Re: [naviserver-devel] ns_proxy hang

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Dear all,

CBMC (http://www.cprover.org/cbmc/) symbolic execution of “nsproxy” reports an error in RecvBuff. It could be a false positive.

Hope it helps,

Maurizio

[SendBuf.assertion.1] assertion (slavePtr != ((void *)0)): SUCCESS

[SendBuf.assertion.2] assertion (dsPtr != ((void *)0)): SUCCESS

[SendBuf.overflow.1] arithmetic overflow on signed * in (ms % 1000) * 1000: SUCCESS

[SendBuf.pointer_dereference.1] dereference failure: pointer NULL in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.2] dereference failure: pointer invalid in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.3] dereference failure: deallocated dynamic object in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.4] dereference failure: dead object in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.5] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.6] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.7] dereference failure: pointer NULL in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.8] dereference failure: pointer invalid in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.9] dereference failure: deallocated dynamic object in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.10] dereference failure: dead object in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.11] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.12] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.13] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[SendBuf.pointer_dereference.14] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[SendBuf.overflow.2] arithmetic overflow on unsigned + in iov[(signed long long int)0].iov_len + iov[(signed long long int)1].iov_len: SUCCESS

[SendBuf.pointer_dereference.15] dereference failure: pointer NULL in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.16] dereference failure: pointer invalid in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.17] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.18] dereference failure: dead object in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.19] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.20] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.21] dereference failure: pointer NULL in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.22] dereference failure: pointer invalid in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.23] dereference failure: deallocated dynamic object in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.24] dereference failure: dead object in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.25] dereference failure: pointer outside dynamic object bounds in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.26] dereference failure: pointer outside object bounds in *return_value__errno$1: SUCCESS

[SendBuf.pointer_dereference.27] dereference failure: pointer NULL in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.28] dereference failure: pointer invalid in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.29] dereference failure: deallocated dynamic object in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.30] dereference failure: dead object in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.31] dereference failure: pointer outside dynamic object bounds in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.32] dereference failure: pointer outside object bounds in *return_value__errno$2: SUCCESS

[SendBuf.pointer_dereference.33] dereference failure: pointer NULL in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.34] dereference failure: pointer invalid in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.35] dereference failure: deallocated dynamic object in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.36] dereference failure: dead object in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.37] dereference failure: pointer outside dynamic object bounds in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.38] dereference failure: pointer outside object bounds in *return_value__errno$3: SUCCESS

[SendBuf.pointer_dereference.39] dereference failure: pointer NULL in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.40] dereference failure: pointer invalid in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.41] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.42] dereference failure: dead object in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.43] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[SendBuf.pointer_dereference.44] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[RecvBuf.assertion.1] assertion (slavePtr != ((void *)0)): SUCCESS

[RecvBuf.assertion.2] assertion (dsPtr != ((void *)0)): SUCCESS

[RecvBuf.overflow.1] arithmetic overflow on signed * in (ms % 1000) * 1000: SUCCESS

[RecvBuf.pointer_dereference.1] dereference failure: pointer NULL in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.2] dereference failure: pointer invalid in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.3] dereference failure: deallocated dynamic object in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.4] dereference failure: dead object in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.5] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.6] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[RecvBuf.overflow.2] arithmetic overflow on unsigned - in (unsigned long long int)dsPtr->spaceAvl - (unsigned long long int)1u: FAILURE

[RecvBuf.pointer_dereference.7] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.8] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.9] dereference failure: pointer NULL in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.10] dereference failure: pointer invalid in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.11] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.12] dereference failure: dead object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.13] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.14] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.15] dereference failure: pointer NULL in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.16] dereference failure: pointer invalid in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.17] dereference failure: deallocated dynamic object in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.18] dereference failure: dead object in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.19] dereference failure: pointer outside dynamic object bounds in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.20] dereference failure: pointer outside object bounds in *return_value__errno$1: FAILURE

[RecvBuf.pointer_dereference.21] dereference failure: pointer NULL in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.22] dereference failure: pointer invalid in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.23] dereference failure: deallocated dynamic object in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.24] dereference failure: dead object in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.25] dereference failure: pointer outside dynamic object bounds in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.26] dereference failure: pointer outside object bounds in *return_value__errno$2: FAILURE

[RecvBuf.pointer_dereference.27] dereference failure: pointer NULL in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.28] dereference failure: pointer invalid in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.29] dereference failure: deallocated dynamic object in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.30] dereference failure: dead object in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.31] dereference failure: pointer outside dynamic object bounds in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.32] dereference failure: pointer outside object bounds in *return_value__errno$3: FAILURE

[RecvBuf.pointer_dereference.33] dereference failure: pointer NULL in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.34] dereference failure: pointer invalid in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.35] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.36] dereference failure: dead object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.37] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.38] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[RecvBuf.overflow.3] arithmetic overflow on unsigned - in avail - iov[(signed long long int)1].iov_len: SUCCESS

[RecvBuf.overflow.4] arithmetic overflow on signed - in len - n: SUCCESS

[RecvBuf.pointer_dereference.39] dereference failure: pointer NULL in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.40] dereference failure: pointer invalid in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.41] dereference failure: deallocated dynamic object in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.42] dereference failure: dead object in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.43] dereference failure: pointer outside dynamic object bounds in *dsPtr: SUCCESS

[RecvBuf.pointer_dereference.44] dereference failure: pointer outside object bounds in *dsPtr: SUCCESS

[RecvBuf.overflow.5] pointer arithmetic overflow on + in dsPtr->string + n: SUCCESS

