[squid-users] Crashing squid off SIGSEGV and assertions off comm.c (invalid fds? )

From: Qilong Xie <[email protected]>
Date: Mon, 11 Jul 2005 19:37:54 -0700

Hi everyone,

My squid keeps dying with assertions and SIGSEGV on my Linux 2.4.25 kernel.
I have set all the fd limits and ulimits and looking at file-nr, I
don't see the middle number hitting the ceiling. So, I assume things
are wrong with my inet connections or something. But when I start
digging in more via gdb, I found couple traces which is seriously
concerning me over how the client connections are handled. Any help
will be appreciated :)

 /Regards

Case #1:
squid seg faults:
see trace:

2005/07/11 15:58:40| WARNING: FD 32 has handlers, but it's invalid.
2005/07/11 15:58:40| FD 32 is a File
2005/07/11 15:58:40| --> /squid/cache/00/00/00000000
2005/07/11 15:58:40| tmout:(nil) read:(nil) write:(nil)
2005/07/11 15:58:40| COMM.C:::fd=33
2005/07/11 15:58:40| COMM.C:::fd=16

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
 (gdb) bt
#0 0x00000000 in ?? ()
#1 0x0807360d in diskHandleRead (fd=32, data=0xdc72b40) at disk.c:363
#2 0x080a7a45 in storeRead (sio=0xdc72b40, buf=0xdc72b40 "",
size=4096, offset=4214, callback=0x80a83c0 <storeClientReadBody>,
   callback_data=0xd9b12c8) at store_io.c:82
#3 0x080a8329 in storeClientFileRead (sc=0xd9b12c8) at store_client.c:344
#4 0x080a8010 in storeClientCopy2 (e=0xd16d5d0, sc=0xd9b12c8) at
store_client.c:255
#5 0x0806c1a9 in clientWriteComplete (fd=18, bufnotused=0x0, size=0,
errflag=0, data=0xdf07a90) at client_side.c:2572
#6 0x0806f2c3 in CommWriteStateCallbackAndFree (fd=219600336, code=0)
at comm.c:99
#7 0x08071d6e in comm_poll (msec=0) at comm_select.c:459
#8 0x080938ee in main (argc=7, argv=0xbffff624) at main.c:752
#9 0x400a67f7 in __libc_start_main () from /lib/i686/libc.so.6

Case #2:
Squid asserts an restarts, this happens very often.

2005/07/11 16:39:04| COMM.C:::fd=-1

Program received signal SIGINT, Interrupt.
commSetSelect (fd=-1, type=1, handler=0x806d5f0 <clientReadRequest>,
client_data=0xd9ce1e8, timeout=0) at comm.c:711
711 for (;;)
(gdb) bt
#0 commSetSelect (fd=-1, type=1, handler=0x806d5f0
<clientReadRequest>, client_data=0xd9ce1e8, timeout=0) at comm.c:711
 #1 0x0806d659 in clientReadRequest (fd=-1, data=0xd9ce1e8) at
client_side.c:3249
#2 0x08072dec in file_close (fd=16) at disk.c:91
#3 0x080b583d in storeUfsIOCallback (sio=0x10, errflag=0) at
ufs/store_io_ufs.c:254
#4 0x080a79f3 in storeClose (sio=0xd9f18d0) at store_io.c:75
#5 0x080a8ade in storeUnregister (sc=0xd9dd1b0, e=0xd16d528,
data=0xd9dc370) at store_client.c:518
#6 0x0806882f in httpRequestFree (data=0xd892a88) at client_side.c:987
#7 0x08068b71 in connStateFree (fd=36, data=0xd170a10) at client_side.c:1028
#8 0x080704c9 in commCallCloseHandlers (fd=36) at comm.c:573
#9 0x080705f4 in comm_close (fd=36) at comm.c:655
#10 0x0806f2c3 in CommWriteStateCallbackAndFree (fd=36, code=0) at comm.c:99
#11 0x08071d5e in comm_poll (msec=861) at comm_select.c:459
#12 0x080938de in main (argc=7, argv=0xbffff624) at main.c:752
#13 0x400a67f7 in __libc_start_main () from /lib/i686/libc.so.6

In the case #2, I found this code under disk.c, it's really confusing
me. Why would you want to pass down the -1 value for fd on the
read_callback?

81 /* close a disk file. */
82 void
83 file_close(int fd)
84 {
85 fde *F = &fd_table[fd];
86 PF *read_callback;
87 assert(fd >= 0);
88 assert(F->flags.open );
89 if ((read_callback = F->read_handler)) {
90 F->read_handler = NULL;
91 read_callback(-1, F->read_data);
92 }
93 if (F->flags.write_daemon) {
94 #if defined(_SQUID_MSWIN_) || defined(_SQUID_OS2_) || defined
(_SQUID_CYGWIN_)
95 /*
96 * on some operating systems, you can not delete or rename
97 * open files, so we won't allow delayed close.
98 */
99 while (!diskWriteIsComplete(fd))
100 diskHandleWrite(fd, NULL);
101 #else
102 F->flags.close_request = 1;
103 debug(6, 2) ("file_close: FD %d, delaying close\n", fd);
104 return;
105 #endif
106 }
107 /*
108 * Assert there is no write callback. Otherwise we might be
109 * leaking write state data by closing the descriptor
110 */
111 assert(F->write_handler == NULL);
112 F->flags.closing = 1;
113 #if CALL_FSYNC_BEFORE_CLOSE
114 fsync(fd);
115 #endif
116 close(fd);
117 debug(6, F->flags.close_request ? 2 : 5)
118 ("file_close: FD %d, really closing\n", fd);
119 fd_close(fd);
120 statCounter.syscalls.disk
.closes++;
121 }
Received on Mon Jul 11 2005 - 20:37:56 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT