[jira] [Commented] (TS-2351) Range request crash in 4.1.x

[Leif Hedstrom (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TS-2351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13824103#comment-13824103
 ] 

Leif Hedstrom commented on TS-2351:
-----------------------------------

So looking at the code, I'm fairly certain this is being "tripped" by the fixes 
on TS-1955. Looking at that code though, it looks correct, and we're tripping 
over something else not setting up the state properly. The new code in TS-1955 
basically adds:
{code}
        if (s->range_setup == HttpTransact::RANGE_REQUESTED) {
          change_response_header_because_of_range_request(s, header);
          s->hdr_info.trust_response_cl = true;
{code}

and this is what is causing the crash. I checked for where range_setup gets set 
to RANGE_REQUESTED, and it's one place only:

{code}
  if (nr > 0) {
    t_state.range_setup = HttpTransact::RANGE_REQUESTED;
    t_state.ranges = ranges;
    t_state.num_range_fields = nr;
    return;
  }
{code}

This would imply that num_range_fields is > 0, and that the ranges are setup. 
The crash here is happening at:

{code}
    snprintf(numbers, sizeof(numbers), "bytes %" PRId64"-%" PRId64"/%" PRId64, 
s->ranges[0]._start, s->ranges[0]._end, 
s->cache_info.object_read->object_size_get());
{code}

That would (I assume) imply that either range[0] s not setup, s->cache_info is 
not setup (NULL) or s->cache_info.object_read is not setup (NULL). So, if this 
happens again, can you print out the state of s from the core file ? E.g. 
"print *s" or some such.

Thanks!


> Range request crash in 4.1.x
> ----------------------------
>
>                 Key: TS-2351
>                 URL: https://issues.apache.org/jira/browse/TS-2351
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Cache
>    Affects Versions: 4.1.1
>            Reporter: David Carlin
>
> I am seeing the following crash using the 4.1.0 and 4.1.1 artifacts posted on 
> the mailing list.
> One host I upgraded crashed immediately.  Others take hours/days for crash to 
> appear.
> {noformat}
> #0  0x0000000000544e59 in 
> HttpTransact::change_response_header_because_of_range_request 
> (s=0x2b2ff3f44288, header=0x2b2ff3f44968) at HttpTransact.cc:8692
> #1  0x0000000000545190 in HttpTransact::handle_content_length_header 
> (s=0x2b2ff3f44288, header=0x2b2ff3f44968, base=<value optimized out>)
>     at HttpTransact.cc:6559
> #2  0x000000000054c963 in HttpTransact::build_response (s=0x2b2ff3f44288, 
> base_response=0x2b2ff3f44a28, outgoing_response=0x2b2ff3f44968,
>     outgoing_version=<value optimized out>, status_code=HTTP_STATUS_NONE, 
> reason_phrase=0x6bf28c "None") at HttpTransact.cc:7682
> #3  0x000000000054d2e0 in build_response (s=0x2b2ff3f44288) at 
> HttpTransact.cc:7644
> #4  HttpTransact::handle_transform_ready (s=0x2b2ff3f44288) at 
> HttpTransact.cc:4577
> #5  0x000000000051bfe8 in HttpSM::call_transact_and_set_next_state 
> (this=0x2b2ff3f44220, f=<value optimized out>) at HttpSM.cc:6767
> #6  0x00000000005317ed in HttpSM::state_response_wait_for_transform_read 
> (this=0x2b2ff3f44220, event=2000, data=0x2b3168082460) at HttpSM.cc:1210
> #7  0x00000000005306e8 in HttpSM::main_handler (this=0x2b2ff3f44220, 
> event=2000, data=0x2b3168082460) at HttpSM.cc:2530
> #8  0x00000000004e9406 in handleEvent (this=0x2b31680823d8, event=1) at 
> ../iocore/eventsystem/I_Continuation.h:146
> #9  TransformTerminus::handle_event (this=0x2b31680823d8, event=1) at 
> Transform.cc:173
> #10 0x00000000006a636f in handleEvent (this=0x2b2fda6cc010, e=0x2b315c060c60, 
> calling_code=1) at I_Continuation.h:146
> #11 EThread::process_event (this=0x2b2fda6cc010, e=0x2b315c060c60, 
> calling_code=1) at UnixEThread.cc:145
> #12 0x00000000006a6eeb in EThread::execute (this=0x2b2fda6cc010) at 
> UnixEThread.cc:196
> #13 0x00000000004c6ae4 in main (argv=<value optimized out>) at Main.cc:1686
> NOTE: Traffic Server received Sig 11: Segmentation fault
> /usr/localbin/traffic_server - STACK TRACE:
> /lib64/libpthread.so.0(+0x3aec80f500)[0x2af3d029a500]
> /usr/localbin/traffic_server(_ZN12HttpTransact47change_response_header_because_of_range_requestEPNS_5StateEP7HTTPHdr+0x219)[0x544e59]
> /usr/localbin/traffic_server(_ZN12HttpTransact28handle_content_length_headerEPNS_5StateEP7HTTPHdrS3_+0x280)[0x545190]
> /usr/localbin/traffic_server(_ZN12HttpTransact14build_responseEPNS_5StateEP7HTTPHdrS3_11HTTPVersion10HTTPStatusPKc+0x3e3)[0x54c963]
> /usr/localbin/traffic_server(_ZN12HttpTransact22handle_transform_readyEPNS_5StateE+0x70)[0x54d2e0]
> /usr/localbin/traffic_server(_ZN6HttpSM32call_transact_and_set_next_stateEPFvPN12HttpTransact5StateEE+0x28)[0x51bfe8]
> /usr/localbin/traffic_server(_ZN6HttpSM38state_response_wait_for_transform_readEiPv+0xed)[0x5317ed]
> /usr/localbin/traffic_server(_ZN6HttpSM12main_handlerEiPv+0xd8)[0x5306e8]
> /usr/localbin/traffic_server(_ZN17TransformTerminus12handle_eventEiPv+0x1d6)[0x4e9406]
> /usr/localbin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x6a636f]
> /usr/localbin/traffic_server(_ZN7EThread7executeEv+0x63b)[0x6a6eeb]
> /usr/localbin/traffic_server[0x6a520a]
> /lib64/libpthread.so.0(+0x3aec807851)[0x2af3d0292851]
> /lib64/libc.so.6(clone+0x6d)[0x3aec4e890d]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.1#6144)