9.1 assertion in TSHandleMLocRelease #7780
Description
After running solidly all weekend, I had a bunch of repeated asserts with the following stack from our production box running 9.1.x. The stack looks weird because the invoking plugin is written in Lua. (as a side note if anyone know how to get symbols from lua plugins I would appreciate any hints).
#0 0x00002b8d28cbe3d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1 0x00002b8d28cbfac8 in __GI_abort () at abort.c:90
#2 0x00002b8d2621861b in ink_abort (message_format=message_format@entry=0x2b8d2623ac27 "%s:%d: failed assertion `%s`")
at ../../../../../../_vcs/trafficserver9.1/src/tscore/ink_error.cc:99
#3 0x00002b8d26214b95 in _ink_assert (expression=expression@entry=0x7efd82 "!\"invalid mloc\"",
file=file@entry=0x7edf30 "../../../../../_vcs/trafficserver9.1/src/traffic_server/InkAPI.cc", line=line@entry=2117)
at ../../../../../../_vcs/trafficserver9.1/src/tscore/ink_assert.cc:37
#4 0x0000000000505d90 in TSHandleMLocRelease (bufp=0x2b8f904f3828, parent=<optimized out>, mloc=0x2b8f59d54308) at ../../../../../_vcs/trafficserver9.1/src/traffic_server/InkAPI.cc:2117
#5 0x00002b8f3a719748 in ?? ()
#6 0x00002b8f904f3000 in ?? ()
#7 0x00002b8f904f3828 in ?? ()
#8 0x00002b8f59d54088 in ?? ()
#9 0x00002b8f59d54308 in ?? ()
#10 0x00002b8d31bfeedc in ?? ()
#11 0x00002b8f4ddc8120 in ?? ()
#12 0x00002b8f376da840 in ?? ()
#13 0x00002b8f904f3000 in ?? ()
#14 0x000000000000ea64 in ?? ()
#15 0x0000000000502f00 in INKContInternal::handle_event(int, void*) () at ../../../../../_vcs/trafficserver9.1/src/traffic_server/InkAPI.cc:1137
#16 0x0000000000517037 in handleEvent (data=0x2b8f904f3000, event=60004, this=0x2b8f4ddc8120)
at /sd/workspace/src/git.vzbuilders.com/Edge/build/_build/build_release_posix-x86_64_gcc_8/trafficserver9.1/build/../../../../_vcs/trafficserver9.1/iocore/eventsystem/I_Continuation.h:219
#17 handleEvent (data=0x2b8f904f3000, event=60004, this=0x2b8f4ddc8120)
at /sd/workspace/src/git.vzbuilders.com/Edge/build/_build/build_release_posix-x86_64_gcc_8/trafficserver9.1/build/../../../../_vcs/trafficserver9.1/iocore/eventsystem/I_Continuation.h:215
#18 APIHook::invoke(int, void*) const () at ../../../../../_vcs/trafficserver9.1/src/traffic_server/InkAPI.cc:1374
Specifically it assert is in the default case and the obj->m_type == 0, which implies that mloc has already been freed or had never been allocated.
TSReturnCode
TSHandleMLocRelease(TSMBuffer bufp, TSMLoc parent, TSMLoc mloc)
{
MIMEFieldSDKHandle *field_handle;
HdrHeapObjImpl *obj = (HdrHeapObjImpl *)mloc;
if (mloc == TS_NULL_MLOC) {
return TS_SUCCESS;
}
sdk_assert(sdk_sanity_check_mbuffer(bufp) == TS_SUCCESS);
switch (obj->m_type) {
case HDR_HEAP_OBJ_URL:
case HDR_HEAP_OBJ_HTTP_HEADER:
case HDR_HEAP_OBJ_MIME_HEADER:
return TS_SUCCESS;
case HDR_HEAP_OBJ_FIELD_SDK_HANDLE:
field_handle = (MIMEFieldSDKHandle *)obj;
if (sdk_sanity_check_field_handle(mloc, parent) != TS_SUCCESS) {
return TS_ERROR;
}
sdk_free_field_handle(bufp, field_handle);
return TS_SUCCESS;
default:
ink_release_assert(!"invalid mloc");
return TS_ERROR;
}
}
We did not see this assert in our 9.0.x branch. Adding HDR_HEAP_OBJ_EMPTY to the success cases, the assert goes away and things seem to run well, but would be good to understand the change in behavior.