You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Qiang Li (JIRA)" <ji...@apache.org> on 2014/12/26 04:30:13 UTC
[jira] [Created] (TS-3263) Segmentation fault about MIOBuffer

Qiang Li created TS-3263:
----------------------------

             Summary: Segmentation fault about MIOBuffer
                 Key: TS-3263
                 URL: https://issues.apache.org/jira/browse/TS-3263
             Project: Traffic Server
          Issue Type: Bug
            Reporter: Qiang Li


traffic.out
{code}
traffic_server: Segmentation fault (Address not mapped to object [(nil)])traffic_server - STACK TRACE: 
/usr/bin/traffic_server(_Z19crash_logger_invokeiP7siginfoPv+0xc3)[0x4fea52]
/lib64/libpthread.so.0(+0xf710)[0x2aef4c9ea710]
/lib64/libc.so.6(memcpy+0x11)[0x2aef4d97a681]
/usr/bin/traffic_server(_ZN9MIOBuffer5writeEPKvl+0xb9)[0x7b8a4b]
/usr/bin/traffic_server(_ZN8PluginVC14transfer_bytesEP9MIOBufferP14IOBufferReaderl+0xb8)[0x53ce2c]
/usr/bin/traffic_server(_ZN8PluginVC17process_read_sideEb+0x4bf)[0x53da59]
/usr/bin/traffic_server(_ZN8PluginVC18process_write_sideEb+0x6ca)[0x53d546]
/usr/bin/traffic_server(_ZN8PluginVC12main_handlerEiPv+0x5a9)[0x53c409]
/usr/bin/traffic_server(_ZN12Continuation11handleEventEiPv+0x6c)[0x50192c]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0xc6)[0x7bb6ba]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0xa0)[0x7bb888]
/usr/bin/traffic_server[0x7bac75]
/lib64/libpthread.so.0(+0x79d1)[0x2aef4c9e29d1]
/lib64/libc.so.6(clone+0x6d)[0x2aef4d9d99dd]
{code}

core dump
{code}
(gdb) bt
#0  0x00002aef4d97a681 in memcpy () from /lib64/libc.so.6
#1  0x00000000007b8a4b in MIOBuffer::write (this=0x2aad417c50e0, abuf=0x2aac99d20ffb, alen=5) at IOBuffer.cc:93
#2  0x000000000053ce2c in PluginVC::transfer_bytes (this=0x2aaae43cd360, transfer_to=0x2aad417c50e0, transfer_from=0x2aac6c94a2c8, act_on=16848)
    at PluginVC.cc:452
#3  0x000000000053da59 in PluginVC::process_read_side (this=0x2aaae43cd360, other_side_call=true) at PluginVC.cc:653
#4  0x000000000053d546 in PluginVC::process_write_side (this=0x2aaae43cd550, other_side_call=false) at PluginVC.cc:565
#5  0x000000000053c409 in PluginVC::main_handler (this=0x2aaae43cd550, event=1, data=0x2aad55853420) at PluginVC.cc:210
#6  0x000000000050192c in Continuation::handleEvent (this=0x2aaae43cd550, event=1, data=0x2aad55853420) at ../iocore/eventsystem/I_Continuation.h:146
#7  0x00000000007bb6ba in EThread::process_event (this=0x2aef5511f010, e=0x2aad55853420, calling_code=1) at UnixEThread.cc:144
#8  0x00000000007bb888 in EThread::execute (this=0x2aef5511f010) at UnixEThread.cc:195
#9  0x00000000007bac75 in spawn_thread_internal (a=0x2c6ce00) at Thread.cc:88
#10 0x00002aef4c9e29d1 in start_thread () from /lib64/libpthread.so.0
#11 0x00002aef4d9d99dd in clone () from /lib64/libc.so.6
(gdb) f 1
#1  0x00000000007b8a4b in MIOBuffer::write (this=0x2aad417c50e0, abuf=0x2aac99d20ffb, alen=5) at IOBuffer.cc:93
93	      ::memcpy(_writer->end(), buf, f);
(gdb) l
88	    if (!_writer)
89	      add_block();
90	    int64_t f = _writer->write_avail();
91	    f = f < len ? f : len;
92	    if (f > 0) {
93	      ::memcpy(_writer->end(), buf, f);
94	      _writer->fill(f);
95	      buf += f;
96	      len -= f;
97	    }
(gdb) p *this
$1 = {size_index = 46923640729072, water_mark = 32768, _writer = {m_ptr = 0x2aac52ec6d40}, readers = {{accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, 
      start_offset = 0, size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, 
      size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}, {
      accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {
        m_ptr = 0x0}, start_offset = 0, size_limit = 9223372036854775807}}, _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319"}
(gdb) p *_writer->m_ptr
$2 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x7be4b0}, m_refcount = 1}, _start = 0x0, _end = 0x0, _buf_end = 0x2aad42efede1 "\256~", 
  _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319", data = {m_ptr = 0x2aaabc356ab0}, next = {m_ptr = 0x0}}
(gdb) p *_writer->m_ptr->data->m_ptr
$3 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x7be4f0}, m_refcount = 1}, _size_index = 46923640729072, _mem_type = DEFAULT_ALLOC, 
  _data = 0x0, _location = 0x7e96d8 "memory/IOBuffer/HttpSM.cc:6319"}
(gdb) 
{code}

HttpSM.cc:
{code}
6315:  alloc_index = find_server_buffer_size();
6316: #ifndef USE_NEW_EMPTY_MIOBUFFER
6317:  MIOBuffer *buf = new_MIOBuffer(alloc_index);
6318: #else
6319:  MIOBuffer *buf = new_empty_MIOBuffer(alloc_index);
6320:  buf->append_block(HTTP_HEADER_BUFFER_SIZE_INDEX);
6321: #endif
6322:  buf->water_mark = (int) t_state.txn_conf->default_buffer_water_mark;
6323:  IOBufferReader *buf_start = buf->alloc_reader();
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)