View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002553GNUnetcadet servicepublic2012-09-20 16:272012-11-05 18:33
ReporterBart Polot Assigned ToBart Polot  
PriorityhighSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.9.4Fixed in Version0.9.4 
Summary0002553: Mesh crashes on shutdown
Description#0 0x00007ffd56465cd5 in malloc_usable_size () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007ffd56465cd5 in malloc_usable_size () from /usr/lib/libc.so.6
#1 0x00007ffd58484274 in GNUNET_xfree_ (ptr=0xbaadf00dbaadf00d, filename=0x41f910 "gnunet-service-mesh.c",
    linenumber=4565) at common_allocation.c:227
#2 0x000000000040cc41 in queue_destroy (queue=0x99f640, clear_cls=1) at gnunet-service-mesh.c:4565
#3 0x000000000040862e in tunnel_destroy_child (cls=0x9a5290, key=0x7fffef21e530, value=0x9a4a90)
    at gnunet-service-mesh.c:3126
#4 0x00007ffd5849464c in GNUNET_CONTAINER_multihashmap_iterate (map=0x9a4e40, it=0x4085a3 <tunnel_destroy_child>,
    it_cls=0x9a5290) at container_multihashmap.c:213
#5 0x000000000040b5b4 in tunnel_destroy (t=0x9a5290) at gnunet-service-mesh.c:4189
#6 0x000000000041ae51 in shutdown_tunnel (cls=0x0, key=0x7fffef21e6d0, value=0x9a5290) at gnunet-service-mesh.c:7742
#7 0x00007ffd5849464c in GNUNET_CONTAINER_multihashmap_iterate (map=0x9a30a0, it=0x41ae29 <shutdown_tunnel>, it_cls=0x0)
    at container_multihashmap.c:213
#8 0x000000000041afb7 in shutdown_task (cls=0x0, tc=0x7fffef21e780) at gnunet-service-mesh.c:7798
#9 0x00007ffd584b5885 in run_ready (rs=0x99f1b0, ws=0x99f240) at scheduler.c:602
#10 0x00007ffd584b6056 in GNUNET_SCHEDULER_run (task=0x7ffd584c2ce4 <service_task>, task_cls=0x7fffef21eb30)
    at scheduler.c:790
#11 0x00007ffd584c470a in GNUNET_SERVICE_run (argc=5, argv=0x7fffef21edb8, service_name=0x42143e "mesh",
    options=GNUNET_SERVICE_OPTION_NONE, task=0x41b3ab <run>, task_cls=0x0) at service.c:1797
#12 0x000000000041be6d in main (argc=5, argv=0x7fffef21edb8) at gnunet-service-mesh.c:8076
Steps To Reproducer23926
Additional Information(gdb) bt full
#0 0x00007ffd56465cd5 in malloc_usable_size () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x00007ffd58484274 in GNUNET_xfree_ (ptr=0xbaadf00dbaadf00d, filename=0x41f910 "gnunet-service-mesh.c",
    linenumber=4565) at common_allocation.c:227
        i = 263938625241089
        baadfood = <incomplete sequence \360\255\272>
        s = 4323403
        __FUNCTION__ = "GNUNET_xfree_"
#2 0x000000000040cc41 in queue_destroy (queue=0x99f640, clear_cls=1) at gnunet-service-mesh.c:4565
        __x__ = 0xbaadf00dbaadf00d
        dd = 0x100000000
        path_info = 0x0
        __FUNCTION__ = "queue_destroy"
#3 0x000000000040862e in tunnel_destroy_child (cls=0x9a5290, key=0x7fffef21e530, value=0x9a4a90)
    at gnunet-service-mesh.c:3126
        cinfo = 0x9a4a90
        t = 0x9a5290
        c = 0
        i = 6
        __FUNCTION__ = "tunnel_destroy_child"
#4 0x00007ffd5849464c in GNUNET_CONTAINER_multihashmap_iterate (map=0x9a4e40, it=0x4085a3 <tunnel_destroy_child>,
    it_cls=0x9a5290) at container_multihashmap.c:213
        count = 0
        i = 6
        e = 0x9a5880
