| शीर्षक | SGLang Project (sgl-project) SGLang 0.5.10.post1 Reachable Assertion |
|---|
| विवरण | SGLang through 0.5.10.post1, when launched with --enable-lora, does not enforce the --max-loras-per-batch N limit at scheduler batch-construction time. When concurrent inference requests in a single scheduling round target more than N distinct LoRA adapter UIDs (including base-model requests with no lora_path, which count as a distinct UID), the scheduler assembles a batch with N+1 adapters. This triggers a reachable assertion (assert len(cur_uids) <= self.max_loras_per_batch) in python/sglang/srt/lora/lora_manager.py that is evaluated by the model runner. The unhandled AssertionError terminates the scheduler process, SIGQUIT propagates to the server, and the server becomes permanently unresponsive until restarted. A remote attacker with network access to the inference HTTP endpoint can cause denial of service by sending a small burst of completion requests across more adapters than the configured cap. No authentication is required in default deployments. |
|---|
| स्रोत | ⚠️ https://github.com/sgl-project/sglang/issues/23141 |
|---|
| उपयोगकर्ता | Zyz3366 (UID 97230) |
|---|
| सबमिशन | 13/05/2026 02:33 AM (22 दिन पहले) |
|---|
| संयम | 31/05/2026 08:11 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367593 [SGLang 0.5.10.post1 Inference HTTP Endpoint lora_manager.py lora_path सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|