View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003628 | GNUnet | util library | public | 2015-01-28 17:22 | 2018-06-07 00:25 |
Reporter | Bart Polot | Assigned To | ch3 | ||
Priority | normal | Severity | crash | Reproducibility | sometimes |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
Summary | 0003628: MQ_send calls GNUNET_CLIENT_notify_transmit_ready twice due to corrupted memory | ||||
Description | state->connection in connection_client_send_impl seems to be freed | ||||
Steps To Reproduce | run test_rps_multipeer | ||||
Additional Information | Program terminated with signal SIGABRT, Aborted. #0 0x00007fd6d34d4a97 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007fd6d34d4a97 in raise () from /usr/lib/libc.so.6 #1 0x00007fd6d34d5e6a in abort () from /usr/lib/libc.so.6 #2 0x00007fd6d5607b4e in GNUNET_abort () at common_logging.c:289 #3 0x00007fd6d5604cc2 in GNUNET_CLIENT_notify_transmit_ready (client=0x1433f00, size=16, timeout=..., auto_retry=0, notify=0x7fd6d56324e2 <connection_client_transmit_queued>, notify_cls=0x1413100) at client.c:1211 #4 0x00007fd6d56328de in connection_client_send_impl (mq=0x1413100, msg=0x13f0330, impl_state=0x1433fa0) at mq.c:655 #5 0x00007fd6d5631823 in GNUNET_MQ_send (mq=0x1413100, ev=0x13f0300) at mq.c:290 #6 0x00007fd6d586cfb1 in GNUNET_RPS_seed_ids (h=0x13e1920, n=0, ids=0x6024c0 <rps_peer_ids>) at rps_api.c:272 #7 0x00000000004011b5 in seed_peers (cls=0x602480 <rps_peers+64>, tc=0x7fff6affab00) at test_rps_multipeer.c:146 #8 0x00007fd6d564153e in run_ready (rs=0x139a780, ws=0x139a810) at scheduler.c:587 #9 0x00007fd6d5641dc2 in GNUNET_SCHEDULER_run (task=0x7fd6d563bce4 <program_main>, task_cls=0x7fff6affad90) at scheduler.c:816 #10 0x00007fd6d563c866 in GNUNET_PROGRAM_run2 (argc=3, argv=0x7fff6affaf30, binaryName=0x40189d "test-rps-multipeer", binaryHelp=0x7fd6d53eabc9 "nohelp", options=0x7fff6affaef0, task=0x7fd6d53e2280 <run>, task_cls=0x1399740, run_without_scheduler=0) at program.c:286 #11 0x00007fd6d563c9bd in GNUNET_PROGRAM_run (argc=3, argv=0x7fff6affaf30, binaryName=0x40189d "test-rps-multipeer", binaryHelp=0x7fd6d53eabc9 "nohelp", options=0x7fff6affaef0, task=0x7fd6d53e2280 <run>, task_cls=0x1399740) at program.c:325 #12 0x00007fd6d53e257d in GNUNET_TESTBED_test_run (testname=0x40189d "test-rps-multipeer", cfg_filename=0x40188f "test_rps.conf", num_peers=5, event_mask=0, cc=0x0, cc_cls=0x0, test_master=0x401537 <run>, test_master_cls=0x0) at testbed_api_test.c:151 #13 0x0000000000401748 in main (argc=1, argv=0x7fff6affb088) at test_rps_multipeer.c:307 (gdb) up 4 #4 0x00007fd6d56328de in connection_client_send_impl (mq=0x1413100, msg=0x13f0330, impl_state=0x1433fa0) at mq.c:655 655 GNUNET_CLIENT_notify_transmit_ready (state->connection, ntohs (msg->size), (gdb) p *state $1 = {receive_active = 1, receive_requested = 1, connection = 0x1433f00, th = 0x0} (gdb) p *state->connection $2 = {connection = 0x1433d80, cfg = 0xdf0adba0df0adba, service_name = 0xdf0adba0df0adba <error: Cannot access memory at address 0xdf0adba0df0adba>, tag = 0xdf0adba0df0adba, receiver_handler = 0xdf0adba0df0adba, receiver_handler_cls = 0xdf0adba0df0adba, th = 0xdf0adba0df0adba, receive_task = 0xdf0adba0df0adba, received_buf = 0xdf0adba0df0adba <error: Cannot access memory at address 0xdf0adba0df0adba>, receive_timeout = { abs_value_us = 1004493731513019834}, back_off = {rel_value_us = 1004493731513019834}, received_pos = 1004493731513019834, received_size = 233876922, msg_complete = 233876922, in_receive = 233876922, first_message = 233876922, attempts = 233876922} (gdb) p/x *state->connection $3 = {connection = 0x1433d80, cfg = 0xdf0adba0df0adba, service_name = 0xdf0adba0df0adba, tag = 0xdf0adba0df0adba, receiver_handler = 0xdf0adba0df0adba, receiver_handler_cls = 0xdf0adba0df0adba, th = 0xdf0adba0df0adba, receive_task = 0xdf0adba0df0adba, received_buf = 0xdf0adba0df0adba, receive_timeout = { abs_value_us = 0xdf0adba0df0adba}, back_off = {rel_value_us = 0xdf0adba0df0adba}, received_pos = 0xdf0adba0df0adba, received_size = 0xdf0adba, msg_complete = 0xdf0adba, in_receive = 0xdf0adba, first_message = 0xdf0adba, attempts = 0xdf0adba} (gdb) up 1 #5 0x00007fd6d5631823 in GNUNET_MQ_send (mq=0x1413100, ev=0x13f0300) at mq.c:290 290 mq->send_impl (mq, ev->mh, mq->impl_state); (gdb) p *mq $4 = {handlers = 0x7fd6d5a6d1c0 <mq_handlers>, handlers_cls = 0x13e1920, send_impl = 0x7fd6d5632739 <connection_client_send_impl>, destroy_impl = 0x7fd6d563270f <connection_client_destroy_impl>, cancel_impl = 0x7fd6d5632996 <connection_client_cancel_impl>, impl_state = 0x1433fa0, error_handler = 0x7fd6d586cc94 <mq_error_handler>, envelope_head = 0x0, envelope_tail = 0x0, current_envelope = 0x13f0300, assoc_map = 0x0, continue_task = 0x0, assoc_id = 0} (gdb) p *mq->impl_state Attempt to dereference a generic pointer. (gdb) p *ev $5 = {next = 0x0, prev = 0x0, mh = 0x13f0330, parent_queue = 0x1413100, sent_cb = 0x0, sent_cls = 0x0} (gdb) p *ev->parent_queue $6 = {handlers = 0x7fd6d5a6d1c0 <mq_handlers>, handlers_cls = 0x13e1920, send_impl = 0x7fd6d5632739 <connection_client_send_impl>, destroy_impl = 0x7fd6d563270f <connection_client_destroy_impl>, cancel_impl = 0x7fd6d5632996 <connection_client_cancel_impl>, impl_state = 0x1433fa0, error_handler = 0x7fd6d586cc94 <mq_error_handler>, envelope_head = 0x0, envelope_tail = 0x0, current_envelope = 0x13f0300, assoc_map = 0x0, continue_task = 0x0, assoc_id = 0} (gdb) | ||||
Tags | No tags attached. | ||||
|
Discussed in private email. Currently RPS ignores the error callback for the message queue, which may thus be in an error state when 'send' is called next. We'll investigate this further when Julius' pending changes for the RPS API are committed (which might make the problem go away or not). |
|
Reported to be gone with changes to RPS code. |
Date Modified | Username | Field | Change |
---|---|---|---|
2015-01-28 17:22 | Bart Polot | New Issue | |
2015-01-28 17:22 | Bart Polot | Status | new => assigned |
2015-01-28 17:22 | Bart Polot | Assigned To | => Florian Dold |
2015-03-07 23:38 | Florian Dold | Note Added: 0008992 | |
2015-03-07 23:38 | Florian Dold | Status | assigned => feedback |
2015-03-20 21:15 | Christian Grothoff | Note Added: 0009027 | |
2015-03-20 21:15 | Christian Grothoff | Status | feedback => resolved |
2015-03-20 21:15 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
2015-03-20 21:15 | Christian Grothoff | Resolution | open => fixed |
2015-03-20 21:15 | Christian Grothoff | Assigned To | Florian Dold => ch3 |
2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |