coredump #2
(gdb) bt
#0 raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x0000557c23db26b0 in reraise_fatal (signum=11) at
./src/global/signal_handler.cc:81
#2 handle_fatal_signal (signum=11) at
./src/global/signal_handler.cc:326
#3 <signal handler called>
#4 tcmalloc::SLL_Next (t=0x0) at src/linked_list.h:45
#5 tcmalloc::SLL_PopRange (end=<synthetic pointer>, start=<synthetic
pointer>, N=27, head=0x557c26146d28) at src/linked_list.h:76
#6 tcmalloc::ThreadCache::FreeList::PopRange (end=<synthetic pointer>,
start=<synthetic pointer>, N=27, this=0x557c26146d28) at src/thread_cache.h:225
#7 tcmalloc::ThreadCache::ReleaseToCentralCache
(this=this@entry=0x557c26146a40, src=src@entry=0x557c26146d28, cl=<optimized
out>, N=27, N@entry=85) at src/thread_cache.cc:195
#8 0x00007feb0741dc9b in tcmalloc::ThreadCache::ListTooLong
(this=this@entry=0x557c26146a40, list=0x557c26146d28, cl=<optimized out>) at
src/thread_cache.cc:157
#9 0x00007feb0742c6f5 in tcmalloc::ThreadCache::Deallocate
(cl=<optimized out>, ptr=0x557c280c7800, this=0x557c26146a40) at
src/thread_cache.h:387
#10 (anonymous namespace)::do_free_helper
(invalid_free_fn=0x7feb0740cce0 <(anonymous namespace)::InvalidFree(void*)>,
size_hint=0, use_hint=false, heap_must_be_valid=true, heap=0x557c26146a40,
ptr=0x557c280c7800) at src/tcmalloc.cc:1305
#11 (anonymous namespace)::do_free_with_callback
(invalid_free_fn=0x7feb0740cce0 <(anonymous namespace)::InvalidFree(void*)>,
size_hint=0, use_hint=false, ptr=0x557c280c7800) at src/tcmalloc.cc:1337
#12 (anonymous namespace)::do_free (ptr=0x557c280c7800) at
src/tcmalloc.cc:1345
#13 tc_free (ptr=0x557c280c7800) at src/tcmalloc.cc:1610
#14 0x00007feb07151027 in RefCountedObject::put (this=0x557c280c7800)
at ./src/common/RefCountedObj.h:64
#15 0x00007feb07185a7a in Objecter::_finish_op
(this=this@entry=0x557c2754f080, op=op@entry=0x557c280c7800, r=r@entry=0) at
./src/osdc/Objecter.cc:3147
#16 0x00007feb0718e50f in Objecter::handle_osd_op_reply
(this=this@entry=0x557c2754f080, m=m@entry=0x557c280ae580) at
./src/osdc/Objecter.cc:3528
#17 0x00007feb0718f733 in Objecter::ms_dispatch (this=0x557c2754f080,
m=0x557c280ae580) at ./src/osdc/Objecter.cc:966
#18 0x00007feb071aa322 in non-virtual thunk to
Objecter::ms_fast_dispatch(Message*) () at ./src/osdc/Objecter.h:2110
#19 0x00007feafe03aa7a in Messenger::ms_fast_dispatch (m=...,
this=<optimized out>) at ./src/msg/Messenger.h:665
#20 DispatchQueue::fast_dispatch (this=0x557c26970c58, m=...) at
./src/msg/DispatchQueue.cc:72
#21 0x00007feafe12b432 in DispatchQueue::fast_dispatch
(m=0x557c280ae580, this=<optimized out>) at ./src/msg/DispatchQueue.h:204
#22 ProtocolV2::handle_message (this=this@entry=0x557c27bf5100) at
./src/msg/async/ProtocolV2.cc:1462
#23 0x00007feafe13d1f0 in ProtocolV2::handle_read_frame_dispatch
(this=this@entry=0x557c27bf5100) at ./src/msg/async/ProtocolV2.cc:1128
#24 0x00007feafe13d349 in ProtocolV2::_handle_read_frame_epilogue_main
(this=this@entry=0x557c27bf5100) at ./src/msg/async/ProtocolV2.cc:1316
#25 0x00007feafe13ec29 in ProtocolV2::handle_read_frame_epilogue_main
(this=0x557c27bf5100, buffer=..., r=<optimized out>) at
./src/msg/async/ProtocolV2.cc:1291
#26 0x00007feafe1271a4 in ProtocolV2::run_continuation
(this=0x557c27bf5100, continuation=...) at ./src/msg/async/ProtocolV2.cc:47
#27 0x00007feafe0f40e6 in std::function<void (char*,
long)>::operator()(char*, long) const (__args#1=<optimized out>,
__args#0=<optimized out>, this=0x557c27be1e90) at
/usr/include/c++/7/bits/std_function.h:706
#28 AsyncConnection::process (this=0x557c27be1a80) at
./src/msg/async/AsyncConnection.cc:450
#29 0x00007feafe14a1cd in EventCenter::process_events
(this=this@entry=0x557c26860e00, timeout_microseconds=<optimized out>,
timeout_microseconds@entry=30000000,
working_dur=working_dur@entry=0x7feaf3b76be8) at ./src/msg/async/Event.cc:415
#30 0x00007feafe14ee48 in NetworkStack::<lambda()>::operator()
(__closure=0x557c26931958) at ./src/msg/async/Stack.cc:53
#31 std::_Function_handler<void(), NetworkStack::add_thread(unsigned
int)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at
/usr/include/c++/7/bits/std_function.h:316
#32 0x00007feafc37f6df in ?? () from
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
#33 0x00007feafc6526db in start_thread (arg=0x7feaf3b79700) at
pthread_create.c:463
#34 0x00007feafba3ca3f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Similar interaction between SLL_Pop(Range) and SLL_Next.
#4 tcmalloc::SLL_Next (t=0x0) at src/linked_list.h:45
#5 tcmalloc::SLL_PopRange (end=<synthetic pointer>, start=<synthetic
pointer>, N=27, head=0x557c26146d28) at
The instructions reads memory pointed by register RDX (into RDX itself)
(gdb) f 4
(gdb) x/i $rip
=> 0x7feb0741dbcb
<tcmalloc::ThreadCache::ReleaseToCentralCache(tcmalloc::ThreadCache::FreeList*,
unsigned long, int)+219>: mov (%rdx),%rdx
But RDX is NULL, invalid pointer to begin with.
(gdb) x $rdx
0x0: Cannot access memory at address 0x0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1921749
Title:
nautilus: ceph radosgw beast frontend coroutine stack corruption
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1921749/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
