From: SourceForge.net <no...@so...> - 2011-04-07 10:08:29
|
Bugs item #3279151, was opened at 2011-04-07 12:08 Message generated for change (Tracker Item Submitted) made by andrew_klopper You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=461322&aid=3279151&group_id=50884 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: libevent-core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Andrew Klopper (andrew_klopper) Assigned to: Nobody/Anonymous (nobody) Summary: bufferevent_connect_getaddrinfo_cb reference counting issue Initial Comment: I am using libevent 2.0.10 on FreeBSD 8.1. I have written a small HTTP load testing application that opens thousands of simultaneous connections to URLs that it reads in from a file. After a random number of connections it always exits with the following error, indicating an attempt to free a bufferevent twice: ==37322== Invalid read of size 4 ==37322== at 0x7404D: _bufferevent_decref_and_unlock (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x75C55: bufferevent_connect_getaddrinfo_cb (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x8E2A5: evdns_getaddrinfo_gotresolve (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x86F79: reply_run_callback (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6C83C: event_base_loop (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6D314: event_base_dispatch (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x80499F1: main (httpspew.c:327) ==37322== Address 0x1121a10 is 256 bytes inside a block of size 268 free'd ==37322== at 0x58CDC: free (in /usr/local/lib/valgrind/vgpreload_memcheck-x86-freebsd.so) ==37322== by 0x6806A: event_mm_free_ (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x741AD: _bufferevent_decref_and_unlock (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x742B7: bufferevent_free (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x8048FA1: delete_connection_context (httpspew.c:95) ==37322== by 0x8049190: buffer_event_callback (httpspew.c:149) ==37322== by 0x74C75: _bufferevent_run_eventcb (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x75C4D: bufferevent_connect_getaddrinfo_cb (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x8E2A5: evdns_getaddrinfo_gotresolve (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x86F79: reply_run_callback (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6C83C: event_base_loop (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6D314: event_base_dispatch (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== [err] bufferevent.c:590: Assertion bufev_private->refcnt > 0 failed in _bufferevent_decref_and_unlock ==37322== ==37322== Process terminating with default action of signal 6 (SIGABRT): dumping core ==37322== at 0x183217: __sys_kill (in /lib/libc.so.7) ==37322== by 0x181D49: abort (in /lib/libc.so.7) ==37322== by 0x7AC0F: event_exit (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x7AC55: event_errx (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x7421E: _bufferevent_decref_and_unlock (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x75C55: bufferevent_connect_getaddrinfo_cb (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x8E2A5: evdns_getaddrinfo_gotresolve (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x86F79: reply_run_callback (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6C83C: event_base_loop (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x6D314: event_base_dispatch (in /usr/local/lib/event2/libevent-2.0.so.5) ==37322== by 0x80499F1: main (httpspew.c:327) ==37322== If I look at the code for bufferevent_connect_getaddrinfo_cb, it seems to call _bufferevent_decref_and_unlock without a corresponding call to _bufferevent_incref_and_lock, which breaks the pattern observed in many of the other functions in the file. I assume that this is the cause of the error. Can I just replace the call to BEV_LOCK with a call to _bufferevent_incref_and_lock? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=461322&aid=3279151&group_id=50884 |