[jira] [Updated] (TS-2890) Core dump in spdylay_submit_syn_reply

Thu, 20 Nov 2014 10:41:59 -0800 

     [ 
https://issues.apache.org/jira/browse/TS-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Susan Hinrichs updated TS-2890:
-------------------------------
    Fix Version/s:     (was: 5.2.0)
                   5.3.0

> Core dump in spdylay_submit_syn_reply
> -------------------------------------
>
>                 Key: TS-2890
>                 URL: https://issues.apache.org/jira/browse/TS-2890
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SPDY
>            Reporter: Sudheer Vinukonda
>             Fix For: 5.3.0
>
>
> session object seems to be fine in  spdy_process_fetch_header(), but, is null 
> inside spdylay_submit_syn_reply() resulting in a crash. Based on the stack 
> trace, this looks to be spdy connection on http port. 
> {code}
> #0  spdylay_submit_syn_reply (session=0x0, flags=0 '\000', stream_id=33, 
> nv=0x2ba4dc1d9c90) at spdylay_submit.c:137
> #1  0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, 
> event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366
> #2  spdy_process_fetch (this=0x2ba62cbdc880, event=-2, edata=0x2ba68aa47a60) 
> at SpdyClientSession.cc:321
> #3  SpdyClientSession::state_session_readwrite (this=0x2ba62cbdc880, 
> event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:251
> #4  0x00000000004a46da in handleEvent (this=0x2ba68aa47a60, error_event=0) at 
> ../iocore/eventsystem/I_Continuation.h:146
> #5  FetchSM::InvokePluginExt (this=0x2ba68aa47a60, error_event=0) at 
> FetchSM.cc:233
> #6  0x00000000004a4bb7 in FetchSM::process_fetch_read (this=0x2ba68aa47a60, 
> event=<value optimized out>) at FetchSM.cc:400
> #7  0x00000000004a4d6b in FetchSM::fetch_handler (this=0x2ba68aa47a60, 
> event=104, edata=0x2ba670cf8a18) at FetchSM.cc:449
> #8  0x00000000004dd82a in PluginVC::process_read_side (this=0x2ba670cf8920, 
> other_side_call=false) at PluginVC.cc:637
> #9  0x00000000004df81a in PluginVC::main_handler (this=0x2ba670cf8920, 
> event=<value optimized out>, data=0x2ba539202740) at PluginVC.cc:208
> #10 0x000000000073409f in handleEvent (this=0x2ba3b2323010, e=0x2ba539202740, 
> calling_code=1) at I_Continuation.h:146
> #11 EThread::process_event (this=0x2ba3b2323010, e=0x2ba539202740, 
> calling_code=1) at UnixEThread.cc:145
> #12 0x0000000000734c73 in EThread::execute (this=0x2ba3b2323010) at 
> UnixEThread.cc:239
> #13 0x000000000073344a in spawn_thread_internal (a=0x2645060) at Thread.cc:88
> #14 0x00002ba3aaf15851 in start_thread () from /lib64/libpthread.so.0
> #15 0x00000038818e894d in clone () from /lib64/libc.so.6
> (gdb) print session
> $36 = (spdylay_session *) 0x0
> (gdb) up
> #1  0x00000000005ef804 in spdy_process_fetch_header (this=0x2ba62cbdc880, 
> event=-2, edata=0x2ba68aa47a60) at SpdyClientSession.cc:366
> 366   SpdyClientSession.cc: No such file or directory.
>       in SpdyClientSession.cc
> (gdb) print sm->session
> $37 = (spdylay_session *) 0x2ba56ad12130
> (gdb) print *sm->session
> $38 = {streams = {table = 0x2ba5689b86d0, tablelen = 16, size = 0}, ob_pq = 
> {q = 0x2ba56989df50, length = 0, capacity = 4096, compar = 0x736a50 
> <spdylay_outbound_item_compar>}, ob_ss_pq = {
>     q = 0x2ba5681edfd0, length = 0, capacity = 4096, compar = 0x736a50 
> <spdylay_outbound_item_compar>}, aob = {item = 0x0, framebuf = 0x2ba64d7e4be0 
> "\200\003", framebufmax = 4104, 
>     framebuflen = 0, framebufoff = 0}, iframe = {inflatebuf = {capacity = 
> 4096, root = {data = 0x0, next = 0x0}, current = 0x2ba56ad121b8, len = 0, 
> last_offset = 4096}, 
>     buf = 0x2ba56913a3c0 "\300\235'k\245+", headbufoff = 0, bufmax = 4104, 
> buflen = 0, payloadlen = 0, off = 0, state = SPDYLAY_RECV_HEAD, error_code = 
> 0, 
>     headbuf = "\000\000\000\000\000\000\000"}, hd_deflater = {zst = {next_in 
> = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = 
> 0, msg = 0x0, 
>       state = 0x2ba64f2b6900, zalloc = 0x3882408da0 <zcalloc>, zfree = 
> 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 2, adler = 3821447106, 
> reserved = 0}, version = 3}, hd_inflater = {
>     zst = {next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, 
> avail_out = 0, total_out = 0, msg = 0x0, state = 0x2ba64cb426e0, zalloc = 
> 0x3882408da0 <zcalloc>, 
>       zfree = 0x3882408d90 <zcfree>, opaque = 0x0, data_type = 0, adler = 1, 
> reserved = 0}, version = 3}, cli_certvec = {vector = 0x0, size = 0, capacity 
> = 0, last_slot = 0}, callbacks = {
>     send_callback = 0x5f15b0 <spdy_send_callback(spdylay_session*, uint8_t 
> const*, size_t, int, void*)>, 
>     recv_callback = 0x5f14f0 <spdy_recv_callback(spdylay_session*, uint8_t*, 
> size_t, int, void*)>, 
>     on_ctrl_recv_callback = 0x5f1fc0 
> <spdy_on_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, 
> spdylay_frame*, void*)>, 
>     on_invalid_ctrl_recv_callback = 0x5f1000 
> <spdy_on_invalid_ctrl_recv_callback(spdylay_session*, spdylay_frame_type, 
> spdylay_frame*, uint32_t, void*)>, 
>     on_data_chunk_recv_callback = 0x5f1ce0 
> <spdy_on_data_chunk_recv_callback(spdylay_session*, uint8_t, int32_t, uint8_t 
> const*, size_t, void*)>, 
>     on_data_recv_callback = 0x5f1ad0 
> <spdy_on_data_recv_callback(spdylay_session*, uint8_t, int32_t, int32_t, 
> void*)>, 
>     before_ctrl_send_callback = 0x5f1010 
> <spdy_before_ctrl_send_callback(spdylay_session*, spdylay_frame_type, 
> spdylay_frame*, void*)>, 
>     on_ctrl_send_callback = 0x5f14d0 
> <spdy_on_ctrl_send_callback(spdylay_session*, spdylay_frame_type, 
> spdylay_frame*, void*)>, 
>     on_ctrl_not_send_callback = 0x5f1020 
> <spdy_on_ctrl_not_send_callback(spdylay_session*, spdylay_frame_type, 
> spdylay_frame*, int, void*)>, 
>     on_data_send_callback = 0x5f16a0 
> <spdy_on_data_send_callback(spdylay_session*, uint8_t, int32_t, int32_t, 
> void*)>, 
>     on_stream_close_callback = 0x5f1030 
> <spdy_on_stream_close_callback(spdylay_session*, int32_t, 
> spdylay_status_code, void*)>, 
>     on_request_recv_callback = 0x5f1070 
> <spdy_on_request_recv_callback(spdylay_session*, int32_t, void*)>, 
>     get_credential_proof = 0x5f1040 
> <spdy_get_credential_proof(spdylay_session*, spdylay_origin const*, uint8_t*, 
> size_t, void*)>, 
>     get_credential_ncerts = 0x5f1050 
> <spdy_get_credential_ncerts(spdylay_session*, spdylay_origin const*, void*)>, 
>     get_credential_cert = 0x5f1060 
> <spdy_get_credential_cert(spdylay_session*, spdylay_origin const*, size_t, 
> uint8_t*, size_t, void*)>, 
>     on_ctrl_recv_parse_error_callback = 0x5f1080 
> <spdy_on_ctrl_recv_parse_error_callback(spdylay_session*, spdylay_frame_type, 
> uint8_t const*, size_t, uint8_t const*, size_t, int, void*)>, 
>     on_unknown_ctrl_recv_callback = 0x5f1090 
> <spdy_on_unknown_ctrl_recv_callback(spdylay_session*, uint8_t const*, size_t, 
> uint8_t const*, size_t, void*)>}, next_seq = 1, 
>   nvbuf = 0x2ba56aca58f0 "\260\243\023i\245+", user_data = 0x2ba62cbdc880, 
> num_outgoing_streams = 0, num_incoming_streams = 0, nvbuflen = 4096, 
> next_stream_id = 2, last_recv_stream_id = 0, 
>   next_unique_id = 2, last_ping_unique_id = 0, last_good_stream_id = 0, 
> window_size = 65536, recv_window_size = 0, remote_settings = {0, 0, 0, 0, 
> 2147483647, 0, 0, 65536, 0}, 
>   local_settings = {0, 0, 0, 0, 100, 0, 0, 65536, 0}, opt_flags = 0, 
> max_recv_ctrl_frame_buf = 16777215, version = 3, server = 1 '\001', 
> goaway_flags = 0 '\000', flow_control = 3 '\003'}
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to