[ https://issues.apache.org/jira/browse/TS-833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050173#comment-13050173 ]
mohan_zl edited comment on TS-833 at 6/16/11 1:08 AM: ------------------------------------------------------ {code} #0 0x00000000004d2c5c in Continuation::handleEvent (this=0xda48180, event=2, data=0xdb212d0) at I_Continuation.h:146 146 return (this->*handler) (event, data); (gdb) bt #0 0x00000000004d2c5c in Continuation::handleEvent (this=0xda48180, event=2, data=0xdb212d0) at I_Continuation.h:146 #1 0x00000000006f58c8 in EThread::process_event (this=0x2aaaaae29010, e=0xdb212d0, calling_code=2) at UnixEThread.cc:140 #2 0x00000000006f5c0a in EThread::execute (this=0x2aaaaae29010) at UnixEThread.cc:217 #3 0x00000000004ff37d in main (argc=3, argv=0x7fff0e981f48) at Main.cc:1958 (gdb) x/40x this 0xda48180: 0x0da477a1 0x00000000 0xefbeadde 0xefbeadde 0xda48190: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481a0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481b0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481c0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481d0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481e0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481f0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda48200: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda48210: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde (gdb) info f Stack level 0, frame at 0x7fff0e981860: rip = 0x4d2c5c in Continuation::handleEvent(int, void*) (I_Continuation.h:146); saved rip 0x6f58c8 called by frame at 0x7fff0e9818d0 source language c++. Arglist at 0x7fff0e981850, args: this=0xda48180, event=2, data=0xdb212d0 Locals at 0x7fff0e981850, Previous frame's sp is 0x7fff0e981860 Saved registers: rbp at 0x7fff0e981850, rip at 0x7fff0e981858 (gdb) info args this = (Continuation * const) 0xda48180 event = 2 data = (void *) 0xdb212d0 (gdb) p this->handler_name $1 = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of bounds> (gdb) p *this $2 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0xda477a1}, handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> = { next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}} {code} was (Author: wahu0315210): {quote} #0 0x00000000004d2c5c in Continuation::handleEvent (this=0xda48180, event=2, data=0xdb212d0) at I_Continuation.h:146 146 return (this->*handler) (event, data); (gdb) bt #0 0x00000000004d2c5c in Continuation::handleEvent (this=0xda48180, event=2, data=0xdb212d0) at I_Continuation.h:146 #1 0x00000000006f58c8 in EThread::process_event (this=0x2aaaaae29010, e=0xdb212d0, calling_code=2) at UnixEThread.cc:140 #2 0x00000000006f5c0a in EThread::execute (this=0x2aaaaae29010) at UnixEThread.cc:217 #3 0x00000000004ff37d in main (argc=3, argv=0x7fff0e981f48) at Main.cc:1958 (gdb) x/40x this 0xda48180: 0x0da477a1 0x00000000 0xefbeadde 0xefbeadde 0xda48190: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481a0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481b0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481c0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481d0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481e0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda481f0: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda48200: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde 0xda48210: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde (gdb) info f Stack level 0, frame at 0x7fff0e981860: rip = 0x4d2c5c in Continuation::handleEvent(int, void*) (I_Continuation.h:146); saved rip 0x6f58c8 called by frame at 0x7fff0e9818d0 source language c++. Arglist at 0x7fff0e981850, args: this=0xda48180, event=2, data=0xdb212d0 Locals at 0x7fff0e981850, Previous frame's sp is 0x7fff0e981860 Saved registers: rbp at 0x7fff0e981850, rip at 0x7fff0e981858 (gdb) info args this = (Continuation * const) 0xda48180 event = 2 data = (void *) 0xdb212d0 (gdb) p this->handler_name $1 = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of bounds> (gdb) p *this $2 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0xda477a1}, handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> = { next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}} {quote} > Crash Report: Continuation::handleEvent, event=2, 0xdeadbeef, > ink_freelist_free related > --------------------------------------------------------------------------------------- > > Key: TS-833 > URL: https://issues.apache.org/jira/browse/TS-833 > Project: Traffic Server > Issue Type: Bug > Components: Core > Affects Versions: 3.1.0 > Environment: current trunk, with --enable-debug > Reporter: Zhao Yongming > Labels: freelist > Attachments: TS-833-2.diff, TS-833-3.diff, TS-833.diff > > > bt #1 > {code} > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, > event=2, data=0x197c4fc0) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, > event=2, data=0x197c4fc0) at I_Continuation.h:146 > #1 0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, > e=0x197c4fc0, calling_code=2) at UnixEThread.cc:140 > #2 0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x00000000004ff37d in main (argc=3, argv=0x7fff76c41528) at Main.cc:1958 > (gdb) info f > Stack level 0, frame at 0x7fff76c40e40: > rip = 0x4d2c5c in Continuation::handleEvent(int, void*) > (I_Continuation.h:146); saved rip 0x6f5830 > called by frame at 0x7fff76c40eb0 > source language c++. > Arglist at 0x7fff76c40e30, args: this=0x19581df0, event=2, data=0x197c4fc0 > Locals at 0x7fff76c40e30, Previous frame's sp is 0x7fff76c40e40 > Saved registers: > rbp at 0x7fff76c40e30, rip at 0x7fff76c40e38 > (gdb) x/40x this > 0x19581df0: 0x19581901 0x00000000 0xefbeadde 0xefbeadde > 0x19581e00: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e10: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e20: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e30: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e40: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e50: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e60: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e70: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > 0x19581e80: 0xefbeadde 0xefbeadde 0xefbeadde 0xefbeadde > {code} > bt #2 > {code} > #0 0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, > data=0xc4408a0) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, > data=0xc4408a0) at I_Continuation.h:146 > #1 0x000000000070364c in EThread::process_event (this=0x2aaaaae29010, > e=0xc4408a0, calling_code=2) at UnixEThread.cc:140 > #2 0x000000000070398e in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x0000000000502aac in main (argc=3, argv=0x7fff32ef2f58) at Main.cc:1961 > (gdb) p *this > $1 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x2aaab002f011}, > handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, > handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of > bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> > = { > next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}} > (gdb) > {code} > bt #3 > {code} > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, > event=2, data=0x2aaab00d1570) at I_Continuation.h:146 > 146 return (this->*handler) (event, data); > (gdb) bt > #0 0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, > event=2, data=0x2aaab00d1570) at I_Continuation.h:146 > #1 0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, > e=0x2aaab00d1570, calling_code=2) at UnixEThread.cc:140 > #2 0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at > UnixEThread.cc:217 > #3 0x00000000004ff37d in main (argc=3, argv=0x7fff421f08d8) at Main.cc:1958 > (gdb) info f > Stack level 0, frame at 0x7fff421f01f0: > rip = 0x4d2c5c in Continuation::handleEvent(int, void*) > (I_Continuation.h:146); saved rip 0x6f5830 > called by frame at 0x7fff421f0260 > source language c++. > Arglist at 0x7fff421f01e0, args: this=0x2aaab00615b0, event=2, > data=0x2aaab00d1570 > Locals at 0x7fff421f01e0, Previous frame's sp is 0x7fff421f01f0 > Saved registers: > rbp at 0x7fff421f01e0, rip at 0x7fff421f01e8 > (gdb) p this->handler > $1 = 0xefbeaddeefbeadde, this adjustment -1171307680053154338 > {code} -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira