View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003532 | GNUnet | cadet service | public | 2014-08-29 03:18 | 2018-06-07 00:25 |
| Reporter | bratao | Assigned To | Bart Polot | ||
| Priority | normal | Severity | crash | Reproducibility | have not tried |
| Status | closed | Resolution | unable to reproduce | ||
| Platform | W32 | OS | Windows | OS Version | 8.1 |
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0003532: Transfer between two peers crash service-cadet | ||||
| Description | Transfer between two peers crash service-cadet using SVN 34327 | ||||
| Additional Information | Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 12164.0x2eb4] get_channel_buffer (tch=tch@entry=0xffffffff) at gnunet-service-cadet_tunnel.c:482 482 fwd = GCCH_is_origin (tch->ch, GNUNET_YES); (gdb) bt full #0 get_channel_buffer (tch=tch@entry=0xffffffff) at gnunet-service-cadet_tunnel.c:482 fwd = <optimized out> #1 0x004043ca in GCT_get_channels_buffer (t=t@entry=0x1f09eb8) at gnunet-service-cadet_tunnel.c:2866 iter = 0xffffffff buffer = 0 ch_buf = <optimized out> #2 0x0040456f in GCT_send_connection_acks (t=0x1f09eb8) at gnunet-service-cadet_tunnel.c:3037 iter = <optimized out> allowed = <optimized out> to_allow = <optimized out> allow_per_connection = <optimized out> cs = <optimized out> buffer = <optimized out> __FUNCTION__ = "GCT_send_connection_acks" #3 0x00413ad9 in GCCH_handle_local_ack (ch=0x1f09d50, fwd=fwd@entry=1) at gnunet-service-cadet_channel.c:1699 rel = 0x1f06030 c = <optimized out> #4 0x004172b2 in handle_ack (cls=0x0, client=0x1ef9948, message=0x27fc08) at gnunet-service-cadet_local.c:576 msg = 0x27fc08 ch = <optimized out> c = 0x36b818 chid = 2952790016 fwd = 1 __FUNCTION__ = "handle_ack" ---Type <return> to continue, or q <return> to quit--- #5 0x64cbd02e in GNUNET_SERVER_inject (server=server@entry=0x1ef5148, sender=sender@entry=0x1ef9948, message=message@entry=0x27fc08) at server.c:985 pos = 0x1efb4f0 mh = 0x421470 <client_handlers+48> i = 4 type = 286 size = 8 found = <optimized out> __FUNCTION__ = "GNUNET_SERVER_inject" #6 0x64cbe99a in client_message_tokenizer_callback (cls=0x1ef5148, client=0x1ef9948, message=0x27fc08) at server.c:1205 server = 0x1ef5148 sender = 0x1ef9948 ret = <optimized out> #7 0x64cbfc0d in GNUNET_SERVER_mst_receive (mst=0x1f068b0, client_identity=client_identity@entry=0x1ef9948, buf=buf@entry=0x27fc08 "", size=size@entry=8, purge=purge@entry=0, one_shot=<optimized out>, one_shot@entry=1) at server_mst.c:262 hdr = 0x27fc08 delta = <optimized out> want = <optimized out> ibuf = <optimized out> need_align = 0 offset = 2620424 ret = 1 __FUNCTION__ = "GNUNET_SERVER_mst_receive" #8 0x64cbef40 in process_incoming (cls=0x1ef9948, buf=0x27fc08, available=8, addr=0x36aec0, addrlen=16, errCode=0) at server.c:1136 client = 0x1ef9948 ---Type <return> to continue, or q <return> to quit--- server = <optimized out> ret = <optimized out> __FUNCTION__ = "process_incoming" #9 0x64c8cbb8 in receive_ready (cls=0x1f091f0, tc=0x28fc74) at connection.c:1072 connection = 0x1f091f0 buffer = 0x27fc08 "" ret = <optimized out> receiver = <optimized out> __FUNCTION__ = "receive_ready" #10 0x64cb9f8c in run_ready (rs=rs@entry=0x36d948, ws=ws@entry=0x1f01e28) at scheduler.c:595 p = GNUNET_SCHEDULER_PRIORITY_DEFAULT pos = 0x1f09cc0 tc = {reason = (GNUNET_SCHEDULER_REASON_READ_READY | GNUNET_SCHEDULER_REASON_PREREQ_DONE), read_ready = 0x1f429a8, write_ready = 0x1f01e28} __FUNCTION__ = "run_ready" #11 0x64cbb6e1 in GNUNET_SCHEDULER_run (task=task@entry=0x64cc24f7 <service_task>, task_cls=task_cls@entry=0x28fdf8) at scheduler.c:817 rs = 0x36d948 ws = 0x1f01e28 timeout = {rel_value_us = 274900687} ret = <optimized out> shc_int = 0x36a7d0 shc_term = 0x36a710 last_tr = 3024 busy_wait_warning = 0 pr = 0x36a6c8 ---Type <return> to continue, or q <return> to quit--- c = 1 '\001' __FUNCTION__ = "GNUNET_SCHEDULER_run" #12 0x64cc58e6 in GNUNET_SERVICE_run (argc=argc@entry=3, argv=argv@entry=0x1ef11c8, service_name=service_name@entry=0x424c14 <__FUNCTION__.107803+1683> "cadet", options=options@entry=GNUNET_SERVICE_OPTION_NONE, task=task@entry=0x41e60c <run>, task_cls=task_cls@entry=0x0) at service.c:1498 err = 0 ret = <optimized out> cfg_fn = 0x1ef0e60 "~/.config/gnunet.conf" opt_cfg_fn = 0x1ef5360 "C:\\Users\\bratao\\AppData\\Roaming\\Cangote\\cangote.conf" loglev = 0x0 logfile = 0x0 do_daemonize = 0 i = <optimized out> skew_offset = 4299288176 skew_variance = 18557816956409962 clock_offset = <optimized out> sctx = {cfg = 0x1ef0b58, server = 0x1ef5148, addrs = 0x0, service_name = 0x424c14 <__FUNCTION__.107803+1683> "cadet", task = 0x41e60c <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x1f00020, v6_allowed = 0x36b078, my_handlers = 0x1ef7950, addrlens = 0x0, lsocks = 0x36a7e8, shutdown_task = 5, timeout = { rel_value_us = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE} cfg = 0x1ef0b58 xdg = <optimized out> service_options = {{shortName = 99 'c', name = 0x64cdd051 <__FUNCTION__.106454+1265> "config", argumentHelp = 0x64cdd058 <__FUNCTION__.106454+1272> "FILENAME", description = 0x64cdd064 <__FUNCTION__.106454+1284> "use configuration file FILENAME", require_argument = 1, processor = 0x64ca86b4 <GNUNET_GETOPT_set_string>, scls = 0x28fe78}, { shortName = 100 'd', name = 0x64cdd084 <__FUNCTION__.106454+1316> "daemonize", argumentHelp = 0x0, description = 0x64cdd090 <__FUNCTION__.106454+1328> "do daemonize (detach from terminal)", require_argument = 0, processor = 0x64ca86a1 <GNUNET_GETOPT_set_one>, scls = 0x28fe6c}, { ---Type <return> to continue, or q <return> to quit--- shortName = 104 'h', name = 0x64cdd0b4 <__FUNCTION__.106454+1364> "help", argumentHelp = 0x0, description = 0x64cdd0b9 <__FUNCTION__.106454+1369> "print this help", require_argument = 0, processor = 0x64ca837e <GNUNET_GETOPT_format_help_>, scls = 0x0}, {shortName = 76 'L', name = 0x64cdd0c9 <__FUNCTION__.106454+1385> "log", argumentHelp = 0x64cdd0cd <__FUNCTION__.106454+1389> "LOGLEVEL", description = 0x64cdd0d8 <__FUNCTION__.106454+1400> "configure logging to use LOGLEVEL", require_argument = 1, processor = 0x64ca86b4 <GNUNET_GETOPT_set_string>, scls = 0x28fe74}, {shortName = 108 'l', name = 0x64cdd0fa <__FUNCTION__.106454+1434> "logfile", argumentHelp = 0x64cdd102 <__FUNCTION__.106454+1442> "LOGFILE", description = 0x64cdd10c <__FUNCTION__.106454+1452> "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x64ca86b4 <GNUNET_GETOPT_set_string>, scls = 0x28fe70}, {shortName = 118 'v', name = 0x64cdd137 <__FUNCTION__.106454+1495> "version", argumentHelp = 0x0, description = 0x64cdd13f <__FUNCTION__.106454+1503> "print the version number", require_argument = 0, processor = 0x64ca8355 <GNUNET_GETOPT_print_version_>, scls = 0x64cdd158 <__FUNCTION__.106454+1528>}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}} __FUNCTION__ = "GNUNET_SERVICE_run" #13 0x0041e982 in main (argc=3, argv=0x1ef11c8) at gnunet-service-cadet.c:175 ret = -1 r = <optimized out> (gdb) | ||||
| Tags | No tags attached. | ||||
|
|
Lots of info missing... iter = <optimized out> allowed = <optimized out> to_allow = <optimized out> allow_per_connection = <optimized out> cs = <optimized out> buffer = <optimized out> Could you please recompile with -O0 (capital o, zero) and try again? (It's generally a good idea to run without optimizations when developing, specially when debugging). |
|
|
Bart, somehow I can't reproduce it anymore =( I will run compiled with -O0 and will update it I get it again. |
|
|
Bart, another crash. This time I got a not-optimized crash dump. I guess this is unrelated to the first bug. If you want I can submit as a different bug. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 8412.0x1530] 0x63d0487a in GNUNET_CADET_channel_destroy (channel=0x0) at cadet_api.c:1647 1647 h = channel->cadet; (gdb) bt full #0 0x63d0487a in GNUNET_CADET_channel_destroy (channel=0x0) at cadet_api.c:1647 h = 0x1e291e0 msg = {header = {size = 55104, type = 54}, channel_id = 0, peer = {public_key = {q_y = "\000\000\000\000X╫6\000\230√(\000\000\000\000\000\230\021┌\001\065\000\000\000\210√(\000+╜╦d"}}, port = 3595952, opt = 31145544} th = 0x64cbbe1a <is_ready+203> __FUNCTION__ = "GNUNET_CADET_channel_destroy" #1 0x0041313d in cadet_timeout (cls=0x31e24f0, tc=0x28fbf0) at gnunet-service-fs_cadet_client.c:255 mh = 0x31e24f0 tun = 0x0 #2 0x64cbc372 in run_ready (rs=0x36deb0, ws=0x1db1e18) at scheduler.c:595 p = GNUNET_SCHEDULER_PRIORITY_DEFAULT pos = 0x1e061e8 tc = {reason = GNUNET_SCHEDULER_REASON_TIMEOUT, read_ready = 0x36deb0, write_ready = 0x1db1e18} __FUNCTION__ = "run_ready" #3 0x64cbcb72 in GNUNET_SCHEDULER_run (task=0x64cc730b <service_task>, task_cls=0x28fda0) at scheduler.c:817 rs = 0x36deb0 ws = 0x1db1e18 timeout = {rel_value_us = 439069} ret = 0 shc_int = 0x36d680 shc_term = 0x36d620 last_tr = 411243 busy_wait_warning = 0 pr = 0x36d668 ---Type <return> to continue, or q <return> to quit--- c = 100 'd' __FUNCTION__ = "GNUNET_SCHEDULER_run" #4 0x64cc821e in GNUNET_SERVICE_run (argc=3, argv=0x1da1198, service_name=0x4190cd "fs", options=GNUNET_SERVICE_OPTION_NONE, task=0x402113 <run>, task_cls=0x0) at service.c:1498 err = 0 ret = 3 cfg_fn = 0x1da0d80 "~/.config/gnunet.conf" opt_cfg_fn = 0x1da5350 "C:\\Users\\bratao\\AppData\\Roaming\\Cangote\\cangote.conf" loglev = 0x0 logfile = 0x0 do_daemonize = 0 i = 2686632 skew_offset = 11538378101096448 skew_variance = 18404656417865781 clock_offset = 18404435084335210 sctx = {cfg = 0x1da09b8, server = 0x1da5138, addrs = 0x0, service_name = 0x4190cd "fs", task = 0x402113 <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x1daff98, v6_allowed = 0x36b0a0, my_handlers = 0x1da7b00, addrlens = 0x0, lsocks = 0x36d710, shutdown_task = 5, timeout = {rel_value_us = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 0, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE} cfg = 0x1da09b8 xdg = 0x0 service_options = {{shortName = 99 'c', name = 0x64ce10a4 <defhandlers+1220> "config", argumentHelp = 0x64ce10ab <defhandlers+1227> "FILENAME", description = 0x64ce10b4 <defhandlers+1236> "use configuration file FILENAME", require_argument = 1, processor = 0x64ca9d35 <GNUNET_GETOPT_set_string>, scls = 0x28fe1c}, { shortName = 100 'd', name = 0x64ce10d4 <defhandlers+1268> "daemonize", argumentHelp = 0x0, description = 0x64ce10e0 <defhandlers+1280> "do daemonize (detach from terminal)", require_argument = 0, processor = 0x64ca9d19 <GNUNET_GETOPT_set_one>, scls = 0x28fe10}, {shortName = 104 'h', name = 0x64ce1104 <defhandlers+1316> "help", argumentHelp = 0x0, description = 0x64ce1109 <defhandlers+1321> "print this help", require_argument = 0, processor = 0x64ca98b3 <GNUNET_GETOPT_format_help_>, scls = 0x0}, {shortName = 76 'L', ---Type <return> to continue, or q <return> to quit--- name = 0x64ce1119 <defhandlers+1337> "log", argumentHelp = 0x64ce111d <defhandlers+1341> "LOGLEVEL", description = 0x64ce1128 <defhandlers+1352> "configure logging to use LOGLEVEL", require_argument = 1, processor = 0x64ca9d35 <GNUNET_GETOPT_set_string>, scls = 0x28fe18}, {shortName = 108 'l', name = 0x64ce114a <defhandlers+1386> "logfile", argumentHelp = 0x64ce1152 <defhandlers+1394> "LOGFILE", description = 0x64ce115c <defhandlers+1404> "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x64ca9d35 <GNUNET_GETOPT_set_string>, scls = 0x28fe14}, {shortName = 118 'v', name = 0x64ce1187 <defhandlers+1447> "version", argumentHelp = 0x0, description = 0x64ce118f <defhandlers+1455> "print the version number", require_argument = 0, processor = 0x64ca9884 <GNUNET_GETOPT_print_version_>, scls = 0x64ce11a8 <defhandlers+1480>}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}} __FUNCTION__ = "GNUNET_SERVICE_run" #5 0x0040239a in main (argc=3, argv=0x1da1198) at gnunet-service-fs.c:737 |
|
|
The second crash is a fs bug: gnunet-service-fs_cadet_client.c calls GNUNET_CADET_channel_destroy with a NULL pointer. |
|
|
Please let me know if this happens again with a non-optimized trace. As far as I can see in your trace, the channel linked list contains an element with a pointer to -1. Looking at the code I have no idea how this is possible, as the list is always handled using the appropiate macros... Since buffer is 0 it seems to suggest that t->channel_head == -1, which is still weird as hell. Maybe use after free of some kind, but I'd expect some baadfood instead... |
|
|
Reporter cannot reproduce anymore, we've not seen this either. Lots of changes in the code since. Hence: Closing. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-08-29 03:18 | bratao | New Issue | |
| 2014-08-29 03:18 | bratao | Status | new => assigned |
| 2014-08-29 03:18 | bratao | Assigned To | => Bart Polot |
| 2014-08-29 03:58 | Bart Polot | Note Added: 0008553 | |
| 2014-08-29 04:00 | bratao | Note Added: 0008554 | |
| 2014-08-31 05:11 | bratao | Note Added: 0008555 | |
| 2014-09-05 15:33 | Bart Polot | Note Added: 0008565 | |
| 2014-09-05 15:42 | Bart Polot | Note Added: 0008567 | |
| 2014-09-05 15:42 | Bart Polot | Status | assigned => feedback |
| 2014-12-16 19:35 | Christian Grothoff | Note Added: 0008699 | |
| 2014-12-16 19:35 | Christian Grothoff | Status | feedback => resolved |
| 2014-12-16 19:35 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2014-12-16 19:35 | Christian Grothoff | Resolution | open => unable to reproduce |
| 2014-12-16 19:35 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
