[ https://issues.apache.org/jira/browse/TS-1203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257476#comment-13257476 ]
weijin commented on TS-1203: ---------------------------- It is similar as TS-996. We will back port it and test again. > Crash report: HdrHeap::duplicate_str, in host_set > ------------------------------------------------- > > Key: TS-1203 > URL: https://issues.apache.org/jira/browse/TS-1203 > Project: Traffic Server > Issue Type: Bug > Components: HTTP > Affects Versions: 3.1.3 > Environment: 3.0.x, new crashes > Reporter: Zhao Yongming > Assignee: weijin > Priority: Critical > Fix For: 3.1.4 > > > we get some new crashes in the production: > {code} > warning: no loadable sections found in added symbol-file system-supplied DSO > at 0x7ffff27fd000 > Core was generated by `/usr/bin/traffic_server -M -A,12:X,13:X'. > Program terminated with signal 11, Segmentation fault. > #0 0x0000003e5b07c24e in memcpy () from /lib64/libc.so.6 > (gdb) bt > #0 0x0000003e5b07c24e in memcpy () from /lib64/libc.so.6 > #1 0x00000000005aab68 in HdrHeap::duplicate_str (this=<value optimized out>, > str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, > nbytes=21) at HdrHeap.cc:344 > #2 0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, > s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, > d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at > MIME.cc:3034 > #3 0x00000000005aef28 in host_set (this=0x2aae268f8c18, url=<value optimized > out>) at URL.h:541 > #4 HTTPHdr::set_url_target_from_host_field (this=0x2aae268f8c18, url=<value > optimized out>) at HTTP.cc:1484 > #5 0x000000000055dc69 in RemapProcessor::setup_for_remap (this=<value > optimized out>, s=0x2aae268f83c8) at RemapProcessor.cc:130 > #6 0x00000000005165d9 in HttpSM::do_remap_request (this=0x2aae268f8360, > run_inline=true) at HttpSM.cc:3666 > #7 0x0000000000526cbb in HttpSM::set_next_state (this=0x2aaabd62be12) at > HttpSM.cc:6392 > #8 0x00000000005136f0 in HttpSM::call_transact_and_set_next_state > (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345 > #9 0x0000000000526713 in HttpSM::set_next_state (this=0x2aae268f8360) at > HttpSM.cc:6553 > #10 0x00000000005136f0 in HttpSM::call_transact_and_set_next_state > (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345 > #11 0x0000000000526713 in HttpSM::set_next_state (this=0x2aae268f8360) at > HttpSM.cc:6553 > #12 0x00000000005136f0 in HttpSM::call_transact_and_set_next_state > (this=0x2aae268f8360, f=<value optimized out>) at HttpSM.cc:6345 > #13 0x0000000000520f21 in HttpSM::state_read_client_request_header > (this=0x2aae268f8360, event=100, data=<value optimized out>) > at HttpSM.cc:783 > #14 0x00000000005259b9 in HttpSM::main_handler (this=0x2aae268f8360, > event=100, data=0x2aae68aee6e0) at HttpSM.cc:2456 > #15 0x000000000066d1fb in handleEvent (nh=0x2aaaab105668, vc=0x2aae68aee520, > thread=0x2aaaab104010) > at ../../iocore/eventsystem/I_Continuation.h:146 > #16 read_signal_and_update (nh=0x2aaaab105668, vc=0x2aae68aee520, > thread=0x2aaaab104010) at UnixNetVConnection.cc:138 > #17 read_from_net (nh=0x2aaaab105668, vc=0x2aae68aee520, > thread=0x2aaaab104010) at UnixNetVConnection.cc:320 > #18 0x0000000000666579 in NetHandler::mainNetEvent (this=0x2aaaab105668, > event=<value optimized out>, e=0x2aaaab8ed028) at UnixNet.cc:389 > #19 0x0000000000691c8f in EThread::process_event (this=0x2aaaab104010, > e=0x35681c0, calling_code=5) at I_Continuation.h:146 > #20 0x000000000069259c in EThread::execute (this=0x2aaaab104010) at > UnixEThread.cc:263 > #21 0x000000000069115e in spawn_thread_internal (a=0x35621b0) at Thread.cc:88 > #22 0x0000003e5b80673d in start_thread () from /lib64/libpthread.so.0 > #23 0x0000003e5b0d44bd in clone () from /lib64/libc.so.6 > (gdb) f 1 > #1 0x00000000005aab68 in HdrHeap::duplicate_str (this=<value optimized out>, > str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, > nbytes=21) at HdrHeap.cc:344 > 344 memcpy(new_str, str, nbytes); > (gdb) p str > $1 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds> > (gdb) p nbytes > $2 = 21 > (gdb) f 2 > #2 0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, > s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, > d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at > MIME.cc:3034 > 3034 s_str = heap->duplicate_str(s_str, s_len); > (gdb) p s_str > $3 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds> > (gdb) f 3 > #3 0x00000000005aef28 in host_set (this=0x2aae268f8c18, url=<value optimized > out>) at URL.h:541 > 541 url_host_set(m_heap, m_url_impl, value, length, true); > (gdb) p value > $4 = <value optimized out> > (gdb) p length > $5 = <value optimized out> > (gdb) f 2 > #2 0x00000000005b3ac3 in mime_str_u16_set (heap=0x2aaabd62be12, > s_str=0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds>, s_len=21, > d_str=0x2aae3656f348, d_len=0x2aae3656f322, must_copy=true) at > MIME.cc:3034 > 3034 s_str = heap->duplicate_str(s_str, s_len); > (gdb) l > 3029 // either NULL or be valid ptr for a string already > 3030 // the string heaps > 3031 heap->free_string(*d_str, *d_len); > 3032 > 3033 if (must_copy && s_str) { > 3034 s_str = heap->duplicate_str(s_str, s_len); > 3035 } > 3036 *d_str = s_str; > 3037 *d_len = s_len; > 3038 return s_str; > (gdb) p d_str > $6 = (const char **) 0x2aae3656f348 > (gdb) p s_str > $7 = 0x2aae474a6ec0 <Address 0x2aae474a6ec0 out of bounds> > (gdb) p s_length > No symbol "s_length" in current context. > (gdb) p s_len > $8 = 21 > (gdb) p d_len > $9 = (uint16_t *) 0x2aae3656f322 > (gdb) p *d_len > $10 = 0 > (gdb) p must_copy > $11 = true > (gdb) p heap > $12 = (HdrHeap *) 0x2aaabd62be12 > (gdb) p *heap > $13 = {m_magic = 4244214959, m_free_start = 0xf1895c4222d0b96a <Address > 0xf1895c4222d0b96a out of bounds>, > m_data_start = 0x285db46ea5b18c6a <Address 0x285db46ea5b18c6a out of > bounds>, m_size = 3748408139, m_writeable = 72, > m_next = 0x4b5d5524367f9156, m_free_size = 522270020, m_read_write_heap = > {m_ptr = 0x4fab38ef61c7babd}, m_ronly_heap = {{ > m_ref_count_ptr = {m_ptr = 0xeab92d3f33ca4c08}, m_heap_start = > 0xd0a586e9724b41bd <Address 0xd0a586e9724b41bd out of bounds>, > m_heap_len = 607024474, m_locked = 173}, {m_ref_count_ptr = {m_ptr = > 0x291de23cd9d76661}, > m_heap_start = 0x94b01adb1717483c <Address 0x94b01adb1717483c out of > bounds>, m_heap_len = -1636411743, m_locked = 197}, { > m_ref_count_ptr = {m_ptr = 0x57181fd595dcf146}, m_heap_start = > 0x9f7772a75a886824 <Address 0x9f7772a75a886824 out of bounds>, > m_heap_len = -1116353500, m_locked = 216}}, m_lost_string_space = > -1252959438} > (gdb) > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira