open-policy-agent/opa/topdown.(*bindings).apply(0xc4202da420, 0xc4202d5c80, 0xc4202d53e0, 0xc4202da420)
    /go/src/github.com/open-policy-agent/opa/topdown/bindings.go:137 +0x39
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc4202cb930, 0xc4202d53e0, 0xc4202d5c80, 0xc4202da420, 0xc4202da420, 0xc4202da650, 0x3, 0x3)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:323 +0x85
github.com/open-policy-agent/opa/topdown.evalTree.finish(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x3, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:907 +0x14b
github.com/open-policy-agent/opa/topdown.evalTree.eval(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x3, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:879 +0x18a
github.com/open-policy-agent/opa/topdown.evalTree.next(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x2, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:935 +0xf7
github.com/open-policy-agent/opa/topdown.evalTree.eval(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x2, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:885 +0xcf
github.com/open-policy-agent/opa/topdown.evalTree.next(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x1, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:935 +0xf7
github.com/open-policy-agent/opa/topdown.evalTree.eval(0xc4202cb930, 0xc4202d5220, 0x3, 0x4, 0xc4202d58e0, 0x3, 0x3, 0x1, 0xc4202da420, 0xc4202d53e0, ...)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:885 +0xcf
github.com/open-policy-agent/opa/topdown.(*eval).biunifyRef(0xc4202cb930, 0xc4202d53c0, 0xc4202d53e0, 0xc4202da420, 0xc4202da420, 0xc4202d8a20, 0xc4202d5820, 0x157ccc0)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:503 +0x412
github.com/open-policy-agent/opa/topdown.(*eval).biunifyValues(0xc4202cb930, 0xc4202d53c0, 0xc4202d53e0, 0xc4202da420, 0xc4202da420, 0xc4202d8a20, 0xc4202bf2d0, 0x11c2983)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:427 +0x78d
github.com/open-policy-agent/opa/topdown.(*eval).biunify(0xc4202cb930, 0xc4202d53c0, 0xc4202d53e0, 0xc4202da420, 0xc4202da420, 0xc4202d8a20, 0x1, 0xc4202d8a20)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:326 +0x142
github.com/open-policy-agent/opa/topdown.(*eval).unify(0xc4202cb930, 0xc4202d53c0, 0xc4202d53e0, 0xc4202d8a20, 0x1, 0x1)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:318 +0x57
github.com/open-policy-agent/opa/topdown.(*eval).evalStep(0xc4202cb930, 0x0, 0xc4202da450, 0xc4201b6000, 0x1959000)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:182 +0xad2
github.com/open-policy-agent/opa/topdown.(*eval).evalExpr(0xc4202cb930, 0x0, 0xc4202da450, 0x1586901, 0xc4202da450)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:155 +0x1db
github.com/open-policy-agent/opa/topdown.(*eval).eval(0xc4202cb930, 0xc4202da450, 0xc4202d5860, 0xc4202d5860)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:127 +0x3e
github.com/open-policy-agent/opa/topdown.(*eval).Run(0xc4202cb930, 0xc4202da440, 0xc4202bf5f8, 0x15c82b4)
    /go/src/github.com/open-policy-agent/opa/topdown/eval.go:45 +0xb3
github.com/open-policy-agent/opa/topdown.(*Query).Iter(0xc4202bf5f8, 0x18270e0, 0xc4200129f0, 0xc4202d8960, 0x0, 0x0)
    /go/src/github.com/open-policy-agent/opa/topdown/query.go:197 +0x3e4
github.com/open-policy-agent/opa/rego.(*Rego).eval(0xc420250180, 0x18270e0, 0xc4200129f0, 0xc42000c258, 0x1, 0x1, 0x1820660, 0xc420291e00, 0x0, 0x0, ...)
    /go/src/github.com/open-policy-agent/opa/rego/rego.go:380 +0x409
github.com/open-policy-agent/opa/rego.(*Rego).Eval(0xc420250180, 0x18270e0, 0xc4200129f0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /go/src/github.com/open-policy-agent/opa/rego/rego.go:250 +0x327
github.com/open-policy-agent/opa/server.(*Server).v1DataGet(0xc42015e500, 0x1825c60, 0xc420016600, 0xc420240600)
    /go/src/github.com/open-policy-agent/opa/server/server.go:577 +0x7f7
github.com/open-policy-agent/opa/server.(*Server).(github.com/open-policy-agent/opa/server.v1DataGet)-fm(0x1825c60, 0xc420016600, 0xc420240600)
    /go/src/github.com/open-policy-agent/opa/server/server.go:98 +0x48
net/http.HandlerFunc.ServeHTTP(0xc42015d8c0, 0x1825c60, 0xc420016600, 0xc420240600)
    /usr/local/go/src/net/http/server.go:1942 +0x44
github.com/open-policy-agent/opa/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc420074840, 0x1825c60, 0xc420016600, 0xc420240600)
    /go/src/github.com/open-policy-agent/opa/vendor/github.com/gorilla/mux/mux.go:150 +0x101
github.com/open-policy-agent/opa/runtime.(*LoggingHandler).ServeHTTP(0xc4201a1940, 0x18266a0, 0xc4202480e0, 0xc420240400)
    /go/src/github.com/open-policy-agent/opa/runtime/logging.go:78 +0x188
net/http.serverHandler.ServeHTTP(0xc4200aee70, 0x18266a0, 0xc4202480e0, 0xc420240400)
    /usr/local/go/src/net/http/server.go:2568 +0x92
net/http.(*conn).serve(0xc42023e140, 0x1827020, 0xc420016500)
    /usr/local/go/src/net/http/server.go:1825 +0x612
created by net/http.(*Server).Serve
    /usr/local/go/src/net/http/server.go:2668 +0x2ce

Version:

./opa version
Version: 0.6.0
Build Commit: 43fcc6a
Build Timestamp: 2018-01-18T23:06:13Z
Build Hostname: 1db82cc0e4e6
@tsandall tsandall added the bug label Feb 7, 2018
tsandall added a commit to tsandall/opa that referenced this issue Feb 8, 2018
@tsandall
Fix panic due to nil term value
56b19c4 
We were not catching merge failures when combining base and virtual
documents. As a result, a term with a nil value (which is invalid) was
being created and returned.

It's arguable that these kinds of conflicts should be caught when data
or policies are inserted. Alternatively, we should revisit whether
policy decisions should be obtained by querying the same root document
as raw data (e.g., decisions could be namespaced under a separate root
document.)

Fixes open-policy-agent#601
@tsandall tsandall mentioned this issue Feb 8, 2018
Merged
tsandall added a commit that referenced this issue Feb 8, 2018
@tsandall
Fix panic due to nil term value
7cc2fa5 
We were not catching merge failures when combining base and virtual
documents. As a result, a term with a nil value (which is invalid) was
being created and returned.

It's arguable that these kinds of conflicts should be caught when data
or policies are inserted. Alternatively, we should revisit whether
policy decisions should be obtained by querying the same root document
as raw data (e.g., decisions could be namespaced under a separate root
document.)

Fixes #601
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tsandall