ink_atomic_increment

Susan Hinrichs (JIRA) Wed, 05 Nov 2014 08:44:07 -0800

     [ 
https://issues.apache.org/jira/browse/TS-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Susan Hinrichs closed TS-1803.
------------------------------
       Resolution: Cannot Reproduce
    Fix Version/s:     (was: 5.2.0)

Will open when/if this occurs again.

> Crash report: HttpTunnel::deallocate_buffers -> IOBufferBlock::free -> 
> reclamable_freelist_free -> ink_atomic_increment
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: TS-1803
>                 URL: https://issues.apache.org/jira/browse/TS-1803
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core
>            Reporter: Zhao Yongming
>            Assignee: Yunkai Zhang
>              Labels: Crash
>
> {code}
> Core was generated by `/usr/bin/traffic_server -M --httpport 80:fd=9'.
> Program terminated with signal 11, Segmentation fault.
> #0  ink_atomic_increment<int, int> (f=<value optimized out>, 
> item=0x2b1b2c028990) at ink_atomic.h:160
> 160     return __sync_fetch_and_add(mem, (Type)count);
> Missing separate debuginfos, use: debuginfo-install 
> expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.80.el6_3.7.x86_64 
> keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.1.x86_64 
> libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 
> libcom_err-1.41.12-12.el6.x86_64 libgcc-4.4.6-4.el6.x86_64 
> libselinux-2.0.94-5.3.el6.x86_64 libstdc++-4.4.6-4.el6.x86_64 
> openssl-1.0.0-27.el6_4.2.x86_64 pcre-7.8-6.el6.x86_64 tcl-8.5.7-6.el6.x86_64 
> ts-verycdn-stable.2.0.1535-1.el6.x86_64 
> xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-29.el6.x86_64
> (gdb) bt
> #0  ink_atomic_increment<int, int> (f=<value optimized out>, 
> item=0x2b1b2c028990) at ink_atomic.h:160
> #1  reclaimable_freelist_free (f=<value optimized out>, item=0x2b1b2c028990) 
> at ink_queue_ext.cc:614
> #2  0x0000000000481fd1 in free_void (this=0x2b1ad6f76060) at 
> ../lib/ts/Allocator.h:68
> #3  dealloc (this=0x2b1ad6f76060) at ../iocore/eventsystem/P_IOBuffer.h:325
> #4  IOBufferData::free (this=0x2b1ad6f76060) at 
> ../iocore/eventsystem/P_IOBuffer.h:338
> #5  0x0000000000481f06 in operator= (this=0x2b1b71c49640) at 
> ../lib/ts/Ptr.h:399
> #6  clear (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:426
> #7  dealloc (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:464
> #8  IOBufferBlock::free (this=0x2b1b71c49640) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #9  0x0000000000481eb2 in clear (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:435
> #10 dealloc (this=0x2b1b71c48b00) at ../iocore/eventsystem/P_IOBuffer.h:464
> #11 IOBufferBlock::free (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #12 0x00000000005636c6 in operator= (this=0x2b1b391f7680) at 
> ../../lib/ts/Ptr.h:399
> #13 free_MIOBuffer (this=0x2b1b391f7680) at 
> ../../iocore/eventsystem/P_IOBuffer.h:776
> #14 HttpTunnel::deallocate_buffers (this=0x2b1b391f7680) at HttpTunnel.cc:535
> #15 0x000000000052ab23 in HttpSM::kill_this (this=0x2b1b391f5af0) at 
> HttpSM.cc:6319
> #16 0x000000000052b058 in HttpSM::main_handler (this=0x2b1b391f5af0, 
> event=100, data=0x2b1b4c5edd88) at HttpSM.cc:2516
> #17 0x000000000066ba3b in handleEvent (event=<value optimized out>, 
> vc=0x2b1b4c5edc80) at ../../iocore/eventsystem/I_Continuation.h:146
> #18 read_signal_and_update (event=<value optimized out>, vc=0x2b1b4c5edc80) 
> at UnixNetVConnection.cc:138
> #19 0x0000000000670054 in read_from_net (nh=0x2b1ac32f0bc0, 
> vc=0x2b1b4c5edc80, thread=<value optimized out>) at UnixNetVConnection.cc:320
> #20 0x0000000000667172 in NetHandler::mainNetEvent (this=0x2b1ac32f0bc0, 
> event=<value optimized out>, e=<value optimized out>) at UnixNet.cc:378
> #21 0x000000000068f754 in handleEvent (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at I_Continuation.h:146
> #22 EThread::process_event (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at UnixEThread.cc:142
> #23 0x0000000000690133 in EThread::execute (this=0x2b1ac32ed010) at 
> UnixEThread.cc:266
> #24 0x000000000068e6d2 in spawn_thread_internal (a=0x27f5c40) at Thread.cc:88
> #25 0x00002b1abecf5851 in start_thread () from /lib64/libpthread.so.0
> #26 0x00002b1ac138711d in clone () from /lib64/libc.so.6
> (gdb) f 14
> #14 HttpTunnel::deallocate_buffers (this=0x2b1b391f7680) at HttpTunnel.cc:535
> 535         free_MIOBuffer(producers[i].read_buffer);
> (gdb) p producers[i].read_buffer
> value has been optimized out
> (gdb) p producers[i]
> value has been optimized out
> (gdb) f 13
> #13 free_MIOBuffer (this=0x2b1b391f7680) at 
> ../../iocore/eventsystem/P_IOBuffer.h:776
> 776     mio->_writer = NULL;
> (gdb) p mio
> $1 = (MIOBuffer *) 0x2b1b7394d860
> (gdb) p *mio
> $2 = {size_index = 4, water_mark = 0, _writer = {m_ptr = 0x0}, readers = 
> {{accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, 
> size_limit = 9223372036854775807}, {accessor = 0x0,
>       mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, size_limit = 
> 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, 
> start_offset = 0, size_limit = 9223372036854775807}, {
>       accessor = 0x0, mbuf = 0x0, block = {m_ptr = 0x0}, start_offset = 0, 
> size_limit = 9223372036854775807}, {accessor = 0x0, mbuf = 0x0, block = 
> {m_ptr = 0x0}, start_offset = 0,
>       size_limit = 9223372036854775807}}, _location = 0x6b2478 
> "memory/IOBuffer/HttpSM.cc:5804"}
> (gdb) f 12
> #12 0x00000000005636c6 in operator= (this=0x2b1b391f7680) at 
> ../../lib/ts/Ptr.h:399
> 399       ((RefCountObj *) temp_ptr)->free();
> (gdb) p temp_ptr
> $3 = <value optimized out>
> (gdb) f 11
> #11 IOBufferBlock::free (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> 470     dealloc();
> (gdb) p this
> $4 = (IOBufferBlock * const) 0x2b1b71c48b00
> (gdb) p *this
> $5 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x692690}, 
> m_refcount = 0}, _start = 0x2b1bcfa11800 "", _end = 0x2b1bcfa11800 "", 
> _buf_end = 0x2b1bcfa12000 "",
>   _location = 0x6b2478 "memory/IOBuffer/HttpSM.cc:5804", data = {m_ptr = 
> 0x0}, next = {m_ptr = 0x2b1b71c49640}}
> (gdb) bt
> #0  ink_atomic_increment<int, int> (f=<value optimized out>, 
> item=0x2b1b2c028990) at ink_atomic.h:160
> #1  reclaimable_freelist_free (f=<value optimized out>, item=0x2b1b2c028990) 
> at ink_queue_ext.cc:614
> #2  0x0000000000481fd1 in free_void (this=0x2b1ad6f76060) at 
> ../lib/ts/Allocator.h:68
> #3  dealloc (this=0x2b1ad6f76060) at ../iocore/eventsystem/P_IOBuffer.h:325
> #4  IOBufferData::free (this=0x2b1ad6f76060) at 
> ../iocore/eventsystem/P_IOBuffer.h:338
> #5  0x0000000000481f06 in operator= (this=0x2b1b71c49640) at 
> ../lib/ts/Ptr.h:399
> #6  clear (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:426
> #7  dealloc (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:464
> #8  IOBufferBlock::free (this=0x2b1b71c49640) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #9  0x0000000000481eb2 in clear (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:435
> #10 dealloc (this=0x2b1b71c48b00) at ../iocore/eventsystem/P_IOBuffer.h:464
> #11 IOBufferBlock::free (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #12 0x00000000005636c6 in operator= (this=0x2b1b391f7680) at 
> ../../lib/ts/Ptr.h:399
> #13 free_MIOBuffer (this=0x2b1b391f7680) at 
> ../../iocore/eventsystem/P_IOBuffer.h:776
> #14 HttpTunnel::deallocate_buffers (this=0x2b1b391f7680) at HttpTunnel.cc:535
> #15 0x000000000052ab23 in HttpSM::kill_this (this=0x2b1b391f5af0) at 
> HttpSM.cc:6319
> #16 0x000000000052b058 in HttpSM::main_handler (this=0x2b1b391f5af0, 
> event=100, data=0x2b1b4c5edd88) at HttpSM.cc:2516
> #17 0x000000000066ba3b in handleEvent (event=<value optimized out>, 
> vc=0x2b1b4c5edc80) at ../../iocore/eventsystem/I_Continuation.h:146
> #18 read_signal_and_update (event=<value optimized out>, vc=0x2b1b4c5edc80) 
> at UnixNetVConnection.cc:138
> #19 0x0000000000670054 in read_from_net (nh=0x2b1ac32f0bc0, 
> vc=0x2b1b4c5edc80, thread=<value optimized out>) at UnixNetVConnection.cc:320
> #20 0x0000000000667172 in NetHandler::mainNetEvent (this=0x2b1ac32f0bc0, 
> event=<value optimized out>, e=<value optimized out>) at UnixNet.cc:378
> #21 0x000000000068f754 in handleEvent (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at I_Continuation.h:146
> #22 EThread::process_event (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at UnixEThread.cc:142
> #23 0x0000000000690133 in EThread::execute (this=0x2b1ac32ed010) at 
> UnixEThread.cc:266
> #24 0x000000000068e6d2 in spawn_thread_internal (a=0x27f5c40) at Thread.cc:88
> #25 0x00002b1abecf5851 in start_thread () from /lib64/libpthread.so.0
> #26 0x00002b1ac138711d in clone () from /lib64/libc.so.6
> (gdb) f 14
> #14 HttpTunnel::deallocate_buffers (this=0x2b1b391f7680) at HttpTunnel.cc:535
> 535         free_MIOBuffer(producers[i].read_buffer);
> (gdb) p producers
> $6 = {{consumer_list = {head = 0x2b1b391f76b8}, self_consumer = 0x0, vc = 
> 0x1, vc_handler = NULL, read_vio = 0x0, read_buffer = 0x2b1b7394d860, 
> buffer_start = 0x0, vc_type = HT_STATIC,
>     chunked_handler = {static DEFAULT_MAX_CHUNK_SIZE = 4096, chunked_reader = 
> 0x0, dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0, 
> chunked_buffer = 0x0, chunked_size = 0,
>       truncation = false, skip_bytes = 0, state = 
> ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0, 
> last_server_event = 0, running_sum = 0, num_digits = 0, max_chunk_size = 4096,
>       max_chunk_header = '\000' <repeats 15 times>, max_chunk_header_len = 
> 0}, chunking_action = TCA_PASSTHRU_DECHUNKED_CONTENT, do_chunking = false, 
> do_dechunking = false,
>     do_chunked_passthru = false, init_bytes_done = 0, nbytes = 0, ntodo = 0, 
> bytes_read = 0, handler_state = 0, num_consumers = 1, alive = false, 
> read_success = true, name = 0x6b09bb "internal msg"}, {
>     consumer_list = {head = 0x0}, self_consumer = 0x0, vc = 0x0, vc_handler = 
> NULL, read_vio = 0x0, read_buffer = 0x0, buffer_start = 0x0, vc_type = 
> HT_HTTP_SERVER, chunked_handler = {
>       static DEFAULT_MAX_CHUNK_SIZE = 4096, chunked_reader = 0x0, 
> dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0, 
> chunked_buffer = 0x0, chunked_size = 0, truncation = false,
>       skip_bytes = 0, state = ChunkedHandler::CHUNK_READ_CHUNK, 
> cur_chunk_size = 0, bytes_left = 0, last_server_event = 0, running_sum = 0, 
> num_digits = 0, max_chunk_size = 4096,
>       max_chunk_header = '\000' <repeats 15 times>, max_chunk_header_len = 
> 0}, chunking_action = TCA_PASSTHRU_DECHUNKED_CONTENT, do_chunking = false, 
> do_dechunking = false,
>     do_chunked_passthru = false, init_bytes_done = 0, nbytes = 0, ntodo = 0, 
> bytes_read = 0, handler_state = 0, num_consumers = 0, alive = false, 
> read_success = false, name = 0x0}}
> (gdb) p i
> $7 = <value optimized out>
> (gdb) bt
> #0  ink_atomic_increment<int, int> (f=<value optimized out>, 
> item=0x2b1b2c028990) at ink_atomic.h:160
> #1  reclaimable_freelist_free (f=<value optimized out>, item=0x2b1b2c028990) 
> at ink_queue_ext.cc:614
> #2  0x0000000000481fd1 in free_void (this=0x2b1ad6f76060) at 
> ../lib/ts/Allocator.h:68
> #3  dealloc (this=0x2b1ad6f76060) at ../iocore/eventsystem/P_IOBuffer.h:325
> #4  IOBufferData::free (this=0x2b1ad6f76060) at 
> ../iocore/eventsystem/P_IOBuffer.h:338
> #5  0x0000000000481f06 in operator= (this=0x2b1b71c49640) at 
> ../lib/ts/Ptr.h:399
> #6  clear (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:426
> #7  dealloc (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:464
> #8  IOBufferBlock::free (this=0x2b1b71c49640) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #9  0x0000000000481eb2 in clear (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:435
> #10 dealloc (this=0x2b1b71c48b00) at ../iocore/eventsystem/P_IOBuffer.h:464
> #11 IOBufferBlock::free (this=0x2b1b71c48b00) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> #12 0x00000000005636c6 in operator= (this=0x2b1b391f7680) at 
> ../../lib/ts/Ptr.h:399
> #13 free_MIOBuffer (this=0x2b1b391f7680) at 
> ../../iocore/eventsystem/P_IOBuffer.h:776
> #14 HttpTunnel::deallocate_buffers (this=0x2b1b391f7680) at HttpTunnel.cc:535
> #15 0x000000000052ab23 in HttpSM::kill_this (this=0x2b1b391f5af0) at 
> HttpSM.cc:6319
> #16 0x000000000052b058 in HttpSM::main_handler (this=0x2b1b391f5af0, 
> event=100, data=0x2b1b4c5edd88) at HttpSM.cc:2516
> #17 0x000000000066ba3b in handleEvent (event=<value optimized out>, 
> vc=0x2b1b4c5edc80) at ../../iocore/eventsystem/I_Continuation.h:146
> #18 read_signal_and_update (event=<value optimized out>, vc=0x2b1b4c5edc80) 
> at UnixNetVConnection.cc:138
> #19 0x0000000000670054 in read_from_net (nh=0x2b1ac32f0bc0, 
> vc=0x2b1b4c5edc80, thread=<value optimized out>) at UnixNetVConnection.cc:320
> #20 0x0000000000667172 in NetHandler::mainNetEvent (this=0x2b1ac32f0bc0, 
> event=<value optimized out>, e=<value optimized out>) at UnixNet.cc:378
> #21 0x000000000068f754 in handleEvent (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at I_Continuation.h:146
> #22 EThread::process_event (this=0x2b1ac32ed010, e=0x2b1ac3dfe9c0, 
> calling_code=5) at UnixEThread.cc:142
> #23 0x0000000000690133 in EThread::execute (this=0x2b1ac32ed010) at 
> UnixEThread.cc:266
> #24 0x000000000068e6d2 in spawn_thread_internal (a=0x27f5c40) at Thread.cc:88
> #25 0x00002b1abecf5851 in start_thread () from /lib64/libpthread.so.0
> #26 0x00002b1ac138711d in clone () from /lib64/libc.so.6
> (gdb) p 1
> $8 = 1
> (gdb) f 1
> #1  reclaimable_freelist_free (f=<value optimized out>, item=0x2b1b2c028990) 
> at ink_queue_ext.cc:614
> 614     ink_atomic_increment((int *)&pCache->nr_malloc, -1);
> (gdb) p pCache
> $9 = (InkThreadCache *) 0x2e73736969616e69
> (gdb) p *pCache
> Cannot access memory at address 0x2e73736969616e69
> (gdb) f 2
> #2  0x0000000000481fd1 in free_void (this=0x2b1ad6f76060) at 
> ../lib/ts/Allocator.h:68
> 68        ink_freelist_free(this->fl, ptr);
> (gdb) p ptr
> $10 = <value optimized out>
> (gdb) p this
> $11 = (Allocator * const) 0x0
> (gdb) p *this
> Cannot access memory at address 0x0
> (gdb) f 3
> #3  dealloc (this=0x2b1ad6f76060) at ../iocore/eventsystem/P_IOBuffer.h:325
> 325         ioBufAllocator[_size_index].free_void(_data);
> (gdb) p _data
> $12 = 0x2b1b2c028990 ""
> (gdb) p *data
> Cannot take address of method data.
> (gdb) p this
> $13 = (IOBufferData * const) 0x2b1ad6f76060
> (gdb) p ioBufAllocator[_size_index]
> $14 = {fl = 0x27d73d0}
> (gdb) p ioBufAllocator[_size_index].
> alloc_void  fl          free_void   re_init
> (gdb) p ioBufAllocator[_size_index].fl
> $15 = (InkFreeList *) 0x27d73d0
> (gdb) p * ioBufAllocator[_size_index].fl
> $16 = {thread_cache_idx = 6, refcnt = 6, name = 0x6e8933 
> "UDPIOEventAllocator", type_size = 128, alignment = 32768, chunk_size = 159, 
> chunk_byte_size = 20480, chunk_addr_mask = 18446744073709518848,
>   count = 1431, allocated = 794, allocated_base = 0, count_base = 0, 
> chunk_size_base = 128, nr_thread_cache = 9, pThreadCache = 0x2b1ae4001f30, 
> lock = {__data = {__lock = 0, __count = 0, __owner = 0,
>       __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 
> 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}}
> (gdb) f 4
> #4  IOBufferData::free (this=0x2b1ad6f76060) at 
> ../iocore/eventsystem/P_IOBuffer.h:338
> 338     dealloc();
> (gdb) l
> 333   }
> 334
> 335   TS_INLINE void
> 336   IOBufferData::free()
> 337   {
> 338     dealloc();
> 339     ioDataAllocator.free(this);
> 340   }
> 341
> 342   //////////////////////////////////////////////////////////////////
> (gdb) p this
> $17 = (IOBufferData * const) 0x2b1ad6f76060
> (gdb) p *this
> $18 = {<RefCountObj> = {<ForceVFPTToTop> = {_vptr.ForceVFPTToTop = 0x6926d0}, 
> m_refcount = 0}, _size_index = 0, _mem_type = DEFAULT_ALLOC, _data = 
> 0x2b1b2c028990 "",
>   _location = 0x6b2478 "memory/IOBuffer/HttpSM.cc:5804"}
> (gdb) f 5
> #5  0x0000000000481f06 in operator= (this=0x2b1b71c49640) at 
> ../lib/ts/Ptr.h:399
> 399       ((RefCountObj *) temp_ptr)->free();
> (gdb) l
> 394     if (m_ptr != 0) {
> 395       _ptr()->refcount_inc();
> 396     }
> 397
> 398     if ((temp_ptr) && ((RefCountObj *) temp_ptr)->refcount_dec() == 0) {
> 399       ((RefCountObj *) temp_ptr)->free();
> 400     }
> 401
> 402     return (*this);
> 403   }
> (gdb) p temp_ptr
> $19 = <value optimized out>
> (gdb) f 6
> #6  clear (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:426
> 426     data = NULL;
> (gdb) l
> 421   }
> 422
> 423   TS_INLINE void
> 424   IOBufferBlock::clear()
> 425   {
> 426     data = NULL;
> 427     IOBufferBlock *p = next;
> 428     while (p) {
> 429       int r = p->refcount_dec();
> 430       if (r)
> (gdb) f 7
> #7  dealloc (this=0x2b1b71c49640) at ../iocore/eventsystem/P_IOBuffer.h:464
> 464     clear();
> (gdb) l
> 459   }
> 460
> 461   TS_INLINE void
> 462   IOBufferBlock::dealloc()
> 463   {
> 464     clear();
> 465   }
> 466
> 467   TS_INLINE void
> 468   IOBufferBlock::free()
> (gdb) f 8
> #8  IOBufferBlock::free (this=0x2b1b71c49640) at 
> ../iocore/eventsystem/P_IOBuffer.h:470
> 470     dealloc();
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (TS-1803) Crash report: HttpTunnel::deallocate_buffers -> IOBufferBlock::free -> reclamable_freelist_free -> ink_atomic_increment

Reply via email to