View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005367 | GNUnet | rps service | public | 2018-06-27 14:55 | 2021-08-09 08:27 |
Reporter | ch3 | Assigned To | ch3 | ||
Priority | normal | Severity | crash | Reproducibility | random |
Status | closed | Resolution | unable to reproduce | ||
OS | archlinux | OS Version | 2018-06-27 | ||
Product Version | 0.11.0pre66 | ||||
Target Version | 0.15.0 | Fixed in Version | 0.15.0 | ||
Summary | 0005367: SIGSEGV after GNUNET_CADET_channel_destroy() | ||||
Description | SIGSEGV after GNUNET_CADET_channel_destroy() | ||||
Steps To Reproduce | Sometimes on running the rps tests (make check in src/rps) services crash with a SIGSEGV. | ||||
Additional Information | Valgrind output: ==5381== Memcheck, a memory error detector ==5381== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==5381== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==5381== Command: /home/gnunet/prefix_gn/lib//gnunet/libexec/gnunet-service-rps -c /tmp/testbedPwYbVp/4/config ==5381== Parent PID: 5363 ==5381== ==5381== Invalid read of size 8 ==5381== at 0x5066FAB: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:242) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== by 0x52CD752: cadet_mq_error_handler (cadet_api.c:566) ==5381== by 0x50889EC: GNUNET_MQ_inject_error (mq.c:293) ==5381== by 0x508887A: GNUNET_MQ_inject_message (mq.c:258) ==5381== by 0x52CE0FF: handle_local_data (cadet_api.c:757) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== Address 0x7776050 is 16 bytes inside a block of size 24 free'd ==5381== at 0x4C2E10B: free (vg_replace_malloc.c:530) ==5381== by 0x5056602: GNUNET_xfree_ (common_allocation.c:337) ==5381== by 0x50670CB: GNUNET_CONTAINER_multihashmap32_remove (container_multihashmap32.c:288) ==5381== by 0x52CCE0C: destroy_channel (cadet_api.c:329) ==5381== by 0x52CF8CC: GNUNET_CADET_channel_destroy (cadet_api.c:1316) ==5381== by 0x113B6F: Peers_remove_peer (gnunet-service-rps.c:1296) ==5381== by 0x115952: remove_peer (gnunet-service-rps.c:2619) ==5381== by 0x11612C: cleanup_destroyed_channel (gnunet-service-rps.c:2741) ==5381== by 0x52CCEFC: destroy_channel (cadet_api.c:340) ==5381== by 0x52CD00F: destroy_channel_on_reconnect_cb (cadet_api.c:394) ==5381== by 0x5066FD4: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== Block was alloc'd at ==5381== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299) ==5381== by 0x50562CF: GNUNET_xmalloc_unchecked_ (common_allocation.c:230) ==5381== by 0x5055C6B: GNUNET_xmalloc_ (common_allocation.c:73) ==5381== by 0x506752C: GNUNET_CONTAINER_multihashmap32_put (container_multihashmap32.c:488) ==5381== by 0x52CCC93: create_channel (cadet_api.c:301) ==5381== by 0x52CDA5B: handle_channel_created (cadet_api.c:640) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== ==5381== Invalid read of size 8 ==5381== at 0x5066FBE: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== by 0x52CD752: cadet_mq_error_handler (cadet_api.c:566) ==5381== by 0x50889EC: GNUNET_MQ_inject_error (mq.c:293) ==5381== by 0x508887A: GNUNET_MQ_inject_message (mq.c:258) ==5381== by 0x52CE0FF: handle_local_data (cadet_api.c:757) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== Address 0x7776048 is 8 bytes inside a block of size 24 free'd ==5381== at 0x4C2E10B: free (vg_replace_malloc.c:530) ==5381== by 0x5056602: GNUNET_xfree_ (common_allocation.c:337) ==5381== by 0x50670CB: GNUNET_CONTAINER_multihashmap32_remove (container_multihashmap32.c:288) ==5381== by 