Page MenuHomePhabricator

HHVM: Crash in server worker
Closed, ResolvedPublic

Description

This crash happened twice one the migrated servers so far. Looks like a double free. Let's keep an eye on it internally (whether it reoccurs) before reporting this upstream.
(Not necessarily related to HHVM 3.18, this might have occured in the past, but not all crashes were systematically tracked.)

#0  0x00007f38f367e1f0 in je_tcache_dalloc_large (size=<optimized out>, ptr=<optimized out>, tcache=<optimized out>) at include/jemalloc/internal/tcache.h:435
#1  je_arena_dalloc (try_tcache=<optimized out>, ptr=0x7f377d97c000, chunk=<optimized out>, arena=0x7f38e3e3ec40) at include/jemalloc/internal/arena.h:1054
#2  je_idalloct (try_tcache=<optimized out>, ptr=0x7f377d97c000) at include/jemalloc/internal/jemalloc_internal.h:898
#3  je_iqalloct (try_tcache=<optimized out>, ptr=0x7f377d97c000) at include/jemalloc/internal/jemalloc_internal.h:917
#4  dallocx (ptr=0x7f377d97c000, flags=<optimized out>) at src/jemalloc.c:1789
#5  0x0000000000f791fe in operator() (__closure=<optimized out>, ptr=<optimized out>) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/memory-manager.cpp:1161
#6  HPHP::BigHeap::reset (this=this@entry=0x7f37feffbfc8) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/memory-manager.cpp:1165
#7  0x0000000002132d15 in HPHP::MemoryManager::resetAllocator (this=this@entry=0x7f37feffbd40) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/memory-manager.cpp:505
#8  0x000000000213257c in HPHP::hphp_memory_cleanup () at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/program-functions.cpp:2338
#9  0x0000000000fd6605 in HPHP::hphp_session_exit () at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/program-functions.cpp:2370
#10 0x00000000021985bd in HPHP::HttpRequestHandler::teardownRequest (this=0x7f383fa82060, transport=0x7f38cf2a6310)
    at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/server/http-request-handler.cpp:219
#11 0x000000000117f46d in runAndWarnAboutToCrashOnException<HPHP::ServerWorker<JobPtr, TransportTraits>::doJobImpl(JobPtr, bool) [with JobPtr = std::shared_ptr<HPHP::FastCGIJob>; TransportTraits = HPHP::FastCGITransportTraits]::<lambda()> > (function=...) at /tmp/buildd/hhvm-3.18.2+dfsg/third-party/folly/folly/ScopeGuard.h:83
#12 execute (this=0x7f37feffb290) at /tmp/buildd/hhvm-3.18.2+dfsg/third-party/folly/folly/ScopeGuard.h:170
#13 ~ScopeGuardImpl (this=0x7f37feffb290, __in_chrg=<optimized out>) at /tmp/buildd/hhvm-3.18.2+dfsg/third-party/folly/folly/ScopeGuard.h:146
#14 HPHP::ServerWorker<std::shared_ptr<HPHP::FastCGIJob>, HPHP::FastCGITransportTraits>::doJobImpl (this=this@entry=0x7f3870db0a00,
    job=std::shared_ptr (count 3, weak 0) 0x7f37a59b0e30, abort=abort@entry=false) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/server/server-worker.h:96
#15 0x000000000117fb59 in doJob (job=<error reading variable: access outside bounds of object referenced via synthetic pointer>, this=0x7f3870db0a00)
    at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/server/server-worker.h:56
#16 HPHP::JobQueueWorker<std::shared_ptr<HPHP::FastCGIJob>, HPHP::Server*, true, false, HPHP::JobQueueDropVMStack>::start (this=0x7f3870db0a00)
    at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/util/job-queue.h:462
#17 0x0000000000d51fdf in HPHP::AsyncFuncImpl::threadFuncImpl (this=this@entry=0x7f38cf040000) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/util/async-func.cpp:134
#18 0x0000000000d521ab in HPHP::AsyncFuncImpl::ThreadFunc (obj=0x7f38cf040000) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/util/async-func.cpp:54
#19 0x0000000000f81a36 in HPHP::start_routine_wrapper (arg=0x7f38cf044780) at /tmp/buildd/hhvm-3.18.2+dfsg/hphp/runtime/base/thread-hooks.cpp:105
#20 0x00007f38f0e21064 in start_thread (arg=0x7f37fefff700) at pthread_create.c:309
#21 0x00007f38eb55062d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Event Timeline

This bug can be closed, it was caused by the same underlying bug which was fixed in T165043