Sudheer Vinukonda created TS-3363:
-------------------------------------
Summary: core dump in HttpSM::handle_server_setup_error when
handling inactivity timer expiry
Key: TS-3363
URL: https://issues.apache.org/jira/browse/TS-3363
Project: Traffic Server
Issue Type: Bug
Components: Core
Reporter: Sudheer Vinukonda
The core dump is caused by missing null check for *c* here {{
https://github.com/apache/trafficserver/blob/master/proxy/http/HttpSM.cc#L5250}}
although, it seems that *c* shouldn't be null at this point (if *tunnel* is
active).
{code}
(gdb) bt
#0 0x00000000005daca9 in HttpSM::handle_server_setup_error
(this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at HttpSM.cc:5188
#1 0x00000000005cf16f in HttpSM::state_read_server_response_header
(this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at HttpSM.cc:1750
#2 0x00000000005d19ae in HttpSM::main_handler (this=0x2b906c5d8f10, event=105,
data=0x2b8e183b8300) at HttpSM.cc:2522
#3 0x00000000004f6bb8 in Continuation::handleEvent (this=0x2b906c5d8f10,
event=105, data=0x2b8e183b8300) at ../iocore/eventsystem/I_Continuation.h:146
#4 0x00000000007379b3 in read_signal_and_update (event=105, vc=0x2b8e183b81f0)
at UnixNetVConnection.cc:141
#5 0x000000000073a928 in UnixNetVConnection::mainEvent (this=0x2b8e183b81f0,
event=1, e=0x2771150) at UnixNetVConnection.cc:1071
#6 0x00000000004f6bb8 in Continuation::handleEvent (this=0x2b8e183b81f0,
event=1, data=0x2771150) at ../iocore/eventsystem/I_Continuation.h:146
#7 0x0000000000731eba in InactivityCop::check_inactivity (this=0x2647ba0,
event=2, e=0x2771150) at UnixNet.cc:100
#8 0x00000000004f6bb8 in Continuation::handleEvent (this=0x2647ba0, event=2,
data=0x2771150) at ../iocore/eventsystem/I_Continuation.h:146
#9 0x000000000075858e in EThread::process_event (this=0x2b8c9eb56010,
e=0x2771150, calling_code=2) at UnixEThread.cc:145
#10 0x00000000007588a9 in EThread::execute (this=0x2b8c9eb56010) at
UnixEThread.cc:224
#11 0x0000000000757b0c in spawn_thread_internal (a=0x2642360) at Thread.cc:88
#12 0x00002b8c9c6d8851 in __free_tcb () from /lib64/libpthread.so.0
#13 0x0000000000000000 in ?? ()
(gdb) print c
$1 = (HttpTunnelConsumer *) 0x0
(gdb) p post_transform_info.vc
$2 = (VConnection *) 0x0
(gdb) p post_transform_info
$3 = {entry = 0x0, vc = 0x0}
(gdb) p tunnel
$4 = {<Continuation> = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top =
0x7900d0}, handler = (int (Continuation::*)(Continuation *, int, void *))
0x61a23e
<HttpTunnel::main_handler(int, void*)>, mutex = {m_ptr = 0x2b8db912c7e0},
link = {<SLink<Continuation>> = {next = 0x0}, prev = 0x0}}, num_producers = 1,
num_consumers = 1, consumers = {{
link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer
= 0x2b906c5d9d30, self_producer = 0x0, vc_type = HT_HTTP_CLIENT, vc =
0x2b8ec5e96d50,
buffer_reader = 0x2b8db3149e50, vc_handler = (int (HttpSM::*)(HttpSM *,
int, HttpTunnelConsumer *)) 0x5d3078
<HttpSM::tunnel_handler_100_continue_ua(int, HttpTunnelConsumer*)>,
write_vio = 0x2b8e1883baf8, skip_bytes = 0, bytes_written = 0,
handler_state = 0, alive = true, write_success = false, name = 0x78e839 "user
agent"}, {
link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer
= 0x0, self_producer = 0x0, vc_type = HT_HTTP_SERVER, vc = 0x0, buffer_reader =
0x0, vc_handler = NULL,
write_vio = 0x0, skip_bytes = 0, bytes_written = 0, handler_state = 0,
alive = false, write_success = false, name = 0x0}, {link =
{<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0},
producer = 0x0, self_producer = 0x0, vc_type = HT_HTTP_SERVER, vc = 0x0,
buffer_reader = 0x0, vc_handler = NULL, write_vio = 0x0, skip_bytes = 0,
bytes_written = 0, handler_state = 0,
alive = false, write_success = false, name = 0x0}, {link =
{<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer = 0x0,
self_producer = 0x0, vc_type = HT_HTTP_SERVER,
vc = 0x0, buffer_reader = 0x0, vc_handler = NULL, write_vio = 0x0,
skip_bytes = 0, bytes_written = 0, handler_state = 0, alive = false,
write_success = false, name = 0x0}}, producers = {{
consumer_list = {head = 0x2b906c5d9b70}, self_consumer = 0x0, vc = 0x1,
vc_handler = NULL, read_vio = 0x0, read_buffer = 0x2b8db3149e10, buffer_start =
0x0, vc_type = HT_STATIC,
chunked_handler = {static DEFAULT_MAX_CHUNK_SIZE = 4096, action =
ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0, dechunked_buffer = 0x0,
dechunked_size = 0, dechunked_reader = 0x0,
chunked_buffer = 0x0, chunked_size = 0, truncation = false, skip_bytes
= 0, state = ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left =
0, last_server_event = 0,
running_sum = 0, num_digits = 0, max_chunk_size = 0, max_chunk_header =
'\000' <repeats 15 times>, max_chunk_header_len = 0}, chunking_action =
TCA_PASSTHRU_DECHUNKED_CONTENT,
do_chunking = false, do_dechunking = false, do_chunked_passthru = false,
init_bytes_done = 75, nbytes = 75, ntodo = 0, bytes_read = 0, handler_state =
0, last_event = 0,
num_consumers = 1, alive = false, read_success = true,
flow_control_source = 0x0, name = 0x78e8b6 "internal msg - 100 continue"},
{consumer_list = {head = 0x0}, self_consumer = 0x0,
vc = 0x0, vc_handler = NULL, read_vio = 0x0, read_buffer = 0x0,
buffer_start = 0x0, vc_type = HT_HTTP_SERVER, chunked_handler = {static
DEFAULT_MAX_CHUNK_SIZE = 4096,
action = ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0,
dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0,
chunked_buffer = 0x0, chunked_size = 0,
truncation = false, skip_bytes = 0, state =
ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0,
last_server_event = 0, running_sum = 0, num_digits = 0,
max_chunk_size = 0, max_chunk_header = '\000' <repeats 15 times>,
max_chunk_header_len = 0}, chunking_action = TCA_CHUNK_CONTENT, do_chunking =
false, do_dechunking = false,
do_chunked_passthru = false, init_bytes_done = 0, nbytes = 0, ntodo = 0,
bytes_read = 0, handler_state = 0, last_event = 0, num_consumers = 0, alive =
false, read_success = false,
flow_control_source = 0x0, name = 0x0}}, sm = 0x2b906c5d8f10, active =
true, flow_state = {static DEFAULT_WATER_MARK = 65536, high_water = 65536,
low_water = 65536, enabled_p = false},
postbuf = 0x0}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
