Bug 6156 - Core dump in describe backtrace
: Core dump in describe backtrace
Status: RESOLVED FIXED
: Pike
Core
: 7.8
: All All
: P3 (normal) normal
: ---
Assigned To:
:
:
:
  Show dependency treegraph
 
Reported: 2012-01-09 15:48 CET by
Modified: 2012-01-16 13:42 CET (History)
Scrum Prio:
In scrum?: ---
Story included in sprints:
Unplanned in sprints: 51


Attachments


Description From 2012-01-09 15:48:43 CET
Got multiple similar core dumps that happens when a thread dump is printed. 
Version: Roxen CMS 5.1.185 

Stripped debug log:

          : Server start command:
          :     /opt/roxen/server-5.1.185/bin/roxen
          :     -DTOPIC_DEBUG
          :     -DPC_FLUSH_VARIANTS_WHEN_MAX
          :     -DDISABLE_PCODE_FROM_REPLICATION
          :     -DNO_SB_PREFETCH
          :     -DENABLE_OUTGOING_PROXY
          :     -DRAM_CACHE
          :     -DNEW_RAM_CACHE
          :     -DHTTP_COMPRESSION
          :     -DENABLE_THREADS
          :     -M/opt/roxen/server-5.1.185/etc/modules
          :     -I/opt/roxen/server-5.1.185/etc/include
          :     -I/opt/roxen/server-5.1.185/base_server
          :     -P/opt/roxen/server-5.1.185/base_server
          :     -P/opt/roxen/server-5.1.185
          :     base_server/roxenloader.pike
          :     --config-dir=/etc/roxen/07/configurations
          :     --pid-file=/var/run/roxen/07/roxen.pid
pike/lib/modules/___Oracle.so:-: Warning: Failed to load library:
libclntsh.so.10.1: cannot open shared object file: No such file or directory
pike/lib/modules/Odbc.so:-: Warning: Failed to load library: libodbc.so.1:
cannot open shared object file: No such file or directory
17:05:54  : Support for IPv6 enabled.
 0m 0.0s  : Adding package /srv/roxen/07/local.
          : -----------------------------------------------------------------
          : Pike version:      Pike v7.8 release 534
          : Product version:   Roxen CMS 5.1.185-release1
          : Operating system:  Linux 2.6.18-194.26.1.el5 (x86_64)
17:05:54  : Starting MySQL ... Was running 5.0.91-log [49.9ms]
 0m 0.1s  : Loading Pike modules ...
pike/lib/modules/Protocols.pmod/HTTP.pmod/module.pmod.o:-: Warning: Compiled
file is out of date
pike/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike.o:-: Warning: Compiled
file is out of date
Done [376.0ms]

[...]

          : ###### Thread 0x40eba940 has been busy for more than 30 seconds.
11:16:48  : ###### Describing all 18 pike threads:
 0d18h10m : >>
          : >> ### Thread 0x2b19efae55f0 (backend thread):
          : >> -:1: PikeCompiler("", RXML.PikeCompile()->Resolver(), -1, -1,
UNDEFINED
, UNDEFINED)->compile()
          : >> -:1: DefaultCompilerEnvironment->compile(PikeCompiler("",
RXML.PikeComp
ile()->Resolver(), -1, -1, UNDEFINED, UNDEFINED))
          : >> etc/modules/RXML.pmod/module.pmod (rev 1.421):8223:
RXML.PikeCompile()-
>compile()
11:16:48  : >> etc/modules/RXML.pmod/module.pmod (rev 1.421):8265:
RXML.PikeCompile()-
>destroy()
 0d18h10m : >> base_server/prototypes.pike (rev 1.280):928:
ProtocolCacheKey(inactive)
->destroy()
          : >> protocols/http.pike (rev 1.636):1343: unknown function()
          : >> protocols/http.pike (rev 1.636):1390: unknown function(1)
          : >> protocols/http.pike (rev 1.636):1882: unknown
function(UNDEFINED)
          : >> base_server/fastpipe.pike (rev 1.11):28:
/opt/roxen/server-5.1.185/base
_server/fastpipe()->sendfile_done(2964,UNDEFINED)
11:16:48  : >> -:1: Pike.Backend(0)->`()(3600.0)
 0d18h10m : >> 
[...]
          : >> ### Thread 0x41430940:
[EOF]


Core was generated by `/opt/roxen/server-5.1.185/bin/roxen -DTOPIC_DEBUG
-DPC_FLUSH_VARIANTS_WHEN_MAX'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000053de23 in ?? ()
(gdb) file /opt/roxen/server-5.1.185/bin/roxen
Reading symbols from /opt/roxen/server-5.1.185/bin/roxen...done.
(gdb) bt
#0  0x000000000053de23 in f_function_name (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/builtin.cmod:1229
#1  0x0000000000438ff9 in eval_instruction (pc=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:2373
#2  0x0000000000440e87 in catching_eval_instruction (
    pc=0xf29d1c0 "\034\002M\rN\034\002\177\017")
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2245
#3  0x000000000043c9a1 in eval_instruction (
    pc=0x63 <Address 0x63 out of bounds>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:1317
#4  0x0000000000440f90 in mega_apply (type=<value optimized out>, 
    args=<value optimized out>, arg1=<value optimized out>, 
    arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2213
#5  0x0000000000471a23 in backend_do_call_outs (me=0xf7ca848)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:906
#6  0x0000000000473cc1 in pb_low_backend_once (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:4021
#7  f_PollBackend_cq__backtick_28_29 (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:4076
#8  0x0000000000434f1c in low_mega_apply (type=APPLY_SVALUE, args=1, 
    arg1=<value optimized out>, arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/apply_low.h:226
---Type <return> to continue, or q <return> to quit---
#9  0x000000000043ab32 in eval_instruction (pc=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:2097
#10 0x0000000000440f90 in mega_apply (type=<value optimized out>, 
    args=<value optimized out>, arg1=<value optimized out>, 
    arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2213
#11 0x000000000053001c in new_thread_func (data=0x7fffaaee6950)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/threads.c:1125
#12 0x0000003e6ac0673d in ?? ()
#13 0x0000000000000000 in ?? ()

(gdb) p *func
$1 = {type = 4, subtype = 0, u = {integer = 46912695272256, 
    efun = 0x2aaab6898340, array = 0x2aaab6898340, mapping = 0x2aaab6898340, 
    multiset = 0x2aaab6898340, object = 0x2aaab6898340, 
    program = 0x2aaab6898340, string = 0x2aaab6898340, type = 0x2aaab6898340, 
    refs = 0x2aaab6898340, dummy = 0x2aaab6898340, 
    float_number = 2.3177951087840754e-310, identifier = -1232501952, 
    lval = 0x2aaab6898340, ptr = 0x2aaab6898340}}
(gdb) p *func.object
There is no member named object.
(gdb) p *func.u.object
$2 = {refs = 5, prog = 0xef342f8, next = 0x2aaab6898840, 
  prev = 0x2aaab6898fc0, storage = 0x0}
(gdb) p *func.u.object.prog
$3 = {refs = 13, id = 7, storage_needed = 0, xstorage = 0, 
  parent_info_storage = -1, flags = 8223, alignment_needed = 1 '\001', 
  timestamp = {tv_sec = 1325740806, tv_usec = 194715}, next = 0xf522998, 
  prev = 0xf398eb8, parent = 0xef363e0, optimize = 0, 
  event_handler = 0x4f50e0 <compat_event_handler>, total_size = 416, 
  program = 0xef4e8b0 " \342R", relocations = 0xef4e8d0, 
  linenumbers = 0xef4e8d0 "\177\r", identifier_index = 0xef4e8e4, 
  variable_index = 0xef4e8e4, strings = 0xef4e8e8, constants = 0xef4e8e8, 
  identifier_references = 0xef4e8e8, inherits = 0xef4e8e8, 
  identifiers = 0xef4e918, num_program = 32, num_relocations = 0, 
  num_linenumbers = 20, num_identifier_index = 0, num_variable_index = 0, 
  num_strings = 0, num_constants = 0, num_identifier_references = 0, 
  num_inherits = 1, num_identifiers = 0, lfuns = {-1 <repeats 45 times>}}
(gdb) p *func.u.object.prog.identifiers
$4 = {name = 0x41, type = 0x4, filename_strno = 16, linenumber = 0, 
  identifier_flags = 249 '\371', run_time_type = 130 '\202', 
  opt_flags = 11255, func = {ext_ref = {depth = 0, id = 0}, gs_info = {
      getter = 0, setter = 0}, c_fun = 0, offset = 0}}
(gdb) p (char *)func.u.object.prog.linenumbers
$5 = 0xef4e8d0 "\177\r"
(gdb) p (char *)func.u.object.prog.linenumbers+3
$6 = 0xef4e8d3 "src/threads.c"
------- Comment #1 From 2012-01-09 16:29:20 CET -------
The problem here is the svalue.

It seems to be a T_FUNCTION to function #0 in _threads_disallow.

Problem is that _threads_disallow doesn't have any functions (or symbols at
all)...

The likely culprit is
object.c:call_c_initializers()/builtin.cmod:low_backtrace().
------- Comment #2 From 2012-01-09 16:48:27 CET -------
From object.c:

/* Note: there could be a problem with programs without functions */
------- Comment #3 From 2012-01-09 18:29:37 CET -------
Fixed in Pike 7.9.
------- Comment #4 From 2012-01-10 09:25:55 CET -------
We need a fix in 7.8 as well, preferably a workaround that does not require a
new pike distribution. Is this possible?
------- Comment #5 From 2012-01-10 10:42:07 CET -------
Reported in [RT 18144]
------- Comment #6 From 2012-01-16 13:42:49 CET -------
Improved workaround in Pike 7.8.

Improved fix in Pike 7.9.

Note

You need to log in before you can comment on or make changes to this bug.