BUG/MINOR: mux-quic: fix crash with app ops install failure
On MUX initialization, the application layer is setup via
qcc_install_app_ops(). If this function fails MUX is deallocated and an
error is returned.
This code path causes a crash before connection has been registered
prior into the mux_stopping_data::list for stopping idle frontend conns.
To fix this, insert the connection later in qc_init() once no error can
occured.
The crash was seen on the process closing with SUGUSR1 with a segfault
on mux_stopping_process(). This was reproduced using -dMfail.
This regression was introduced by the following patch :
commit b4d119f0c75ce7c5a977ece18dc975e14f9b460c
BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission
This should be backported up to 2.7.
diff --git a/src/mux_quic.c b/src/mux_quic.c
index 291f4b3..a74aa95 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -2379,13 +2379,6 @@
qcc_reset_idle_start(qcc);
LIST_INIT(&qcc->opening_list);
- if (!conn_is_back(conn)) {
- if (!LIST_INLIST(&conn->stopping_list)) {
- LIST_APPEND(&mux_stopping_data[tid].list,
- &conn->stopping_list);
- }
- }
-
HA_ATOMIC_STORE(&conn->handle.qc->qcc, qcc);
if (qcc_install_app_ops(qcc, conn->handle.qc->app_ops)) {
@@ -2398,6 +2391,10 @@
if (qcc->app_ops == &h3_ops)
proxy_inc_fe_cum_sess_ver_ctr(sess->listener, prx, 3);
+ /* Register conn for idle front closing. This is done once everything is allocated. */
+ if (!conn_is_back(conn))
+ LIST_APPEND(&mux_stopping_data[tid].list, &conn->stopping_list);
+
/* init read cycle */
tasklet_wakeup(qcc->wait_event.tasklet);