Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libevent 2.1.12 infinite loop in transaction_id_pick #1310

Closed
NKTelnet opened this issue Jul 19, 2022 · 8 comments
Closed

libevent 2.1.12 infinite loop in transaction_id_pick #1310

NKTelnet opened this issue Jul 19, 2022 · 8 comments
Labels
type:q

Comments

@NKTelnet
Copy link

use eu-stack to check the stack:

TID 30798:
#0 0x0000556140baa1cf transaction_id_pick
#1 0x0000556140baea16 request_new
#2 0x0000556140bad4ac nameserver_send_probe
#3 0x0000556140ba700e nameserver_prod_callback
#4 0x0000556140b93c5d event_process_active_single_queue
#5 0x0000556140b94167 event_process_active
#6 0x0000556140b948ea event_base_loop
#7 0x0000556140b94203 event_base_dispatch
#8 0x00007f041a68c6df
#9 0x00007f041ad6b6db start_thread
#10 0x00007f0419d4971f __clone
TID 30798:
#0 0x0000556140ba6efb request_find_from_trans_id
#1 0x0000556140baa1ea transaction_id_pick
#2 0x0000556140baea16 request_new
#3 0x0000556140bad4ac nameserver_send_probe
#4 0x0000556140ba700e nameserver_prod_callback
#5 0x0000556140b93c5d event_process_active_single_queue
#6 0x0000556140b94167 event_process_active
#7 0x0000556140b948ea event_base_loop
#8 0x0000556140b94203 event_base_dispatch
#9 0x00007f041a68c6df
#10 0x00007f041ad6b6db start_thread
#11 0x00007f0419d4971f __clone
TID 30798:
#0 0x0000556140ba1f76 arc4_getbyte
#1 0x0000556140ba2095 arc4random_buf
#2 0x0000556140ba2297 ev_arc4random_buf
#3 0x0000556140ba22bd evutil_secure_rng_get_bytes
#4 0x0000556140baa1cb transaction_id_pick
#5 0x0000556140baea16 request_new
#6 0x0000556140bad4ac nameserver_send_probe
#7 0x0000556140ba700e nameserver_prod_callback
#8 0x0000556140b93c5d event_process_active_single_queue
#9 0x0000556140b94167 event_process_active
#10 0x0000556140b948ea event_base_loop
@azat
Copy link
Member

azat commented Jul 19, 2022

Hello!

Have you enabled multi-thread support for libevent?

evthread_use_pthreads()

Or

evthread_use_windows_threads()

If yes, can you please try one of the following to get more details?

  • compile libevent and your program with clang -fsanitize=address,undefined
  • compile libevent and your program with clang -fsanitize=thread,undefined

And something less preferable but easier:

  • run under valgrind --tool=memcheck
  • run under valgrind --tool=drd or valgrind --tool=helgrind

@azat azat added the type:q label Jul 19, 2022
@NKTelnet
Copy link
Author

Hello!

Have you enabled multi-thread support for libevent?

evthread_use_pthreads()

Or

evthread_use_windows_threads()

If yes, can you please try one of the following to get more details?

  • compile libevent and your program with clang -fsanitize=address,undefined
  • compile libevent and your program with clang -fsanitize=thread,undefined

And something less preferable but easier:

  • run under valgrind --tool=memcheck
  • run under valgrind --tool=drd or valgrind --tool=helgrind

Not about multi-thread. It seems arc4_getbyte always returns 6c

@NKTelnet
Copy link
Author

In another case, arc4_getbyte always returns 2c

@NKTelnet
Copy link
Author

0x55b4e26eef20 : 0x2c2ceb3a 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef30 <rs+16>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef40 <rs+32>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef50 <rs+48>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef60 <rs+64>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef70 <rs+80>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef80 <rs+96>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eef90 <rs+112>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eefa0 <rs+128>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eefb0 <rs+144>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eefc0 <rs+160>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eefd0 <rs+176>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eefe0 <rs+192>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26eeff0 <rs+208>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26ef000 <rs+224>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26ef010 <rs+240>: 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c 0x2c2c2c2c
0x55b4e26ef020 <rs+256>: 0x00002c2c 0x00005f45 0x0009eadf 0x00000000

@NKTelnet
Copy link
Author

0x55a725955f20 : 0x6c6cd8a2 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f30 <rs+16>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f40 <rs+32>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f50 <rs+48>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f60 <rs+64>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f70 <rs+80>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f80 <rs+96>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955f90 <rs+112>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955fa0 <rs+128>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955fb0 <rs+144>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955fc0 <rs+160>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955fd0 <rs+176>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955fe0 <rs+192>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725955ff0 <rs+208>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725956000 <rs+224>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725956010 <rs+240>: 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c 0x6c6c6c6c
0x55a725956020 <rs+256>: 0x00006c6c 0x00000983 0x0000a1e0 0x00000000

@azat
Copy link
Member

azat commented Jul 19, 2022

It should not look like this, seems that it has not been initialized, please verify this.

(gdb) x/256cx rs.s
0x5555556eae82 <rs+2>:  0x73    0x6c    0x5b    0x07    0x78    0x19    0x26    0xf6
0x5555556eae8a <rs+10>: 0x70    0x3c    0xfc    0x2c    0xbd    0xae    0xe3    0x48
0x5555556eae92 <rs+18>: 0xd8    0x97    0xe8    0xff    0xa9    0xdf    0xb5    0x81
0x5555556eae9a <rs+26>: 0x8e    0x02    0x45    0x7b    0x33    0x90    0xac    0x82
0x5555556eaea2 <rs+34>: 0x38    0x83    0xd9    0x91    0x7f    0x40    0x8c    0xbf
0x5555556eaeaa <rs+42>: 0x54    0x25    0xbe    0xb1    0x43    0xcf    0x2b    0x0b
0x5555556eaeb2 <rs+50>: 0x44    0xd0    0x5e    0x4b    0x98    0x27    0x4f    0xf1
0x5555556eaeba <rs+58>: 0x49    0x00    0xe7    0x23    0x3b    0xda    0x66    0xd2
0x5555556eaec2 <rs+66>: 0x94    0x08    0x57    0x5a    0xa0    0x03    0x74    0xbc
0x5555556eaeca <rs+74>: 0x71    0xce    0x2d    0x5c    0x64    0x75    0x51    0x16
0x5555556eaed2 <rs+82>: 0x41    0x14    0xc1    0x47    0xaf    0x77    0x69    0x1a
0x5555556eaeda <rs+90>: 0x12    0xc4    0xb4    0xa7    0x9d    0x11    0x8f    0x1b
0x5555556eaee2 <rs+98>: 0xe2    0xa8    0x9e    0x7d    0x59    0x1f    0x55    0x53
0x5555556eaeea <rs+106>:        0x61    0xa2    0xa6    0x4a    0xee    0x50    0x58    0x2a
0x5555556eaef2 <rs+114>:        0x4e    0x2e    0xef    0x63    0x24    0x0e    0x22    0x1e
0x5555556eaefa <rs+122>:        0xd5    0x9a    0x31    0x72    0x80    0xb2    0x52    0xf3
0x5555556eaf02 <rs+130>:        0xfd    0x92    0x37    0xc0    0x8a    0x9b    0x56    0x89
0x5555556eaf0a <rs+138>:        0xe5    0x20    0x86    0xed    0x18    0xad    0x6f    0x6a
0x5555556eaf12 <rs+146>:        0x68    0x0d    0x30    0xf5    0xd6    0xfe    0xe1    0x35
0x5555556eaf1a <rs+154>:        0xf8    0x0c    0x10    0x60    0x3a    0x7a    0xd1    0x7e
0x5555556eaf22 <rs+162>:        0x5f    0xd7    0xb9    0x21    0xdd    0xd4    0xc5    0x96
0x5555556eaf2a <rs+170>:        0x79    0xf7    0xdc    0x04    0x06    0xcb    0x32    0xcc
0x5555556eaf32 <rs+178>:        0xe9    0xc7    0x2f    0x4c    0x9c    0x62    0xa1    0x6b
0x5555556eaf3a <rs+186>:        0xca    0xa4    0xf0    0xb0    0xc2    0x1d    0x6d    0x76
0x5555556eaf42 <rs+194>:        0xea    0xe4    0xeb    0x17    0x46    0xb6    0xf4    0x05
0x5555556eaf4a <rs+202>:        0x88    0x4d    0xfa    0x39    0xde    0x9f    0xd3    0x34
0x5555556eaf52 <rs+210>:        0x84    0xab    0x3d    0x42    0x28    0x09    0x6e    0xc3
0x5555556eaf5a <rs+218>:        0xb3    0xec    0x85    0xdb    0x3f    0xc8    0xe0    0xe6
0x5555556eaf62 <rs+226>:        0x3e    0x65    0xc6    0x13    0x29    0x8d    0xb7    0xcd
0x5555556eaf6a <rs+234>:        0xb8    0x0f    0x87    0x7c    0xf9    0xbb    0xa5    0x1c
0x5555556eaf72 <rs+242>:        0xba    0x67    0x8b    0x5d    0x15    0x01    0xfb    0x99
0x5555556eaf7a <rs+250>:        0xa3    0xaa    0x0a    0xf2    0x93    0x95    0x36    0xc9

@NKTelnet
Copy link
Author

arc4random_buf(void *buf_, size_t n)
{
unsigned char *buf = buf_;
ARC4_LOCK_();
arc4_stir_if_needed();
while (n--) {
if (--arc4_count <= 0)
arc4_stir();
buf[n] = arc4_getbyte();
}
ARC4_UNLOCK_();
}

arc4_stir_if_needed will initialize rs

@NKTelnet
Copy link
Author

Hello!

Have you enabled multi-thread support for libevent?

evthread_use_pthreads()

Or

evthread_use_windows_threads()

If yes, can you please try one of the following to get more details?

  • compile libevent and your program with clang -fsanitize=address,undefined
  • compile libevent and your program with clang -fsanitize=thread,undefined

And something less preferable but easier:

  • run under valgrind --tool=memcheck
  • run under valgrind --tool=drd or valgrind --tool=helgrind

Hi Azat, I think you are right. We used multi-thread, but every thread will have its own event loop, so I think we do not need evthread_use_pthreads(). But rs in libevent is a global variable, if several threads write it at the same time, it will be corrupted. I will close this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:q
Milestone
No milestone
Development

No branches or pull requests
2 participants
@azat @NKTelnet