        n = 0x0
        kc = {bits = {4076096846, 1338446493, 3389029612, 2748380784, 3175830233, 2444997451, 1421566839, 1373406869,
            784454725, 1663085017, 229962186, 2509896710, 327499540, 1390592592, 3171021432, 2686310202}}
        __FUNCTION__ = "GNUNET_CONTAINER_multihashmap_iterate"
#5 0x000000000040b5b4 in tunnel_destroy (t=0x9a5290) at gnunet-service-mesh.c:4189
        c = 0x0
        hash = {bits = {2705755169, 252223865, 3016764400, 2023249865, 3885062131, 1027606591, 2923026041, 57019075,
            3114720562, 498388449, 2952353264, 883391452, 2172110819, 716267463, 1543891404, 3570833864}}
        i = 0
        r = 1
        __FUNCTION__ = "tunnel_destroy"
#6 0x000000000041ae51 in shutdown_tunnel (cls=0x0, key=0x7fffef21e6d0, value=0x9a5290) at gnunet-service-mesh.c:7742
        t = 0x9a5290
#7 0x00007ffd5849464c in GNUNET_CONTAINER_multihashmap_iterate (map=0x9a30a0, it=0x41ae29 <shutdown_tunnel>, it_cls=0x0)
    at container_multihashmap.c:213
        count = 0
        i = 10
        e = 0x9a4a30
        n = 0x0
        kc = {bits = {2641199786, 154359391, 956606900, 2265841543, 3526503912, 2853423325, 369024695, 287901433,
            3885001402, 2852242736, 3845356652, 3869216282, 892329691, 3337011162, 1579999556, 4052943780}}
        __FUNCTION__ = "GNUNET_CONTAINER_multihashmap_iterate"
#8 0x000000000041afb7 in shutdown_task (cls=0x0, tc=0x7fffef21e780) at gnunet-service-mesh.c:7798
        __FUNCTION__ = "shutdown_task"
#9 0x00007ffd584b5885 in run_ready (rs=0x99f1b0, ws=0x99f240) at scheduler.c:602
        p = GNUNET_SCHEDULER_PRIORITY_SHUTDOWN
        pos = 0x99f6a0
        tc = {reason = GNUNET_SCHEDULER_REASON_SHUTDOWN, read_ready = 0x99f1b0, write_ready = 0x99f240}
        __FUNCTION__ = "run_ready"
#10 0x00007ffd584b6056 in GNUNET_SCHEDULER_run (task=0x7ffd584c2ce4 <service_task>, task_cls=0x7fffef21eb30)
    at scheduler.c:790
        rs = 0x99f1b0
        ws = 0x99f240
        timeout = {rel_value = 0}
        ret = 0
        shc_int = 0x99f2d0
        shc_term = 0x99f380
        shc_quit = 0x99f4e0
        shc_hup = 0x99f590
        shc_pipe = 0x99f430
        last_tr = 1083
        busy_wait_warning = 1
        pr = 0x99f160
        c = 0 '\000'
        __FUNCTION__ = "GNUNET_SCHEDULER_run"
#11 0x00007ffd584c470a in GNUNET_SERVICE_run (argc=5, argv=0x7fffef21edb8, service_name=0x42143e "mesh",
    options=GNUNET_SERVICE_OPTION_NONE, task=0x41b3ab <run>, task_cls=0x0) at service.c:1797
        err = 0
        cfg_fn = 0x99d090 "/tmp/test_mesh_small//1//gnunet-testing-config2KGI2o"
        loglev = 0x99cf40 "DEBUG"
        logfile = 0x0
---Type <return> to continue, or q <return> to quit---
        do_daemonize = 0
        i = 4305835
        skew_offset = 1
        skew_variance = 140726091182440
        clock_offset = 0
        sctx = {cfg = 0x99cf60, server = 0x99f700, addrs = 0x0, service_name = 0x42143e "mesh", task = 0x41b3ab <run>,
          task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x99f170, v6_allowed = 0x9a84e0,
          my_handlers = 0x99ee20, addrlens = 0x0, lsocks = 0x9ac0b0, shutdown_task = 4, timeout = {
