You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/12/27 03:53:13 UTC

[jira] [Updated] (TS-3263) Segmentation fault about MIOBuffer

     [ https://issues.apache.org/jira/browse/TS-3263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-3263:
------------------------------
    Fix Version/s: 5.3.0

> Segmentation fault about MIOBuffer
> ----------------------------------
>
>                 Key: TS-3263
>                 URL: https://issues.apache.org/jira/browse/TS-3263
>             Project: Traffic Server
>          Issue Type: Bug
>            Reporter: Qiang Li
>             Fix For: 5.3.0
>
>
> traffic.out
> {code}
> traffic_server: Segmentation fault (Address not mapped to object [(nil)])traffic_server - STACK TRACE: 
> /usr/bin/traffic_server(_Z19crash_logger_invokeiP7siginfoPv+0xc3)[0x4fea52]
> /lib64/libpthread.so.0(+0xf710)[0x2aef4c9ea710]
> /lib64/libc.so.6(memcpy+0x11)[0x2aef4d97a681]
> /usr/bin/traffic_server(_ZN9MIOBuffer5writeEPKvl+0xb9)[0x7b8a4b]
> /usr/bin/traffic_server(_ZN8PluginVC14transfer_bytesEP9MIOBufferP14IOBufferReaderl+0xb8)[0x53ce2c]
> /usr/bin/traffic_server(_ZN8PluginVC17process_read_sideEb+0x4bf)[0x53da59]
> /usr/bin/traffic_server(_ZN8PluginVC18process_write_sideEb+0x6ca)[0x53d546]
> /usr/bin/traffic_server(_ZN8PluginVC12main_handlerEiPv+0x5a9)[0x53c409]
> /usr/bin/traffic_server(_ZN12Continuation11handleEventEiPv+0x6c)[0x50192c]
> /usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0xc6)[0x7bb6ba]
> /usr/bin/traffic_server(_ZN7EThread7executeEv+0xa0)[0x7bb888]
> /usr/bin/traffic_server[0x7bac75]
> /lib64/libpthread.so.0(+0x79d1)[0x2aef4c9e29d1]
> /lib64/libc.so.6(clone+0x6d)[0x2aef4d9d99dd]
> {code}
> core dump
> {code}
> (gdb) bt
> #0  0x00002aef4d97a681 in memcpy () from /lib64/libc.so.6
> #1  0x00000000007b8a4b in MIOBuffer::write (this=0x2aad417c50e0, abuf=0x2aac99d20ffb, alen=5) at IOBuffer.cc:93
> #2  0x000000000053ce2c in PluginVC::transfer_bytes (this=0x2aaae43cd360, transfer_to=0x2aad417c50e0, transfer_from=0x2aac6c94a2c8, act_on=16848)
>     at PluginVC.cc:452
> #3  0x000000000053da59 in PluginVC::process_read_side (this=0x2aaae43cd360, other_side_call=true) at PluginVC.cc:653
> #4  0x000000000053d546 in PluginVC::process_write_side (this=0x2aaae43cd550, other_side_call=false) at PluginVC.cc:565
> #5  0x000000000053c409 in PluginVC::main_handler (this=0x2aaae43cd550, event=1, data=0x2aad55853420) at PluginVC.cc:210
> #6  0x000000000050192c in Continuation::handleEvent (this=0x2aaae43cd550, event=1, data=0x2aad55853420) at ../iocore/eventsystem/I_Continuation.h:146
> #7  0x00000000007bb6ba in EThread::process_event (this=0x2aef5511f010, e=0x2aad55853420, calling_code=1) at UnixEThread.cc:144
> #8  0x00000000007bb888 in EThread::execute (this=0x2aef5511f010) at UnixEThread.cc:195
> #9  0x00000000007bac75 in spawn_thread_internal (a=0x2c6ce00) at Thread.cc:88
> #10 0x00002aef4c9e29d1 in start_thread () from /lib64/libpthread.so.0
> #11 0x00002aef4d9d99dd in clone () from /lib64/libc.so.6
> (gdb) f 1
> #1  0x00000000007b8a4b in MIOBuffer::write (this=0x2aad417c50e0, abuf=0x2aac99d20ffb, alen=5) at IOBuffer.cc:93
> 93	      ::memcpy(_writer->end(), buf, f);
> (gdb) l
> 88	    if (!_writer)
> 89	      add_block();
> 90	    int64_t f = _writer->write_avail();
> 91	    f = f < len ? f : len;
> 92	    if (f > 0) {
> 93	      ::memcpy(_writer->end(), buf, f);
> 94	      _writer->fill(f);
> 95	      buf += f;
> 96	      len -= f;
> 97	    }
> (gdb) p *this
> $1 = {size_index = 46923640729072, water_mark = 32768, _writer = {m_ptr = 0x2aac52ec6d40}, readers = {{accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, 
>       start_offset = 0, size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, 
>       size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}, {
>       accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {
>         m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}}, _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319"}
> (gdb) p *_writer->m_ptr
> $2 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x7be4b0}, m_refcount = 1}, _start = 0x0, _end = 0x0, _buf_end = 0x2aad42efede1 "\256~", 
>   _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319", data = {m_ptr = 0x2aaabc356ab0}, next = {m_ptr = 0x0}}
> (gdb) p *_writer->m_ptr->data->m_ptr
> $3 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x7be4f0}, m_refcount = 1}, _size_index = 46923640729072, _mem_type = DEFAULT_ALLOC, 
>   _data = 0x0, _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319"}
> (gdb) 
> {code}
> HttpSM.cc:
> {code}
> 6315:  alloc_index = find_server_buffer_size();
> 6316: #ifndef USE_NEW_EMPTY_MIOBUFFER
> 6317:  MIOBuffer *buf = new_MIOBuffer(alloc_index);
> 6318: #else
> 6319:  MIOBuffer *buf = new_empty_MIOBuffer(alloc_index);
> 6320:  buf->append_block(HTTP_HEADER_BUFFER_SIZE_INDEX);
> 6321: #endif
> 6322:  buf->water_mark = (int) t_state.txn_conf->default_buffer_water_mark;
> 6323:  IOBufferReader *buf_start = buf->alloc_reader();
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)