[jira] [Commented] (TS-833) Crash Report: Continuation::handleEvent, event=2, 0xdeadbeef, ink_freelist_free related

[Zhao Yongming (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TS-833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13053027#comment-13053027
 ] 

Zhao Yongming commented on TS-833:
----------------------------------

John:
after the testing with your patch from TS-833 TS-834, on the trunk, we find out 
that the following crash rise up:
{code}
[New process 3496]
#0  0x00000000004d302c in Continuation::handleEvent (this=0xa993e40, event=2, 
data=0xae09210) at I_Continuation.h:146
146         return (this->*handler) (event, data);
(gdb) bt
#0  0x00000000004d302c in Continuation::handleEvent (this=0xa993e40, event=2, 
data=0xae09210) at I_Continuation.h:146
#1  0x00000000006f9978 in EThread::process_event (this=0x2aaaaae29010, 
e=0xae09210, calling_code=2) at UnixEThread.cc:140
#2  0x00000000006f9cba in EThread::execute (this=0x2aaaaae29010) at 
UnixEThread.cc:217
#3  0x00000000004ff74d in main (argc=3, argv=0x7fff464b6438) at Main.cc:1958
(gdb) info f
Stack level 0, frame at 0x7fff464b5d50:
 rip = 0x4d302c in Continuation::handleEvent(int, void*) 
(I_Continuation.h:146); saved rip 0x6f9978
 called by frame at 0x7fff464b5dc0
 source language c++.
 Arglist at 0x7fff464b5d40, args: this=0xa993e40, event=2, data=0xae09210
 Locals at 0x7fff464b5d40, Previous frame's sp is 0x7fff464b5d50
 Saved registers:
  rbp at 0x7fff464b5d40, rip at 0x7fff464b5d48
(gdb) 
{code}

I have got a small core dump file, about 2GB, at 
http://people.apache.org/~zym/cores/ along with the packages I used, and logs 
etc. please check if it is useful for you. the rpm is running on rhel 5.4 
x86_64.

thanks

> Crash Report: Continuation::handleEvent, event=2, 0xdeadbeef, 
> ink_freelist_free related
> ---------------------------------------------------------------------------------------
>
>                 Key: TS-833
>                 URL: https://issues.apache.org/jira/browse/TS-833
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 3.1.0
>         Environment: current trunk, with --enable-debug
>            Reporter: Zhao Yongming
>              Labels: freelist
>             Fix For: 3.1.0
>
>         Attachments: TS-833-2.diff, TS-833-3.diff, TS-833.diff
>
>
> bt #1
> {code}
> #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, 
> event=2, data=0x197c4fc0) at I_Continuation.h:146
> 146         return (this->*handler) (event, data);
> (gdb) bt
> #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x19581df0, 
> event=2, data=0x197c4fc0) at I_Continuation.h:146
> #1  0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, 
> e=0x197c4fc0, calling_code=2) at UnixEThread.cc:140
> #2  0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at 
> UnixEThread.cc:217
> #3  0x00000000004ff37d in main (argc=3, argv=0x7fff76c41528) at Main.cc:1958
> (gdb) info f
> Stack level 0, frame at 0x7fff76c40e40:
>  rip = 0x4d2c5c in Continuation::handleEvent(int, void*) 
> (I_Continuation.h:146); saved rip 0x6f5830
>  called by frame at 0x7fff76c40eb0
>  source language c++.
>  Arglist at 0x7fff76c40e30, args: this=0x19581df0, event=2, data=0x197c4fc0
>  Locals at 0x7fff76c40e30, Previous frame's sp is 0x7fff76c40e40
>  Saved registers:
>   rbp at 0x7fff76c40e30, rip at 0x7fff76c40e38
> (gdb) x/40x this
> 0x19581df0:     0x19581901      0x00000000      0xefbeadde      0xefbeadde
> 0x19581e00:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e10:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e20:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e30:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e40:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e50:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e60:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e70:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> 0x19581e80:     0xefbeadde      0xefbeadde      0xefbeadde      0xefbeadde
> {code}
> bt #2
> {code}
> #0  0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, 
> data=0xc4408a0) at I_Continuation.h:146
> 146         return (this->*handler) (event, data);
> (gdb) bt
> #0  0x00000000004d637c in Continuation::handleEvent (this=0xc3cc390, event=2, 
> data=0xc4408a0) at I_Continuation.h:146
> #1  0x000000000070364c in EThread::process_event (this=0x2aaaaae29010, 
> e=0xc4408a0, calling_code=2) at UnixEThread.cc:140
> #2  0x000000000070398e in EThread::execute (this=0x2aaaaae29010) at 
> UnixEThread.cc:217
> #3  0x0000000000502aac in main (argc=3, argv=0x7fff32ef2f58) at Main.cc:1961
> (gdb) p *this
> $1 = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x2aaab002f011}, 
> handler = 0xefbeaddeefbeadde, this adjustment -1171307680053154338, 
>   handler_name = 0xefbeaddeefbeadde <Address 0xefbeaddeefbeadde out of 
> bounds>, mutex = {m_ptr = 0xefbeaddeefbeadde}, link = {<SLink<Continuation>> 
> = {
>       next = 0xefbeaddeefbeadde}, prev = 0xefbeaddeefbeadde}}
> (gdb) 
> {code}
> bt #3
> {code}
> #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, 
> event=2, data=0x2aaab00d1570) at I_Continuation.h:146
> 146         return (this->*handler) (event, data);
> (gdb) bt
> #0  0x00000000004d2c5c in Continuation::handleEvent (this=0x2aaab00615b0, 
> event=2, data=0x2aaab00d1570) at I_Continuation.h:146
> #1  0x00000000006f5830 in EThread::process_event (this=0x2aaaaae29010, 
> e=0x2aaab00d1570, calling_code=2) at UnixEThread.cc:140
> #2  0x00000000006f5b72 in EThread::execute (this=0x2aaaaae29010) at 
> UnixEThread.cc:217
> #3  0x00000000004ff37d in main (argc=3, argv=0x7fff421f08d8) at Main.cc:1958
> (gdb) info f
> Stack level 0, frame at 0x7fff421f01f0:
>  rip = 0x4d2c5c in Continuation::handleEvent(int, void*) 
> (I_Continuation.h:146); saved rip 0x6f5830
>  called by frame at 0x7fff421f0260
>  source language c++.
>  Arglist at 0x7fff421f01e0, args: this=0x2aaab00615b0, event=2, 
> data=0x2aaab00d1570
>  Locals at 0x7fff421f01e0, Previous frame's sp is 0x7fff421f01f0
>  Saved registers:
>   rbp at 0x7fff421f01e0, rip at 0x7fff421f01e8
> (gdb) p this->handler
> $1 = 0xefbeaddeefbeadde, this adjustment -1171307680053154338
> {code}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira