View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001897 | GNUnet | transport service | public | 2011-11-11 15:37 | 2011-11-30 18:38 |
| Reporter | LRN | Assigned To | Matthias Wachs | ||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Target Version | 0.9.0 | ||||
| Summary | 0001897: Transport service crash | ||||
| Description | r18104 crashinfo5 contains the copy of the backtrace. mq->n is a bad pointer (points outside of the process address space). | ||||
| Additional Information | Attaching to process 5560 [New Thread 5560.0x246c] [New Thread 5560.0x18bc] [New Thread 5560.0x2b10] [New Thread 5560.0x2f6c] [New Thread 5560.0x584] Reading symbols from d:\progs\gnunet\bin\gnunet-service-transport.exe...done. [Switching to Thread 5560.0x584] Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 5560.0x246c] 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll [Switching to thread 1 (Thread 5560.0x246c)] #0 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll #0 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll #1 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll #2 0x7724015e in ntdll!LdrFindResource_U () from E:\Windows\SysWOW64\ntdll.dll #3 0x0028f69c in ?? () #4 0x00408ad0 in _fu308__skip_log () at gnunet-service-transport_neighbours.c:719 #5 0x00409130 in _fu329__skip_log () at gnunet-service-transport_neighbours.c:773 #6 0x624b3b9b in run_ready (rs=0x1d6c558, ws=0x1d6c670) at scheduler.c:684 #7 0x624b42e3 in GNUNET_SCHEDULER_run (task=0x624be19c <service_task>, task_cls=0x28fe28) at scheduler.c:864 #8 0x624bee80 in GNUNET_SERVICE_run (argc=3, argv=0x1d6a258, serviceName=0x414293 "transport", opt=GNUNET_SERVICE_OPTION_NONE, task=0x4020e3 <run>, task_cls=0x0) at service.c:1584 #9 0x00402450 in main (argc=3, argv=0x1d6a258) at gnunet-service-transport.c:563 (gdb) up 4 #4 0x00408ad0 in _fu308__skip_log () at gnunet-service-transport_neighbours.c:719 719 transmit_send_continuation (mq, &n->id, GNUNET_SYSERR); (gdb) l *((DWORD*)0x0028f69c)[3] 0x408408 is in transmit_send_continuation (gnunet-service-transport_neighbours.c:659). 654 655 mq = cls; 656 n = mq->n; 657 if (NULL != n) 658 { 659 GNUNET_assert (n->is_active == mq); 660 n->is_active = NULL; 661 if (success == GNUNET_YES) 662 { 663 GNUNET_assert (n->transmission_task == GNUNET_SCHEDULER_NO_TASK); (gdb) p *mq $2 = {next = 0x1d9a8a0, prev = 0x1d8f7d0, n = 0x6d01f807, cont = 0x2000000, cont_cls = 0x5d2b469e, message_buf = 0x500e29e <Address 0x500e29e out of bounds>, message_buf_size = 2246434476, timeout = {abs_value = 17342399695440963328}} | ||||
| Tags | No tags attached. | ||||
| Attached Files | crashinfo5.txt (2,374 bytes)
Attaching to process 5560
[New Thread 5560.0x246c]
[New Thread 5560.0x18bc]
[New Thread 5560.0x2b10]
[New Thread 5560.0x2f6c]
[New Thread 5560.0x584]
Reading symbols from d:\progs\gnunet\bin\gnunet-service-transport.exe...done.
[Switching to Thread 5560.0x584]
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 5560.0x246c]
0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll
[Switching to thread 1 (Thread 5560.0x246c)]
#0 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll
#0 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll
#1 0x772515ee in ntdll!LdrQueryProcessModuleInformation () from E:\Windows\SysWOW64\ntdll.dll
#2 0x7724015e in ntdll!LdrFindResource_U () from E:\Windows\SysWOW64\ntdll.dll
#3 0x0028f69c in ?? ()
#4 0x00408ad0 in _fu308__skip_log () at gnunet-service-transport_neighbours.c:719
#5 0x00409130 in _fu329__skip_log () at gnunet-service-transport_neighbours.c:773
#6 0x624b3b9b in run_ready (rs=0x1d6c558, ws=0x1d6c670) at scheduler.c:684
#7 0x624b42e3 in GNUNET_SCHEDULER_run (task=0x624be19c <service_task>, task_cls=0x28fe28) at scheduler.c:864
#8 0x624bee80 in GNUNET_SERVICE_run (argc=3, argv=0x1d6a258, serviceName=0x414293 "transport", opt=GNUNET_SERVICE_OPTION_NONE,
task=0x4020e3 <run>, task_cls=0x0) at service.c:1584
#9 0x00402450 in main (argc=3, argv=0x1d6a258) at gnunet-service-transport.c:563
(gdb) up 4
#4 0x00408ad0 in _fu308__skip_log () at gnunet-service-transport_neighbours.c:719
719 transmit_send_continuation (mq, &n->id, GNUNET_SYSERR);
(gdb) l *((DWORD*)0x0028f69c)[3]
0x408408 is in transmit_send_continuation (gnunet-service-transport_neighbours.c:659).
654
655 mq = cls;
656 n = mq->n;
657 if (NULL != n)
658 {
659 GNUNET_assert (n->is_active == mq);
660 n->is_active = NULL;
661 if (success == GNUNET_YES)
662 {
663 GNUNET_assert (n->transmission_task == GNUNET_SCHEDULER_NO_TASK);
(gdb) p *mq
$2 = {next = 0x1d9a8a0, prev = 0x1d8f7d0, n = 0x6d01f807, cont = 0x2000000, cont_cls = 0x5d2b469e,
message_buf = 0x500e29e <Address 0x500e29e out of bounds>, message_buf_size = 2246434476, timeout = {abs_value = 17342399695440963328}} | ||||
|
|
How was this reproduced? As part of a testcase? Which plugins were loaded? |
|
|
Yes, as part of a testcase. Don't remember which. If reproducibility is "always", then it probably means that i've had transport service crashing more than once, in different tests. r18147 does not seem to have this bug. So it's either not as "always" as i thought, or it was fixed (obviously, i can roll back to r18104 and try again, if you want...) |
|
|
the plugin can call the transmit send continuation after neighbour is disconnected (freed) Added check to ensure neighbour is still existing in revision 18174. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-11-11 15:37 | LRN | New Issue | |
| 2011-11-11 15:37 | LRN | Status | new => assigned |
| 2011-11-11 15:37 | LRN | Assigned To | => Matthias Wachs |
| 2011-11-11 15:37 | LRN | File Added: crashinfo5.txt | |
| 2011-11-11 20:58 | Christian Grothoff | Product Version | => 0.9.0pre4 |
| 2011-11-11 20:58 | Christian Grothoff | Target Version | => 0.9.0 |
| 2011-11-15 09:14 | Christian Grothoff | Priority | normal => high |
| 2011-11-15 13:54 | Christian Grothoff | Note Added: 0004922 | |
| 2011-11-15 14:33 | LRN | Note Added: 0004923 | |
| 2011-11-16 16:19 | Matthias Wachs | Note Added: 0004929 | |
| 2011-11-16 16:19 | Matthias Wachs | Status | assigned => resolved |
| 2011-11-16 16:19 | Matthias Wachs | Resolution | open => fixed |
| 2011-11-30 18:38 | Christian Grothoff | Status | resolved => closed |
