View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003582 | GNUnet | set service | public | 2014-12-18 21:21 | 2018-06-07 00:25 |
| Reporter | amatus | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | crash | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0003582: free(): corrupted unsorted chunks | ||||
| Description | On my peer running rev 34682 I turned on core dumps and after about 40 minutes I got a core dump from gnunet-service-set. I don't have the console output just the backtrace below. | ||||
| Additional Information | (gdb) bt f #0 0xb77d1424 in __kernel_vsyscall () No symbol table info available. #1 0xb757e307 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = <optimized out> resultvar = <optimized out> pid = -1217433600 selftid = 16015 #2 0xb757f9c3 in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0xb77c934c, sa_sigaction = 0xb77c934c}, sa_mask = {__val = {3219850072, 3078326675, 3219850104, 48279962, 3077977184, 3078326637, 3077989952, 3078394700, 3219850072, 3078046669, 56, 3078350080, 1289, 3078251432, 0, 0, 1, 3078394700, 140431464, 3078394700, 3219850152, 3078259885, 3, 4294967295, 4294967295, 3078259227, 0, 3078561792, 4294967295, 0, 3, 4096}}, sa_flags = -1218226392, sa_restorer = 0x1000} sigs = {__val = {32, 0 <repeats 31 times>}} #3 0xb75bcf08 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0xb76b2e3c "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 ap = <optimized out> fd = 2 on_2 = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #4 0xb75c2f7a in malloc_printerr (action=<optimized out>, str=0xb76b2f94 "free(): corrupted unsorted chunks", ptr=0x85d95c8) at malloc.c:4996 buf = "085d95c8" cp = <optimized out> #5 0xb75c3bcd in _int_free (av=0xb76f7420 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:3840 size = <optimized out> fb = <optimized out> nextchunk = <optimized out> nextsize = <optimized out> nextinuse = <optimized out> prevsize = <optimized out> bck = <optimized out> fwd = <optimized out> errstr = <optimized out> locked = <optimized out> __func__ = "_int_free" #6 0xb77748dc in GNUNET_xfree_ (ptr=0x85d95c8, filename=0xb7754e60 "cadet_api.c", linenumber=1388) at common_allocation.c:239 __FUNCTION__ = "GNUNET_xfree_" #7 0xb77529f7 in send_callback (cls=0x85b9bd0, size=33292, buf=0x8606868) at cadet_api.c:1388 h = 0x85b9bd0 th = 0x85d95c8 next = 0x85d95c8 ch = 0x0 cbuf = 0x8606868 "" tsize = 0 psize = 48 nsize = 48 __FUNCTION__ = "send_callback" #8 0xb777289a in client_notify (cls=0x85ca5f8, size=33292, buf=0x8606868) at client.c:1168 th = 0x85ca5f8 client = 0x85b9ea0 ret = 3077909314 delay = {rel_value_us = 602249388293958704} __FUNCTION__ = "client_notify" #9 0xb777d719 in process_notify (connection=0x85b9e20) at connection.c:1205 used = 0 avail = 33292 size = 48 notify = 0xb77724b4 <client_notify> __FUNCTION__ = "process_notify" #10 0xb777de61 in transmit_ready (cls=0x85b9e20, tc=0xbfeb0820) at connection.c:1336 connection = 0x85b9e20 notify = 0x85ba138 ret = -707918583 have = 330368 __FUNCTION__ = "transmit_ready" #11 0xb77a6cfc in run_ready (rs=0x85c8ad0, ws=0x85c8b58) at scheduler.c:595 p = GNUNET_SCHEDULER_PRIORITY_DEFAULT pos = 0x85d2fc0 tc = { reason = (GNUNET_SCHEDULER_REASON_WRITE_READY | GNUNET_SCHEDULER_REASON_PREREQ_DONE), read_ready = 0x85c8ad0, write_ready = 0x85c8b58} __FUNCTION__ = "run_ready" #12 0xb77a750f in GNUNET_SCHEDULER_run (task=0xb77b192e <service_task>, task_cls=0xbfeb0a3c) at scheduler.c:817 rs = 0x85c8ad0 ws = 0x85c8b58 timeout = {rel_value_us = 18446744073709551615} ret = 1 shc_int = 0x85c8bf0 shc_term = 0x85b9798 shc_quit = 0x85b98d8 shc_hup = 0x85b9978 shc_pipe = 0x85b9838 last_tr = 149 busy_wait_warning = 0 pr = 0x85b9778 c = 0 '\000' __FUNCTION__ = "GNUNET_SCHEDULER_run" #13 0xb77b34cd in GNUNET_SERVICE_run (argc=3, argv=0xbfeb0c34, service_name=0x8053ccc "set", options=GNUNET_SERVICE_OPTION_NONE, task=0x804d418 <run>, task_cls=0x0) at service.c:1498 err = 0 ret = 3 cfg_fn = 0x85b9658 "~/.config/gnunet.conf" opt_cfg_fn = 0x85b9718 "/home/gnunet/.config/gnunet.conf" loglev = 0x0 logfile = 0x0 do_daemonize = 0 i = 0 skew_offset = 13219622264547590176 skew_variance = 9702331121665 clock_offset = 577975985625565972 sctx = {cfg = 0x85b9678, server = 0x85b9ae8, addrs = 0x0, service_name = 0x8053ccc "set", task = 0x804d418 <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x85c8a50, v6_allowed = 0x85c8a78, my_handlers = 0x85c8968, addrlens = 0x0, lsocks = 0x85b9788, shutdown_task = 4, timeout = {rel_value_us = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE} cfg = 0x85b9678 xdg = 0x0 service_options = {{shortName = 99 'c', name = 0xb77bf419 "config", argumentHelp = 0xb77bf420 "FILENAME", description = 0xb77bf42c "use configuration file FILENAME", require_argument = 1, processor = 0xb7796330 <GNUNET_GETOPT_set_string>, scls = 0xbfeb0ab8}, {shortName = 100 'd', name = 0xb77bf44c "daemonize", argumentHelp = 0x0, description = 0xb77bf458 "do daemonize (detach from terminal)", require_argument = 0, processor = 0xb7796314 <GNUNET_GETOPT_set_one>, scls = 0xbfeb0aac}, {shortName = 104 'h', name = 0xb77bf47c "help", argumentHelp = 0x0, description = 0xb77bf481 "print this help", require_argument = 0, processor = 0xb7795e7c <GNUNET_GETOPT_format_help_>, scls = 0x0}, { shortName = 76 'L', name = 0xb77bf491 "log", argumentHelp = 0xb77bf495 "LOGLEVEL", description = 0xb77bf4a0 "configure logging to use LOGLEVEL", require_argument = 1, processor = 0xb7796330 <GNUNET_GETOPT_set_string>, scls = 0xbfeb0ab4}, {shortName = 108 'l', name = 0xb77bf4c2 "logfile", argumentHelp = 0xb77bf4ca "LOGFILE", description = 0xb77bf4d4 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0xb7796330 <GNUNET_GETOPT_set_string>, scls = 0xbfeb0ab0}, {shortName = 118 'v', name = 0xb77bf4ff "version", argumentHelp = 0x0, description = 0xb77bf507 "print the version number", require_argument = 0, processor = 0xb7795e3f <GNUNET_GETOPT_print_version_>, scls = 0xb77bf520}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}} __FUNCTION__ = "GNUNET_SERVICE_run" #14 0x0804d54d in main (argc=3, argv=0xbfeb0c34) at gnunet-service-set.c:1548 ret = -1218964579 | ||||
| Tags | No tags attached. | ||||
|
|
Would be nice to have this one with valgrind, there's nothing obvious on that line. |
|
|
Running under valgrind I got this: ==16610== Invalid write of size 4 ==16610== at 0x804A7AE: incoming_destroy (gnunet-service-set.c:496) ==16610== by 0x804CF99: incoming_timeout_cb (gnunet-service-set.c:1286) ==16610== by 0x407ACFB: run_ready (scheduler.c:595) ==16610== by 0x407B50E: GNUNET_SCHEDULER_run (scheduler.c:817) ==16610== by 0x40874CC: GNUNET_SERVICE_run (service.c:1498) ==16610== by 0x804D54C: main (gnunet-service-set.c:1548) ==16610== Address 0x4765f34 is 4 bytes inside a block of size 84 free'd ==16610== at 0x402A3A8: free (vg_replace_malloc.c:473) ==16610== by 0x40488DB: GNUNET_xfree_ (common_allocation.c:239) ==16610== by 0x804D3B1: channel_end_cb (gnunet-service-set.c:1403) ==16610== by 0x40AC9CC: destroy_channel (cadet_api.c:481) ==16610== by 0x40AF921: GNUNET_CADET_channel_destroy (cadet_api.c:1670) ==16610== by 0x804A7A7: incoming_destroy (gnunet-service-set.c:495) ==16610== by 0x804CF99: incoming_timeout_cb (gnunet-service-set.c:1286) ==16610== by 0x407ACFB: run_ready (scheduler.c:595) ==16610== by 0x407B50E: GNUNET_SCHEDULER_run (scheduler.c:817) ==16610== by 0x40874CC: GNUNET_SERVICE_run (service.c:1498) ==16610== by 0x804D54C: main (gnunet-service-set.c:1548) ==16610== It hasn't crashed yet so this might be a different bug or just take a long time to effect the crash. |
|
|
Yes, I fixed that one earlier today. Are you running SVN HEAD? ;-) |
|
|
Update: I've still been unable to reproduce this. |
|
|
I haven't reproduced it on the latest code either. It's probably fixed. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-12-18 21:21 | amatus | New Issue | |
| 2014-12-18 21:21 | amatus | Status | new => assigned |
| 2014-12-18 21:21 | amatus | Assigned To | => Florian Dold |
| 2014-12-19 09:12 | Christian Grothoff | Assigned To | Florian Dold => Christian Grothoff |
| 2014-12-19 09:12 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2014-12-19 09:19 | Christian Grothoff | Note Added: 0008708 | |
| 2014-12-19 23:12 | amatus | Note Added: 0008712 | |
| 2014-12-19 23:13 | Christian Grothoff | Note Added: 0008713 | |
| 2014-12-23 23:17 | Christian Grothoff | Note Added: 0008725 | |
| 2014-12-24 01:08 | amatus | Note Added: 0008732 | |
| 2015-01-03 15:38 | Christian Grothoff | Status | assigned => resolved |
| 2015-01-03 15:38 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2015-01-03 15:38 | Christian Grothoff | Resolution | open => fixed |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