[RecvBuf.pointer_dereference.45] dereference failure: pointer NULL in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.46] dereference failure: pointer invalid in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.47] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.48] dereference failure: dead object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.49] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.50] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.51] dereference failure: pointer NULL in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.52] dereference failure: pointer invalid in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.53] dereference failure: deallocated dynamic object in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.54] dereference failure: dead object in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.55] dereference failure: pointer outside dynamic object bounds in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.56] dereference failure: pointer outside object bounds in *return_value__errno$6: SUCCESS

[RecvBuf.pointer_dereference.57] dereference failure: pointer NULL in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.58] dereference failure: pointer invalid in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.59] dereference failure: deallocated dynamic object in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.60] dereference failure: dead object in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.61] dereference failure: pointer outside dynamic object bounds in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.62] dereference failure: pointer outside object bounds in *return_value__errno$7: SUCCESS

[RecvBuf.pointer_dereference.63] dereference failure: pointer NULL in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.64] dereference failure: pointer invalid in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.65] dereference failure: deallocated dynamic object in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.66] dereference failure: dead object in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.67] dereference failure: pointer outside dynamic object bounds in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.68] dereference failure: pointer outside object bounds in *return_value__errno$8: SUCCESS

[RecvBuf.pointer_dereference.69] dereference failure: pointer NULL in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.70] dereference failure: pointer invalid in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.71] dereference failure: deallocated dynamic object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.72] dereference failure: dead object in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.73] dereference failure: pointer outside dynamic object bounds in *slavePtr: SUCCESS

[RecvBuf.pointer_dereference.74] dereference failure: pointer outside object bounds in *slavePtr: SUCCESS

[RecvBuf.overflow.6] arithmetic overflow on signed - in len - n: SUCCESS

[RecvBuf.overflow.7] pointer arithmetic overflow on + in ptr + n: SUCCESS

From: David Osborne [mailto:da...@qc...] 
Sent: 12 May 2017 18:19
To: nav...@li...
Subject: Re: [naviserver-devel] ns_proxy hang

Not sure if this helps you - it may be entirely expected behaviour, but I attached gbp to the nsproxy process and got a backtrace from the 2 test cases I mentioned, immediately after the "ns_proxy eval...".

In the case with no hang the nsproxy process is waiting in RecvBuf:

#0  0x00007ffff6593250 in __libc_readv (fd=6, vector=vector@entry=0x7fffffffe8a0, count=count@entry=2)

    at ../sysdeps/unix/sysv/linux/readv.c:54

#1  0x00007ffff7bd717f in RecvBuf (slavePtr=0x7fffffffe930, ms=-1, dsPtr=0x7fffffffe970) at nsproxylib.c:1319

#2  0x00007ffff7bd6391 in Ns_ProxyMain (argc=47, argv=0x7fffffffea50, init=0x7fffffffe970) at nsproxylib.c:578

#3  0x00007ffff64d3b45 in __libc_start_main (main=0x400730 <main>, argc=4, argv=0x7fffffffec48, init=<optimized out>, fini=<optimized out>,

    rtld_fini=<optimized out>, stack_end=0x7fffffffec38) at libc-start.c:287

#4  0x0000000000400765 in _start ()

The case which hangs, the nsproxy process is still waiting in SendBuf after the "ns_proxy eval..." ends:

#0  0x00007ffff65932f0 in __libc_writev (fd=7, vector=vector@entry=0x7fffffffe8b0, count=count@entry=2)

    at ../sysdeps/unix/sysv/linux/writev.c:54

#1  0x00007ffff7bd6fcc in SendBuf (slavePtr=0x7fffffffe930, ms=-1, dsPtr=<optimized out>) at nsproxylib.c:1245

#2  0x00007ffff7bd6365 in Ns_ProxyMain (argc=47, argv=0x7fffffffea50, init=0x7fffffffe970) at nsproxylib.c:613

#3  0x00007ffff64d3b45 in __libc_start_main (main=0x400730 <main>, argc=4, argv=0x7fffffffec48, init=<optimized out>, fini=<optimized out>,

    rtld_fini=<optimized out>, stack_end=0x7fffffffec38) at libc-start.c:287

#4  0x0000000000400765 in _start ()

On 10 May 2017 at 15:27, Gustaf Neumann <ne...@wu... <mailto:ne...@wu...> > wrote:

I'll look at it at the weekend - unless someone else can fix this before this.

-g
Am 10.05.17 um 16:00 schrieb David Osborne:

 Increasing waittimeout doesn't seem to have any effect on this problem. 

I have backtraces of all threads at the point of the hang here:

https://gist.github.com/davidqc/ebee38528b0a40a0b8d028981ad933e6

Thread 19 I think is the culprit:

Thread 19 (Thread 0x7fffaaffd700 (LWP 17652)):
#0  0x00007ffff6322b89 in __libc_waitpid (pid=pid@entry=17651, stat_loc=stat_loc@entry=0x7fffaaffcde4, options=options@entry=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:40
#1  0x00007ffff7b5aa4c in Ns_WaitForProcess (pid=17651, exitcodePtr=0x0) at exec.c:178
#2  0x00007ffff1b68615 in ReaperThread (UNUSED_arg=0x44f3) at nsproxylib.c:2935
#3  0x00007ffff74b886d in NsThreadMain (arg=<optimized out>) at thread.c:232
#4  0x00007ffff74b98a9 in ThreadMain (arg=<optimized out>) at pthread.c:830
#5  0x00007ffff5e500a4 in start_thread (arg=0x7fffaaffd700) at pthread_create.c:309
#6  0x00007ffff635162d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Re: [naviserver-devel] ns_proxy hang

NaviServer, a high performance web server written in C and Tcl

Re: [naviserver-devel] ns_proxy hang