Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-2890

core dump in spdylay_submit_syn_reply

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 5.3.0
    • SPDY
    • None

    Description

      session object seems to be fine in spdy_process_fetch_header(), but, is null inside spdylay_submit_syn_reply() resulting in a crash. Based on the stack trace, this looks to be spdy connection on http port.

      #0  spdylay_submit_syn_reply (session=0x0, flags=0 '\000', stream_id=33, nv=0x2ba4dc1d9c90) at spdylay_submit.c:137
      #1  0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366
      #2  spdy_process_fetch (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:321
      #3  SpdyClientSession::state_session_readwrite (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:251
      #4  0x00000000004a46da in handleEvent (this=0x2ba68aa47a60, error_event=0) at ../iocore/eventsystem/I_Continuation.h:146
      #5  FetchSM::InvokePluginExt (this=0x2ba68aa47a60, error_event=0) at FetchSM.cc:233
      #6  0x00000000004a4bb7 in FetchSM::process_fetch_read (this=0x2ba68aa47a60, event=<value optimized out>) at FetchSM.cc:400
      #7  0x00000000004a4d6b in FetchSM::fetch_handler (this=0x2ba68aa47a60, event=104, edata=0x2ba670cf8a18) at FetchSM.cc:449
      #8  0x00000000004dd82a in PluginVC::process_read_side (this=0x2ba670cf8920, other_side_call=false) at PluginVC.cc:637
      #9  0x00000000004df81a in PluginVC::main_handler (this=0x2ba670cf8920, event=<value optimized out>, data=0x2ba539202740) at PluginVC.cc:208
      #10 0x000000000073409f in handleEvent (this=0x2ba3b2323010, e=0x2ba539202740, calling_code=1) at I_Continuation.h:146
      #11 EThread::process_event (this=0x2ba3b2323010, e=0x2ba539202740, calling_code=1) at UnixEThread.cc:145
      #12 0x0000000000734c73 in EThread::execute (this=0x2ba3b2323010) at UnixEThread.cc:239
      #13 0x000000000073344a in spawn_thread_internal (a=0x2645060) at Thread.cc:88
      #14 0x00002ba3aaf15851 in start_thread () from /lib64/libpthread.so.0
      #15 0x00000038818e894d in clone () from /lib64/libc.so.6
      (gdb) print session
      $36 = (spdylay_session *) 0x0
      (gdb) up
      #1  0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366
      366	SpdyClientSession.cc: No such file or directory.
      	in SpdyClientSession.cc
      (gdb) print sm->session
      $37 = (spdylay_session *) 0x2ba56ad12130
      (gdb) print *sm->session
      $38 = {streams = {table = 0x2ba5689b86d0, tablelen = 16, size = 0}, ob_pq = {q = 0x2ba56989df50, length = 0, capacity = 4096, compar = 0x736a50 <spdylay_outbound_item_compar>}, ob_ss_pq = {
          q = 0x2ba5681edfd0, length = 0, capacity = 4096, compar = 0x736a50 <spdylay_outbound_item_compar>}, aob = {item = 0x0, framebuf = 0x2ba64d7e4be0 "\200\003", framebufmax = 4104, 
          framebuflen = 0, framebufoff = 0}, iframe = {inflatebuf = {capacity = 4096, root = {data = 0x0, next = 0x0}, current = 0x2ba56ad121b8, len = 0, last_offset = 4096}, 
          buf = 0x2ba56913a3c0 "\300\235'k\245+", headbufoff = 0, bufmax = 4104, buflen = 0, payloadlen = 0, off = 0, state = SPDYLAY_RECV_HEAD, error_code = 0, 
          headbuf = "\000\000\000\000\000\000\000"}, hd_deflater = {zst = {next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = 0, msg = 0x0, 
            state = 0x2ba64f2b6900, zalloc = 0x3882408da0 <zcalloc>, zfree = 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 2, adler = 3821447106, reserved = 0}, version = 3}, hd_inflater = {
          zst = {next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = 0, msg = 0x0, state = 0x2ba64cb426e0, zalloc = 0x3882408da0 <zcalloc>, 
            zfree = 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 0, adler = 1, reserved = 0}, version = 3}, cli_certvec = {vector = 0x0, size = 0, capacity = 0, last_slot = 0}, callbacks = {
          send_callback = 0x5f15b0 <spdy_send_callback(spdylay_session*, uint8_t const*, size_t, int, void*)>, 
          recv_callback = 0x5f14f0 <spdy_recv_callback(spdylay_session*, uint8_t*, size_t, int, void*)>, 
          on_ctrl_recv_callback = 0x5f1fc0 <spdy_on_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, spdylay_frame*, void*)>, 
          on_invalid_ctrl_recv_callback = 0x5f1000 <spdy_on_invalid_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, spdylay_frame*, uint32_t, void*)>, 
          on_data_chunk_recv_callback = 0x5f1ce0 <spdy_on_data_chunk_recv_callback(spdylay_session*, uint8_t, int32_t, uint8_t const*, size_t, void*)>, 
          on_data_recv_callback = 0x5f1ad0 <spdy_on_data_recv_callback(spdylay_session*, uint8_t, int32_t, int32_t, void*)>, 
          before_ctrl_send_callback = 0x5f1010 <spdy_before_ctrl_send_callback(spdylay_session*, spdylay_frame_type, spdylay_frame*, void*)>, 
          on_ctrl_send_callback = 0x5f14d0 <spdy_on_ctrl_send_callback(spdylay_session*, spdylay_frame_type, spdylay_frame*, void*)>, 
          on_ctrl_not_send_callback = 0x5f1020 <spdy_on_ctrl_not_send_callback(spdylay_session*, spdylay_frame_type, spdylay_frame*, int, void*)>, 
          on_data_send_callback = 0x5f16a0 <spdy_on_data_send_callback(spdylay_session*, uint8_t, int32_t, int32_t, void*)>, 
          on_stream_close_callback = 0x5f1030 <spdy_on_stream_close_callback(spdylay_session*, int32_t, spdylay_status_code, void*)>, 
          on_request_recv_callback = 0x5f1070 <spdy_on_request_recv_callback(spdylay_session*, int32_t, void*)>, 
          get_credential_proof = 0x5f1040 <spdy_get_credential_proof(spdylay_session*, spdylay_origin const*, uint8_t*, size_t, void*)>, 
          get_credential_ncerts = 0x5f1050 <spdy_get_credential_ncerts(spdylay_session*, spdylay_origin const*, void*)>, 
          get_credential_cert = 0x5f1060 <spdy_get_credential_cert(spdylay_session*, spdylay_origin const*, size_t, uint8_t*, size_t, void*)>, 
          on_ctrl_recv_parse_error_callback = 0x5f1080 <spdy_on_ctrl_recv_parse_error_callback(spdylay_session*, spdylay_frame_type, uint8_t const*, size_t, uint8_t const*, size_t, int, void*)>, 
          on_unknown_ctrl_recv_callback = 0x5f1090 <spdy_on_unknown_ctrl_recv_callback(spdylay_session*, uint8_t const*, size_t, uint8_t const*, size_t, void*)>}, next_seq = 1, 
        nvbuf = 0x2ba56aca58f0 "\260\243\023i\245+", user_data = 0x2ba62cbdc880, num_outgoing_streams = 0, num_incoming_streams = 0, nvbuflen = 4096, next_stream_id = 2, last_recv_stream_id = 0, 
        next_unique_id = 2, last_ping_unique_id = 0, last_good_stream_id = 0, window_size = 65536, recv_window_size = 0, remote_settings = {0, 0, 0, 0, 2147483647, 0, 0, 65536, 0}, 
        local_settings = {0, 0, 0, 0, 100, 0, 0, 65536, 0}, opt_flags = 0, max_recv_ctrl_frame_buf = 16777215, version = 3, server = 1 '\001', goaway_flags = 0 '\000', flow_control = 3 '\003'}
      

      Attachments

        Activity

          People

            sudheerv Sudheer Vinukonda
            sudheerv Sudheer Vinukonda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: