View Issue Details

IDProjectCategoryView StatusLast Update
0003582GNUnetset servicepublic2018-06-07 00:25
ReporteramatusAssigned ToChristian Grothoff 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0003582: free(): corrupted unsorted chunks
DescriptionOn my peer running rev 34682 I turned on core dumps and after about 40 minutes I got a core dump from gnunet-service-set. I don't have the console output just the backtrace below.
Additional Information(gdb) bt f
#0 0xb77d1424 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb757e307 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
        resultvar = <optimized out>
        resultvar = <optimized out>
        pid = -1217433600
        selftid = 16015
#2 0xb757f9c3 in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0xb77c934c,
            sa_sigaction = 0xb77c934c}, sa_mask = {__val = {3219850072,
              3078326675, 3219850104, 48279962, 3077977184, 3078326637,
              3077989952, 3078394700, 3219850072, 3078046669, 56, 3078350080,
              1289, 3078251432, 0, 0, 1, 3078394700, 140431464, 3078394700,
              3219850152, 3078259885, 3, 4294967295, 4294967295, 3078259227,
              0, 3078561792, 4294967295, 0, 3, 4096}}, sa_flags = -1218226392,
          sa_restorer = 0x1000}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0xb75bcf08 in __libc_message (do_abort=do_abort@entry=1,
    fmt=fmt@entry=0xb76b2e3c "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
        ap = <optimized out>
        fd = 2
        on_2 = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#4 0xb75c2f7a in malloc_printerr (action=<optimized out>,
    str=0xb76b2f94 "free(): corrupted unsorted chunks", ptr=0x85d95c8)
    at malloc.c:4996
        buf = "085d95c8"
        cp = <optimized out>
#5 0xb75c3bcd in _int_free (av=0xb76f7420 <main_arena>, p=<optimized out>,
    have_lock=0) at malloc.c:3840
        size = <optimized out>
        fb = <optimized out>
        nextchunk = <optimized out>
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        errstr = <optimized out>
        locked = <optimized out>
        __func__ = "_int_free"
#6 0xb77748dc in GNUNET_xfree_ (ptr=0x85d95c8,
    filename=0xb7754e60 "cadet_api.c", linenumber=1388)
    at common_allocation.c:239
        __FUNCTION__ = "GNUNET_xfree_"
#7 0xb77529f7 in send_callback (cls=0x85b9bd0, size=33292, buf=0x8606868)
    at cadet_api.c:1388
        h = 0x85b9bd0
        th = 0x85d95c8
        next = 0x85d95c8
        ch = 0x0
        cbuf = 0x8606868 ""
        tsize = 0
        psize = 48
        nsize = 48
        __FUNCTION__ = "send_callback"
#8 0xb777289a in client_notify (cls=0x85ca5f8, size=33292, buf=0x8606868)
    at client.c:1168
        th = 0x85ca5f8
        client = 0x85b9ea0
        ret = 3077909314
        delay = {rel_value_us = 602249388293958704}
        __FUNCTION__ = "client_notify"
#9 0xb777d719 in process_notify (connection=0x85b9e20) at connection.c:1205
        used = 0
        avail = 33292
        size = 48
        notify = 0xb77724b4 <client_notify>
        __FUNCTION__ = "process_notify"
#10 0xb777de61 in transmit_ready (cls=0x85b9e20, tc=0xbfeb0820)
    at connection.c:1336
        connection = 0x85b9e20
        notify = 0x85ba138
        ret = -707918583
        have = 330368
        __FUNCTION__ = "transmit_ready"
#11 0xb77a6cfc in run_ready (rs=0x85c8ad0, ws=0x85c8b58) at scheduler.c:595
        p = GNUNET_SCHEDULER_PRIORITY_DEFAULT
        pos = 0x85d2fc0
        tc = {
          reason = (GNUNET_SCHEDULER_REASON_WRITE_READY | GNUNET_SCHEDULER_REASON_PREREQ_DONE), read_ready = 0x85c8ad0, write_ready = 0x85c8b58}
        __FUNCTION__ = "run_ready"
#12 0xb77a750f in GNUNET_SCHEDULER_run (task=0xb77b192e <service_task>,
    task_cls=0xbfeb0a3c) at scheduler.c:817
        rs = 0x85c8ad0
        ws = 0x85c8b58
        timeout = {rel_value_us = 18446744073709551615}
        ret = 1
        shc_int = 0x85c8bf0
        shc_term = 0x85b9798
        shc_quit = 0x85b98d8
        shc_hup = 0x85b9978
        shc_pipe = 0x85b9838
        last_tr = 149
        busy_wait_warning = 0
        pr = 0x85b9778
        c = 0 '\000'
        __FUNCTION__ = "GNUNET_SCHEDULER_run"
#13 0xb77b34cd in GNUNET_SERVICE_run (argc=3, argv=0xbfeb0c34,
    service_name=0x8053ccc "set", options=GNUNET_SERVICE_OPTION_NONE,
    task=0x804d418 <run>, task_cls=0x0) at service.c:1498
        err = 0
        ret = 3
        cfg_fn = 0x85b9658 "~/.config/gnunet.conf"
        opt_cfg_fn = 0x85b9718 "/home/gnunet/.config/gnunet.conf"
        loglev = 0x0
        logfile = 0x0
        do_daemonize = 0
        i = 0
        skew_offset = 13219622264547590176
        skew_variance = 9702331121665
        clock_offset = 577975985625565972
        sctx = {cfg = 0x85b9678, server = 0x85b9ae8, addrs = 0x0,
          service_name = 0x8053ccc "set", task = 0x804d418 <run>,
          task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0,
          v4_allowed = 0x85c8a50, v6_allowed = 0x85c8a78,
          my_handlers = 0x85c8968, addrlens = 0x0, lsocks = 0x85b9788,
          shutdown_task = 4, timeout = {rel_value_us = 18446744073709551615},
          ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1,
          match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE}
        cfg = 0x85b9678
        xdg = 0x0
        service_options = {{shortName = 99 'c', name = 0xb77bf419 "config",
            argumentHelp = 0xb77bf420 "FILENAME",
            description = 0xb77bf42c "use configuration file FILENAME",
            require_argument = 1,
            processor = 0xb7796330 <GNUNET_GETOPT_set_string>,
            scls = 0xbfeb0ab8}, {shortName = 100 'd',
            name = 0xb77bf44c "daemonize", argumentHelp = 0x0,
            description = 0xb77bf458 "do daemonize (detach from terminal)",
            require_argument = 0,
            processor = 0xb7796314 <GNUNET_GETOPT_set_one>,
            scls = 0xbfeb0aac}, {shortName = 104 'h',
            name = 0xb77bf47c "help", argumentHelp = 0x0,
            description = 0xb77bf481 "print this help", require_argument = 0,
            processor = 0xb7795e7c <GNUNET_GETOPT_format_help_>, scls = 0x0}, {
            shortName = 76 'L', name = 0xb77bf491 "log",
            argumentHelp = 0xb77bf495 "LOGLEVEL",
            description = 0xb77bf4a0 "configure logging to use LOGLEVEL",
            require_argument = 1,
            processor = 0xb7796330 <GNUNET_GETOPT_set_string>,
            scls = 0xbfeb0ab4}, {shortName = 108 'l',
            name = 0xb77bf4c2 "logfile", argumentHelp = 0xb77bf4ca "LOGFILE",
            description = 0xb77bf4d4 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0xb7796330 <GNUNET_GETOPT_set_string>,
            scls = 0xbfeb0ab0}, {shortName = 118 'v',
            name = 0xb77bf4ff "version", argumentHelp = 0x0,
            description = 0xb77bf507 "print the version number",
            require_argument = 0,
            processor = 0xb7795e3f <GNUNET_GETOPT_print_version_>,
            scls = 0xb77bf520}, {shortName = 0 '\000', name = 0x0,
            argumentHelp = 0x0, description = 0x0, require_argument = 0,
            processor = 0x0, scls = 0x0}}
        __FUNCTION__ = "GNUNET_SERVICE_run"
#14 0x0804d54d in main (argc=3, argv=0xbfeb0c34) at gnunet-service-set.c:1548
        ret = -1218964579
TagsNo tags attached.

Activities

Christian Grothoff

2014-12-19 09:19

manager   ~0008708

Would be nice to have this one with valgrind, there's nothing obvious on that line.

amatus

2014-12-19 23:12

developer   ~0008712

Running under valgrind I got this:

==16610== Invalid write of size 4
==16610== at 0x804A7AE: incoming_destroy (gnunet-service-set.c:496)
==16610== by 0x804CF99: incoming_timeout_cb (gnunet-service-set.c:1286)
==16610== by 0x407ACFB: run_ready (scheduler.c:595)
==16610== by 0x407B50E: GNUNET_SCHEDULER_run (scheduler.c:817)
==16610== by 0x40874CC: GNUNET_SERVICE_run (service.c:1498)
==16610== by 0x804D54C: main (gnunet-service-set.c:1548)
==16610== Address 0x4765f34 is 4 bytes inside a block of size 84 free'd
==16610== at 0x402A3A8: free (vg_replace_malloc.c:473)
==16610== by 0x40488DB: GNUNET_xfree_ (common_allocation.c:239)
==16610== by 0x804D3B1: channel_end_cb (gnunet-service-set.c:1403)
==16610== by 0x40AC9CC: destroy_channel (cadet_api.c:481)
==16610== by 0x40AF921: GNUNET_CADET_channel_destroy (cadet_api.c:1670)
==16610== by 0x804A7A7: incoming_destroy (gnunet-service-set.c:495)
==16610== by 0x804CF99: incoming_timeout_cb (gnunet-service-set.c:1286)
==16610== by 0x407ACFB: run_ready (scheduler.c:595)
==16610== by 0x407B50E: GNUNET_SCHEDULER_run (scheduler.c:817)
==16610== by 0x40874CC: GNUNET_SERVICE_run (service.c:1498)
==16610== by 0x804D54C: main (gnunet-service-set.c:1548)
==16610==

It hasn't crashed yet so this might be a different bug or just take a long time to effect the crash.

Christian Grothoff

2014-12-19 23:13

manager   ~0008713

Yes, I fixed that one earlier today. Are you running SVN HEAD? ;-)

Christian Grothoff

2014-12-23 23:17

manager   ~0008725

Update: I've still been unable to reproduce this.

amatus

2014-12-24 01:08

developer   ~0008732

I haven't reproduced it on the latest code either. It's probably fixed.

Issue History

Date Modified Username Field Change
2014-12-18 21:21 amatus New Issue
2014-12-18 21:21 amatus Status new => assigned
2014-12-18 21:21 amatus Assigned To => Florian Dold
2014-12-19 09:12 Christian Grothoff Assigned To Florian Dold => Christian Grothoff
2014-12-19 09:12 Christian Grothoff Target Version => 0.11.0pre66
2014-12-19 09:19 Christian Grothoff Note Added: 0008708
2014-12-19 23:12 amatus Note Added: 0008712
2014-12-19 23:13 Christian Grothoff Note Added: 0008713
2014-12-23 23:17 Christian Grothoff Note Added: 0008725
2014-12-24 01:08 amatus Note Added: 0008732
2015-01-03 15:38 Christian Grothoff Status assigned => resolved
2015-01-03 15:38 Christian Grothoff Fixed in Version => 0.11.0pre66
2015-01-03 15:38 Christian Grothoff Resolution open => fixed
2018-06-07 00:25 Christian Grothoff Status resolved => closed