[Varnish] #799: beresp.ttl = 10s * std.random(..) ==> segfaulting vcc

Varnish varnish-bugs at varnish-cache.org
Fri Oct 22 13:33:20 CEST 2010 

#799: beresp.ttl =  10s * std.random(..) ==> segfaulting vcc
----------------------+-----------------------------------------------------
 Reporter:  kristian  |       Owner:  phk  
     Type:  defect    |      Status:  new  
 Priority:  normal    |   Milestone:       
Component:  varnishd  |     Version:  trunk
 Severity:  normal    |    Keywords:       
----------------------+-----------------------------------------------------
 Trunk, as of Oct 21.

 {{{
 $ /opt/varnish/sbin/varnishd -f /etc/varnish/default.vcl -a :8133 -s
 malloc,1G -w 100,2000 -T localhost:8134 -C
 SMA.s0: max size 1024 MB.
 Running VCC-compiler failed, signal 11
 }}}

 bt:

 {{{
 (gdb) thread apply all bt full

 Thread 1 (Thread 10556):
 #0  0x00007f310f255513 in vcc_expr_mul (tl=0x7f310e01f540,
 e=0x7fffe76ac9a8, fmt=DURATION) at vcc_expr.c:666
         e2 = 0x0
         f2 = REAL
         f3 = DURATION
         tk = 0x7f310e05a7c0
         __func__ = "vcc_expr_mul"
 #1  0x00007f310f255625 in vcc_expr_add (tl=0x7f310e01f540,
 e=0x7fffe76ac9a8, fmt=DURATION) at vcc_expr.c:689
         e2 = 0x7f31fbad8001
         f2 = 32561
         tk = 0x7f310e66f5c2
         __func__ = "vcc_expr_add"
 #2  0x00007f310f255bb5 in vcc_expr_cmp (tl=0x7f310e01f540,
 e=0x7fffe76ac9a8, fmt=DURATION) at vcc_expr.c:803
         e2 = 0x7fffe76ac8c0
         cp = 0x3000000028
         buf =
 "\000\310j\347\377\177\000\000\000\000\000\000\000\000\000\000\n\000\000\000\n\000\000\000\300\246\005\016\061\177\000\000\377\377\377\377\377\177\000\000\214yg\017\061\177\000\000\353\341%\017\061\177\000\000\300\357\227\016\061\177\000\000\000\000\000\000\000\000\000\000\300\310j\347\377\177\000\000\000\310j\347\377\177\000\000\000P\005\016\000\000\000\000\270\261\251\017\061\177\000\000`V\005\016\061\177\000\000\006\000\000\000\000\000\000\000\006\000\000\000\000\000\000\000\352\341%\017\061\177\000\000\001\001\001\001\000\000\000\000\211\223\004\016\061\177\000\000\260\310j\347\377\177\000\000\360\242@\000\000\000\000\000\200\360j\347\377\177\000\000\000\000\000\000\000\000\000\000\205wg\017\061\177\000\000\240\310j\347\377\177\000\000\340\310j\347\377\177\000\000\n\321%\017\061\177\000\000
 \353\001\016\061\177\000\000
 \000\000\000\060\000\000\000\320\311j\347\377\177\000\000\000\311j\347\377\177\000\000\300\246\005\016\025\000\000"
         re = 0x0
         not = 0x7f310f250000 ""
         tk = 0x7fffe76ac7e0
         __func__ = "vcc_expr_cmp"
 #3  0x00007f310f2564f8 in vcc_expr_not (tl=0x7f310e01f540,
 e=0x7fffe76ac9a8, fmt=DURATION) at vcc_expr.c:901
         e2 = 0x7f310e01f540
         tk = 0x7fffe76ac900
 #4  0x00007f310f256615 in vcc_expr_cand (tl=0x7f310e01f540,
 e=0x7fffe76ac9a8, fmt=DURATION) at vcc_expr.c:931
         e2 = 0x40425f5244
         tk = 0x7f310f25d0e4
 #5  0x00007f310f2567e0 in vcc_expr0 (tl=0x7f310e01f540, e=0x7fffe76ac9a8,
 fmt=DURATION) at vcc_expr.c:966
         e2 = 0x7f310f25a707
         tk = 0x7fffe76ac9c0
 #6  0x00007f310f2569e8 in vcc_Expr (tl=0x7f310e01f540, fmt=DURATION) at
 vcc_expr.c:1004
         e = 0x7f310e056250
         t1 = 0x7f310e05a740
         __func__ = "vcc_Expr"
 #7  0x00007f310f249e9b in parse_set (tl=0x7f310e01f540) at
 vcc_action.c:152
         vp = 0x7f310f467928
         ap = 0x7f310f25d0c0
         fmt = DURATION
         __func__ = "parse_set"
 #8  0x00007f310f24ae2f in vcc_ParseAction (tl=0x7f310e01f540) at
 vcc_action.c:446
         at = 0x7f310e05a680
 ---Type <return> to continue, or q <return> to quit---
         atp = 0x7f310f4684d0
         sym = 0x7f310e02f000
         __func__ = "vcc_ParseAction"
 #9  0x00007f310f2571ab in vcc_Compound (tl=0x7f310e01f540) at
 vcc_parse.c:174
         i = 1
 #10 0x00007f310f257579 in vcc_Function (tl=0x7f310e01f540) at
 vcc_parse.c:230
         m = 6
         __func__ = "vcc_Function"
 #11 0x00007f310f25770e in vcc_Parse (tl=0x7f310e01f540) at vcc_parse.c:287
         tp = 0x7f310f468610
 #12 0x00007f310f250602 in vcc_CompileSource (tl0=0x7f310e01f380,
 sb=0x7f310e01e910, sp=0x7f310e05aa00) at vcc_compile.c:608
         tl = 0x7f310e01f540
         sym = 0x7f310e04ea80
         v = 0x7f310f467d50
         of = 0x7f310f25e97d "input"
         i = 32561
         __func__ = "vcc_CompileSource"
 #13 0x00007f310f250a86 in VCC_Compile (tl=0x7f310e01f380,
 sb=0x7f310e01e910,
     b=0x7f310e02f000 "# This is a basic VCL configuration file for
 varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"...) at vcc_compile.c:686
         sp = 0x7f310e01b8c0
         r = 0x101010101010101 <Address 0x101010101010101 out of bounds>
 #14 0x0000000000446b62 in run_vcc (priv=0x7fffe76acd40) at mgt_vcc.c:149
         csrc = 0x1 <Address 0x1 out of bounds>
         sb = 0x7f310e01e910
         vp = 0x7fffe76acd40
         fd = 0
         i = 10553
         l = 0
         __func__ = "run_vcc"
 #15 0x00007f310f6705a9 in SUB_run (sb=0x7f310e01e8e0, func=0x446aac
 <run_vcc>, priv=0x7fffe76acd40, name=0x4709bf "VCC-compiler", maxlines=-1)
 at subproc.c:104
         rv = 0
         p = {3, 4}
         sfd = 100
         status = 32561
         pid = 0
         vlu = 0x0
         sp = {name = 0x4709bf "VCC-compiler", sb = 0x7f310e01e8e0, lines =
 0, maxlines = -1}
         __func__ = "SUB_run"
 #16 0x0000000000446f4c in mgt_run_cc (
     vcl=0x7f310e02f000 "# This is a basic VCL configuration file for
 varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"..., sb=0x7f310e01e8e0, C_flag=1) at mgt_vcc.c:251
         csrc = 0x4 <Address 0x4 out of bounds>
         cmdsb = 0x10
         sf = "./vcl.1P9zoqAU.c"
         of =
 "\270\261\251\017\061\177\000\000u\364j\347\377\177\000\000\300",
 <incomplete sequence \315>
 ---Type <return> to continue, or q <return> to quit---
         retval = 0x20 <Address 0x20 out of bounds>
         sfd = 3
         i = 234910192
         vp = {sf = 0x7fffe76acd90 "./vcl.1P9zoqAU.c",
           vcl = 0x7f310e02f000 "# This is a basic VCL configuration file
 for varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"...}
         __func__ = "mgt_run_cc"
 #17 0x00000000004471c7 in mgt_VccCompile (sb=0x7fffe76ace50,
     b=0x7f310e02f000 "# This is a basic VCL configuration file for
 varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"..., C_flag=1) at mgt_vcc.c:301
         vf = 0x7f310e004460 "/opt/varnish/var/varnish/luke/"
         __func__ = "mgt_VccCompile"
 #18 0x00000000004475e1 in mgt_vcc_default (b_arg=0x0, f_arg=0x7fffe76af475
 "/etc/varnish/default.vcl",
     vcl=0x7f310e02f000 "# This is a basic VCL configuration file for
 varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"..., C_flag=1) at mgt_vcc.c:391
         vf = 0x0
         sb = 0x7f310e01e8e0
         vp = 0x7fffe76aef08
         buf =
 "boot\000varnish/var/varnish/luke/\000ons\000\000t\000\000pages\000\000ve\000\000\000t\000\000\000\000\065\n",
 '\000' <repeats 2286 times>,
 "\032\234\210\017\061\177\000\000\000\000\000\000\000\000\000\000@\330j\347\377\177\000\000\000\000\000\000\000\000\000\000(<\247\017\061\177\000\000\330\331j\347\377\177\000\000\f\000\000\000\000\000\000\000p\261\232|\000\000\000\000\264\246\210\017\061\177\000\000\000\000\000\000\000\000\000\000\305j\362\001\000\000\000\000\060\000\000\000\000\000\000\000tT`\016\061\177\000\000\000\000\000\000\000\000\000\000@\330j\347\377\177\000\000 at l`\016\061\177\000\000,\rq\016\061\177\000\000\000@\000\000\016\000\000\000,\rq\016\061\177\000\000\000"...
         __func__ = "mgt_vcc_default"
 #19 0x00000000004533a9 in main (argc=0, argv=0x7fffe76af0e8) at
 varnishd.c:592
         o = -1
         C_flag = 1
         F_flag = 0
         b_arg = 0x0
         f_arg = 0x7fffe76af475 "/etc/varnish/default.vcl"
         i_arg = 0x0
         l_arg = 0x0
         h_arg = 0x4733c9 "critbit"
         M_arg = 0x0
         n_arg = 0x0
         P_arg = 0x0
         S_arg = 0x0
         s_arg = 0x4733d1 "file"
         s_arg_given = 1
         T_arg = 0x7fffe76af4b3 "localhost:8134"
         p = 0x7fffe76aef5f ""
         vcl = 0x7f310e02f000 "# This is a basic VCL configuration file for
 varnish.  See the vcl(7)\n# man page for details on VCL syntax and
 semantics.\n# \n# Default backend definition.  Set this to point to your
 content\n# server.\n"...
         cli = {{magic = 0, sb = 0x7f310e01e4c0, result = CLIS_OK, cmd =
 0x0, auth = 0, challenge = '\000' <repeats 33 times>, ident = 0x0, vlu =
 0x0, cls = 0x0}}
         pfh = 0x0
         dirname = 0x7f310e004460 "/opt/varnish/var/varnish/luke/"
 ---Type <return> to continue, or q <return> to quit---
         __func__ = "main"
 (gdb)
 }}}

 Relevant bit of vcl:
 {{{
 sub vcl_fetch {
         unset beresp.http.Set-Cookie;
         set beresp.ttl = 30s * std.random(1,10);
 }
 }}}

 .

-- 
Ticket URL: <http://www.varnish-cache.org/trac/ticket/799>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list