You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/08/21 14:48:10 UTC
[GitHub] [trafficserver] shinrich commented on issue #7127: Effective NULL dereference via TSActionCancel
shinrich commented on issue #7127:
URL: https://github.com/apache/trafficserver/issues/7127#issuecomment-678329814
Just ran into another crash today due to an action pointer set to 1
```
(gdb)
#0 HttpSM::kill_this() () at ../../../../../../_vcs/trafficserver9/proxy/http/HttpSM.cc:6932
#1 0x0000000000555fd0 in main_handler (data=0x2b93a4ae32d8, event=104, this=0x2b9447a97000) at ../../../../../../_vcs/trafficserver9/proxy/http/HttpSM.cc:2639
#2 HttpSM::main_handler (this=0x2b9447a97000, event=104, data=0x2b93a4ae32d8) at ../../../../../../_vcs/trafficserver9/proxy/http/HttpSM.cc:2596
#3 0x000000000072b6c3 in handleEvent (data=0x2b93a4ae32d8, event=104, this=0x2b9447a97000)
at /sd/workspace/src/git.vzbuilders.com/Edge/build/_build/build_release_posix-x86_64_gcc_8/trafficserver9/build/../../../../_vcs/trafficserver9/iocore/eventsystem/I_Continuation.h:167
#4 handleEvent (data=0x2b93a4ae32d8, event=104, this=0x2b9447a97000)
at /sd/workspace/src/git.vzbuilders.com/Edge/build/_build/build_release_posix-x86_64_gcc_8/trafficserver9/build/../../../../_vcs/trafficserver9/iocore/eventsystem/I_Continuation.h:163
#5 read_signal_and_update (vc=0x2b93a4ae3100, event=104) at ../../../../../../_vcs/trafficserver9/iocore/net/UnixNetVConnection.cc:83
#6 read_signal_done (vc=0x2b93a4ae3100, nh=0x2b92ce25f280, event=event@entry=104) at ../../../../../../_vcs/trafficserver9/iocore/net/UnixNetVConnection.cc:146
#7 UnixNetVConnection::readSignalDone (this=this@entry=0x2b93a4ae3100, event=event@entry=104, nh=nh@entry=0x2b92ce25f280)
at ../../../../../../_vcs/trafficserver9/iocore/net/UnixNetVConnection.cc:1008
#8 0x00000000007035e5 in SSLNetVConnection::net_read_io(NetHandler*, EThread*) () at ../../../../../../_vcs/trafficserver9/iocore/net/SSLNetVConnection.cc:714
#9 0x000000000071fafe in NetHandler::process_ready_list (this=this@entry=0x2b92ce25f280) at ../../../../../../_vcs/trafficserver9/iocore/net/UnixNet.cc:413
#10 0x000000000071ff70 in NetHandler::waitForActivity(long) () at ../../../../../../_vcs/trafficserver9/iocore/net/UnixNet.cc:548
#11 0x000000000076b641 in EThread::execute_regular (this=this@entry=0x2b92ce25b200) at ../../../../../../_vcs/trafficserver9/iocore/eventsystem/I_PriorityEventQueue.h:115
#12 0x000000000076b896 in execute (this=0x2b92ce25b200) at ../../../../../../_vcs/trafficserver9/iocore/eventsystem/UnixEThread.cc:332
#13 EThread::execute (this=0x2b92ce25b200) at ../../../../../../_vcs/trafficserver9/iocore/eventsystem/UnixEThread.cc:310
#14 0x0000000000769b19 in spawn_thread_internal (a=0x2b92c8abea00) at ../../../../../../_vcs/trafficserver9/iocore/eventsystem/Thread.cc:92
#15 0x00002b92c6fb2dd5 in start_thread () from /lib64/libpthread.so.0
#16 0x00002b92c7ce802d in clone () from /lib64/libc.so.6
(gdb) print pending_action
$3 = (Action *) 0x1
```
This particular crash I think is due to PR #4921. Judging from the number of threads in the core the system was shutting down.
In that case I think we should either redefine ACTION_RESULT_NONE to 0 or have UnixNetProcessor::connect_re_internal return nullptr.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org