0x52CCE0C: destroy_channel (cadet_api.c:329) ==5381== by 0x52CF8CC: GNUNET_CADET_channel_destroy (cadet_api.c:1316) ==5381== by 0x113B6F: Peers_remove_peer (gnunet-service-rps.c:1296) ==5381== by 0x115952: remove_peer (gnunet-service-rps.c:2619) ==5381== by 0x11612C: cleanup_destroyed_channel (gnunet-service-rps.c:2741) ==5381== by 0x52CCEFC: destroy_channel (cadet_api.c:340) ==5381== by 0x52CD00F: destroy_channel_on_reconnect_cb (cadet_api.c:394) ==5381== by 0x5066FD4: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== Block was alloc'd at ==5381== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299) ==5381== by 0x50562CF: GNUNET_xmalloc_unchecked_ (common_allocation.c:230) ==5381== by 0x5055C6B: GNUNET_xmalloc_ (common_allocation.c:73) ==5381== by 0x506752C: GNUNET_CONTAINER_multihashmap32_put (container_multihashmap32.c:488) ==5381== by 0x52CCC93: create_channel (cadet_api.c:301) ==5381== by 0x52CDA5B: handle_channel_created (cadet_api.c:640) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== ==5381== Invalid read of size 4 ==5381== at 0x5066FC6: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== by 0x52CD752: cadet_mq_error_handler (cadet_api.c:566) ==5381== by 0x50889EC: GNUNET_MQ_inject_error (mq.c:293) ==5381== by 0x508887A: GNUNET_MQ_inject_message (mq.c:258) ==5381== by 0x52CE0FF: handle_local_data (cadet_api.c:757) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== Address 0x7776040 is 0 bytes inside a block of size 24 free'd ==5381== at 0x4C2E10B: free (vg_replace_malloc.c:530) ==5381== by 0x5056602: GNUNET_xfree_ (common_allocation.c:337) ==5381== by 0x50670CB: GNUNET_CONTAINER_multihashmap32_remove (container_multihashmap32.c:288) ==5381== by 0x52CCE0C: destroy_channel (cadet_api.c:329) ==5381== by 0x52CF8CC: GNUNET_CADET_channel_destroy (cadet_api.c:1316) ==5381== by 0x113B6F: Peers_remove_peer (gnunet-service-rps.c:1296) ==5381== by 0x115952: remove_peer (gnunet-service-rps.c:2619) ==5381== by 0x11612C: cleanup_destroyed_channel (gnunet-service-rps.c:2741) ==5381== by 0x52CCEFC: destroy_channel (cadet_api.c:340) ==5381== by 0x52CD00F: destroy_channel_on_reconnect_cb (cadet_api.c:394) ==5381== by 0x5066FD4: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== Block was alloc'd at ==5381== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299) ==5381== by 0x50562CF: GNUNET_xmalloc_unchecked_ (common_allocation.c:230) ==5381== by 0x5055C6B: GNUNET_xmalloc_ (common_allocation.c:73) ==5381== by 0x506752C: GNUNET_CONTAINER_multihashmap32_put (container_multihashmap32.c:488) ==5381== by 0x52CCC93: create_channel (cadet_api.c:301) ==5381== by 0x52CDA5B: handle_channel_created (cadet_api.c:640) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== by 0x505401C: receive_ready (client.c:421) ==5381== by 0x50A251E: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==5381== ==5381== Invalid read of size 8 ==5381== at 0x52CCD48: destroy_channel (cadet_api.c:323) ==5381== by 0x52CD00F: destroy_channel_on_reconnect_cb (cadet_api.c:394) ==5381== by 0x5066FD4: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== by 0x52CD752: cadet_mq_error_handler (cadet_api.c:566) ==5381== by 0x50889EC: GNUNET_MQ_inject_error (mq.c:293) ==5381== by 0x508887A: GNUNET_MQ_inject_message (mq.c:258) ==5381== by 0x52CE0FF: handle_local_data (cadet_api.c:757) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== Address 0xdf0adba0df0adda is not stack'd, malloc'd or (recently) free'd ==5381== ==5381== ==5381== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==5381== General Protection Fault ==5381== at 0x52CCD48: destroy_channel (cadet_api.c:323) ==5381== by 0x52CD00F: destroy_channel_on_reconnect_cb (cadet_api.c:394) ==5381== by 0x5066FD4: GNUNET_CONTAINER_multihashmap32_iterate (container_multihashmap32.c:245) ==5381== by 0x52CD051: schedule_reconnect (cadet_api.c:412) ==5381== by 0x52CD752: cadet_mq_error_handler (cadet_api.c:566) ==5381== by 0x50889EC: GNUNET_MQ_inject_error (mq.c:293) ==5381== by 0x508887A: GNUNET_MQ_inject_message (mq.c:258) ==5381== by 0x52CE0FF: handle_local_data (cadet_api.c:757) ==5381== by 0x50887D9: GNUNET_MQ_inject_message (mq.c:250) ==5381== by 0x5053AE7: recv_message (client.c:334) ==5381== by 0x5087C8D: GNUNET_MST_from_buffer (mst.c:232) ==5381== by 0x508853E: GNUNET_MST_read (mst.c:374) ==5381== ==5381== HEAP SUMMARY: ==5381== in use at exit: 71,700 bytes in 2,647 blocks ==5381== total heap usage: 23,212 allocs, 20,565 frees, 811,017 bytes allocated | ||||
Tags | No tags attached. | ||||
|
Problem is this sequence: ==5381== by 0x52CF8CC: GNUNET_CADET_channel_destroy (cadet_api.c:1316) ==5381== by 0x113B6F: Peers_remove_peer (gnunet-service-rps.c:1296) ==5381== by 0x115952: remove_peer (gnunet-service-rps.c:2619) ==5381== by 0x11612C: cleanup_destroyed_channel (gnunet-service-rps.c:2741) RPS must not call channel destroy on channel that CADET notified it about, and also not destroy _other_ channels during this task. |
|
Is this still not fixed? |
|
Presumably fixed in 0a7b0ca8e0d6a968a3b4fd495becbd44fa5ca458 |
|
Unclear which test fails. A lot of tests fail on my system. Propose to move to experimental as potentially broken and abandoned. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-06-27 14:55 | ch3 | New Issue | |
2018-06-27 14:55 | ch3 | Status | new => assigned |
2018-06-27 14:55 | ch3 | Assigned To | => Bart Polot |
2018-06-27 21:47 | Christian Grothoff | Relationship added | related to 0005370 |
2018-06-28 10:20 | Christian Grothoff | Note Added: 0013095 | |
2018-06-28 10:20 | Christian Grothoff | Assigned To | Bart Polot => ch3 |
2018-06-28 10:21 | Christian Grothoff | Category | cadet service => rps service |
2018-06-28 10:22 | Christian Grothoff | Relationship deleted | related to 0005370 |
2018-07-02 14:20 | ch3 | Relationship added | has duplicate 0005380 |
2019-02-14 10:41 | Christian Grothoff | Note Added: 0013743 | |
2020-04-23 08:39 | schanzen | Target Version | => 0.13.0 |
2020-04-23 10:52 | schanzen | Assigned To | ch3 => t3sserakt |
2020-05-15 09:42 | schanzen | Note Added: 0015893 | |
2020-05-15 09:57 | schanzen | Note Added: 0015894 | |
2020-05-15 09:57 | schanzen | Assigned To | t3sserakt => ch3 |
2020-05-15 09:57 | schanzen | Target Version | 0.13.0 => 0.14.0 |
2020-06-01 00:49 |
|
Issue cloned: 0006283 | |
2020-10-28 13:06 | schanzen | Target Version | 0.14.0 => 0.15.0 |
2021-03-29 21:36 | ch3 | Status | assigned => resolved |
2021-03-29 21:36 | ch3 | Resolution | open => unable to reproduce |
2021-04-05 12:43 | schanzen | Status | resolved => closed |
2021-04-05 12:43 | schanzen | Fixed in Version | => 0.14.1 |
2021-04-05 12:43 | schanzen | Target Version | 0.15.0 => 0.14.2 |
2021-06-10 19:37 | schanzen | Target Version | 0.14.2 => 0.15.0 |
2021-06-10 23:03 | schanzen | Status | closed => resolved |
2021-06-10 23:03 | schanzen | Fixed in Version | 0.14.1 => 0.15.0 |
2021-08-09 08:27 | schanzen | Status | resolved => closed |