[jira] [Commented] (TS-4541) SEGV in send_a_data_frame with HTTP/2 (possibly ASAN mutex)

Thu, 01 Sep 2016 13:55:43 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-4541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456583#comment-15456583
 ] 

Susan Hinrichs commented on TS-4541:
------------------------------------

In [~zwoop]'s case priorities were not enabled.  The stream in frame 2 has a 
NULL parent pointer.  Http2Stream::send_response_body() dereferences the parent 
pointer without checking for NULL.  This explains the very odd "this" pointers 
in frame 1 and 0.  

Should check for a NULL parent pointer some where along the way.  Presumably 
this stream was on the way down when restart_streams activated it.  There is a 
stream state check in Http2ConnectionState::restart_streams but it is 
ineffective for this stream.  I'm guessing the stream state variable was not 
updated correctly.

> SEGV in send_a_data_frame with HTTP/2 (possibly ASAN  mutex)
> ------------------------------------------------------------
>
>                 Key: TS-4541
>                 URL: https://issues.apache.org/jira/browse/TS-4541
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP/2
>            Reporter: Bryan Call
>            Assignee: Bryan Call
>            Priority: Critical
>              Labels: A, ASAN
>             Fix For: 7.0.0
>
>
> {code}
> ==26628==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 
> 0x0000009ad1b9 sp 0x2b7e55d79740 bp 0x2b7e55d7d8f0 T15)
>     #0 0x9ad1b8 in Mutex_lock 
> ../../../trafficserver/iocore/eventsystem/I_Lock.h:381
>     #1 0x9ad1b8 in MutexLock 
> ../../../trafficserver/iocore/eventsystem/I_Lock.h:449
>     #2 0x9ad1b8 in Http2ConnectionState::send_a_data_frame(Http2Stream*, 
> unsigned long&) 
> ../../../trafficserver/proxy/http2/Http2ConnectionState.cc:1040
>     #3 0x9af71d in 
> Http2ConnectionState::send_data_frames_depends_on_priority() 
> ../../../trafficserver/proxy/http2/Http2ConnectionState.cc:1000
>     #4 0x9b1ff9 in Http2ConnectionState::main_event_handler(int, void*) 
> ../../../trafficserver/proxy/http2/Http2ConnectionState.cc:803
>     #5 0xe9f5e3 in Continuation::handleEvent(int, void*) 
> ../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
>     #6 0xe9f5e3 in EThread::process_event(Event*, int) 
> ../../../trafficserver/iocore/eventsystem/UnixEThread.cc:148
>     #7 0xea18c9 in EThread::execute() 
> ../../../trafficserver/iocore/eventsystem/UnixEThread.cc:202
>     #8 0xe9e128 in spawn_thread_internal 
> ../../../trafficserver/iocore/eventsystem/Thread.cc:86
>     #9 0x2b7e4d575aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0)
>     #10 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to