[ https://issues.apache.org/jira/browse/TS-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan M. Carroll updated TS-2890: -------------------------------- Fix Version/s: (was: 5.1.0) 5.2.0 > Core dump in spdylay_submit_syn_reply > ------------------------------------- > > Key: TS-2890 > URL: https://issues.apache.org/jira/browse/TS-2890 > Project: Traffic Server > Issue Type: Bug > Components: SPDY > Reporter: Sudheer Vinukonda > Fix For: 5.2.0 > > > session object seems to be fine in spdy_process_fetch_header(), but, is null > inside spdylay_submit_syn_reply() resulting in a crash. Based on the stack > trace, this looks to be spdy connection on http port. > {code} > #0 spdylay_submit_syn_reply (session=0x0, flags=0 '\000', stream_id=33, > nv=0x2ba4dc1d9c90) at spdylay_submit.c:137 > #1 0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, > event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366 > #2 spdy_process_fetch (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) > at SpdyClientSession.cc:321 > #3 SpdyClientSession::state_session_readwrite (this=0x2ba62cbdc880, > event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:251 > #4 0x00000000004a46da in handleEvent (this=0x2ba68aa47a60, error_event=0) at > ../iocore/eventsystem/I_Continuation.h:146 > #5 FetchSM::InvokePluginExt (this=0x2ba68aa47a60, error_event=0) at > FetchSM.cc:233 > #6 0x00000000004a4bb7 in FetchSM::process_fetch_read (this=0x2ba68aa47a60, > event=<value optimized out>) at FetchSM.cc:400 > #7 0x00000000004a4d6b in FetchSM::fetch_handler (this=0x2ba68aa47a60, > event=104, edata=0x2ba670cf8a18) at FetchSM.cc:449 > #8 0x00000000004dd82a in PluginVC::process_read_side (this=0x2ba670cf8920, > other_side_call=false) at PluginVC.cc:637 > #9 0x00000000004df81a in PluginVC::main_handler (this=0x2ba670cf8920, > event=<value optimized out>, data=0x2ba539202740) at PluginVC.cc:208 > #10 0x000000000073409f in handleEvent (this=0x2ba3b2323010, e=0x2ba539202740, > calling_code=1) at I_Continuation.h:146 > #11 EThread::process_event (this=0x2ba3b2323010, e=0x2ba539202740, > calling_code=1) at UnixEThread.cc:145 > #12 0x0000000000734c73 in EThread::execute (this=0x2ba3b2323010) at > UnixEThread.cc:239 > #13 0x000000000073344a in spawn_thread_internal (a=0x2645060) at Thread.cc:88 > #14 0x00002ba3aaf15851 in start_thread () from /lib64/libpthread.so.0 > #15 0x00000038818e894d in clone () from /lib64/libc.so.6 > (gdb) print session > $36 = (spdylay_session *) 0x0 > (gdb) up > #1 0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, > event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366 > 366 SpdyClientSession.cc: No such file or directory. > in SpdyClientSession.cc > (gdb) print sm->session > $37 = (spdylay_session *) 0x2ba56ad12130 > (gdb) print *sm->session > $38 = {streams = {table = 0x2ba5689b86d0, tablelen = 16, size = 0}, ob_pq = > {q = 0x2ba56989df50, length = 0, capacity = 4096, compar = 0x736a50 > <spdylay_outbound_item_compar>}, ob_ss_pq = { > q = 0x2ba5681edfd0, length = 0, capacity = 4096, compar = 0x736a50 > <spdylay_outbound_item_compar>}, aob = {item = 0x0, framebuf = 0x2ba64d7e4be0 > "\200\003", framebufmax = 4104, > framebuflen = 0, framebufoff = 0}, iframe = {inflatebuf = {capacity = > 4096, root = {data = 0x0, next = 0x0}, current = 0x2ba56ad121b8, len = 0, > last_offset = 4096}, > buf = 0x2ba56913a3c0 "\300\235'k\245+", headbufoff = 0, bufmax = 4104, > buflen = 0, payloadlen = 0, off = 0, state = SPDYLAY_RECV_HEAD, error_code = > 0, > headbuf = "\000\000\000\000\000\000\000"}, hd_deflater = {zst = {next_in > = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = > 0, msg = 0x0, > state = 0x2ba64f2b6900, zalloc = 0x3882408da0 <zcalloc>, zfree = > 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 2, adler = 3821447106, > reserved = 0}, version = 3}, hd_inflater = { > zst = {next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, > avail_out = 0, total_out = 0, msg = 0x0, state = 0x2ba64cb426e0, zalloc = > 0x3882408da0 <zcalloc>, > zfree = 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 0, adler = 1, > reserved = 0}, version = 3}, cli_certvec = {vector = 0x0, size = 0, capacity > = 0, last_slot = 0}, callbacks = { > send_callback = 0x5f15b0 <spdy_send_callback(spdylay_session*, uint8_t > const*, size_t, int, void*)>, > recv_callback = 0x5f14f0 <spdy_recv_callback(spdylay_session*, uint8_t*, > size_t, int, void*)>, > on_ctrl_recv_callback = 0x5f1fc0 > <spdy_on_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, > spdylay_frame*, void*)>, > on_invalid_ctrl_recv_callback = 0x5f1000 > <spdy_on_invalid_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, > spdylay_frame*, uint32_t, void*)>, > on_data_chunk_recv_callback = 0x5f1ce0 > <spdy_on_data_chunk_recv_callback(spdylay_session*, uint8_t, int32_t, uint8_t > const*, size_t, void*)>, > on_data_recv_callback = 0x5f1ad0 > <spdy_on_data_recv_callback(spdylay_session*, uint8_t, int32_t, int32_t, > void*)>, > before_ctrl_send_callback = 0x5f1010 > <spdy_before_ctrl_send_callback(spdylay_session*, spdylay_frame_type, > spdylay_frame*, void*)>, > on_ctrl_send_callback = 0x5f14d0 > <spdy_on_ctrl_send_callback(spdylay_session*, spdylay_frame_type, > spdylay_frame*, void*)>, > on_ctrl_not_send_callback = 0x5f1020 > <spdy_on_ctrl_not_send_callback(spdylay_session*, spdylay_frame_type, > spdylay_frame*, int, void*)>, > on_data_send_callback = 0x5f16a0 > <spdy_on_data_send_callback(spdylay_session*, uint8_t, int32_t, int32_t, > void*)>, > on_stream_close_callback = 0x5f1030 > <spdy_on_stream_close_callback(spdylay_session*, int32_t, > spdylay_status_code, void*)>, > on_request_recv_callback = 0x5f1070 > <spdy_on_request_recv_callback(spdylay_session*, int32_t, void*)>, > get_credential_proof = 0x5f1040 > <spdy_get_credential_proof(spdylay_session*, spdylay_origin const*, uint8_t*, > size_t, void*)>, > get_credential_ncerts = 0x5f1050 > <spdy_get_credential_ncerts(spdylay_session*, spdylay_origin const*, void*)>, > get_credential_cert = 0x5f1060 > <spdy_get_credential_cert(spdylay_session*, spdylay_origin const*, size_t, > uint8_t*, size_t, void*)>, > on_ctrl_recv_parse_error_callback = 0x5f1080 > <spdy_on_ctrl_recv_parse_error_callback(spdylay_session*, spdylay_frame_type, > uint8_t const*, size_t, uint8_t const*, size_t, int, void*)>, > on_unknown_ctrl_recv_callback = 0x5f1090 > <spdy_on_unknown_ctrl_recv_callback(spdylay_session*, uint8_t const*, size_t, > uint8_t const*, size_t, void*)>}, next_seq = 1, > nvbuf = 0x2ba56aca58f0 "\260\243\023i\245+", user_data = 0x2ba62cbdc880, > num_outgoing_streams = 0, num_incoming_streams = 0, nvbuflen = 4096, > next_stream_id = 2, last_recv_stream_id = 0, > next_unique_id = 2, last_ping_unique_id = 0, last_good_stream_id = 0, > window_size = 65536, recv_window_size = 0, remote_settings = {0, 0, 0, 0, > 2147483647, 0, 0, 65536, 0}, > local_settings = {0, 0, 0, 0, 100, 0, 0, 65536, 0}, opt_flags = 0, > max_recv_ctrl_frame_buf = 16777215, version = 3, server = 1 '\001', > goaway_flags = 0 '\000', flow_control = 3 '\003'} > {code} -- This message was sent by Atlassian JIRA (v6.2#6252)