            rel_value = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1,
          match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE}
        cfg = 0x99cf60
        service_options = {{shortName = 99 'c', name = 0x7ffd584cf525 "config",
            argumentHelp = 0x7ffd584cf52c "FILENAME", description = 0x7ffd584cf538 "use configuration file FILENAME",
            require_argument = 1, processor = 0x7ffd584a56b3 <GNUNET_GETOPT_set_string>, scls = 0x7fffef21ebf0}, {
            shortName = 100 'd', name = 0x7ffd584cf558 "daemonize", argumentHelp = 0x0,
            description = 0x7ffd584cf568 "do daemonize (detach from terminal)", require_argument = 0,
            processor = 0x7ffd584a5686 <GNUNET_GETOPT_set_one>, scls = 0x7fffef21ebdc}, {shortName = 104 'h',
            name = 0x7ffd584cf58c "help", argumentHelp = 0x0, description = 0x7ffd584cf591 "print this help",
            require_argument = 0, processor = 0x7ffd584a5146 <GNUNET_GETOPT_format_help_>, scls = 0x0}, {
            shortName = 76 'L', name = 0x7ffd584cf5a1 "log", argumentHelp = 0x7ffd584cf5a5 "LOGLEVEL",
            description = 0x7ffd584cf5b0 "configure logging to use LOGLEVEL", require_argument = 1,
            processor = 0x7ffd584a56b3 <GNUNET_GETOPT_set_string>, scls = 0x7fffef21ebe8}, {shortName = 108 'l',
            name = 0x7ffd584cf5d2 "logfile", argumentHelp = 0x7ffd584cf5da "LOGFILE",
            description = 0x7ffd584cf5e8 "configure logging to write logs to LOGFILE", require_argument = 1,
            processor = 0x7ffd584a56b3 <GNUNET_GETOPT_set_string>, scls = 0x7fffef21ebe0}, {shortName = 118 'v',
            name = 0x7ffd584cf613 "version", argumentHelp = 0x0,
            description = 0x7ffd584cf61b "print the version number", require_argument = 0,
            processor = 0x7ffd584a5100 <GNUNET_GETOPT_print_version_>, scls = 0x7ffd584cf634}, {shortName = 0 '\000',
            name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}}
        __FUNCTION__ = "GNUNET_SERVICE_run"
#12 0x000000000041be6d in main (argc=5, argv=0x7fffef21edb8) at gnunet-service-mesh.c:8076
        ret = 4203680
        __FUNCTION__ = "main"
TagsNo tags attached.

Activities

Bart Polot

2012-09-20 16:41

reporter   ~0006369

Use after free

(gdb) p queue->type
$1 = 61453 -> 0xF00D

Bart Polot

2012-09-27 16:17

reporter   ~0006379

Fixed in r23940.

Issue History

Date Modified Username Field Change
2012-09-20 16:27 Bart Polot New Issue
2012-09-20 16:27 Bart Polot Status new => assigned
2012-09-20 16:27 Bart Polot Assigned To => Bart Polot
2012-09-20 16:41 Bart Polot Note Added: 0006369
2012-09-27 16:16 Christian Grothoff Target Version Git master => 0.9.4
2012-09-27 16:17 Bart Polot Note Added: 0006379
2012-09-27 16:17 Bart Polot Status assigned => resolved
2012-09-27 16:17 Bart Polot Fixed in Version => Git master
2012-09-27 16:17 Bart Polot Resolution open => fixed
2012-10-06 16:39 Christian Grothoff Fixed in Version Git master => 0.9.4
2012-11-05 18:33 Christian Grothoff Status resolved => closed
2014-05-09 18:34 Christian Grothoff Category mesh service => cadet service