You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by Jan-Frode Myklebust <ja...@tanso.net> on 2012/09/16 22:52:53 UTC
3.2.0 segfaulting
I'm struggeling with getting core-dumps for some crashes we're seeing
with ATS 3.2.0 (+TS-1392 patch). What we're seeing is this logged in
"dmesg":
[ET_SSL 5][29708]: segfault at 0 ip 00002b7b94f14425 sp
00002b7ba4eadb88 error 4 in libssl.so.1.0.0[2b7b94edf000+53000]
and traffic.out saying:
[Sep 16 17:17:23.316] Manager {0x7f84e91a37e0} ERROR:
[LocalManager::pollMgmtProcessServer] Server Process terminated due to
Sig 11: Segmentation fault
[Sep 16 17:17:23.321] Manager {0x7f84e91a37e0} ERROR: (last system
error 2: No such file or directory)
[Sep 16 17:17:23.321] Manager {0x7f84e91a37e0} ERROR:
[Alarms::signalAlarm] Server Process was reset
[Sep 16 17:17:23.321] Manager {0x7f84e91a37e0} ERROR: (last system
error 2: No such file or directory)
[Sep 16 17:17:24.331] Manager {0x7f84e91a37e0} NOTE:
[LocalManager::startProxy] Launching ts process
[TrafficServer] using root directory '/usr'
[Sep 16 17:17:24.352] Manager {0x7f84e91a37e0} NOTE:
[LocalManager::pollMgmtProcessServer] New process connecting fd '14'
[Sep 16 17:17:24.352] Manager {0x7f84e91a37e0} NOTE:
[Alarms::signalAlarm] Server Process born
[Sep 16 17:17:25.367] {0x2b77790c0d00} STATUS: opened
/var/log/trafficserver/diags.log
[Sep 16 17:17:25.367] {0x2b77790c0d00} NOTE: updated diags config
[Sep 16 17:17:25.371] Server {0x2b77790c0d00} NOTE: cache clustering disabled
[Sep 16 17:17:25.395] Server {0x2b77790c0d00} NOTE: cache clustering disabled
[Sep 16 17:17:25.430] Server {0x2b77790c0d00} ERROR: Cannot insert duplicate!
[Sep 16 17:17:25.431] Server {0x2b77790c0d00} ERROR: Cannot insert duplicate!
[Sep 16 17:17:25.431] Server {0x2b77790c0d00} ERROR: Cannot insert duplicate!
[Sep 16 17:17:25.483] Server {0x2b77790c0d00} NOTE: logging
initialized[15], logging_mode = 3
[Sep 16 17:17:25.536] Server {0x2b77790c0d00} NOTE: traffic server running
[Sep 16 17:17:25.861] Server {0x2b7779e38700} NOTE: cache enabled
I've tried enabling core-dumps the way I got it working earlier, but
see no core dumps.. :
sysctl -w fs.suid_dumpable=1
sysctl -w kernel.core_pattern=/tmp/core.%e.%p
records.config: CONFIG proxy.config.stack_dump_enabled INT 0
/etc/profile: ulimit -c unlimited >/dev/null 2>&1
/etc/sysconfig/init: DAEMON_COREFILE_LIMIT='unlimited'
Does the crash seem familiar to anybody? Or could someone please help
me with other settings needed to enable core dumps on RHEL6.3 so that
I can provide a better bug report ?
-jf
Re: Log.cc and Free-/Open-BSD
Posted by Phil Sorber <so...@apache.org>.
On Mon, Sep 17, 2012 at 5:52 AM, Daniel Gruno <ru...@cord.dk> wrote:
> Hello, happy people,
>
> Lately, I've been wrapping my head around Traffic Server 3.2/3.3 not
> running well on FreeBSD. The exact issue is described in TS-993 as well:
> 1) When starting TS, it runs up a hefty CPU bill (100% cpu used at all
> times), even when idling.
> 2) It crashes and burns when compiled with --enable-debug, complaining:
>
> FATAL: ../../lib/ts/ink_thread.h:267: failed assert
> `pthread_cond_wait(cp, mp) == 0`
>
> After giving up on doing a git bisect (my computer is simply too slow
> for all those recompiles), I tried running it through callgrind to
> analyze the function calls being made, and discovered that
> LogObjectManager::flush_buffers() was being called about 11 million
> times during the first few minutes, which is not good. So I opened up
> Log.cc, and discovered, to my surprise, that, apart from flushing
> buffers in a loop there, we are calling ink_cond_wait without any
> apparent locking of the flush_mutex we are supposed to release while
> waiting for the condition. On FreeBSD at least, this results in an EPERM
> error (caller does not own the thread being released), which in turn
> means that there will be no waiting, it's just one big cpu sink.
>
> The addition of "ink_mutex_try_acquire(&flush_mutex);" before the
> ink_cond_wait, seems to have fixed this problem, and TS starts fine,
> doesn't use 100% while idling, and doesn't complain when running in
> debug mode,ie an apparent win-win situation for my FreeBSD machines.
>
> However - and because Igor told me to - since this doesn't seem to be an
> issue on Linux, I was wondering...does the mutex in question lock
> somewhere else that I am unaware of, or did we simply forget to lock it
> and are lucky that Linux somehow takes care of this blunder for us?
>
> In any case, I don't think adding ink_mutex_try_acquire could hurt
> anything, and since it does seem to fix the FreeBSD/OpenBSD issue at
> hand, I am mostly interested in any comments you lot would have about it
> before I go and commit the fix (if it is a fix, that's what I'm asking ;).
>
> With regards,
> Daniel.
>From the pthread_cond_wait man page:
"The pthread_cond_timedwait() and pthread_cond_wait() functions shall
block on a condition variable. They shall be called with mutex locked
by the calling thread or undefined behavior
results."
So I think you found out what "undefined behavior" means on FreeBSD.
>From what I can see that mutex is used nowhere else, so it seems it's
a happy coincidence that it works on linux. I say +1 for adding the
fix. Also, good work on tracking that down!
Log.cc and Free-/Open-BSD
Posted by Daniel Gruno <ru...@cord.dk>.
Hello, happy people,
Lately, I've been wrapping my head around Traffic Server 3.2/3.3 not
running well on FreeBSD. The exact issue is described in TS-993 as well:
1) When starting TS, it runs up a hefty CPU bill (100% cpu used at all
times), even when idling.
2) It crashes and burns when compiled with --enable-debug, complaining:
FATAL: ../../lib/ts/ink_thread.h:267: failed assert
`pthread_cond_wait(cp, mp) == 0`
After giving up on doing a git bisect (my computer is simply too slow
for all those recompiles), I tried running it through callgrind to
analyze the function calls being made, and discovered that
LogObjectManager::flush_buffers() was being called about 11 million
times during the first few minutes, which is not good. So I opened up
Log.cc, and discovered, to my surprise, that, apart from flushing
buffers in a loop there, we are calling ink_cond_wait without any
apparent locking of the flush_mutex we are supposed to release while
waiting for the condition. On FreeBSD at least, this results in an EPERM
error (caller does not own the thread being released), which in turn
means that there will be no waiting, it's just one big cpu sink.
The addition of "ink_mutex_try_acquire(&flush_mutex);" before the
ink_cond_wait, seems to have fixed this problem, and TS starts fine,
doesn't use 100% while idling, and doesn't complain when running in
debug mode,ie an apparent win-win situation for my FreeBSD machines.
However - and because Igor told me to - since this doesn't seem to be an
issue on Linux, I was wondering...does the mutex in question lock
somewhere else that I am unaware of, or did we simply forget to lock it
and are lucky that Linux somehow takes care of this blunder for us?
In any case, I don't think adding ink_mutex_try_acquire could hurt
anything, and since it does seem to fix the FreeBSD/OpenBSD issue at
hand, I am mostly interested in any comments you lot would have about it
before I go and commit the fix (if it is a fix, that's what I'm asking ;).
With regards,
Daniel.
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
On Wed, Sep 19, 2012 at 6:43 AM, James Peach <jp...@apache.org> wrote:
>
> That's crashing in SSL_CTX_set_tlsext_servername_callback. I bet it's some bad mojo happening because we end up using a global SSL context from multiple threads. Can you please file a bug?
>
Reported in TS-1484. Any other data I should provide ?
-jf
Re: 3.2.0 segfaulting
Posted by James Peach <jp...@apache.org>.
On 18/09/2012, at 2:53 PM, Jan-Frode Myklebust <ja...@tanso.net> wrote:
> On Tue, Sep 18, 2012 at 11:39 PM, James Peach <jp...@apache.org> wrote:
>> On 18/09/2012, at 1:52 PM, Jan-Frode Myklebust <ja...@tanso.net> wrote:
>>
>>> On Tue, Sep 18, 2012 at 3:02 PM, Igor Galić <i....@brainsware.org> wrote:
>>>>
>>>> Yeh. We'll need to back-port the fix to not ALWAYS assume SNI for
>>>> all SSL connections, since not quite all browsers support that yet
>>>>
>>>> @James, can you please do the proposal, kthnxby
>>>>
>>>>> -jf
>>>
>>> This is already in the CHANGES/PATCHES ACCEPTED TO BACKPORT FROM TRUNK
>>> list in v3.2.x, and what we're already using (sorry for referring to
>>> wrong commit earlier):
>>>
>>> *) Fix SNI certificate fallback path
>>> Trunk: 9c3bebd88eecf6aee1ce346b67460b8e1787752d
>>> Jira: https://issues.apache.jira/browse/TS-1471
>>> +1: jpeach, igalic, zwoop
>>>
>>> But when applying 8586b8ec6d6e934233fc195a4f35944cea1d85a4 on top of
>>> it it looks like non-SNI browsers broke again...
>>
>> Ok, 9c3bebd88eecf6aee1ce346b67460b8e1787752d is the right fix for this; it supersedes 8586b8ec6d6e934233fc195a4f35944cea1d85a4.
>>
>
> Then I'm back to where I started... 3.2.0 +
> 9c3bebd88eecf6aee1ce346b67460b8e1787752d fixes ssl for non-SNI
> browsers, but gives me the stack trace in
> http://mail-archives.apache.org/mod_mbox/trafficserver-dev/201209.mbox/%3c72718d13-bf27-410f-bbc5-cb306e2fddcd@iris%3e
> every now and then..
That's crashing in SSL_CTX_set_tlsext_servername_callback. I bet it's some bad mojo happening because we end up using a global SSL context from multiple threads. Can you please file a bug?
J
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
On Tue, Sep 18, 2012 at 11:39 PM, James Peach <jp...@apache.org> wrote:
> On 18/09/2012, at 1:52 PM, Jan-Frode Myklebust <ja...@tanso.net> wrote:
>
>> On Tue, Sep 18, 2012 at 3:02 PM, Igor Galić <i....@brainsware.org> wrote:
>>>
>>> Yeh. We'll need to back-port the fix to not ALWAYS assume SNI for
>>> all SSL connections, since not quite all browsers support that yet
>>>
>>> @James, can you please do the proposal, kthnxby
>>>
>>>> -jf
>>
>> This is already in the CHANGES/PATCHES ACCEPTED TO BACKPORT FROM TRUNK
>> list in v3.2.x, and what we're already using (sorry for referring to
>> wrong commit earlier):
>>
>> *) Fix SNI certificate fallback path
>> Trunk: 9c3bebd88eecf6aee1ce346b67460b8e1787752d
>> Jira: https://issues.apache.jira/browse/TS-1471
>> +1: jpeach, igalic, zwoop
>>
>> But when applying 8586b8ec6d6e934233fc195a4f35944cea1d85a4 on top of
>> it it looks like non-SNI browsers broke again...
>
> Ok, 9c3bebd88eecf6aee1ce346b67460b8e1787752d is the right fix for this; it supersedes 8586b8ec6d6e934233fc195a4f35944cea1d85a4.
