View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003531 | GNUnet | cadet service | public | 2014-08-21 04:47 | 2018-06-07 00:25 |
| Reporter | amatus | Assigned To | Bart Polot | ||
| Priority | normal | Severity | crash | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0003531: segfault in get_prev_hop | ||||
| Description | I'm running rev 34155 and cadet has crashed twice when a gnunet-web peer has connected. Luckily the 2nd time I had it running under valgrind. | ||||
| Additional Information | valgrind log: ==1072== Invalid read of size 4 ==1072== at 0x8054C78: get_prev_hop (gnunet-service-cadet_connection.c:716) ==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2 842) ==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340) ==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi hashmap.c:340) ==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444) ==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1072== by 0x40566EC: receive_task (client.c:595) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== Address 0x66240f4 is 12 bytes inside a block of size 28 free'd ==1072== at 0x4029D28: free (vg_replace_malloc.c:468) ==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1072== by 0x8070A18: path_destroy (cadet_path.c:181) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== ==1072== Invalid read of size 4 ==1072== at 0x8054BEF: get_prev_hop (gnunet-service-cadet_connection.c:719) ==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2 842) ==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340) ==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi hashmap.c:340) ==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444) ==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1072== by 0x40566EC: receive_task (client.c:595) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== Address 0x66240f0 is 8 bytes inside a block of size 28 free'd ==1072== at 0x4029D28: free (vg_replace_malloc.c:468) ==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1072== by 0x8070A18: path_destroy (cadet_path.c:181) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== ==1072== Invalid read of size 4 ==1072== at 0x8054BF2: get_prev_hop (gnunet-service-cadet_connection.c:719) ==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2 842) ==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340) ==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi hashmap.c:340) ==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444) ==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1072== by 0x40566EC: receive_task (client.c:595) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== Address 0xdf0adba is not stack'd, malloc'd or (recently) free'd ==1072== ==1072== ==1072== Process terminating with default action of signal 11 (SIGSEGV) ==1072== Access not within mapped region at address 0xDF0ADBA ==1072== at 0x8054BF2: get_prev_hop (gnunet-service-cadet_connection.c:719) ==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2 842) ==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340) ==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi hashmap.c:340) ==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444) ==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1072== by 0x40566EC: receive_task (client.c:595) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) ==1072== If you believe this happened as a result of a stack ==1072== overflow in your program's main thread (unlikely but ==1072== possible), you can try to increase the size of the ==1072== main thread stack using the --main-stacksize= flag. ==1072== The main thread stack size used in this run was 8388608. ==1072== ==1072== HEAP SUMMARY: ==1072== in use at exit: 298,819 bytes in 2,522 blocks ==1072== total heap usage: 106,365,072 allocs, 106,362,550 frees, 3,387,256,49 8 bytes allocated ==1072== ==1072== LEAK SUMMARY: ==1072== definitely lost: 55,964 bytes in 287 blocks ==1072== indirectly lost: 104 bytes in 5 blocks ==1072== possibly lost: 0 bytes in 0 blocks ==1072== still reachable: 242,751 bytes in 2,230 blocks ==1072== suppressed: 0 bytes in 0 blocks ==1072== Rerun with --leak-check=full to see details of leaked memory ==1072== ==1072== For counts of detected and suppressed errors, rerun with: -v ==1072== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0) I think the last few messages from cadet where: Aug 20 21:25:11-396401 util-1072 DEBUG Received message of type 68 and size 40 f rom core service. Aug 20 21:25:11-396606 core-api-1072 DEBUG Processing message of type 68 and siz e 40 from core service Aug 20 21:25:11-396832 core-api-1072 DEBUG Received notification about disconnec t from `P00P'. Aug 20 21:25:11-397084 cadet-p2p-1072 INFO DISCONNECTED GN10 <= P00P Aug 20 21:25:11-397557 cadet-p2p-1072 DEBUG notifying XDSYV0X6 (->ES98) due to ES98 Aug 20 21:25:11-397813 cadet-con-1072 DEBUG notify broken on XDSYV0X6 (->ES98) due to ES98 disconnect Aug 20 21:25:11-508347 cadet-con-1072 DEBUG get prev hop XDSYV0X6 (->ES98) [0/2 33876922] But I might have messed up logging | ||||
