View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001988GNUnettransport servicepublic2011-12-06 16:532011-12-26 22:28
Reporteramatus Assigned ToMatthias Wachs  
PriorityhighSeveritycrashReproducibilityhave not tried
Status closedResolutionfixed 
Platformx86_64OSdebianOS Versionsqueeze
Product Version0.9.0 
Target Version0.9.1Fixed in Version0.9.1 
Summary0001988: segfault in GNUNET_ATS_address_update at ats_api_scheduling.c:726
DescriptionGNUNET_ATS_address_update is called with address==NULL which is dereferenced.
I'm running svn rev 18410 which the log says is the 0.9.0 release.

Below are the last log messages printed. I believe it was still running after these were printed but I can't be sure.
Dec 05 12:00:13-477308 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Dec 05 12:00:13-477326 transport-1702 ERROR Illegal state transition from `S_FAST_RECONNECT' to `S_CONNECT_RECV' in line 2506
Dec 05 12:00:13-477337 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Dec 05 12:00:13-477353 transport-1702 ERROR Illegal state transition from `S_FAST_RECONNECT' to `S_CONNECT_RECV' in line 2506
Dec 05 12:00:13-477363 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Dec 05 12:00:13-477379 transport-1702 ERROR Illegal state transition from `S_FAST_RECONNECT' to `S_CONNECT_RECV' in line 2506
Dec 05 12:00:13-477390 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Dec 05 12:00:13-477405 transport-1702 ERROR Illegal state transition from `S_FAST_RECONNECT' to `S_CONNECT_RECV' in line 2506
Dec 05 12:00:13-477416 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Dec 05 12:00:13-477432 transport-1702 ERROR Illegal state transition from `S_FAST_RECONNECT' to `S_CONNECT_RECV' in line 2506
Dec 05 12:00:13-477442 transport-1702 ERROR Assertion failed at gnunet-service-transport_neighbours.c:530.
Steps To ReproduceI was running a peer just sitting on the network for several days then noticed transport had segfaulted, so this might be quite difficult to reproduce.
Additional Information#0 GNUNET_ATS_address_update (sh=0x1f511f0, address=0x0, session=0x0, ats=0x1f65290, ats_count=2) at ats_api_scheduling.c:726
        p = <value optimized out>
        m = <value optimized out>
        am = <value optimized out>
        pm = <value optimized out>
        namelen = 0
        msize = <value optimized out>
        __FUNCTION__ = "GNUNET_ATS_address_update"
#1 0x000000000040b68e in GST_neighbours_keepalive_response (neighbour=<value optimized out>, ats=0x7fff8567d040,
    ats_count=<value optimized out>) at gnunet-service-transport_neighbours.c:2046
        n = 0x201ac90
        ats_new = 0x1f65290
        __FUNCTION__ = "GST_neighbours_keepalive_response"
#2 0x0000000000403986 in plugin_env_receive_callback (cls=<value optimized out>, peer=0x1f68c08, message=0x1f6d8f0,
    ats=0x7fff8567d040, ats_count=1, session=<value optimized out>, sender_address=0x1f54050 "\274(\252e\b&",
    sender_address_len=<value optimized out>) at gnunet-service-transport.c:275
        ret = {rel_value = 0}
        address = {peer = {hashPubKey = {bits = {2776753945, 3419103096, 1172950859, 645623992, 1476273567, 4236848026,
                1256547781, 3154885235, 3456822212, 2171315086, 1330435114, 3220421521, 3170164611, 1218302259, 1296674738,
                1309095280}}}, transport_name = 0x1f4f0f0 "tcp", address = 0x1f54050, address_length = 6}
#3 0x00007f2190f8e161 in handle_tcp_data (cls=0x1f50630, client=0x1f53860, message=0x1f6d8f0) at plugin_transport_tcp.c:1738
        session = 0x1f68ad0
        delay = <value optimized out>

        distance = {type = 67108864, value = 16777216}
#4 0x00007f219224ffd3 in GNUNET_SERVER_inject (server=<value optimized out>, sender=0x1f53860, message=0x1f6d8f0) at server.c:709
        pos = 0x1f50e90
        i = 2
        found = <value optimized out>
        __FUNCTION__ = "GNUNET_SERVER_inject"
#5 0x00007f2192250100 in client_message_tokenizer_callback (cls=0x1f511f0, client=0x0, message=0x0) at server.c:931
        ret = <value optimized out>
#6 0x00007f2192251382 in GNUNET_SERVER_mst_receive (mst=0x1f51040, client_identity=0x1f53860, buf=0x0, size=0,
    purge=<value optimized out>, one_shot=-1) at server_mst.c:219
        delta = 8031079655641718884
        ibuf = 0x1f6d8f0 ""
        ret = <value optimized out>
        __FUNCTION__ = "GNUNET_SERVER_mst_receive"
#7 0x00007f219224f940 in process_mst (client=0x1f53860, ret=-519372800) at server.c:780
No locals.
#8 0x00007f219222e1fd in receive_ready (cls=0x205cf40, tc=<value optimized out>) at connection.c:1193
        now = <value optimized out>
        ret = 80
        receiver = 0x7f219224fa30 <process_incoming>
        __FUNCTION__ = "receive_ready"
#9 0x00007f219224eb02 in run_ready (task=<value optimized out>, task_cls=<value optimized out>) at scheduler.c:684
        p = GNUNET_SCHEDULER_PRIORITY_KEEP

        pos = 0x205cd30
        tc = {reason = GNUNET_SCHEDULER_REASON_READ_READY, read_ready = 0x1f4e560, write_ready = 0x1f4e5f0}
#10 GNUNET_SCHEDULER_run (task=<value optimized out>, task_cls=<value optimized out>) at scheduler.c:874
        rs = 0x1f4e560
        ws = 0x1f4e5f0
        ret = <value optimized out>
        shc_int = 0x1f4e680
        shc_term = 0x1f4e730
        shc_quit = 0x1f4e890
        shc_hup = 0x1f4e940
        shc_pipe = 0x1f4e7e0
        last_tr = <value optimized out>
        busy_wait_warning = 0
        pr = 0x1f4e180
        c = 0 '\000'
        __FUNCTION__ = "GNUNET_SCHEDULER_run"
#11 0x00007f21922572e8 in GNUNET_SERVICE_run (argc=3, argv=<value optimized out>, serviceName=0x40fdc4 "transport",
    opt=<value optimized out>, task=0x402e50 <run>, task_cls=0x0) at service.c:1584
        err = <value optimized out>
        cfg_fn = 0x1f4dfd0 "/home/gnunet/.gnunet/gnunet.conf"
        loglev = 0x0
        logfile = 0x0
        do_daemonize = 0

        i = <value optimized out>
        skew_offset = 4205872
        skew_variance = 0
        sctx = {cfg = 0x1f4dea0, server = 0x1f4ea70, addrs = 0x1f4e070, serviceName = 0x40fdc4 "transport", task = 0x402e50 <run>,
          task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x1f4e190, v6_allowed = 0x1f4e1d0,
          my_handlers = 0x1f4df40, addrlens = 0x1f4e020, lsocks = 0x0, timeout = {rel_value = 18446744073709551615}, ret = 1,
          ready_confirm_fd = -1, require_found = 1, match_uid = 1, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE}
        cfg = 0x1f4dea0
        service_options = {{shortName = 99 'c', name = 0x7f219225c6a3 "config", argumentHelp = 0x7f219225c6aa "FILENAME",
            description = 0x7f219225c750 "use configuration file FILENAME", require_argument = 1,
            processor = 0x7f2192242270 <GNUNET_GETOPT_set_string>, scls = 0x7fff8568d500}, {shortName = 100 'd',
            name = 0x7f219225d457 "daemonize", argumentHelp = 0x0,
            description = 0x7f219225d808 "do daemonize (detach from terminal)", require_argument = 0,
            processor = 0x7f2192242180 <GNUNET_GETOPT_set_one>, scls = 0x7fff8568d50c}, {shortName = 104 'h',
            name = 0x7f219225c6be "help", argumentHelp = 0x0, description = 0x7f219225c6b3 "print this help",
            require_argument = 0, processor = 0x7f2192242390 <GNUNET_GETOPT_format_help_>, scls = 0x40fdc4}, {shortName = 76 'L',
            name = 0x7f219225c6c3 "log", argumentHelp = 0x7f219225c6c7 "LOGLEVEL",
            description = 0x7f219225c770 "configure logging to use LOGLEVEL", require_argument = 1,
            processor = 0x7f2192242270 <GNUNET_GETOPT_set_string>, scls = 0x7fff8568d4f8}, {shortName = 108 'l',
            name = 0x7f219225c6d0 "logfile", argumentHelp = 0x7f219225a0fe "LOGFILE",
            description = 0x7f219225c798 "configure logging to write logs to LOGFILE", require_argument = 1,
            processor = 0x7f2192242270 <GNUNET_GETOPT_set_string>, scls = 0x7fff8568d4f0}, {shortName = 118 'v',
            name = 0x7f219225c6d8 "version", argumentHelp = 0x0, description = 0x7f219225c6e0 "print the version number",

            require_argument = 0, processor = 0x7f2192242360 <GNUNET_GETOPT_print_version_>, scls = 0x7f219225c6f9}, {
            shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0,
            scls = 0x0}}
        __FUNCTION__ = "GNUNET_SERVICE_run"
#12 0x0000000000402e39 in main (argc=32838128, argv=0x0) at gnunet-service-transport.c:572
No locals.
TagsNo tags attached.

Activities

amatus

2011-12-12 16:17

developer   ~0005055

Got this crash again at svn rev 18484.

Matthias Wachs

2011-12-19 15:24

reporter   ~0005139

My analysis of this issue:
n->expect_latency_response was not set to GNUNET_NO in a case, so unexpected KEEPALIVE_RESPONSE messages were accepted and there was a possibility that peer's address was set to NULL in between...

Matthias Wachs

2011-12-19 15:26

reporter   ~0005140

Fixed in 18690.

Issue History

Date Modified Username Field Change
2011-12-06 16:53 amatus New Issue
2011-12-06 16:53 amatus Status new => assigned
2011-12-06 16:53 amatus Assigned To => Matthias Wachs
2011-12-12 16:17 amatus Note Added: 0005055
2011-12-19 14:25 Christian Grothoff Target Version => 0.9.1
2011-12-19 15:24 Matthias Wachs Note Added: 0005139
2011-12-19 15:26 Matthias Wachs Note Added: 0005140
2011-12-19 15:26 Matthias Wachs Status assigned => resolved
2011-12-19 15:26 Matthias Wachs Resolution open => fixed
2011-12-25 17:50 Christian Grothoff Fixed in Version => 0.9.1
2011-12-26 22:28 Christian Grothoff Status resolved => closed