Manjesh Nilange created TS-1244:
-----------------------------------
Summary: Crash report: cores in Arena::reset
Key: TS-1244
URL: https://issues.apache.org/jira/browse/TS-1244
Project: Traffic Server
Issue Type: Bug
Affects Versions: 3.0.4
Reporter: Manjesh Nilange
I have two slightly different stack traces, but both involving Arena::reset
#0 0x0000003736032a45 in raise () from /lib64/libc.so.6
#1 0x0000003736034225 in abort () from /lib64/libc.so.6
#2 0x000000373606fdfb in __libc_message () from /lib64/libc.so.6
#3 0x0000003736075716 in malloc_printerr () from /lib64/libc.so.6
#4 0x0000003724e0d38d in xfree (this=0x2b8c2c1b6bb8) at ink_resource.h:89
#5 blk_free (this=0x2b8c2c1b6bb8) at Arena.cc:69
#6 Arena::reset (this=0x2b8c2c1b6bb8) at Arena.cc:156
#7 0x000000000050e3e3 in destroy (this=0x2b8c2c1b6b40) at HttpTransact.h:1235
#8 HttpSM::cleanup (this=0x2b8c2c1b6b40) at HttpSM.cc:346
#9 0x000000000050e719 in HttpSM::destroy (this=0x2b8c2c1b6b40) at HttpSM.cc:368
#10 0x0000000000515a56 in HttpSM::kill_this (this=0x2b8c2c1b6b40) at
HttpSM.cc:6023
#11 0x0000000000515e08 in HttpSM::main_handler (this=0x2b8c2c1b6b40,
event=2301, data=0x2b8c2c1b8828)
at HttpSM.cc:2452
...
(gdb) f 4
#4 0x0000003724e0d38d in xfree (this=0x2b8c2c1b6bb8) at ink_resource.h:89
89 ink_free(mem);
(gdb) p mem
$1 = <value optimized out>
(gdb) f 5
#5 blk_free (this=0x2b8c2c1b6bb8) at Arena.cc:69
69 xfree(blk);
(gdb) p blk
$2 = <value optimized out>
(gdb) f 6
#6 Arena::reset (this=0x2b8c2c1b6bb8) at Arena.cc:156
156 blk_free(m_blocks);
(gdb) p m_blocks
$3 = (ArenaBlock *) 0x2b8b9822b870
(gdb) p *m_blocks
$4 = {next = 0x3b323531322e3630, m_heap_end = 0x2554454e2e303225 <Address
0x2554454e2e303225 out of bounds>,
m_water_level = 0x303225524c433032 <Address 0x303225524c433032 out of
bounds>, data = "3.5.3072"}
(gdb) p *m_blocks->next
Cannot access memory at address 0x3b323531322e3630
It looks m_blocks is corrupted.
and the other stack trace
#3 0x00000000004d03aa in signal_handler (sig=11) at signals.cc:225
#4 <signal handler called>
#5 blk_free (this=0x2afc58072f88) at Arena.cc:65
#6 Arena::reset (this=0x2afc58072f88) at Arena.cc:156
#7 0x000000000050e3e3 in destroy (this=0x2afc58072f10) at HttpTransact.h:1235
#8 HttpSM::cleanup (this=0x2afc58072f10) at HttpSM.cc:346
#9 0x000000000050e719 in HttpSM::destroy (this=0x2afc58072f10) at HttpSM.cc:368
#10 0x0000000000515a56 in HttpSM::kill_this (this=0x2afc58072f10) at
HttpSM.cc:6023
#11 0x0000000000515e08 in HttpSM::main_handler (this=0x2afc58072f10,
event=2301, data=0x2afc58074bf8)
at HttpSM.cc:2452
...
(gdb) f 5
#5 blk_free (this=0x2afc58072f88) at Arena.cc:65
65 size = blk->m_heap_end - &blk->data[0];
(gdb) p blk
$1 = <value optimized out>
(gdb) f 6
#6 Arena::reset (this=0x2afc58072f88) at Arena.cc:156
156 blk_free(m_blocks);
(gdb) p m_blocks
$2 = (ArenaBlock *) 0x373439333634
(gdb) p *m_blocks
Cannot access memory at address 0x373439333634
Our environment:
$ uname -a
Linux xxx.prod 2.6.32-131.4.1.el6.x86_64 #1 SMP Fri Jun 10 10:54:26 EDT 2011
x86_64 x86_64 x86_64 GNU/Linux
$ file /usr/bin/traffic_server
/usr/bin/traffic_server: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