| Tags | No tags attached. | ||||
| has duplicate | 0003498 | closed | Bart Polot | got core dump from cadet |
| has duplicate | 0003499 | closed | Bart Polot | got assertion failure in cadet (found core dump) in gnunet-service-cadet_peer.c:1968 |
|
|
Looks like this can also happen in get_next_hop: ==1277== Invalid read of size 4 ==1277== at 0x805BE8D: GCC_send_create (gnunet-service-cadet_connection.c:313 5) ==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection. c:939) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== Address 0x4f5b8cc is 12 bytes inside a block of size 28 free'd ==1277== at 0x4029D28: free (vg_replace_malloc.c:468) ==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1277== by 0x8070A18: path_destroy (cadet_path.c:181) ==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454) ==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1277== by 0x40566EC: receive_task (client.c:595) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== ==1277== Invalid read of size 4 ==1277== at 0x80549BA: get_next_hop (gnunet-service-cadet_connection.c:744) ==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145) ==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== Address 0x4f5b8cc is 12 bytes inside a block of size 28 free'd ==1277== at 0x4029D28: free (vg_replace_malloc.c:468) ==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1277== by 0x8070A18: path_destroy (cadet_path.c:181) ==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454) ==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1277== by 0x40566EC: receive_task (client.c:595) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== ==1277== Invalid read of size 4 ==1277== at 0x80549D0: get_next_hop (gnunet-service-cadet_connection.c:747) ==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145) ==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== Address 0x4f5b8c8 is 8 bytes inside a block of size 28 free'd ==1277== at 0x4029D28: free (vg_replace_malloc.c:468) ==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1277== by 0x8070A18: path_destroy (cadet_path.c:181) ==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454) ==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390) ==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890) ==1277== by 0x40566EC: receive_task (client.c:595) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== ==1277== Invalid read of size 4 ==1277== at 0x80549D3: get_next_hop (gnunet-service-cadet_connection.c:747) ==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145) ==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) ==1277== Address 0xdf0adbe is not stack'd, malloc'd or (recently) free'd ==1277== ==1277== ==1277== Process terminating with default action of signal 11 (SIGSEGV) ==1277== Access not within mapped region at address 0xDF0ADBE ==1277== at 0x80549D3: get_next_hop (gnunet-service-cadet_connection.c:747) ==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145) ==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939) ==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1277== by 0x804A725: main (gnunet-service-cadet.c:175) |
|
|
There is something weird in the first valgrind trace: ==1072== Address 0x66240f4 is 12 bytes inside a block of size 28 free'd ==1072== at 0x4029D28: free (vg_replace_malloc.c:468) ==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239) ==1072== by 0x8070A18: path_destroy (cadet_path.c:181) ==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595) ==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498) ==1072== by 0x804A725: main (gnunet-service-cadet.c:175) path_destroy is not even a task function, valgrind seems to have missed some intermediate functions there between GNUNET_SCHEDULER_run and path_destroy :( Do you compile GNUnet with -O0 (disable compiler optimizations)? |
|
|
Fixed in upcoming commit |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-08-21 04:47 | amatus | New Issue | |
| 2014-08-21 04:47 | amatus | Status | new => assigned |
| 2014-08-21 04:47 | amatus | Assigned To | => Bart Polot |
| 2014-08-27 19:33 | amatus | Note Added: 0008552 | |
| 2014-09-05 17:42 | Bart Polot | Note Added: 0008570 | |
| 2014-09-12 02:37 | Bart Polot | Note Added: 0008573 | |
| 2014-09-12 02:37 | Bart Polot | Status | assigned => resolved |
| 2014-09-12 02:37 | Bart Polot | Fixed in Version | => Git master |
| 2014-09-12 02:37 | Bart Polot | Resolution | open => fixed |
| 2014-09-12 02:39 | Bart Polot | Relationship added | has duplicate 0003498 |
| 2014-09-12 02:39 | Bart Polot | Relationship added | has duplicate 0003499 |
| 2014-09-12 17:38 | Christian Grothoff | Fixed in Version | Git master => 0.11.0pre66 |
| 2014-09-12 17:38 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
