View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001744GNUnettransport servicepublic2011-08-02 23:182011-09-19 10:45
ReporterLRN Assigned ToMatthias Wachs  
PrioritynormalSeverityminorReproducibilityrandom
Status closedResolutionfixed 
Product VersionGit master 
Summary0001744: Transport service randomly crashes
DescriptionTransport service randomly crashes
Steps To ReproduceIt's random. I'm not even sure which test is running when this happens - while the transport service hangs under gdb, the test successfully completes, and the next one start.
Additional InformationProgram received signal SIGSEGV, Segmentation fault.
0x77a715ee in ntdll!LdrQueryProcessModuleInformation () from %SYSTEM%\SysWOW64\ntdll.dll
(gdb) bt
#0 0x77a715ee in ntdll!LdrQueryProcessModuleInformation () from %SYSTEM%\SysWOW64\ntdll.dll
#1 0x77a715ee in ntdll!LdrQueryProcessModuleInformation () from %SYSTEM%\SysWOW64\ntdll.dll
#2 0x77a6015e in ntdll!LdrFindResource_U () from %SYSTEM%\SysWOW64\ntdll.dll
#3 0x0027f64c in ?? ()
#4 0x00401e0a in transmit_send_ok (client=0x27f64c, n=<optimized out>, target=<optimized out>, result=1) at gnunet-service-transport.c:1521
#5 0x0040a3ca in transmit_send_continuation (cls=0x495cc0, target=0x27fc68, result=1) at gnunet-service-transport.c:1625
#6 0x6eac2065 in udp_read (plugin=<optimized out>, rsock=<optimized out>) at plugin_transport_udp.c:903
#7 0x6eac2246 in udp_plugin_select (cls=0x46bf28, tc=0x28fd40) at plugin_transport_udp.c:987
#8 0x6249e7b6 in run_ready (ws=0x470e20, rs=0x470d08) at scheduler.c:659
#9 GNUNET_SCHEDULER_run (task=0x624a2088 <service_task>, task_cls=0x28fe68) at scheduler.c:836
#10 0x624a3b27 in GNUNET_SERVICE_run (argc=3, argv=0x469fc0, serviceName=0x40ed13 "transport", opt=GNUNET_SERVICE_OPTION_NONE, task=0x405954 <run>, task_cls=0x0) at service.c:1639
#11 0x0040b5f7 in main (argc=3, argv=0x469fc0) at gnunet-service-transport.c:6760
(gdb) p/x (DWORD[4])*(DWORD*)0x0027f64c
$1 = {0xc0000005, 0x0, 0x0, 0x401c36}
(gdb) l *((DWORD*)0x0027f64c)[3]
0x401c36 is in transmit_to_client (gnunet-service-transport.c:1480).
1475 }
1476 msize = ntohs (msg->size);
1477 GNUNET_assert (msize >= sizeof (struct GNUNET_MessageHeader));
1478 q = GNUNET_malloc (sizeof (struct ClientMessageQueueEntry) + msize);
1479 memcpy (&q[1], msg, msize);
1480 GNUNET_CONTAINER_DLL_insert_tail (client->message_queue_head,
1481 client->message_queue_tail,
1482 q);
1483 client->message_count++;
1484 if (client->th == NULL)
(gdb)
TagsNo tags attached.
Attached Files
udp_crash_001.tar.xz (698,008 bytes)
udp_crash_002.tar.xz (856,948 bytes)

Activities

LRN

2011-08-03 09:19

reporter   ~0004542

Caught this again. p'ed client (from the frame higher on the stack) and found out that client->message_queue_head is NULL.
I also have relatively verbose debug logs from that session, attached as udp_crash_001.tar.xz

Matthias Wachs

2011-08-05 11:09

reporter   ~0004548

udp_crash_001.tar.xz : contains no crash
udp_crash_002.tar.xz : contains crash

Matthias Wachs

2011-08-22 13:50

reporter   ~0004557

Last edited: 2011-08-22 13:52

 Assumption:

Race condition between transmit_ready and transport_disconnect:
- Crash occurs if transport_disconnect is called and the transmit_ready calls back
Memory is already freed in that case...

Added a testcase to check for this behaviour: test_transport_api_disconnect

Christian Grothoff

2011-09-14 13:13

manager   ~0004570

This was against the old code, no longer relevant, there was a rather comprehensive rewrite.

Issue History

Date Modified Username Field Change
2011-08-02 23:18 LRN New Issue
2011-08-02 23:18 LRN Status new => assigned
2011-08-02 23:18 LRN Assigned To => Matthias Wachs
2011-08-03 09:18 LRN File Added: udp_crash_001.tar.xz
2011-08-03 09:19 LRN Note Added: 0004542
2011-08-03 11:08 LRN File Added: udp_crash_002.tar.xz
2011-08-05 11:09 Matthias Wachs Note Added: 0004548
2011-08-22 13:50 Matthias Wachs Note Added: 0004557
2011-08-22 13:50 Matthias Wachs Note Edited: 0004557
2011-08-22 13:52 Matthias Wachs Note Edited: 0004557
2011-08-22 14:04 Matthias Wachs Status assigned => feedback
2011-09-14 13:13 Christian Grothoff Note Added: 0004570
2011-09-14 13:13 Christian Grothoff Status feedback => closed
2011-09-14 13:13 Christian Grothoff Resolution open => fixed
2011-09-14 13:13 Christian Grothoff Fixed in Version => Git master
2011-09-19 10:45 Christian Grothoff Fixed in Version Git master => 0.9.0pre3
2011-09-19 10:45 Christian Grothoff Target Version => 0.9.0pre3