Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-833

Crash Report: Continuation::handleEvent, event=2, 0xdeadbeef, ink_freelist_free related

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.0, 3.0.1
    • Component/s: Core
    • Labels:
    • Environment:

      current trunk, with --enable-debug

      Description

      bt #1

      #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, event=2, data=0x197c4fc0) at I_Continuation.h:146
      146         return (this->*handler) (event, data);
      (gdb) bt
      #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, event=2, data=0x197c4fc0) at I_Continuation.h:146
      #1  0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, e=0x197c4fc0, calling_code=2) at UnixEThread.cc:140
      #2  0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at UnixEThread.cc:217
      #3  0x00000000004ff37d in main (argc=3, argv=0x7fff76c41528) at Main.cc:1958
      (gdb) info f
      Stack level 0, frame at 0x7fff76c40e40:
       rip = 0x4d2c5c in Continuation::handleEvent(int, void*) (I_Continuation.h:146); saved rip 0x6f5830
       called by frame at 0x7fff76c40eb0
       source language c++.
       Arglist at 0x7fff76c40e30, args: this=0x19581df0, event=2, data=0x197c4fc0
       Locals at 0x7fff76c40e30, Previous frame's sp is 0x7fff76c40e40
       Saved registers:
        rbp at 0x7fff76c40e30, rip at 0x7fff76c40e38
      (gdb) x/40x this
      0x19581df0:     0x19581901      0x00000000      0xefbeadde      0xefbeadde
      0x19581e00:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e10:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e20:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e30:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e40:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e50:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e60:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e70:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      0x19581e80:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
      

      bt #2

      #0  0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, data=0xc4408a0) at I_Continuation.h:146
      146         return (this->*handler) (event, data);
      (gdb) bt
      #0  0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, data=0xc4408a0) at I_Continuation.h:146
      #1  0x000000000070364c in EThread::process_event (this=0x2aaaaae29010, e=0xc4408a0, calling_code=2) at UnixEThread.cc:140
      #2  0x000000000070398e in EThread::execute (this=0x2aaaaae29010) at UnixEThread.cc:217
      #3  0x0000000000502aac in main (argc=3, argv=0x7fff32ef2f58) at Main.cc:1961
      (gdb) p *this
      $1 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x2aaab002f011}, handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, 
        handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> = {
            next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}}
      (gdb) 
      

      bt #3

      #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, event=2, data=0x2aaab00d1570) at I_Continuation.h:146
      146         return (this->*handler) (event, data);
      (gdb) bt
      #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, event=2, data=0x2aaab00d1570) at I_Continuation.h:146
      #1  0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, e=0x2aaab00d1570, calling_code=2) at UnixEThread.cc:140
      #2  0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at UnixEThread.cc:217
      #3  0x00000000004ff37d in main (argc=3, argv=0x7fff421f08d8) at Main.cc:1958
      (gdb) info f
      Stack level 0, frame at 0x7fff421f01f0:
       rip = 0x4d2c5c in Continuation::handleEvent(int, void*) (I_Continuation.h:146); saved rip 0x6f5830
       called by frame at 0x7fff421f0260
       source language c++.
       Arglist at 0x7fff421f01e0, args: this=0x2aaab00615b0, event=2, data=0x2aaab00d1570
       Locals at 0x7fff421f01e0, Previous frame's sp is 0x7fff421f01f0
       Saved registers:
        rbp at 0x7fff421f01e0, rip at 0x7fff421f01e8
      (gdb) p this->handler
      $1 = 0xefbeaddeefbeadde, this adjustment -1171307680053154338
      

        Attachments

        1. TS-833.diff
          5 kB
          John Plevyak
        2. TS-833-2.diff
          2 kB
          John Plevyak
        3. TS-833-3.diff
          4 kB
          John Plevyak

          Activity

            People

            • Assignee:
              jplevyak John Plevyak
              Reporter:
              zym Zhao Yongming
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: