Re: haproxy 1.5-dev24: 100% CPU Load or Core Dumped

Thu, 08 May 2014 04:47:21 -0700 

On Thu, May 08, 2014 at 12:47:06PM +0200, John-Paul Bader wrote:
> Ok after about roughly another 2 hours the next core dump happened - 
> this time with the nokqueue option set.
> 
> The coredump looks very similar and now crashes with ev_poll instead of 
> ev_kqueue:

Indeed it's exactly the same.

> (gdb) bt full
> #0  kill_mini_session (s=0x80337f800) at src/session.c:299
>       level = 6
>       conn = (struct connection *) 0x0
>       err_msg = <value optimized out>
> #1  0x0000000000463928 in conn_session_complete (conn=0x802e29480) at 
> src/session.c:355
>       s = (struct session *) 0x80337f800
> #2  0x0000000000432769 in conn_fd_handler (fd=<value optimized out>) at 
> src/connection.c:88
>       conn = <value optimized out>
>       flags = 41997063

That's 0x0280d307 :

  - {SOCK,DATA,CURR}_RD_ENA=1       => it's a handshake, waiting for reading
  - {SOCK,DATA,CURR}_WR_ENA=0       => no need for writing
  - CTRL_READY=1                    => FD is still allocated
  - XPRT_READY=1                    => transport layer is initialized
  - ADDR_FROM_SET=1, ADDR_TO_SET=0  => clearly it's a frontend connection
  - INIT_DATA=1, WAKE_DATA=1        => processing a handshake (ssl I guess)
  - {DATA,SOCK}_{RD,WR}_SH=0        => no shutdown
  - ERROR=0, CONNECTED=0            => handshake not completed yet
  - WAIT_L4_CONN=0                  => normal
  - WAIT_L6_CONN=1                  => waiting for an L6 handshake to complete
  - SSL_WAIT_HS=1                   => the pending handshake is an SSL handshake

So at least what we know is that it receives an SSL handshake, and that
it dies while processing it and before any error is reported on the
connection. I'll recheck the error path there in case I find anything.

> #3  0x00000000004127db in fd_process_polled_events (fd=<value optimized 
> out>) at src/fd.c:271
>       new_updt = <value optimized out>
>       old_updt = 1
> #4  0x000000000046e8cc in _do_poll (p=<value optimized out>, 
> exp=-613693376) at src/ev_poll.c:167
>       e = <value optimized out>
>       status = 0
>       fd = 53999616

This is 0x0337f800 which is the lower part of the session pointer. So
either gdb is confused by the stack frame or it was corrupted.

All that is extremely informative. I'll audit the relevant code paths
and I might ask you to test with a patch.

Thanks John,
Willy

Reply via email to