[jira] [Commented] (TS-1203) Crash report: HdrHeap::duplicate_str, in host_set

Thu, 19 Apr 2012 06:35:18 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-1203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257476#comment-13257476
 ] 

weijin commented on TS-1203:
----------------------------

It is similar as TS-996. We will back port it and test again.
                
> Crash report: HdrHeap::duplicate_str, in host_set
> -------------------------------------------------
>
>                 Key: TS-1203
>                 URL: https://issues.apache.org/jira/browse/TS-1203
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 3.1.3
>         Environment: 3.0.x, new crashes
>            Reporter: Zhao Yongming
>            Assignee: weijin
>            Priority: Critical
>             Fix For: 3.1.4
>
>
> we get some new crashes in the production:
> {code}
> warning: no loadable sections found in added symbol-file system-supplied DSO 
> at 0x7ffff27fd000
> Core was generated by `/usr/bin/traffic_server -M -A,12:X,13:X'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x0000003e5b07c24e in memcpy () from /lib64/libc.so.6
> (gdb) bt
> #0  0x0000003e5b07c24e in memcpy () from /lib64/libc.so.6
> #1  0x00000000005aab68 in HdrHeap::duplicate_str (this=<value optimized out>, 
> str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, 
>     nbytes=21) at HdrHeap.cc:344
> #2  0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, 
> s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, 
>     d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at 
> MIME.cc:3034
> #3  0x00000000005aef28 in host_set (this=0x2aae268f8c18, url=<value optimized 
> out>) at URL.h:541
> #4  HTTPHdr::set_url_target_from_host_field (this=0x2aae268f8c18, url=<value 
> optimized out>) at HTTP.cc:1484
> #5  0x000000000055dc69 in RemapProcessor::setup_for_remap (this=<value 
> optimized out>, s=0x2aae268f83c8) at RemapProcessor.cc:130
> #6  0x00000000005165d9 in HttpSM::do_remap_request (this=0x2aae268f8360, 
> run_inline=true) at HttpSM.cc:3666
> #7  0x0000000000526cbb in HttpSM::set_next_state (this=0x2aaabd62be12) at 
> HttpSM.cc:6392
> #8  0x00000000005136f0 in HttpSM::call_transact_and_set_next_state 
> (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345
> #9  0x0000000000526713 in HttpSM::set_next_state (this=0x2aae268f8360) at 
> HttpSM.cc:6553
> #10 0x00000000005136f0 in HttpSM::call_transact_and_set_next_state 
> (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345
> #11 0x0000000000526713 in HttpSM::set_next_state (this=0x2aae268f8360) at 
> HttpSM.cc:6553
> #12 0x00000000005136f0 in HttpSM::call_transact_and_set_next_state 
> (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345
> #13 0x0000000000520f21 in HttpSM::state_read_client_request_header 
> (this=0x2aae268f8360, event=100, data=<value optimized out>)
>     at HttpSM.cc:783
> #14 0x00000000005259b9 in HttpSM::main_handler (this=0x2aae268f8360, 
> event=100, data=0x2aae68aee6e0) at HttpSM.cc:2456
> #15 0x000000000066d1fb in handleEvent (nh=0x2aaaab105668, vc=0x2aae68aee520, 
> thread=0x2aaaab104010)
>     at ../../iocore/eventsystem/I_Continuation.h:146
> #16 read_signal_and_update (nh=0x2aaaab105668, vc=0x2aae68aee520, 
> thread=0x2aaaab104010) at UnixNetVConnection.cc:138
> #17 read_from_net (nh=0x2aaaab105668, vc=0x2aae68aee520, 
> thread=0x2aaaab104010) at UnixNetVConnection.cc:320
> #18 0x0000000000666579 in NetHandler::mainNetEvent (this=0x2aaaab105668, 
