[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Segfault under specific conditions



Niels:

On Tue, Mar 9, 2010 at 4:38 PM, Niels Provos <provos@xxxxxxxxx> wrote:
Hi David,

On Tue, Mar 9, 2010 at 1:00 PM, David Titarenco
> My server segfaults/crashes/etc under high load. It's fairly simple and
> nothing is intrusive. The following is the most recent crash report from
> earlier today:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7f6c1f6 in evhttp_add_header_internal (headers=0xfffffc40, key=0xb7f7fc45
> "Connection", value=0xb7f7fc50 "close") at http.c:1467
> 1467            TAILQ_INSERT_TAIL(headers, header, next);
> Current language:  auto; currently c
> (gdb) bt
> #0  0xb7f6c1f6 in evhttp_add_header_internal (headers=0xfffffc40,
> key=0xb7f7fc45 "Connection", value=0xb7f7fc50 "close") at http.c:1467
> #1  0xb7f6f4a7 in evhttp_send_error (req=0xb7e3af50, error=504,
> reason=0x813d24b "Update the state. Hit PHP!") at http.c:2050

Thanks for the report.   Where do you get the request pointer from?
Could you print the contents in gdb?  My best guess is that the
request got freed underneath you for some reason.

Niels.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

I get my req pointer from an STL map: map<evhttp_request *,bead> that I iterate over. Now, I wrote a home-made timeout method that uses evtimer for these long-polling connections (that I call beads). The only thing that I'm worried about is that the timeout callback might be fired in the middle of a (long) iteration in case of many connections (could this even happen? - the server is NOT multithreaded) which in turn also closes the connection and deletes map entry. But if this weird race condition DOES happen, it _should_ give me an STL null pointer exception, not a libevent segfault. Moreover, is there any way to check and see if the req is valid or not, to at least avoid a server crash?

Next time I encounter the segfault, I'll print the contents of the req pointer address.

David