core dump in HttpSM::handle_server_setup_error when handling inactivity timer expiry

(gdb) bt
#0  0x00000000005daca9 in HttpSM::handle_server_setup_error (this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at HttpSM.cc:5188
#1  0x00000000005cf16f in HttpSM::state_read_server_response_header (this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at HttpSM.cc:1750
#2  0x00000000005d19ae in HttpSM::main_handler (this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at HttpSM.cc:2522
#3  0x00000000004f6bb8 in Continuation::handleEvent (this=0x2b906c5d8f10, event=105, data=0x2b8e183b8300) at ../iocore/eventsystem/I_Continuation.h:146
#4  0x00000000007379b3 in read_signal_and_update (event=105, vc=0x2b8e183b81f0) at UnixNetVConnection.cc:141
#5  0x000000000073a928 in UnixNetVConnection::mainEvent (this=0x2b8e183b81f0, event=1, e=0x2771150) at UnixNetVConnection.cc:1071
#6  0x00000000004f6bb8 in Continuation::handleEvent (this=0x2b8e183b81f0, event=1, data=0x2771150) at ../iocore/eventsystem/I_Continuation.h:146
#7  0x0000000000731eba in InactivityCop::check_inactivity (this=0x2647ba0, event=2, e=0x2771150) at UnixNet.cc:100
#8  0x00000000004f6bb8 in Continuation::handleEvent (this=0x2647ba0, event=2, data=0x2771150) at ../iocore/eventsystem/I_Continuation.h:146
#9  0x000000000075858e in EThread::process_event (this=0x2b8c9eb56010, e=0x2771150, calling_code=2) at UnixEThread.cc:145
#10 0x00000000007588a9 in EThread::execute (this=0x2b8c9eb56010) at UnixEThread.cc:224
#11 0x0000000000757b0c in spawn_thread_internal (a=0x2642360) at Thread.cc:88
#12 0x00002b8c9c6d8851 in __free_tcb () from /lib64/libpthread.so.0
#13 0x0000000000000000 in ?? ()
(gdb) print c
$1 = (HttpTunnelConsumer *) 0x0
(gdb) p post_transform_info.vc
$2 = (VConnection *) 0x0
(gdb) p post_transform_info
$3 = {entry = 0x0, vc = 0x0}
(gdb) p tunnel
$4 = {<Continuation> = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x7900d0}, handler = (int (Continuation::*)(Continuation *, int, void *)) 0x61a23e
     <HttpTunnel::main_handler(int, void*)>, mutex = {m_ptr = 0x2b8db912c7e0}, link = {<SLink<Continuation>> = {next = 0x0}, prev = 0x0}}, num_producers = 1, num_consumers = 1, consumers = {{
      link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer = 0x2b906c5d9d30, self_producer = 0x0, vc_type = HT_HTTP_CLIENT, vc = 0x2b8ec5e96d50, 
      buffer_reader = 0x2b8db3149e50, vc_handler = (int (HttpSM::*)(HttpSM *, int, HttpTunnelConsumer *)) 0x5d3078 <HttpSM::tunnel_handler_100_continue_ua(int, HttpTunnelConsumer*)>, 
      write_vio = 0x2b8e1883baf8, skip_bytes = 0, bytes_written = 0, handler_state = 0, alive = true, write_success = false, name = 0x78e839 "user agent"}, {
      link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer = 0x0, self_producer = 0x0, vc_type = HT_HTTP_SERVER, vc = 0x0, buffer_reader = 0x0, vc_handler = NULL, 
      write_vio = 0x0, skip_bytes = 0, bytes_written = 0, handler_state = 0, alive = false, write_success = false, name = 0x0}, {link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, 
      producer = 0x0, self_producer = 0x0, vc_type = HT_HTTP_SERVER, vc = 0x0, buffer_reader = 0x0, vc_handler = NULL, write_vio = 0x0, skip_bytes = 0, bytes_written = 0, handler_state = 0, 
      alive = false, write_success = false, name = 0x0}, {link = {<SLink<HttpTunnelConsumer>> = {next = 0x0}, prev = 0x0}, producer = 0x0, self_producer = 0x0, vc_type = HT_HTTP_SERVER, 
      vc = 0x0, buffer_reader = 0x0, vc_handler = NULL, write_vio = 0x0, skip_bytes = 0, bytes_written = 0, handler_state = 0, alive = false, write_success = false, name = 0x0}}, producers = {{
      consumer_list = {head = 0x2b906c5d9b70}, self_consumer = 0x0, vc = 0x1, vc_handler = NULL, read_vio = 0x0, read_buffer = 0x2b8db3149e10, buffer_start = 0x0, vc_type = HT_STATIC, 
      chunked_handler = {static DEFAULT_MAX_CHUNK_SIZE = 4096, action = ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0, dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0, 
        chunked_buffer = 0x0, chunked_size = 0, truncation = false, skip_bytes = 0, state = ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0, last_server_event = 0, 
        running_sum = 0, num_digits = 0, max_chunk_size = 0, max_chunk_header = '\000' <repeats 15 times>, max_chunk_header_len = 0}, chunking_action = TCA_PASSTHRU_DECHUNKED_CONTENT, 
      do_chunking = false, do_dechunking = false, do_chunked_passthru = false, init_bytes_done = 75, nbytes = 75, ntodo = 0, bytes_read = 0, handler_state = 0, last_event = 0, 
      num_consumers = 1, alive = false, read_success = true, flow_control_source = 0x0, name = 0x78e8b6 "internal msg - 100 continue"}, {consumer_list = {head = 0x0}, self_consumer = 0x0, 
      vc = 0x0, vc_handler = NULL, read_vio = 0x0, read_buffer = 0x0, buffer_start = 0x0, vc_type = HT_HTTP_SERVER, chunked_handler = {static DEFAULT_MAX_CHUNK_SIZE = 4096, 
        action = ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0, dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0, chunked_buffer = 0x0, chunked_size = 0, 
        truncation = false, skip_bytes = 0, state = ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0, last_server_event = 0, running_sum = 0, num_digits = 0, 
        max_chunk_size = 0, max_chunk_header = '\000' <repeats 15 times>, max_chunk_header_len = 0}, chunking_action = TCA_CHUNK_CONTENT, do_chunking = false, do_dechunking = false, 
      do_chunked_passthru = false, init_bytes_done = 0, nbytes = 0, ntodo = 0, bytes_read = 0, handler_state = 0, last_event = 0, num_consumers = 0, alive = false, read_success = false, 
      flow_control_source = 0x0, name = 0x0}}, sm = 0x2b906c5d8f10, active = true, flow_state = {static DEFAULT_WATER_MARK = 65536, high_water = 65536, low_water = 65536, enabled_p = false}, 
  postbuf = 0x0}