shinrich opened a new pull request #7586: URL: https://github.com/apache/trafficserver/pull/7586
Found this while running autest against 9.0.x. About half the time I'd get a crash from open_close_h2. A later version of the crash is below. During debugging I added an assert to verify that the read_vio.cont was the the Http2 session. In the origin crash, the read_vio.cont was the Http2ClientSession, so after reading the request header, the READ_COMPLETE was sent to the Http2ClientSession which caused it to try and read another frame, even though there was no more data in the buffer. This caused it to interpret a frame of a bogus type. ``` (gdb) bt #0 0x00002acaf252e3d7 in raise () from /lib64/libc.so.6 #1 0x00002acaf252fac8 in abort () from /lib64/libc.so.6 #2 0x00002acaefaa40c8 in ink_abort (message_format=0x2acaefb11e78 "%s:%d: failed assertion `%s`") at ink_error.cc:99 #3 0x00002acaefa9fd11 in _ink_assert (expression=0xa27515 "read_vio.cont != _proxy_ssn", file=0xa27499 "Http2Stream.cc", line=168) at ink_assert.cc:37 #4 0x00000000007f0629 in Http2Stream::send_request (this=0x2acb02a78b80, cstate=...) at Http2Stream.cc:168 #5 0x00000000007e0a9b in rcv_headers_frame (cstate=..., frame=...) at Http2ConnectionState.cc:390 #6 0x00000000007e538e in Http2ConnectionState::main_event_handler (this=0x2acb14bb0798, event=2253, edata=0x2acafc308f60) at Http2ConnectionState.cc:1063 #7 0x000000000066b737 in Continuation::handleEvent (this=0x2acb14bb0798, event=2253, data=0x2acafc308f60) at /home/shinrich/vtrafficserver9/iocore/eventsystem/I_Continuation.h:167 #8 0x00000000007d6906 in send_connection_event (cont=0x2acb14bb0798, event=2253, edata=0x2acafc308f60) at Http2ClientSession.cc:65 #9 0x00000000007da8b4 in Http2ClientSession::do_complete_frame_read (this=0x2acb14bb0490) at Http2ClientSession.cc:570 #10 0x00000000007daf2d in Http2ClientSession::state_process_frame_read (this=0x2acb14bb0490, event=100, vio=0x2acb1b228ab0, inside_frame=false) at Http2ClientSession.cc:628 #11 0x00000000007d9ca8 in Http2ClientSession::state_start_frame_read (this=0x2acb14bb0490, event=100, edata=0x2acb1b228ab0) at Http2ClientSession.cc:482 #12 0x00000000007d8859 in Http2ClientSession::main_event_handler (this=0x2acb14bb0490, event=100, edata=0x2acb1b228ab0) at Http2ClientSession.cc:352 #13 0x000000000066b737 in Continuation::handleEvent (this=0x2acb14bb0490, event=100, data=0x2acb1b228ab0) at /home/shinrich/vtrafficserver9/iocore/eventsystem/I_Continuation.h:167 #14 0x00000000007d9a29 in Http2ClientSession::state_read_connection_preface (this=0x2acb14bb0490, event=100, edata=0x2acb1b228ab0) at Http2ClientSession.cc:462 #15 0x00000000007d8859 in Http2ClientSession::main_event_handler (this=0x2acb14bb0490, event=100, edata=0x2acb1b228ab0) at Http2ClientSession.cc:352 #16 0x000000000066b737 in Continuation::handleEvent (this=0x2acb14bb0490, event=100, data=0x2acb1b228ab0) at /home/shinrich/vtrafficserver9/iocore/eventsystem/I_Continuation.h:167 #17 0x000000000099b159 in read_signal_and_update (event=100, vc=0x2acb1b2288d0) at UnixNetVConnection.cc:83 #18 0x000000000099efa6 in UnixNetVConnection::readSignalAndUpdate (this=0x2acb1b2288d0, event=100) at UnixNetVConnection.cc:1042 #19 0x000000000095b997 in SSLNetVConnection::net_read_io (this=0x2acb1b2288d0, nh=0x2acaf6eb4a20, lthread=0x2acaf6eb0980) at SSLNetVConnection.cc:670 #20 0x00000000009904a0 in NetHandler::process_ready_list (this=0x2acaf6eb4a20) at UnixNet.cc:416 #21 0x0000000000990dc3 in NetHandler::waitForActivity (this=0x2acaf6eb4a20, timeout=60000000) at UnixNet.cc:551 #22 0x00000000009d4915 in EThread::execute_regular (this=0x2acaf6eb0980) at UnixEThread.cc:271 #23 0x00000000009d4b17 in EThread::execute (this=0x2acaf6eb0980) at UnixEThread.cc:332 #24 0x00000000009d3345 in spawn_thread_internal (a=0x2acaf33d9f80) at Thread.cc:92 #25 0x00002acaf18bfea5 in start_thread () from /lib64/libpthread.so.0 #26 0x00002acaf25f69fd in clone () from /lib64/libc.so.6 ``` The problem is that the HttpSM::state_add_to_list() was calling a do_io_read and passing in the continuation associated with the netvc (the Http2ClientSession in this case). That is never the correct thing for a Http2 session. This logic was introduced in PR #7096 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
