envoy: envoy-[main,1.27]: ORIGINAL_DST cluster with TLS transport, crash in config validation mode

this issue cleared through security group and was advised to create a public one:

issue introduced as part of the 1.27 release and was working on the almost the same configuration since 1.18.

simplest way to reproduce it is to define HTTP upstream cluster with TLS upstream like follow:

...
  - name: app_cluster
    alt_stat_name: app
    type: ORIGINAL_DST
    lb_policy: CLUSTER_PROVIDED
    original_dst_lb_config:
      use_http_header: true
      http_header_name: x-dst-host
    typed_extension_protocol_options:
      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
        "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
        common_http_protocol_options:
          max_requests_per_connection: 1
        explicit_http_config:
          http_protocol_options:
            allow_chunked_length: true
            override_stream_error_on_invalid_http_message: false
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        common_tls_context:
          tls_params:
            tls_minimum_protocol_version: TLSv1_2
            tls_maximum_protocol_version: TLSv1_3

run envoy in validation mode:  envoy --mode validate -c envoy.yaml

following stack trace exposed:

14:27:50  #16 0.444 [2023-08-31 18:27:50.332][10][critical][backtrace] [external/envoy/source/server/backtrace.h:104] Caught Segmentation fault, suspect faulting address 0x0
14:27:50  #16 0.444 [2023-08-31 18:27:50.332][10][critical][backtrace] [external/envoy/source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers):
14:27:50  #16 0.444 [2023-08-31 18:27:50.332][10][critical][backtrace] [external/envoy/source/server/backtrace.h:92] Envoy version: cc3dc27c51404f2f524893eba8a87316d76ab059/1.27.1-dev/Modified/RELEASE/BoringSSL
14:27:50  #16 0.444 [2023-08-31 18:27:50.332][10][critical][backtrace] [external/envoy/source/server/backtrace.h:98] #0: [0x7ff706922520]
14:27:50  #16 0.455 [2023-08-31 18:27:50.342][10][critical][backtrace] [external/envoy/source/server/backtrace.h:96] #1: Envoy::Extensions::TransportSockets::Tls::ClientSslSocketFactory::~ClientSslSocketFactory() [0x558683ecfb35]
14:27:50  #16 0.465 [2023-08-31 18:27:50.352][10][critical][backtrace] [external/envoy/source/server/backtrace.h:96] #2: 
...

About this issue

  • Original URL
  • State: open
  • Created 10 months ago
  • Comments: 31 (12 by maintainers)

Most upvoted comments

cc @kyessenov @lizan could you take a look at this issue please

+1
phlax on Feb 28, 2024

np - ill take a look tomorrow

+1
phlax on Jan 18, 2024

@pgeler ill close for now and we can consider backporting if anyone reports an issue

+1
phlax on Oct 30, 2023

I can confirm the main affected by the issue as well

+1
pgeler on Sep 5, 2023
Read more comments on GitHub
← envoy: Envoy is failing on Bazel CI
envoy: Envoy OOM problem with TLS →