View Issue Details

IDProjectCategoryView StatusLast Update
0003531GNUnetcadet servicepublic2018-06-07 00:25
ReporteramatusAssigned ToBart Polot 
PrioritynormalSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0003531: segfault in get_prev_hop
DescriptionI'm running rev 34155 and cadet has crashed twice when a gnunet-web peer has connected. Luckily the 2nd time I had it running under valgrind.
Additional Informationvalgrind log:
==1072== Invalid read of size 4
==1072== at 0x8054C78: get_prev_hop (gnunet-service-cadet_connection.c:716)
==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2
842)
==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340)
==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi
hashmap.c:340)
==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444)
==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1072== by 0x40566EC: receive_task (client.c:595)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072== Address 0x66240f4 is 12 bytes inside a block of size 28 free'd
==1072== at 0x4029D28: free (vg_replace_malloc.c:468)
==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1072== by 0x8070A18: path_destroy (cadet_path.c:181)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072==
==1072== Invalid read of size 4
==1072== at 0x8054BEF: get_prev_hop (gnunet-service-cadet_connection.c:719)
==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2
842)
==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340)
==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi
hashmap.c:340)
==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444)
==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1072== by 0x40566EC: receive_task (client.c:595)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072== Address 0x66240f0 is 8 bytes inside a block of size 28 free'd
==1072== at 0x4029D28: free (vg_replace_malloc.c:468)
==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1072== by 0x8070A18: path_destroy (cadet_path.c:181)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072==
==1072== Invalid read of size 4
==1072== at 0x8054BF2: get_prev_hop (gnunet-service-cadet_connection.c:719)
==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2
842)
==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340)
==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi
hashmap.c:340)
==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444)
==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1072== by 0x40566EC: receive_task (client.c:595)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072== Address 0xdf0adba is not stack'd, malloc'd or (recently) free'd
==1072==
==1072==
==1072== Process terminating with default action of signal 11 (SIGSEGV)
==1072== Access not within mapped region at address 0xDF0ADBA
==1072== at 0x8054BF2: get_prev_hop (gnunet-service-cadet_connection.c:719)
==1072== by 0x805BBD3: GCC_notify_broken (gnunet-service-cadet_connection.c:2
842)
==1072== by 0x806D7F5: notify_broken (gnunet-service-cadet_peer.c:340)
==1072== by 0x4069887: GNUNET_CONTAINER_multihashmap_iterate (container_multi
hashmap.c:340)
==1072== by 0x806968E: core_disconnect (gnunet-service-cadet_peer.c:444)
==1072== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1072== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1072== by 0x40566EC: receive_task (client.c:595)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)
==1072== If you believe this happened as a result of a stack
==1072== overflow in your program's main thread (unlikely but
==1072== possible), you can try to increase the size of the
==1072== main thread stack using the --main-stacksize= flag.
==1072== The main thread stack size used in this run was 8388608.
==1072==
==1072== HEAP SUMMARY:
==1072== in use at exit: 298,819 bytes in 2,522 blocks
==1072== total heap usage: 106,365,072 allocs, 106,362,550 frees, 3,387,256,49
8 bytes allocated
==1072==
==1072== LEAK SUMMARY:
==1072== definitely lost: 55,964 bytes in 287 blocks
==1072== indirectly lost: 104 bytes in 5 blocks
==1072== possibly lost: 0 bytes in 0 blocks
==1072== still reachable: 242,751 bytes in 2,230 blocks
==1072== suppressed: 0 bytes in 0 blocks
==1072== Rerun with --leak-check=full to see details of leaked memory
==1072==
==1072== For counts of detected and suppressed errors, rerun with: -v
==1072== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)

I think the last few messages from cadet where:
Aug 20 21:25:11-396401 util-1072 DEBUG Received message of type 68 and size 40 f
rom core service.
Aug 20 21:25:11-396606 core-api-1072 DEBUG Processing message of type 68 and siz
e 40 from core service
Aug 20 21:25:11-396832 core-api-1072 DEBUG Received notification about disconnec
t from `P00P'.
Aug 20 21:25:11-397084 cadet-p2p-1072 INFO DISCONNECTED GN10 <= P00P
Aug 20 21:25:11-397557 cadet-p2p-1072 DEBUG notifying XDSYV0X6 (->ES98) due to
 ES98
Aug 20 21:25:11-397813 cadet-con-1072 DEBUG notify broken on XDSYV0X6 (->ES98)
due to ES98 disconnect
Aug 20 21:25:11-508347 cadet-con-1072 DEBUG get prev hop XDSYV0X6 (->ES98) [0/2
33876922]
But I might have messed up logging
TagsNo tags attached.

Relationships

has duplicate 0003498 closedBart Polot got core dump from cadet 
has duplicate 0003499 closedBart Polot got assertion failure in cadet (found core dump) in gnunet-service-cadet_peer.c:1968 

Activities

amatus

2014-08-27 19:33

developer   ~0008552

Looks like this can also happen in get_next_hop:
==1277== Invalid read of size 4
==1277== at 0x805BE8D: GCC_send_create (gnunet-service-cadet_connection.c:313
5)
==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.
c:939)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277== Address 0x4f5b8cc is 12 bytes inside a block of size 28 free'd
==1277== at 0x4029D28: free (vg_replace_malloc.c:468)
==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1277== by 0x8070A18: path_destroy (cadet_path.c:181)
==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454)
==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1277== by 0x40566EC: receive_task (client.c:595)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277==
==1277== Invalid read of size 4
==1277== at 0x80549BA: get_next_hop (gnunet-service-cadet_connection.c:744)
==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145)
==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277== Address 0x4f5b8cc is 12 bytes inside a block of size 28 free'd
==1277== at 0x4029D28: free (vg_replace_malloc.c:468)
==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1277== by 0x8070A18: path_destroy (cadet_path.c:181)
==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454)
==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1277== by 0x40566EC: receive_task (client.c:595)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277==
==1277== Invalid read of size 4
==1277== at 0x80549D0: get_next_hop (gnunet-service-cadet_connection.c:747)
==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145)
==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277== Address 0x4f5b8c8 is 8 bytes inside a block of size 28 free'd
==1277== at 0x4029D28: free (vg_replace_malloc.c:468)
==1277== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1277== by 0x8070A18: path_destroy (cadet_path.c:181)
==1277== by 0x80696DD: core_disconnect (gnunet-service-cadet_peer.c:454)
==1277== by 0x40DA2DC: disconnect_and_free_peer_entry (core_api.c:390)
==1277== by 0x40DC7BC: main_notify_handler (core_api.c:890)
==1277== by 0x40566EC: receive_task (client.c:595)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277==
==1277== Invalid read of size 4
==1277== at 0x80549D3: get_next_hop (gnunet-service-cadet_connection.c:747)
==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145)
==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)
==1277== Address 0xdf0adbe is not stack'd, malloc'd or (recently) free'd
==1277==
==1277==
==1277== Process terminating with default action of signal 11 (SIGSEGV)
==1277== Access not within mapped region at address 0xDF0ADBE
==1277== at 0x80549D3: get_next_hop (gnunet-service-cadet_connection.c:747)
==1277== by 0x805BEF5: GCC_send_create (gnunet-service-cadet_connection.c:3145)
==1277== by 0x805D058: connection_keepalive (gnunet-service-cadet_connection.c:939)
==1277== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1277== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1277== by 0x804A725: main (gnunet-service-cadet.c:175)

Bart Polot

2014-09-05 17:42

manager   ~0008570

There is something weird in the first valgrind trace:

==1072== Address 0x66240f4 is 12 bytes inside a block of size 28 free'd
==1072== at 0x4029D28: free (vg_replace_malloc.c:468)
==1072== by 0x405AAD6: GNUNET_xfree_ (common_allocation.c:239)
==1072== by 0x8070A18: path_destroy (cadet_path.c:181)
==1072== by 0x4089E34: GNUNET_SCHEDULER_run (scheduler.c:595)
==1072== by 0x4093DAA: GNUNET_SERVICE_run (service.c:1498)
==1072== by 0x804A725: main (gnunet-service-cadet.c:175)

path_destroy is not even a task function, valgrind seems to have missed some intermediate functions there between GNUNET_SCHEDULER_run and path_destroy :(

Do you compile GNUnet with -O0 (disable compiler optimizations)?

Bart Polot

2014-09-12 02:37

manager   ~0008573

Fixed in upcoming commit

Issue History

Date Modified Username Field Change
2014-08-21 04:47 amatus New Issue
2014-08-21 04:47 amatus Status new => assigned
2014-08-21 04:47 amatus Assigned To => Bart Polot
2014-08-27 19:33 amatus Note Added: 0008552
2014-09-05 17:42 Bart Polot Note Added: 0008570
2014-09-12 02:37 Bart Polot Note Added: 0008573
2014-09-12 02:37 Bart Polot Status assigned => resolved
2014-09-12 02:37 Bart Polot Fixed in Version => SVN HEAD
2014-09-12 02:37 Bart Polot Resolution open => fixed
2014-09-12 02:39 Bart Polot Relationship added has duplicate 0003498
2014-09-12 02:39 Bart Polot Relationship added has duplicate 0003499
2014-09-12 17:38 Christian Grothoff Fixed in Version SVN HEAD => 0.11.0pre66
2014-09-12 17:38 Christian Grothoff Target Version => 0.11.0pre66
2018-06-07 00:25 Christian Grothoff Status resolved => closed