>
Then I'm back to where I started... 3.2.0 +
9c3bebd88eecf6aee1ce346b67460b8e1787752d fixes ssl for non-SNI
browsers, but gives me the stack trace in
http://mail-archives.apache.org/mod_mbox/trafficserver-dev/201209.mbox/%3c72718d13-bf27-410f-bbc5-cb306e2fddcd@iris%3e
every now and then..
-jf
Re: 3.2.0 segfaulting
Posted by James Peach <jp...@apache.org>.
On 18/09/2012, at 1:52 PM, Jan-Frode Myklebust <ja...@tanso.net> wrote:
> On Tue, Sep 18, 2012 at 3:02 PM, Igor Galić <i....@brainsware.org> wrote:
>>
>> Yeh. We'll need to back-port the fix to not ALWAYS assume SNI for
>> all SSL connections, since not quite all browsers support that yet
>>
>> @James, can you please do the proposal, kthnxby
>>
>>> -jf
>
> This is already in the CHANGES/PATCHES ACCEPTED TO BACKPORT FROM TRUNK
> list in v3.2.x, and what we're already using (sorry for referring to
> wrong commit earlier):
>
> *) Fix SNI certificate fallback path
> Trunk: 9c3bebd88eecf6aee1ce346b67460b8e1787752d
> Jira: https://issues.apache.jira/browse/TS-1471
> +1: jpeach, igalic, zwoop
>
> But when applying 8586b8ec6d6e934233fc195a4f35944cea1d85a4 on top of
> it it looks like non-SNI browsers broke again...
Ok, 9c3bebd88eecf6aee1ce346b67460b8e1787752d is the right fix for this; it supersedes 8586b8ec6d6e934233fc195a4f35944cea1d85a4.
J
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
On Tue, Sep 18, 2012 at 3:02 PM, Igor Galić <i....@brainsware.org> wrote:
>
> Yeh. We'll need to back-port the fix to not ALWAYS assume SNI for
> all SSL connections, since not quite all browsers support that yet
>
> @James, can you please do the proposal, kthnxby
>
>> -jf
This is already in the CHANGES/PATCHES ACCEPTED TO BACKPORT FROM TRUNK
list in v3.2.x, and what we're already using (sorry for referring to
wrong commit earlier):
*) Fix SNI certificate fallback path
Trunk: 9c3bebd88eecf6aee1ce346b67460b8e1787752d
Jira: https://issues.apache.jira/browse/TS-1471
+1: jpeach, igalic, zwoop
But when applying 8586b8ec6d6e934233fc195a4f35944cea1d85a4 on top of
it it looks like non-SNI browsers broke again...
-jf
Re: 3.2.0 segfaulting
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> We're running v3.2.0 + 5ec4fb5eff9f5c1e2dc82e187bdd8d5f02080512 (to
> fix TS-1392), and when also applying
> 8586b8ec6d6e934233fc195a4f35944cea1d85a4 it looks it breaks the fix
> for TS-1392. I.e. everything works fine in a modern browser, but wget
> fails with:
>
>
> OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake failure
> Unable to establish SSL connection.
>
> Also the ssllabs.com servertest fails to connect.
Yeh. We'll need to back-port the fix to not ALWAYS assume SNI for
all SSL connections, since not quite all browsers support that yet
@James, can you please do the proposal, kthnxby
> -jf
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
We're running v3.2.0 + 5ec4fb5eff9f5c1e2dc82e187bdd8d5f02080512 (to
fix TS-1392), and when also applying
8586b8ec6d6e934233fc195a4f35944cea1d85a4 it looks it breaks the fix
for TS-1392. I.e. everything works fine in a modern browser, but wget
fails with:
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure
Unable to establish SSL connection.
Also the ssllabs.com servertest fails to connect.
-jf
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
Ok, I see.. Thanks! I'm now building 3.2.0 with
8586b8ec6d6e934233fc195a4f35944cea1d85a4 and will install that on our
traffic servers to see if the problem goes away. Will report back if
it fixes it or not.
-jf
Re: 3.2.0 segfaulting
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> My stack trace looks *very* similar to the one in TS-1276.
Your stack trace (ran through c++filt):
NOTE: Traffic Server received Sig 11: Segmentation fault
/usr/bin/traffic_server - STACK TRACE:
/lib64/libpthread.so.0(+0xf500)[0x2b0bc33aa500]
/usr/lib64/libssl.so.10(SSL_CTX_callback_ctrl+0x5)[0x2b0bc3e55425]
/usr/bin/traffic_server(SSLNetVConnection::sslStartHandShake(int, int&)+0xf2)[0x6675a2]
/usr/bin/traffic_server(SSLNetVConnection::net_read_io(NetHandler*, EThread*)+0x208)[0x666c78]
/usr/bin/traffic_server(NetHandler::mainNetEvent(int, Event*)+0x1f2)[0x66e0e2]
/usr/bin/traffic_server(EThread::process_event(Event*, int)+0xb4)[0x696c94]
/usr/bin/traffic_server(EThread::execute()+0x4c3)[0x697623]
/usr/bin/traffic_server[0x695c62]
/lib64/libpthread.so.0(+0x7851)[0x2b0bc33a2851]
/lib64/libc.so.6(clone+0x6d)[0x2b0bc582c67d]
Compare this to the stacktrace of https://issues.apache.org/jira/browse/TS-1276
(I just ran it through c++filt updated the description)
and now look again at https://issues.apache.org/jira/browse/TS-1198
> -jf
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
My stack trace looks *very* similar to the one in TS-1276.
-jf
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
BTW, I do also have these in my records.config:
CONFIG proxy.config.http.server_ports STRING 80:ipv4 80:ipv6
443:ipv4:ssl 443:ipv6:ssl
CONFIG proxy.config.ssl.number.threads INT 0
CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 1
CONFIG proxy.config.ssl.TLSv1 INT 1
CONFIG proxy.config.ssl.server.cipher_suite STRING
RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
CONFIG proxy.config.ssl.compression INT 1
CONFIG proxy.config.ssl.client.certification_level INT 0
CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL
CONFIG proxy.config.ssl.server.cert.path STRING /etc/pki/tls/certs/
CONFIG proxy.config.ssl.server.private_key.path STRING /etc/pki/tls/private/
CONFIG proxy.config.ssl.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.CA.cert.path STRING /etc/trafficserver
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.cert.path STRING /etc/trafficserver
CONFIG proxy.config.ssl.client.private_key.filename STRING NULL
CONFIG proxy.config.ssl.client.private_key.path STRING /etc/trafficserver
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.path STRING /etc/trafficserver
Are some of these maybe not used anymore, making TS-1198 relevant..?
Thinking mainly of proxy.config.ssl.server.cert.path and
proxy.config.ssl.server.private_key.path which are pointing at
directories here..
-jf
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
> This looks a bit like https://issues.apache.org/jira/browse/TS-1198.
I saw TS-1198, but believe my certificates are *not* missing..
% grep ^dest_ip /etc/trafficserver/ssl_multicert.config
dest_ip=109.247.114.202
ssl_cert_name=/etc/pki/tls/certs/STAR_services_EXAMPLE_net.crt
ssl_key_name=/etc/pki/tls/private/STAR_services_EXAMPLE_net.key
ssl_ca_name=/etc/pki/tls/certs/STAR_services_EXAMPLE_net.ca-bundle
dest_ip=2a01:798:0:8008::202
ssl_cert_name=/etc/pki/tls/certs/STAR_services_EXAMPLE_net.crt
ssl_key_name=/etc/pki/tls/private/STAR_services_EXAMPLE_net.key
ssl_ca_name=/etc/pki/tls/certs/STAR_services_EXAMPLE_net.ca-bundle
And verify in filesystem:
-rw-r--r--. 1 root root 1509 2012-07-07 16:00
/etc/pki/tls/certs/STAR_services_EXAMPLE_net.ca-bundle
-rw-r--r--. 1 root root 1509 2012-07-07 16:00
/etc/pki/tls/certs/STAR_services_EXAMPLE_net.ca-bundle
-rw-r--r--. 1 root root 1939 2012-07-06 16:09
/etc/pki/tls/certs/STAR_services_EXAMPLE_net.crt
-rw-r--r--. 1 root root 1939 2012-07-06 16:09
/etc/pki/tls/certs/STAR_services_EXAMPLE_net.crt
-rw-r-----. 1 root ats 891 2012-07-06 16:09
/etc/pki/tls/private/STAR_services_EXAMPLE_net.key
-rw-r-----. 1 root ats 891 2012-07-06 16:09
/etc/pki/tls/private/STAR_services_EXAMPLE_net.key
I don't know how to trigger the problem yet, but it seems to happen
every few days..
Could it be related to the fact that we use keepalived to move
IP-adresses between servers? i.e. the dest_ip configured in
ssl_multicert.config might not be available on the server ATS is
running on, and it might also suddenly appear/disappear if something
is started/stopped on one of the servers.
> Does is reproduce with ATS from trunk?
Haven't tried that yet...
-jf
Re: 3.2.0 segfaulting
Posted by James Peach <jp...@apache.org>.
On 16/09/2012, at 2:03 PM, Jan-Frode Myklebust <ja...@tanso.net> wrote:
> Found a few of these in traffic.out:
>
> NOTE: Traffic Server received Sig 11: Segmentation fault
> /usr/bin/traffic_server - STACK TRACE:
> /lib64/libpthread.so.0(+0xf500)[0x2b0bc33aa500]
> /usr/lib64/libssl.so.10(SSL_CTX_callback_ctrl+0x5)[0x2b0bc3e55425]
> /usr/bin/traffic_server(_ZN17SSLNetVConnection17sslStartHandShakeEiRi+0xf2)[0x6675a2]
> /usr/bin/traffic_server(_ZN17SSLNetVConnection11net_read_ioEP10NetHandlerP7EThread+0x208)[0x666c78]
> /usr/bin/traffic_server(_ZN10NetHandler12mainNetEventEiP5Event+0x1f2)[0x66e0e2]
> /usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0xb4)[0x696c94]
> /usr/bin/traffic_server(_ZN7EThread7executeEv+0x4c3)[0x697623]
> /usr/bin/traffic_server[0x695c62]
> /lib64/libpthread.so.0(+0x7851)[0x2b0bc33a2851]
> /lib64/libc.so.6(clone+0x6d)[0x2b0bc582c67d]
>
>
> Maybe "CONFIG proxy.config.stack_dump_enabled INT 0" turned these off,
> since I didn't get them on the last crash..
This looks a bit like https://issues.apache.org/jira/browse/TS-1198. Does is reproduce with ATS from trunk?
J
Re: 3.2.0 segfaulting
Posted by Jan-Frode Myklebust <ja...@tanso.net>.
Found a few of these in traffic.out:
NOTE: Traffic Server received Sig 11: Segmentation fault
/usr/bin/traffic_server - STACK TRACE:
/lib64/libpthread.so.0(+0xf500)[0x2b0bc33aa500]
/usr/lib64/libssl.so.10(SSL_CTX_callback_ctrl+0x5)[0x2b0bc3e55425]
/usr/bin/traffic_server(_ZN17SSLNetVConnection17sslStartHandShakeEiRi+0xf2)[0x6675a2]
/usr/bin/traffic_server(_ZN17SSLNetVConnection11net_read_ioEP10NetHandlerP7EThread+0x208)[0x666c78]
/usr/bin/traffic_server(_ZN10NetHandler12mainNetEventEiP5Event+0x1f2)[0x66e0e2]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0xb4)[0x696c94]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x4c3)[0x697623]
/usr/bin/traffic_server[0x695c62]
/lib64/libpthread.so.0(+0x7851)[0x2b0bc33a2851]
/lib64/libc.so.6(clone+0x6d)[0x2b0bc582c67d]
Maybe "CONFIG proxy.config.stack_dump_enabled INT 0" turned these off,
since I didn't get them on the last crash..
-jf