[TS-3957] core dump from SpdyClientSession::state_session_start - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.1.0
Component/s: SPDY
Labels:
- yahoo

Description

We see this in production on machines under swap, so the timings are very distorted.

gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x000000000064a5dc in SpdyClientSession::state_session_start (this=0x2b234fbe8030)
    at SpdyClientSession.cc:211
#2  0x0000000000510e34 in Continuation::handleEvent (this=0x2b234fbe8030, event=1, 
    data=0x2b23eda76630) at ../iocore/eventsystem/I_Continuation.h:145
#3  0x000000000079a066 in EThread::process_event (this=0x2b21170a2010, e=0x2b23eda76630, 
    calling_code=1) at UnixEThread.cc:128
#4  0x000000000079a234 in EThread::execute (this=0x2b21170a2010) at UnixEThread.cc:179
#5  0x0000000000799611 in spawn_thread_internal (a=0x12226a0) at Thread.cc:85
#6  0x00002b21153e19d1 in start_thread () from /lib64/libpthread.so.0
#7  0x0000003827ee88fd in clone () from /lib64/libc.so.6

After poking around on the core some more amc and I determined that the vc referenced by the SpdyClientSession was a freed object (the vtable pointer was swizzled out to be the freelist next pointer).

We assume that the swapping is causing very odd event timing. We replaced the schedule_immediate with a direct call that that seemed to solve our crash in production.

Attachments

Activity

People

Assignee:: Susan Hinrichs

Reporter:: Susan Hinrichs

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Oct/15 15:20

Updated:: 04/Feb/16 18:49

Resolved:: 06/Oct/15 19:31