You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2016/09/08 20:12:20 UTC

[jira] [Created] (TS-4831) HTTP/2 update_read_request crash

Susan Hinrichs created TS-4831:
----------------------------------

             Summary: HTTP/2 update_read_request crash
                 Key: TS-4831
                 URL: https://issues.apache.org/jira/browse/TS-4831
             Project: Traffic Server
          Issue Type: Bug
          Components: HTTP/2
            Reporter: Susan Hinrichs


Crash we have seen in production with our version of ATS.

{code}
gdb) bt
#0  0x000000000051579a in Mutex_lock (m=0x0, t=0x2ab3039f8010) at ../iocore/eventsystem/I_Lock.h:380
#1  0x000000000053d422 in MutexLock::MutexLock (this=0x2ab30a053500, am=0x0, t=0x2ab3039f8010) at ../iocore/eventsystem/I_Lock.h:447
#2  0x0000000000653f15 in Http2Stream::update_read_request (this=0x2ab448582c60, read_len=9223372036854775807, call_update=true) at Http2Stream.cc:420
#3  0x000000000064d579 in rcv_data_frame (cs=..., cstate=..., frame=...) at Http2ConnectionState.cc:145
#4  0x000000000064fd8f in Http2ConnectionState::main_event_handler (this=0x2ab47d30ae10, event=2253, edata=0x2ab30a055830)
    at Http2ConnectionState.cc:753
#5  0x0000000000515958 in Continuation::handleEvent (this=0x2ab47d30ae10, event=2253, data=0x2ab30a055830)
    at ../iocore/eventsystem/I_Continuation.h:150
#6  0x0000000000649f09 in send_connection_event (cont=0x2ab47d30ae10, event=2253, edata=0x2ab30a055830) at Http2ClientSession.cc:60
#7  0x000000000064c2a5 in Http2ClientSession::state_complete_frame_read (this=0x2ab47d30abd0, event=100, edata=0x2ab4dc3469e0)
    at Http2ClientSession.cc:478
#8  0x000000000064b03f in Http2ClientSession::main_event_handler (this=0x2ab47d30abd0, event=100, edata=0x2ab4dc3469e0) at Http2ClientSession.cc:292
#9  0x0000000000515958 in Continuation::handleEvent (this=0x2ab47d30abd0, event=100, data=0x2ab4dc3469e0) at ../iocore/eventsystem/I_Continuation.h:150
#10 0x000000000064bfed in Http2ClientSession::state_start_frame_read (this=0x2ab47d30abd0, event=100, edata=0x2ab4dc3469e0)
    at Http2ClientSession.cc:451
#11 0x000000000064b03f in Http2ClientSession::main_event_handler (this=0x2ab47d30abd0, event=100, edata=0x2ab4dc3469e0) at Http2ClientSession.cc:292
#12 0x0000000000515958 in Continuation::handleEvent (this=0x2ab47d30abd0, event=100, data=0x2ab4dc3469e0) at ../iocore/eventsystem/I_Continuation.h:150
#13 0x0000000000786a49 in read_signal_and_update (event=100, vc=0x2ab4dc3468c0) at UnixNetVConnection.cc:148
#14 0x0000000000789866 in UnixNetVConnection::readSignalAndUpdate (this=0x2ab4dc3468c0, event=100) at UnixNetVConnection.cc:1013
#15 0x000000000076e2bb in SSLNetVConnection::net_read_io (this=0x2ab4dc3468c0, nh=0x2ab3039fbe00, lthread=0x2ab3039f8010) at SSLNetVConnection.cc:576
#16 0x0000000000780465 in NetHandler::waitForActivity (this=0x2ab3039fbe00, timeout=60000000) at UnixNet.cc:546
#17 0x00000000007a7f6d in EThread::execute_regular (this=0x2ab3039f8010) at UnixEThread.cc:266
#18 0x00000000007a80b0 in EThread::execute (this=0x2ab3039f8010) at UnixEThread.cc:304
#19 0x00000000007a6c69 in spawn_thread_internal (a=0x157b530) at Thread.cc:85
#20 0x00002ab302293aa1 in start_thread () from /lib64/libpthread.so.0
#21 0x0000003ab7ee893d in clone () from /lib64/libc.so.6
{code}

The read_vio has a NULL mutex and all the other values are 0 as well.  It looks as if do_io_read(NULL, 0, NULL) was called on the stream.  Some places in Http2Stream we check that read_vio.mutex is NULL before trying to access it, but not all.  

Should probably add similar NULL checks for write_vio.mutex.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)