Segmentation fault in examples/httpserver

[peterzandbergen]

When I use the standard httpserver code on Ubuntu Willy Mate and I apply intensive load, the program causes a segmentation fault. httpserver runs stable when logging is disabled using DiscardLog.

OS: Ubuntu Mate Willy
LLVM: 3.8 from UIbuntu repo
Virtualbox, latest version

Stacktrace after compiling the httpserver with ponyc debug version with ponyc -d

(lldb) bt
* thread #1: tid = 3657, 0x0000000000413825 httpserver`StdStream_ref__write_oo(this=0x00007ffff6b06d00, data=0x00007ffff6ada120) + 37 at stdstream.pony:86, name = 'httpserver', stop reason = signal SIGSEGV: invalid address (fault address: 0x544887)
  * frame #0: 0x0000000000413825 httpserver`StdStream_ref__write_oo(this=0x00007ffff6b06d00, data=0x00007ffff6ada120) + 37 at stdstream.pony:86
    frame #1: 0x0000000000413a1c httpserver`StdStream_tag_writev_oo(this=0x00007ffff6b06d00, data=0x00007ffff56d0d80) + 172 at stdstream.pony:79
    frame #2: 0x0000000000403aee httpserver`StdStream_Dispatch + 190
    frame #3: 0x000000000042eac0 httpserver`handle_message(ctx=0x00007ffff6b07c48, actor=0x00007ffff6b06d00, msg=0x00007ffff56d1700) + 401 at actor.c:95
    frame #4: 0x000000000042ec48 httpserver`ponyint_actor_run(ctx=0x00007ffff6b07c48, actor=0x00007ffff6b06d00, batch=100) + 258 at actor.c:154
    frame #5: 0x000000000042fcd8 httpserver`run(sched=0x00007ffff6b07c00) + 137 at scheduler.c:264
    frame #6: 0x000000000042fdca httpserver`run_thread(arg=0x00007ffff6b07c00) + 59 at scheduler.c:306
    frame #7: 0x0000000000430229 httpserver`ponyint_sched_start(library=false) + 292 at scheduler.c:446
    frame #8: 0x0000000000430b89 httpserver`pony_start(library=false) + 48 at start.c:114
    frame #9: 0x000000000042c00f httpserver`main + 271
    frame #10: 0x00007ffff6d33830 libc.so.6`__libc_start_main(main=(httpserver`main), argc=3, argv=0x00007fffffffdfb8, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007fffffffdfa8) + 240 at libc-start.c:291
    frame #11: 0x0000000000402e99 httpserver`_start + 41

[6643]

#937
Remove logger no longer crashes

[SeanTAllen]

@peterzandbergen what version of pony are you using?

[peterzandbergen]

Hi Sean,

I ran the test using the latest build at that time. I also tried it on AWS
this Monday with a clean VM and a new build. It had the same behaviour. I
can try again tomorrow with the latest build if you like.

It never crashes when the logger is the DiscardLog.

Op wo 6 jul. 2016 21:59 schreef Sean T Allen [email protected]:

@peterzandbergen https://github.com/peterzandbergen what version of
pony are you using?

—
You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
#996 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AI2Xrvui0PrDsSF-ZLy78bstoSKyS_3gks5qTAkMgaJpZM4JDont
.

Peter Zandbergen
Tel: +31 6 460 55 872

linkedIn: peterzandbergen https://www.linkedin.com/in/peterzandbergen

[peterzandbergen]

Hi All,

some more information about versions.
ponyc --version: 0.2.1-988-g4e0a773 [debug]

lldb version: lldb version 3.8.0 ( revision )
llvm version: 3.8
VirtualBox version: 5.0.24
Linux version: Ubuntu Mate Willy (16.04) 64 bits

command I ran: sudo lldb --file ./httpserver -- --ponythreads 1 --port 80 --logger common
Source code for httpserver is here: https://github.com/peterzandbergen/httpserver

Dump produced by lldb

localhost - - [07/Jul/2016:07:45:26 +0000] "Process 4611 stopped
* thread #1: tid = 4611, 0x000000000041fad5 httpserver`StdStream_ref__write_oo(this=0x00007ffff6ade000, data=0x00007ffff6ad9120) + 37 at stdstream.pony:86, name = 'httpserver', stop reason = signal SIGSEGV: invalid address (fault address: 0x5445af)
    frame #0: 0x000000000041fad5 httpserver`StdStream_ref__write_oo(this=0x00007ffff6ade000, data=0x00007ffff6ad9120) + 37 at stdstream.pony:86
   83       """
   84       Write the bytes without explicitly flushing.
   85       """
-> 86       @pony_os_std_write[None](_stream, data.cstring(), data.size())

Stacktrace

(lldb) bt
* thread #1: tid = 4611, 0x000000000041fad5 httpserver`StdStream_ref__write_oo(this=0x00007ffff6ade000, data=0x00007ffff6ad9120) + 37 at stdstream.pony:86, name = 'httpserver', stop reason = signal SIGSEGV: invalid address (fault address: 0x5445af)
  * frame #0: 0x000000000041fad5 httpserver`StdStream_ref__write_oo(this=0x00007ffff6ade000, data=0x00007ffff6ad9120) + 37 at stdstream.pony:86
    frame #1: 0x000000000041fcd2 httpserver`StdStream_tag_writev_oo(this=0x00007ffff6ade000, data=0x00007ffff67a6b40) + 178 at stdstream.pony:79
    frame #2: 0x0000000000404661 httpserver`StdStream_Dispatch + 289
    frame #3: 0x0000000000435740 httpserver`handle_message(ctx=0x00007ffff6b07c48, actor=0x00007ffff6ade000, msg=0x00007ffff686a180) + 401 at actor.c:95
    frame #4: 0x00000000004358c8 httpserver`ponyint_actor_run(ctx=0x00007ffff6b07c48, actor=0x00007ffff6ade000, batch=100) + 258 at actor.c:154
    frame #5: 0x0000000000436958 httpserver`run(sched=0x00007ffff6b07c00) + 137 at scheduler.c:264
    frame #6: 0x0000000000436a4a httpserver`run_thread(arg=0x00007ffff6b07c00) + 59 at scheduler.c:306
    frame #7: 0x0000000000436ea9 httpserver`ponyint_sched_start(library=false) + 292 at scheduler.c:446
    frame #8: 0x0000000000437809 httpserver`pony_start(library=false) + 48 at start.c:114
    frame #9: 0x0000000000432492 httpserver`main + 274
    frame #10: 0x00007ffff6d33830 libc.so.6`__libc_start_main(main=(httpserver`main), argc=7, argv=0x00007fffffffe558, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007fffffffe548) + 240 at libc-start.c:291
    frame #11: 0x0000000000402f79 httpserver`_start + 41

[malthe]

It seems to me that pony_os_std_write uses fwrite without checking the return value (which is the number of bytes written) – see fwrite man page.

That said, it shouldn't be necessary to flush. When fwrite returns you are free to free the memory.

[SeanTAllen]

see #1118. @Perelandric has been doing some excellent sleuthing related to this issue. Closing this issue in favor of that one.