Die with dignity on the network layer #21720

jasontedor · 2016-11-21T21:32:34Z

When a fatal error is thrown on the network layer, such an error never
makes its way to the uncaught exception handler. This prevents the node
from being torn down if an out of memory error or other fatal error is
thrown while handling HTTP or transport traffic. This commit adds logic
to ensure that such errors bubble their way up to the uncaught exception
handler, even though Netty tries really hard to swallow everything.

Relates #19272

When a fatal error is thrown on the network layer, such an error never makes its way to the uncaught exception handler. This prevents the node from being torn down if an out of memory error or other fatal error is thrown while handling HTTP or transport traffic. This commit adds logic to ensure that such errors bubble their way up to the uncaught exception handler, even though Netty tries really hard to swallow everything.

s1monw

LGTM

jasontedor · 2016-11-21T21:35:14Z

To test this, start an instance of Elasticsearch that does not have this patch applied with a 256m heap and http.max_content_length set to 512m.

$ dd if=/dev/zero of=zero bs=1024k count=512
$ curl -XPOST localhost:9200/i/t/1 --data-binary @zero

Elasticsearch will not die. Now apply this patch and test again. Elasticsearch will die with:

[2016-11-21T16:27:18,509][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [] fatal error in thread [org.elasticsearch.http.netty4.Netty4HttpRequestHandler#exceptionCaught], exiting
java.lang.OutOfMemoryError: Java heap space
	at io.netty.buffer.PoolArena$HeapArena.newUnpooledChunk(PoolArena.java:661) ~[?:?]
	at io.netty.buffer.PoolArena.allocateHuge(PoolArena.java:246) ~[?:?]
	at io.netty.buffer.PoolArena.allocate(PoolArena.java:224) ~[?:?]
	at io.netty.buffer.PoolArena.allocate(PoolArena.java:141) ~[?:?]
	at io.netty.buffer.PooledByteBufAllocator.newHeapBuffer(PooledByteBufAllocator.java:247) ~[?:?]
	at io.netty.buffer.AbstractByteBufAllocator.heapBuffer(AbstractByteBufAllocator.java:160) ~[?:?]
	at io.netty.buffer.AbstractByteBufAllocator.heapBuffer(AbstractByteBufAllocator.java:151) ~[?:?]
	at io.netty.buffer.CompositeByteBuf.allocBuffer(CompositeByteBuf.java:1653) ~[?:?]
	at io.netty.buffer.CompositeByteBuf.consolidateIfNeeded(CompositeByteBuf.java:405) ~[?:?]
	at io.netty.buffer.CompositeByteBuf.addComponent(CompositeByteBuf.java:196) ~[?:?]
	at io.netty.handler.codec.MessageAggregator.appendPartialContent(MessageAggregator.java:317) ~[?:?]
	at io.netty.handler.codec.MessageAggregator.decode(MessageAggregator.java:282) ~[?:?]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:88) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:280) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:396) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
	at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) ~[?:?]

jaymode

left one comment. Other than that LGTM

jaymode · 2016-11-21T21:54:28Z

modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/Netty4Utils.java

+             * frame so that at least we know where it came from.
+             */
+            final StackTraceElement previous = Thread.currentThread().getStackTrace()[2];
+            new Thread(() -> { throw (Error)cause; }, previous.getClassName() + "#" + previous.getMethodName()).start();


maybe we can try to log the stacktrace in a try-finally block in hopes that we can get the full stacktrace? In the finally we can throw the Error

I pushed bf47916.

jasontedor · 2016-11-22T00:20:37Z

retest this please

When preparing to rethrow a fatal error, this commit adds an attempt to log the current stack trace so where know which handler saw the fatal error.

When a fatal error is thrown on the network layer, such an error never makes its way to the uncaught exception handler. This prevents the node from being torn down if an out of memory error or other fatal error is thrown while handling HTTP or transport traffic. This commit adds logic to ensure that such errors bubble their way up to the uncaught exception handler, even though Netty tries really hard to swallow everything. Relates #21720

jasontedor · 2016-11-22T03:57:42Z

Thanks @s1monw and @jaymode.

jasontedor added :Distributed/Network Http and internode communication implementations blocker >bug critical review v5.0.2 v5.1.1 v6.0.0-alpha1 labels Nov 21, 2016

s1monw approved these changes Nov 21, 2016

View reviewed changes

jaymode approved these changes Nov 21, 2016

View reviewed changes

Try to log the current stack trace before dying

bf47916

When preparing to rethrow a fatal error, this commit adds an attempt to log the current stack trace so where know which handler saw the fatal error.

jasontedor force-pushed the you-are-killing-me-netty branch from cb64c39 to bf47916 Compare November 22, 2016 00:21

jasontedor merged commit 446037c into elastic:master Nov 22, 2016

jasontedor deleted the you-are-killing-me-netty branch November 22, 2016 03:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Die with dignity on the network layer #21720

Die with dignity on the network layer #21720

jasontedor commented Nov 21, 2016

s1monw left a comment

jasontedor commented Nov 21, 2016 •

edited

Loading

jaymode left a comment

jaymode Nov 21, 2016

jasontedor Nov 22, 2016 •

edited

Loading

jasontedor commented Nov 22, 2016

jasontedor commented Nov 22, 2016

Die with dignity on the network layer #21720

Die with dignity on the network layer #21720

Conversation

jasontedor commented Nov 21, 2016

s1monw left a comment

Choose a reason for hiding this comment

jasontedor commented Nov 21, 2016 • edited Loading

jaymode left a comment

Choose a reason for hiding this comment

jaymode Nov 21, 2016

Choose a reason for hiding this comment

jasontedor Nov 22, 2016 • edited Loading

Choose a reason for hiding this comment

jasontedor commented Nov 22, 2016

jasontedor commented Nov 22, 2016

jasontedor commented Nov 21, 2016 •

edited

Loading

jasontedor Nov 22, 2016 •

edited

Loading