You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Zhao Yongming (JIRA)" <ji...@apache.org> on 2012/11/17 07:51:12 UTC

[jira] [Created] (TS-1574) Range transform crash at RangeTransform::transform_to_range Transform.cc:842

Zhao Yongming created TS-1574:
---------------------------------

             Summary: Range transform crash at RangeTransform::transform_to_range Transform.cc:842
                 Key: TS-1574
                 URL: https://issues.apache.org/jira/browse/TS-1574
             Project: Traffic Server
          Issue Type: Bug
          Components: HTTP
    Affects Versions: 3.3.0
         Environment: git master, forward proxy
            Reporter: Zhao Yongming
             Fix For: 3.3.1


I have a forward proxy that just updated to the latest git master release on 2012-11-16, it crashed several times with the same assert:
{code}
Program terminated with signal 11, Segmentation fault.
#0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
842	    if (*done_byte < (*start - 1)) {
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.47.el6_2.9.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6_2.1.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libstdc++-4.4.6-3.el6.x86_64 openssl-1.0.0-20.el6_2.4.x86_64 pcre-7.8-3.1.el6.x86_64 tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) 
(gdb) bt
#0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
#1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
    at Transform.cc:815
#2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
#3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
#4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
#5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
#6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
#7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
(gdb) f 1
#1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
    at Transform.cc:815
815	      transform_to_range();
(gdb) l
810	        m_output_vio->nbytes = m_done;
811	        m_output_vio->reenable();
812	        return 0;
813	      }
814	
815	      transform_to_range();
816	      break;
817	    }
818	  }
819	
(gdb) p m_output_vio
$1 = (VIO *) 0x2b12603c2e78
(gdb) p *m_output_vio
$2 = {_cont = 0x2b12603c2c50, nbytes = 70664, ndone = 0, op = 2, buffer = {mbuf = 0x2b126c0b36e0, entry = 0x2b126c0b36f8}, 
  vc_server = 0x2b12603c2df8, mutex = {m_ptr = 0x2b12686700e0}}
(gdb) f 2
#2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
146	    return (this->*handler) (event, data);
(gdb) l
141	    @param data General purpose data related to the event code (Processor specific).
142	    @return State machine and processor specific return code.
143	
144	  */
145	  int handleEvent(int event = CONTINUATION_EVENT_NONE, void *data = 0) {
146	    return (this->*handler) (event, data);
147	  }
148	
149	  /**
150	    Contructor of the Continuation object. It should not be used
(gdb) bt
#0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
#1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
    at Transform.cc:815
#2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
#3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
#4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
#5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
#6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
#7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
(gdb) f 0
#0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
842	    if (*done_byte < (*start - 1)) {
(gdb) l
837	  done_byte = &m_ranges[m_current_range]._done_byte;
838	  start = &m_ranges[m_current_range]._start;
839	  avail = reader->read_avail();
840	
841	  while (true) {
842	    if (*done_byte < (*start - 1)) {
843	      toskip = *start - *done_byte - 1;
844	
845	      if (toskip > avail)
846	        toskip = avail;
(gdb) p m_ranges
$4 = (RangeRecord *) 0x0
(gdb) p start
$5 = (const int64_t *) 0x0
(gdb) p avail
$6 = 70664
(gdb) p done_byte
$7 = (int64_t *) 0x10
{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TS-1574) Range transform crash at RangeTransform::transform_to_range Transform.cc:842

Posted by "Zhao Yongming (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TS-1574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zhao Yongming updated TS-1574:
------------------------------

    Priority: Critical  (was: Major)
    Assignee: weijin
    
> Range transform crash at RangeTransform::transform_to_range Transform.cc:842
> ----------------------------------------------------------------------------
>
>                 Key: TS-1574
>                 URL: https://issues.apache.org/jira/browse/TS-1574
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 3.3.0
>         Environment: git master, forward proxy
>            Reporter: Zhao Yongming
>            Assignee: weijin
>            Priority: Critical
>             Fix For: 3.3.1
>
>
> I have a forward proxy that just updated to the latest git master release on 2012-11-16, it crashed several times with the same assert:
> {code}
> Program terminated with signal 11, Segmentation fault.
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> 842	    if (*done_byte < (*start - 1)) {
> Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.47.el6_2.9.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6_2.1.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libstdc++-4.4.6-3.el6.x86_64 openssl-1.0.0-20.el6_2.4.x86_64 pcre-7.8-3.1.el6.x86_64 tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-27.el6.x86_64
> (gdb) 
> (gdb) bt
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> #3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
> #4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
> #5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
> #6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
> (gdb) f 1
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> 815	      transform_to_range();
> (gdb) l
> 810	        m_output_vio->nbytes = m_done;
> 811	        m_output_vio->reenable();
> 812	        return 0;
> 813	      }
> 814	
> 815	      transform_to_range();
> 816	      break;
> 817	    }
> 818	  }
> 819	
> (gdb) p m_output_vio
> $1 = (VIO *) 0x2b12603c2e78
> (gdb) p *m_output_vio
> $2 = {_cont = 0x2b12603c2c50, nbytes = 70664, ndone = 0, op = 2, buffer = {mbuf = 0x2b126c0b36e0, entry = 0x2b126c0b36f8}, 
>   vc_server = 0x2b12603c2df8, mutex = {m_ptr = 0x2b12686700e0}}
> (gdb) f 2
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> 146	    return (this->*handler) (event, data);
> (gdb) l
> 141	    @param data General purpose data related to the event code (Processor specific).
> 142	    @return State machine and processor specific return code.
> 143	
> 144	  */
> 145	  int handleEvent(int event = CONTINUATION_EVENT_NONE, void *data = 0) {
> 146	    return (this->*handler) (event, data);
> 147	  }
> 148	
> 149	  /**
> 150	    Contructor of the Continuation object. It should not be used
> (gdb) bt
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> #3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
> #4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
> #5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
> #6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
> (gdb) f 0
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> 842	    if (*done_byte < (*start - 1)) {
> (gdb) l
> 837	  done_byte = &m_ranges[m_current_range]._done_byte;
> 838	  start = &m_ranges[m_current_range]._start;
> 839	  avail = reader->read_avail();
> 840	
> 841	  while (true) {
> 842	    if (*done_byte < (*start - 1)) {
> 843	      toskip = *start - *done_byte - 1;
> 844	
> 845	      if (toskip > avail)
> 846	        toskip = avail;
> (gdb) p m_ranges
> $4 = (RangeRecord *) 0x0
> (gdb) p start
> $5 = (const int64_t *) 0x0
> (gdb) p avail
> $6 = 70664
> (gdb) p done_byte
> $7 = (int64_t *) 0x10
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TS-1574) Range transform crash at RangeTransform::transform_to_range Transform.cc:842

Posted by "Zhao Yongming (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TS-1574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499366#comment-13499366 ] 

Zhao Yongming commented on TS-1574:
-----------------------------------

{code}
(gdb) p this
$8 = (RangeTransform * const) 0x2b12603c2c50
(gdb) p *this
$9 = {<INKVConnInternal> = {<INKContInternal> = {<DummyVConnection> = {<VConnection> = {<Continuation> = {<force_VFPT_to_top> = {
              _vptr.force_VFPT_to_top = 0x667970}, handler = (int (Continuation::*)(Continuation *, int, 
    void *)) 0x4da200 <RangeTransform::handle_event(int, void*)>, mutex = {m_ptr = 0x2b12686700e0}, link = {<SLink<Continuation>> = {next = 0x0}, 
              prev = 0x0}}, lerrno = 0}, <No data fields>}, mdata = 0x0, m_event_func = 0, m_event_count = 0, m_closed = 0, m_deletable = 0, 
      m_deleted = 0, m_free_magic = INKCONT_INTERN_MAGIC_ALIVE}, m_read_vio = {_cont = 0x0, nbytes = 0, ndone = 0, op = 0, buffer = {mbuf = 0x0, 
        entry = 0x0}, vc_server = 0x0, mutex = {m_ptr = 0x0}}, m_write_vio = {_cont = 0x2b1507efd180, nbytes = 70664, ndone = 0, op = 2, buffer = {
        mbuf = 0x2b12301fa140, entry = 0x2b12301fa180}, vc_server = 0x2b12603c2c50, mutex = {m_ptr = 0x2b12686700e0}}, 
    m_output_vc = 0x2b12603c2df8}, m_output_buf = 0x2b126c0b36e0, m_output_reader = 0x2b126c0b36f8, m_transform_resp = 0x2b1507efbde8, 
  m_output_vio = 0x2b12603c2e78, m_unsatisfiable_range = false, m_range_content_length = 0, m_num_chars_for_cl = 1, m_num_range_fields = 0, 
  m_current_range = 0, m_content_type = 0x2b163abf4abc "audio/mpeg\r\n\r\n\373=\216\273\344\366ID3\002", m_content_type_len = 10, m_ranges = 0x0, 
  m_output_cl = 70664, m_done = 0}

{code}

another flying event?
                
> Range transform crash at RangeTransform::transform_to_range Transform.cc:842
> ----------------------------------------------------------------------------
>
>                 Key: TS-1574
>                 URL: https://issues.apache.org/jira/browse/TS-1574
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 3.3.0
>         Environment: git master, forward proxy
>            Reporter: Zhao Yongming
>             Fix For: 3.3.1
>
>
> I have a forward proxy that just updated to the latest git master release on 2012-11-16, it crashed several times with the same assert:
> {code}
> Program terminated with signal 11, Segmentation fault.
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> 842	    if (*done_byte < (*start - 1)) {
> Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.47.el6_2.9.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6_2.1.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libstdc++-4.4.6-3.el6.x86_64 openssl-1.0.0-20.el6_2.4.x86_64 pcre-7.8-3.1.el6.x86_64 tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-27.el6.x86_64
> (gdb) 
> (gdb) bt
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> #3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
> #4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
> #5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
> #6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
> (gdb) f 1
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> 815	      transform_to_range();
> (gdb) l
> 810	        m_output_vio->nbytes = m_done;
> 811	        m_output_vio->reenable();
> 812	        return 0;
> 813	      }
> 814	
> 815	      transform_to_range();
> 816	      break;
> 817	    }
> 818	  }
> 819	
> (gdb) p m_output_vio
> $1 = (VIO *) 0x2b12603c2e78
> (gdb) p *m_output_vio
> $2 = {_cont = 0x2b12603c2c50, nbytes = 70664, ndone = 0, op = 2, buffer = {mbuf = 0x2b126c0b36e0, entry = 0x2b126c0b36f8}, 
>   vc_server = 0x2b12603c2df8, mutex = {m_ptr = 0x2b12686700e0}}
> (gdb) f 2
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> 146	    return (this->*handler) (event, data);
> (gdb) l
> 141	    @param data General purpose data related to the event code (Processor specific).
> 142	    @return State machine and processor specific return code.
> 143	
> 144	  */
> 145	  int handleEvent(int event = CONTINUATION_EVENT_NONE, void *data = 0) {
> 146	    return (this->*handler) (event, data);
> 147	  }
> 148	
> 149	  /**
> 150	    Contructor of the Continuation object. It should not be used
> (gdb) bt
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> #1  0x00000000004da440 in RangeTransform::handle_event (this=0x2b12603c2c50, event=<value optimized out>, edata=<value optimized out>)
>     at Transform.cc:815
> #2  0x0000000000654dd4 in handleEvent (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at I_Continuation.h:146
> #3  EThread::process_event (this=0x2b1200404010, e=0x2b12841c0ea0, calling_code=1) at UnixEThread.cc:142
> #4  0x000000000065593b in EThread::execute (this=0x2b1200404010) at UnixEThread.cc:193
> #5  0x00000000006540d2 in spawn_thread_internal (a=0x2c987d0) at Thread.cc:88
> #6  0x0000003e878077f1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003e86ce5ccd in clone () from /lib64/libc.so.6
> (gdb) f 0
> #0  RangeTransform::transform_to_range (this=0x2b12603c2c50) at Transform.cc:842
> 842	    if (*done_byte < (*start - 1)) {
> (gdb) l
> 837	  done_byte = &m_ranges[m_current_range]._done_byte;
> 838	  start = &m_ranges[m_current_range]._start;
> 839	  avail = reader->read_avail();
> 840	
> 841	  while (true) {
> 842	    if (*done_byte < (*start - 1)) {
> 843	      toskip = *start - *done_byte - 1;
> 844	
> 845	      if (toskip > avail)
> 846	        toskip = avail;
> (gdb) p m_ranges
> $4 = (RangeRecord *) 0x0
> (gdb) p start
> $5 = (const int64_t *) 0x0
> (gdb) p avail
> $6 = 70664
> (gdb) p done_byte
> $7 = (int64_t *) 0x10
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira