Skip to content

Fix crash in HttpSM::tunnel_handler on unhandled VC events#12959

Merged
bryancall merged 1 commit intoapache:masterfrom
bryancall:fix-tunnel-handler-missing-events
Mar 12, 2026
Merged

Fix crash in HttpSM::tunnel_handler on unhandled VC events#12959
bryancall merged 1 commit intoapache:masterfrom
bryancall:fix-tunnel-handler-missing-events

Conversation

@bryancall
Copy link
Contributor

@bryancall bryancall commented Mar 12, 2026
edited
Loading

Summary

Fix a fatal crash in HttpSM::tunnel_handler caused by an overly narrow assertion.

The assertion on line 3117 acts as a whitelist of expected events — it passes silently when the event matches, and crashes the process when it doesn't:

ink_assert(event == HTTP_TUNNEL_EVENT_DONE || event == VC_EVENT_INACTIVITY_TIMEOUT);

The problem is that VC_EVENT_ACTIVE_TIMEOUT, VC_EVENT_ERROR, and VC_EVENT_EOS are all legitimate events that can arrive here (particularly via HTTP/2 code paths), but they weren't in the whitelist. When one of these events arrived, the assertion evaluated to false and aborted the process.

The code immediately after the assertion already handles all events correctly — it sets terminate_sm = true and returns. So the behavior was already right; the assertion was just too narrow and killed the process before the correct code could run.

The fix adds these three events to the assertion whitelist so they pass through to the existing (correct) termination logic.

Root Cause

This was exposed by #5824 ("Reactivate active timeout enforcement"), which changed the InactivityCop to dispatch specific VC_EVENT_ACTIVE_TIMEOUT events instead of the generic EVENT_IMMEDIATE that was used before. That PR also added active timeout checking to the InactivityCop for the first time — before it, VC_EVENT_ACTIVE_TIMEOUT was never dispatched from the cop, so handlers like tunnel_handler never saw it. The assertion was never updated to account for the new event types.

Background

Observed as a fatal crash on controller.trafficserver.org (ATS 10.2.0, ASAN build) through an HTTP/2 code path:

Fatal: HttpSM.cc:3083: failed assertion `event == HTTP_TUNNEL_EVENT_DONE || event == VC_EVENT_INACTIVITY_TIMEOUT`

HttpSM::tunnel_handler
HttpSM::main_handler
Continuation::handleEvent
Http2Stream::main_event_handler

Every other VC handler in HttpSM already accepts these events — tunnel_handler was the only one missing them.

Fixes #12958

Test plan

  • Verify existing CI tests pass
  • Confirm the assertion no longer fires under HTTP/2 timeout/error conditions

@bryancall
Fix crash in HttpSM::tunnel_handler on unhandled VC events
1e5820f 
tunnel_handler is set as the VC read/write handler for the server
connection after response header parsing, but it only asserts for
HTTP_TUNNEL_EVENT_DONE and VC_EVENT_INACTIVITY_TIMEOUT. If a
VC_EVENT_ACTIVE_TIMEOUT, VC_EVENT_ERROR, or VC_EVENT_EOS arrives
on the server connection, the assertion fires and aborts the process.

Widen the assertion to accept these events. The handler already sets
terminate_sm = true for all events, so the behavior is correct — only
the assertion was too narrow.

Fixes apache#12958
@bryancall bryancall requested review from Copilot and zwoop March 12, 2026 16:18
@bryancall bryancall self-assigned this Mar 12, 2026
@bryancall bryancall added this to the 11.0.0 milestone Mar 12, 2026
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes an assertion-triggered crash in HttpSM::tunnel_handler by allowing additional VC event types that can legitimately be dispatched to the tunnel handler (notably via HTTP/2 paths), while preserving the existing “terminate the state machine” behavior.

Changes:

  • Expands the accepted event list in the tunnel_handler assertion to include VC_EVENT_ACTIVE_TIMEOUT, VC_EVENT_ERROR, and VC_EVENT_EOS.

You can also share your feedback on Copilot code review. Take the survey.

@bryancall bryancall merged commit 8d5a71f into apache:master Mar 12, 2026
19 checks passed
@github-project-automation github-project-automation bot moved this to For v10.2.0 in ATS v10.2.x Mar 12, 2026
@bryancall bryancall mentioned this pull request Mar 13, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zwoop zwoop zwoop approved these changes

Assignees

@bryancall bryancall

Labels

Bug Crash Tunneling

Projects

ATS v10.2.x
Status: For v10.2.0

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

HttpSM::tunnel_handler crashes on VC_EVENT_ACTIVE_TIMEOUT, VC_EVENT_ERROR, and VC_EVENT_EOS

3 participants

@bryancall @zwoop