Core dump in describe backtrace

Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=6156

Reported by Marcus Wellhardh wellhard@roxen.com

Got multiple similar core dumps that happens when a thread dump is printed. Version: Roxen CMS 5.1.185

Stripped debug log:

      : Server start command:
      :     /opt/roxen/server-5.1.185/bin/roxen
      :     -DTOPIC_DEBUG
      :     -DPC_FLUSH_VARIANTS_WHEN_MAX
      :     -DDISABLE_PCODE_FROM_REPLICATION
      :     -DNO_SB_PREFETCH
      :     -DENABLE_OUTGOING_PROXY
      :     -DRAM_CACHE
      :     -DNEW_RAM_CACHE
      :     -DHTTP_COMPRESSION
      :     -DENABLE_THREADS
      :     -M/opt/roxen/server-5.1.185/etc/modules
      :     -I/opt/roxen/server-5.1.185/etc/include
      :     -I/opt/roxen/server-5.1.185/base_server
      :     -P/opt/roxen/server-5.1.185/base_server
      :     -P/opt/roxen/server-5.1.185
      :     base_server/roxenloader.pike
      :     --config-dir=/etc/roxen/07/configurations
      :     --pid-file=/var/run/roxen/07/roxen.pid

pike/lib/modules/___Oracle.so:-: Warning: Failed to load library: libclntsh.so.10.1: cannot open shared object file: No such file or directory pike/lib/modules/Odbc.so:-: Warning: Failed to load library: libodbc.so.1: cannot open shared object file: No such file or directory 17:05:54 : Support for IPv6 enabled. 0m 0.0s : Adding package /srv/roxen/07/local. : ----------------------------------------------------------------- : Pike version: Pike v7.8 release 534 : Product version: Roxen CMS 5.1.185-release1 : Operating system: Linux 2.6.18-194.26.1.el5 (x86_64) 17:05:54 : Starting MySQL ... Was running 5.0.91-log [49.9ms] 0m 0.1s : Loading Pike modules ... pike/lib/modules/Protocols.pmod/HTTP.pmod/module.pmod.o:-: Warning: Compiled file is out of date pike/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike.o:-: Warning: Compiled file is out of date Done [376.0ms]

[...]

          : ###### Thread 0x40eba940 has been busy for more than 30 seconds.
11:16:48  : ###### Describing all 18 pike threads:
 0d18h10m : >>
          : >> ### Thread 0x2b19efae55f0 (backend thread):
          : >> -:1: PikeCompiler("", RXML.PikeCompile()->Resolver(), -1, -1, UNDEFINED
, UNDEFINED)->compile()
          : >> -:1: DefaultCompilerEnvironment->compile(PikeCompiler("", RXML.PikeComp
ile()->Resolver(), -1, -1, UNDEFINED, UNDEFINED))
          : >> etc/modules/RXML.pmod/module.pmod (rev 1.421):8223: RXML.PikeCompile()-
>compile()
11:16:48  : >> etc/modules/RXML.pmod/module.pmod (rev 1.421):8265: RXML.PikeCompile()-
>destroy()
 0d18h10m : >> base_server/prototypes.pike (rev 1.280):928: ProtocolCacheKey(inactive)
->destroy()
          : >> protocols/http.pike (rev 1.636):1343: unknown function()
          : >> protocols/http.pike (rev 1.636):1390: unknown function(1)
          : >> protocols/http.pike (rev 1.636):1882: unknown function(UNDEFINED)
          : >> base_server/fastpipe.pike (rev 1.11):28: /opt/roxen/server-5.1.185/base
_server/fastpipe()->sendfile_done(2964,UNDEFINED)
11:16:48  : >> -:1: Pike.Backend(0)->`()(3600.0)
 0d18h10m : >> 
[...]
          : >> ### Thread 0x41430940:
[EOF]


Core was generated by `/opt/roxen/server-5.1.185/bin/roxen -DTOPIC_DEBUG -DPC_FLUSH_VARIANTS_WHEN_MAX'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000053de23 in ?? ()
(gdb) file /opt/roxen/server-5.1.185/bin/roxen
Reading symbols from /opt/roxen/server-5.1.185/bin/roxen...done.
(gdb) bt
#0  0x000000000053de23 in f_function_name (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/builtin.cmod:1229
#1  0x0000000000438ff9 in eval_instruction (pc=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:2373
#2  0x0000000000440e87 in catching_eval_instruction (
    pc=0xf29d1c0 "\034\002M\rN\034\002\177\017")
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2245
#3  0x000000000043c9a1 in eval_instruction (
    pc=0x63 <Address 0x63 out of bounds>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:1317
#4  0x0000000000440f90 in mega_apply (type=<value optimized out>, 
    args=<value optimized out>, arg1=<value optimized out>, 
    arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2213
#5  0x0000000000471a23 in backend_do_call_outs (me=0xf7ca848)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:906
#6  0x0000000000473cc1 in pb_low_backend_once (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:4021
#7  f_PollBackend_cq__backtick_28_29 (args=1)
    at /home/dist/tmp/build/pike.srcbuild/../pike/src/backend.cmod:4076
#8  0x0000000000434f1c in low_mega_apply (type=APPLY_SVALUE, args=1, 
    arg1=<value optimized out>, arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/apply_low.h:226
---Type <return> to continue, or q <return> to quit---
#9  0x000000000043ab32 in eval_instruction (pc=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret_functions.h:2097
#10 0x0000000000440f90 in mega_apply (type=<value optimized out>, 
    args=<value optimized out>, arg1=<value optimized out>, 
    arg2=<value optimized out>)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/interpret.c:2213
#11 0x000000000053001c in new_thread_func (data=0x7fffaaee6950)
    at /tmp/dist/5.0/pike.rhel5_x86_64/pike/src/threads.c:1125
#12 0x0000003e6ac0673d in ?? ()
#13 0x0000000000000000 in ?? ()

(gdb) p *func $1 = {type = 4, subtype = 0, u = {integer = 46912695272256, efun = 0x2aaab6898340, array = 0x2aaab6898340, mapping = 0x2aaab6898340, multiset = 0x2aaab6898340, object = 0x2aaab6898340, program = 0x2aaab6898340, string = 0x2aaab6898340, type = 0x2aaab6898340, refs = 0x2aaab6898340, dummy = 0x2aaab6898340, float_number = 2.3177951087840754e-310, identifier = -1232501952, lval = 0x2aaab6898340, ptr = 0x2aaab6898340}} (gdb) p *func.object There is no member named object. (gdb) p *func.u.object $2 = {refs = 5, prog = 0xef342f8, next = 0x2aaab6898840, prev = 0x2aaab6898fc0, storage = 0x0} (gdb) p *func.u.object.prog $3 = {refs = 13, id = 7, storage_needed = 0, xstorage = 0, parent_info_storage = -1, flags = 8223, alignment_needed = 1 '\001', timestamp = {tv_sec = 1325740806, tv_usec = 194715}, next = 0xf522998, prev = 0xf398eb8, parent = 0xef363e0, optimize = 0, event_handler = 0x4f50e0 <compat_event_handler>, total_size = 416, program = 0xef4e8b0 " \342R", relocations = 0xef4e8d0, linenumbers = 0xef4e8d0 "\177\r", identifier_index = 0xef4e8e4, variable_index = 0xef4e8e4, strings = 0xef4e8e8, constants = 0xef4e8e8, identifier_references = 0xef4e8e8, inherits = 0xef4e8e8, identifiers = 0xef4e918, num_program = 32, num_relocations = 0, num_linenumbers = 20, num_identifier_index = 0, num_variable_index = 0, num_strings = 0, num_constants = 0, num_identifier_references = 0, num_inherits = 1, num_identifiers = 0, lfuns = {-1 <repeats 45 times>}} (gdb) p *func.u.object.prog.identifiers $4 = {name = 0x41, type = 0x4, filename_strno = 16, linenumber = 0, identifier_flags = 249 '\371', run_time_type = 130 '\202', opt_flags = 11255, func = {ext_ref = {depth = 0, id = 0}, gs_info = { getter = 0, setter = 0}, c_fun = 0, offset = 0}} (gdb) p (char *)func.u.object.prog.linenumbers $5 = 0xef4e8d0 "\177\r" (gdb) p (char *)func.u.object.prog.linenumbers+3 $6 = 0xef4e8d3 "src/threads.c"