[ https://issues.apache.org/jira/browse/TS-833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13048750#comment-13048750 ]
John Plevyak commented on TS-833: --------------------------------- I have a theory about this, but I am not sure why the problem has only manifest now as it seems to have been in the codebase for a while. The theory is that the vc_next is bad because it has been closed as a result of the inactivity callback. This could be checked by walking down nh->open_list in the debugger (or code) to see if next_vc is in the list. > Crash Report: Continuation::handleEvent, event=2, 0xdeadbeef, > ink_freelist_free related > --------------------------------------------------------------------------------------- > > Key: TS-833 > URL: https://issues.apache.org/jira/browse/TS-833 > Project: Traffic Server > Issue Type: Bug > Components: Core > Affects Versions: 3.1.0 > Environment: current trunk, with --enable-debug > Reporter: Zhao Yongming > Labels: freelist > > bt #1 > {code} > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, > event=2, data=0x197c4fc0) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, > event=2, data=0x197c4fc0) at I_Continuation.h:146 > #1 0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, > e=0x197c4fc0, calling_code=2) at UnixEThread.cc:140 > #2 0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x00000000004ff37d in main (argc=3, argv=0x7fff76c41528) at Main.cc:1958 > (gdb) info f > Stack level 0, frame at 0x7fff76c40e40: > rip = 0x4d2c5c in Continuation::handleEvent(int, void*) > (I_Continuation.h:146); saved rip 0x6f5830 > called by frame at 0x7fff76c40eb0 > source language c++. > Arglist at 0x7fff76c40e30, args: this=0x19581df0, event=2, data=0x197c4fc0 > Locals at 0x7fff76c40e30, Previous frame's sp is 0x7fff76c40e40 > Saved registers: > rbp at 0x7fff76c40e30, rip at 0x7fff76c40e38 > (gdb) x/40x this > 0x19581df0: 0x19581901 0x00000000 0xefbeadde 0xefbeadde > 0x19581e00: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e10: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e20: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e30: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e40: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e50: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e60: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e70: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e80: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > {code} > bt #2 > {code} > #0 0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, > data=0xc4408a0) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, > data=0xc4408a0) at I_Continuation.h:146 > #1 0x000000000070364c in EThread::process_event (this=0x2aaaaae29010, > e=0xc4408a0, calling_code=2) at UnixEThread.cc:140 > #2 0x000000000070398e in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x0000000000502aac in main (argc=3, argv=0x7fff32ef2f58) at Main.cc:1961 > (gdb) p *this > $1 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x2aaab002f011}, > handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, > handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of > bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> > = { > next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}} > (gdb) > {code} > bt #3 > {code} > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, > event=2, data=0x2aaab00d1570) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, > event=2, data=0x2aaab00d1570) at I_Continuation.h:146 > #1 0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, > e=0x2aaab00d1570, calling_code=2) at UnixEThread.cc:140 > #2 0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x00000000004ff37d in main (argc=3, argv=0x7fff421f08d8) at Main.cc:1958 > (gdb) info f > Stack level 0, frame at 0x7fff421f01f0: > rip = 0x4d2c5c in Continuation::handleEvent(int, void*) > (I_Continuation.h:146); saved rip 0x6f5830 > called by frame at 0x7fff421f0260 > source language c++. > Arglist at 0x7fff421f01e0, args: this=0x2aaab00615b0, event=2, > data=0x2aaab00d1570 > Locals at 0x7fff421f01e0, Previous frame's sp is 0x7fff421f01f0 > Saved registers: > rbp at 0x7fff421f01e0, rip at 0x7fff421f01e8 > (gdb) p this->handler > $1 = 0xefbeaddeefbeadde, this adjustment -1171307680053154338 > {code} -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira