Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic: runtime error: invalid memory address or nil pointer dereference #4947

Closed
cv711 opened this issue Aug 10, 2023 · 6 comments · Fixed by #4957 or #4958
Closed

panic: runtime error: invalid memory address or nil pointer dereference #4947

cv711 opened this issue Aug 10, 2023 · 6 comments · Fixed by #4957 or #4958
Assignees
@wty-Bryant
Labels
bug This issue is a bug.

Comments

@cv711
Copy link

cv711 commented Aug 10, 2023

Describe the bug

I'm starting a SSM session with port forwarding to connect to our MySQL through our bastion ec2 instance. The session starts and awaits a connection at the defined port. When I tried to connect to the DB we get the panic defined below.

Expected Behavior

Should happily forward the connection without a panic.

Current Behavior

aws ssm start-session \
    --profile $PROFILE \
    --region $REGION \
    --target $instance \
    --document-name AWS-StartPortForwardingSessionToRemoteHost \
    --parameters '{"host":["mysql-host"],"portNumber":["9030"], "localPortNumber":["9030"]}'


Starting session with SessionId: <SESSIONID-0be6e845e23adb7ed>
Port 9030 opened for sessionId <SESSIONID-0be6e845e23adb7ed>.
Waiting for connections...
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x102679e44]

goroutine 40 [running]:
github.com/aws/aws-sdk-go/aws/credentials/ssocreds.(*SSOTokenProvider).refreshToken(0x1400014ef60, {{{0x14000568000, 0xe6}, 0x14000134ee8, {0x140005680f0, 0xe6}, {0x140001426c0, 0x22}, {0x1400056a000, 0x778}}, ...})
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go:115 +0x2d4
github.com/aws/aws-sdk-go/aws/credentials/ssocreds.(*SSOTokenProvider).RetrieveBearerToken(0x1400014ef60, {0x1022e0e84?, 0x1400016f7c0?})
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go:86 +0x108
github.com/aws/aws-sdk-go/aws/credentials/ssocreds.(*Provider).RetrieveWithContext(0x14000181480, {0x102a698f0, 0x140003ed490})
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go:107 +0x248
github.com/aws/aws-sdk-go/aws/credentials.(*Credentials).singleRetrieve(0x14000181500, {0x102a698f0, 0x140003ed490})
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/aws/credentials/credentials.go:277 +0x28c
github.com/aws/aws-sdk-go/aws/credentials.(*Credentials).GetWithContext.func1()
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/aws/credentials/credentials.go:255 +0x84
github.com/aws/aws-sdk-go/internal/sync/singleflight.(*Group).doCall(0x14000181500, 0x1400011baa0, {0x0, 0x0}, 0x0?)
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go:97 +0x38
created by github.com/aws/aws-sdk-go/internal/sync/singleflight.(*Group).DoChan
	/local/p4clients/pkgbuild-pmMNN/workspace/src/SSMCLI/vendor/src/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go:90 +0x3d0

Command '['session-manager-plugin',...

Reproduction Steps

aws ssm start-session
--profile $PROFILE
--region $REGION
--target $instance
--document-name AWS-StartPortForwardingSessionToRemoteHost
--parameters '{"host":["mysql-host"],"portNumber":["9030"], "localPortNumber":["9030"]}'

different terminal

mysql -h mysql-host -P 9030 -u user_ro -p

Possible Solution

No response

Additional Information/Context

No response

SDK version used

aws-cli/2.13.8 Python/3.11.4 Darwin/22.5.0 source/arm64 prompt/off

Environment details (Version of Go (go version)? OS name and version, etc.)

go version go1.20.6 darwin/arm64
@cv711 cv711 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 10, 2023
@wty-Bryant
Copy link
Contributor

Hi, thx for reporting issue. I'm trying to reproduce the error. Could you explain more detail of (1) content of session and profile (2) code to create the session using local profile if there's any? You can remove any sensitive info. Thx

@lucix-aws lucix-aws added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Aug 14, 2023
@cv711
Copy link
Author

cv711 commented Aug 14, 2023

so profile is set to nest-sandbox and the ~/.aws/config looks like this:

[profile nest-sandbox]
sso_session = staging
sso_account_id = <account_id>
sso_role_name = nest-sandbox
region = eu-west-1
output = json

and before starting a session with SSM I am authenticating with the following command:
$> aws sso login --profile=nest-sandbox

Let me know if you need more info.
Thanks!

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Aug 15, 2023
@isredstar
Copy link

I also occurs the similar problem:
image

@wty-Bryant
Copy link
Contributor

wty-Bryant commented Aug 16, 2023
edited

@isredstar Hello could you show more detail of your local profile, sso session and the code to reproduce the npe? It seems like your cred provider is nil, and different credential could be retrieved according to context of a profile.

@wty-Bryant wty-Bryant added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Aug 16, 2023
@wty-Bryant
Copy link
Contributor

wty-Bryant commented Aug 17, 2023
edited

@cv711 We discussed with service team for possible causes of the npe, when an access token is returned from ssooidc, an ExpiresIn will always be returned and the return err will be nil, which is confusing that this line panic without err returned. Could you capture the actual createResult so we can check which var is nil

Currently possible workaround is to dump your sso cache to redact the AT/RT/ClientSecret, and we will update token provider code here to print the nil error rather than panic, which is not expected in sdk

@wty-Bryant wty-Bryant mentioned this issue Aug 17, 2023
Merged
@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Aug 18, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Merged
aws-sdk-go-automation pushed a commit that referenced this issue Aug 18, 2023
Release v1.44.327 (2023-08-18)
8b5f669 
===

### Service Client Updates
* `service/codecommit`: Updates service API, documentation, and paginators
  * Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
* `service/securityhub`: Updates service API and documentation

### SDK Bugs
* `aws/credentials/ssocreds`: Modify sso token provider logic to handle possible nil val returned by CreateToken.
  * Fixes [4947](#4947)
aws-sdk-go-automation added a commit that referenced this issue Aug 18, 2023
@aws-sdk-go-automation
Release v1.44.327 (2023-08-18) (#4958)
1dee181 
Release v1.44.327 (2023-08-18)
===

### Service Client Updates
* `service/codecommit`: Updates service API, documentation, and paginators
  * Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
* `service/securityhub`: Updates service API and documentation

### SDK Bugs
* `aws/credentials/ssocreds`: Modify sso token provider logic to handle possible nil val returned by CreateToken.
  * Fixes [4947](#4947)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wty-Bryant wty-Bryant

Labels
bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle nil token returned by ssooidc aws/aws-sdk-go
Release v1.44.327 aws/aws-sdk-go
4 participants
@cv711 @isredstar @wty-Bryant @lucix-aws