> event=<value optimized out>, e=0x2aaaab8ed028) at UnixNet.cc:389
> #19 0x0000000000691c8f in EThread::process_event (this=0x2aaaab104010, 
> e=0x35681c0, calling_code=5) at I_Continuation.h:146
> #20 0x000000000069259c in EThread::execute (this=0x2aaaab104010) at 
> UnixEThread.cc:263
> #21 0x000000000069115e in spawn_thread_internal (a=0x35621b0) at Thread.cc:88
> #22 0x0000003e5b80673d in start_thread () from /lib64/libpthread.so.0
> #23 0x0000003e5b0d44bd in clone () from /lib64/libc.so.6
> (gdb) f 1
> #1  0x00000000005aab68 in HdrHeap::duplicate_str (this=<value optimized out>, 
> str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, 
>     nbytes=21) at HdrHeap.cc:344
> 344     memcpy(new_str, str, nbytes);
> (gdb) p str
> $1 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>
> (gdb) p nbytes
> $2 = 21
> (gdb) f 2
> #2  0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, 
> s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, 
>     d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at 
> MIME.cc:3034
> 3034      s_str = heap->duplicate_str(s_str, s_len);
> (gdb) p s_str
> $3 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>
> (gdb) f 3
> #3  0x00000000005aef28 in host_set (this=0x2aae268f8c18, url=<value optimized 
> out>) at URL.h:541
> 541     url_host_set(m_heap, m_url_impl, value, length, true);
> (gdb) p value
> $4 = <value optimized out>
> (gdb) p length
> $5 = <value optimized out>
> (gdb) f 2
> #2  0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, 
> s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, 
>     d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at 
> MIME.cc:3034
> 3034      s_str = heap->duplicate_str(s_str, s_len);
> (gdb) l
> 3029    //    either NULL or be valid ptr for a string already
> 3030    //    the string heaps
> 3031    heap->free_string(*d_str, *d_len);
> 3032  
> 3033    if (must_copy && s_str) {
> 3034      s_str = heap->duplicate_str(s_str, s_len);
> 3035    }
> 3036    *d_str = s_str;
> 3037    *d_len = s_len;
> 3038    return s_str;
> (gdb) p d_str
> $6 = (const char **) 0x2aae3656f348
> (gdb) p s_str
> $7 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>
> (gdb) p s_length
> No symbol "s_length" in current context.
> (gdb) p s_len
> $8 = 21
> (gdb) p d_len
> $9 = (uint16_t *) 0x2aae3656f322
> (gdb) p *d_len
> $10 = 0
> (gdb) p must_copy
> $11 = true
> (gdb) p heap
> $12 = (HdrHeap *) 0x2aaabd62be12
> (gdb) p *heap
> $13 = {m_magic = 4244214959, m_free_start = 0xf1895c4222d0b96a <Address 
> 0xf1895c4222d0b96a out of bounds>, 
>   m_data_start = 0x285db46ea5b18c6a <Address 0x285db46ea5b18c6a out of 
> bounds>, m_size = 3748408139, m_writeable = 72, 
>   m_next = 0x4b5d5524367f9156, m_free_size = 522270020, m_read_write_heap = 
> {m_ptr = 0x4fab38ef61c7babd}, m_ronly_heap = {{
>       m_ref_count_ptr = {m_ptr = 0xeab92d3f33ca4c08}, m_heap_start = 
> 0xd0a586e9724b41bd <Address 0xd0a586e9724b41bd out of bounds>, 
>       m_heap_len = 607024474, m_locked = 173}, {m_ref_count_ptr = {m_ptr = 
> 0x291de23cd9d76661}, 
>       m_heap_start = 0x94b01adb1717483c <Address 0x94b01adb1717483c out of 
> bounds>, m_heap_len = -1636411743, m_locked = 197}, {
>       m_ref_count_ptr = {m_ptr = 0x57181fd595dcf146}, m_heap_start = 
> 0x9f7772a75a886824 <Address 0x9f7772a75a886824 out of bounds>, 
>       m_heap_len = -1116353500, m_locked = 216}}, m_lost_string_space = 
> -1252959438}
> (gdb)
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to