Skip to content

Instantly share code, notes, and snippets.

@bagder
Last active August 19, 2019 21:13
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bagder/ce85c33ea8c0e6d015d7db4368f1c914 to your computer and use it in GitHub Desktop.
ngtcp2 segfault
$ gdb --args ./src/curl --http3 https://fb.mvfst.net:4433/ --trace-ascii -
run
Starting program: /home/daniel/src/curl/src/curl --http3 https://fb.mvfst.net:4433/ --trace-ascii -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
== Info: STATE: INIT => CONNECT handle 0x55555574a118; line 1368 (connection #-5000)
== Info: Added connection 0. The cache now contains 1 members
== Info: STATE: CONNECT => WAITRESOLVE handle 0x55555574a118; line 1409 (connection #0)
== Info: Trying 34.226.207.118:4433...
== Info: Connect socket 4 over QUIC to 34.226.207.118:4433
== Info: STATE: WAITRESOLVE => WAITCONNECT handle 0x55555574a118; line 1488 (connection #0)
== Info: Received 26 bytes data on stream 3
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d47385 in nghttp3_map_find (map=map@entry=0x180, key=key@entry=3)
at nghttp3_map.c:176
176 h = hash(key, map->tablelen);
(gdb) p key
$3 = 3
(gdb) p map
$4 = (const nghttp3_map *) 0x180
(gdb) p map->tablelen
Cannot access memory at address 0x198
(gdb) bt
#0 0x00007ffff7d47385 in nghttp3_map_find (map=map@entry=0x180, key=key@entry=3)
at nghttp3_map.c:176
#1 0x00007ffff7d54bd7 in nghttp3_conn_find_stream (stream_id=3, conn=0x0)
at nghttp3_conn.c:2673
#2 nghttp3_conn_read_stream (conn=0x0, stream_id=3, src=0x5555557ce483 "",
srclen=26, fin=0) at nghttp3_conn.c:424
#3 0x00005555555c3bcb in cb_recv_stream_data (tconn=0x5555557b4370,
stream_id=3, fin=0, offset=0, buf=0x5555557ce483 "", buflen=26,
user_data=0x555555748e88, stream_user_data=0x0) at vquic/ngtcp2.c:855
#4 0x00007ffff7d26169 in conn_call_recv_stream_data (strm=0x5555557dad30,
strm=0x5555557dad30, datalen=<optimized out>, data=0x5555557ce483 "",
offset=<optimized out>, fin=<optimized out>, conn=0x5555557b4370)
at ngtcp2_conn.c:91
#5 conn_recv_stream (fr=0x7ffffffe9f00, conn=0x5555557b4370)
at ngtcp2_conn.c:4998
#6 conn_recv_pkt (conn=conn@entry=0x5555557b4370,
path=path@entry=0x5555557b5060,
pkt=pkt@entry=0x7ffffffed7d0 "Q_\223%\202U\266\247\210\336'\r2\356?\342\201I\206\352\351c\023[M\372d\n\272\336\016Tx\313\312\003\213\260\200\257\323R\201Č\256\215\034\270\017x\255\347yp\343Ģ\206\341\347\004\005'\025sYWӆ\317~\256[$\246WG.\351@\235\247!\360\227\307jJn ^MX\270=\210\060\032GE\266\233\033\263\001\271\030=GJ\237B\025\337\035`\b\376\006\373]H[\244\001\370\224<\350E\035\205-jo\352[\327|\b\364\301\227Q\346g$b\363\324e\272\332uB2\303#\317\035|눸\030\356\367$\252\300v\202\227\260Z\266\237\065\331m\033K\273g̎\336$\357\233\363\323\374h\021%\242\255O"..., pktlen=pktlen@entry=75, ts=ts@entry=958384216417000) at ngtcp2_conn.c:6237
#7 0x00007ffff7d280c8 in conn_recv_handshake_pkt (
conn=conn@entry=0x5555557b4370, path=path@entry=0x7ffffffed710,
pkt=pkt@entry=0x7ffffffed7d0 "Q_\223%\202U\266\247\210\336'\r2\356?\342\201I\206\352\351c\023[M\372d\n\272\336\016Tx\313\312\003\213\260\200\257\323R\201Č\256\215\034\270\017x\255\347yp\343Ģ\206\341\347\004\005'\025sYWӆ\317~\256[$\246WG.\351@\235\247!\360\227\307jJn ^MX\270=\210\060\032GE\266\233\033\263\001\271\030=GJ\237B\025\337\035`\b\376\006\373]H[\244\001\370\224<\350E\035\205-jo\352[\327|\b\364\301\227Q\346g$b\363\324e\272\332uB2\303#\317\035|눸\030\356\367$\252\300v\202\227\260Z\266\237\065\331m\033K\273g̎\336$\357\233\363\323\374h\021%\242\255O"..., pktlen=pktlen@entry=75, ts=ts@entry=958384216417000) at ngtcp2_conn.c:4158
#8 0x00007ffff7d28ce9 in conn_recv_handshake_pkt (ts=958384216417000,
pktlen=75,
pkt=0x7ffffffed7d0 "Q_\223%\202U\266\247\210\336'\r2\356?\342\201I\206\352\351c\023[M\372d\n\272\336\016Tx\313\312\003\213\260\200\257\323R\201Č\256\215\034\270\017x\255\347yp\343Ģ\206\341\347\004\005'\025sYWӆ\317~\256[$\246WG.\351@\235\247!\360\227\307jJn ^MX\270=\210\060\032GE\266\233\033\263\001\271\030=GJ\237B\025\337\035`\b\376\006\373]H[\244\001\370\224<\350E\035\205-jo\352[\327|\b\364\301\227Q\346g$b\363\324e\272\332uB2\303#\317\035|눸\030\356\367$\252\300v\202\227\260Z\266\237\065\331m\033K\273g̎\336$\357\233\363\323\374h\021%\242\255O"...,
path=0x7ffffffed710, conn=0x5555557b4370) at ngtcp2_conn.c:4575
#9 conn_recv_handshake_cpkt (conn=conn@entry=0x5555557b4370,
--Type <RET> for more, q to quit, c to continue without paging--c
path=0x7ffffffed710, pkt=0x7ffffffed7d0 "Q_\223%\202U\266\247\210\336'\r2\356?\342\201I\206\352\351c\023[M\372d\n\272\336\016Tx\313\312\003\213\260\200\257\323R\201Č\256\215\034\270\017x\255\347yp\343Ģ\206\341\347\004\005'\025sYWӆ\317~\256[$\246WG.\351@\235\247!\360\227\307jJn ^MX\270=\210\060\032GE\266\233\033\263\001\271\030=GJ\237B\025\337\035`\b\376\006\373]H[\244\001\370\224<\350E\035\205-jo\352[\327|\b\364\301\227Q\346g$b\363\324e\272\332uB2\303#\317\035|눸\030\356\367$\252\300v\202\227\260Z\266\237\065\331m\033K\273g̎\336$\357\233\363\323\374h\021%\242\255O"..., pktlen=75, ts=958384216417000) at ngtcp2_conn.c:4575
#10 0x00007ffff7d28eb0 in ngtcp2_conn_read_handshake (conn=0x5555557b4370, path=<optimized out>, pkt=<optimized out>, pktlen=<optimized out>, ts=958384216417000) at ngtcp2_conn.c:6638
#11 0x00005555555c5a1c in ng_process_ingress (conn=0x555555748dc8, sockfd=4, qs=0x555555748e88) at vquic/ngtcp2.c:1852
#12 0x00005555555c585d in Curl_quic_is_connected (conn=0x555555748dc8, sockindex=0, done=0x7fffffffd9af) at vquic/ngtcp2.c:1804
#13 0x00005555555982e6 in Curl_is_connected (conn=0x555555748dc8, sockindex=0, connected=0x7fffffffd9af) at connect.c:783
#14 0x000055555559c3c5 in multi_runsingle (multi=0x55555575df58, now=..., data=0x55555574a118) at multi.c:1531
#15 0x000055555559d7d4 in curl_multi_perform (multi=0x55555575df58, running_handles=0x7fffffffdb54) at multi.c:2104
#16 0x0000555555595230 in easy_transfer (multi=0x55555575df58) at easy.c:595
#17 0x000055555559545c in easy_perform (data=0x55555574a118, events=false) at easy.c:688
#18 0x00005555555954a6 in curl_easy_perform (data=0x55555574a118) at easy.c:707
#19 0x00005555555884cf in serial_transfers (global=0x7fffffffdd60, share=0x55555572f378) at tool_operate.c:2045
#20 0x000055555558887a in operate_transfers (global=0x7fffffffdd60, share=0x55555572f378, result=CURLE_OK) at tool_operate.c:2180
#21 0x0000555555588bd0 in operate (config=0x7fffffffdd60, argc=5, argv=0x7fffffffdeb8) at tool_operate.c:2294
#22 0x000055555557ea2a in main (argc=5, argv=0x7fffffffdeb8) at tool_main.c:314
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment