Skip to content

Fix StackOverflowError in caused by missing re-entrancy guard#11838

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
masterfrom
vzakharov/fix-request-dispatcher-reentrancy-soe
Jul 7, 2026
Merged

Fix StackOverflowError in caused by missing re-entrancy guard#11838
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
masterfrom
vzakharov/fix-request-dispatcher-reentrancy-soe

Conversation

@ValentinZakharov

Copy link
Copy Markdown
Contributor

What Does This Do

Adds a re-entrancy guard to RequestDispatcherAdvice so that when forward() is triggered recursively from inside setAttribute(), the advice skips immediately instead of running again.

Motivation

Production StackOverflowError in SAP Hybris/Spartacus (v1.63.0).

When tracing a RequestDispatcher.forward() call, the tracer injects propagation headers by calling request.setAttribute(). In Hybris, a custom request wrapper intercepts setAttribute() and fires another forward() - which the tracer instruments again, calling setAttribute() again:

image

The fix uses CallDepthThreadLocalMap - already present in AsyncContextInstrumentation for the same reason - to detect re-entrant calls and exit immediately.

Additional Notes

  • Nested forward()/include() calls made from a servlet body will no longer generate child spans. This is the same trade-off already accepted in AsyncContextInstrumentation.
  • A regression test is included that reproduces the Hybris re-dispatch pattern with a synthetic HttpServletRequestWrapper.

Contributor Checklist

  • Format the title according to the contribution guidelines
  • Assign the type: and (comp: or inst:) labels in addition to any other useful labels
  • Avoid using close, fix, or any linking keywords when referencing an issue
    Use solves instead, and assign the PR milestone to the issue
  • Update the CODEOWNERS file on source file addition, migration, or deletion
  • Update public documentation with any new configuration flags or behaviors
  • Add your completed PR to the merge queue by commenting /merge. You can also:
    • Customize the commit message associated with the merge with /merge --commit-message "..."
    • Remove your PR from the merge queue with /merge -c
    • Skip all merge queue checks with /merge -f --reason "reason"; please use this judiciously, as some checks do not run at the PR-level (note: the PR still needs to be mergeable, this will only skip the pre-merge build)
    • Get more information in this doc

Jira ticket: [PROJ-IDENT]

@ValentinZakharov ValentinZakharov self-assigned this Jul 2, 2026
@ValentinZakharov ValentinZakharov added type: bug fix Bug fix inst:servlet Servlet instrumentation labels Jul 2, 2026
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner July 2, 2026 09:59
@ValentinZakharov ValentinZakharov requested review from ygree and removed request for a team July 2, 2026 09:59

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f7e8144fd7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

if (scope == null) {
return;
}
CallDepthThreadLocalMap.reset(RequestDispatcher.class);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep the call-depth guard active through context restore

In the normal servlet dispatch path requestContext is non-null because the servlet advice stores DD_CONTEXT_ATTRIBUTE on the request, so resetting the call-depth guard before request.setAttribute(DD_CONTEXT_ATTRIBUTE, requestContext) reopens the same recursion window on exit. With wrappers that redispatch from setAttribute() (the production scenario this fixes), the restore call now starts another fully instrumented forward() while the dispatcher span is still active, which can repeat from each nested exit and still overflow; keep the guard set until after all advice-driven setAttribute calls have completed.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this makes sense to me, and even if it's not the case, I think it's safer to reset the depth count at the very end of this method to avoid mistakes if the body changes.

@amarziali amarziali Jul 7, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think moving it in a try finally after the setAttribute just below is safer

@dd-octo-sts

dd-octo-sts Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite Status
Startup 🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results
Scenario Candidate master Δ (95% CI of mean)
startup:insecure-bank:iast:Agent 13.99 s 13.93 s [-0.4%; +1.4%] (no difference)
startup:insecure-bank:tracing:Agent 12.86 s 13.00 s [-1.8%; -0.3%] (maybe better)
startup:petclinic:appsec:Agent 16.79 s 16.69 s [-0.4%; +1.6%] (no difference)
startup:petclinic:iast:Agent 16.86 s 16.89 s [-1.2%; +0.8%] (no difference)
startup:petclinic:profiling:Agent 16.67 s 16.83 s [-1.9%; +0.1%] (no difference)
startup:petclinic:sca:Agent 16.85 s 16.17 s [-0.3%; +8.7%] (no difference)
startup:petclinic:tracing:Agent 15.95 s 15.94 s [-0.9%; +1.0%] (no difference)

Commit: cb6c9682 · CI Pipeline · Benchmarking Platform UI


Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

@amarziali amarziali left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me. I also noticed few errors like that in the telemetry that hopefully will be now fixed. The codex comment looks valid and should be addressed

@ValentinZakharov ValentinZakharov force-pushed the vzakharov/fix-request-dispatcher-reentrancy-soe branch from f7e8144 to cb6c968 Compare July 7, 2026 10:56
@datadog-datadog-us1-prod

datadog-datadog-us1-prod Bot commented Jul 7, 2026

Copy link
Copy Markdown

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 55.01% (-1.93%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: cb6c968 | Docs | Datadog PR Page | Give us feedback!

@ValentinZakharov ValentinZakharov added this pull request to the merge queue Jul 7, 2026
@dd-octo-sts

dd-octo-sts Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

/merge

@gh-worker-devflow-routing-ef8351

gh-worker-devflow-routing-ef8351 Bot commented Jul 7, 2026

Copy link
Copy Markdown

View all feedbacks in Devflow UI.

2026-07-07 12:42:16 UTC ℹ️ Start processing command /merge


2026-07-07 12:42:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 1h (p90).


2026-07-07 13:39:18 UTC ℹ️ MergeQueue: This merge request was merged

@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 7, 2026
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 49c6967 into master Jul 7, 2026
581 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the vzakharov/fix-request-dispatcher-reentrancy-soe branch July 7, 2026 13:39
@github-actions github-actions Bot added this to the 1.64.0 milestone Jul 7, 2026
kaahos pushed a commit that referenced this pull request Jul 8, 2026
…e-entrancy guard (#11838)

Fix StackOverflowError in RequestDispatcherAdvice caused by missing re-entrancy guard

Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

inst:servlet Servlet instrumentation type: bug fix Bug fix

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants