View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003626 | GNUnet | util library | public | 2015-01-28 17:00 | 2018-06-07 00:25 |
| Reporter | Bart Polot | Assigned To | Bart Polot | ||
| Priority | normal | Severity | crash | Reproducibility | random |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0003626: RPS service causes scheduler to crash | ||||
| Description | After running rps for a while a network.c:1220 assertion is triggered and the service crashes. There appears to be corrupted scheduler data structures (pending_head use-after-free). | ||||
| Steps To Reproduce | run test_rps_multipeer | ||||
| Additional Information | Core was generated by `/tmp/bartgnunet/lib//gnunet/libexec/gnunet-service-rps -c /tmp/testbed3a4nXn/0/'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f482b412a97 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007f482b412a97 in raise () from /usr/lib/libc.so.6 #1 0x00007f482b413e6a in abort () from /usr/lib/libc.so.6 #2 0x00007f482ccf8b4e in GNUNET_abort () at common_logging.c:289 #3 0x00007f482cd262b3 in GNUNET_NETWORK_fdset_set_native (to=0xc54560, nfd=233876922) at network.c:1220 #4 0x00007f482cd31593 in update_sets (rs=0xc54560, ws=0xc545f0, timeout=0x7fffa50c2b40) at scheduler.c:331 #5 0x00007f482cd32b83 in GNUNET_SCHEDULER_run (task=0x7f482cd3f775 <service_task>, task_cls=0x7fffa50c2e50) at scheduler.c:775 #6 0x00007f482cd414ae in GNUNET_SERVICE_run (argc=3, argv=0x7fffa50c30d8, service_name=0x4082df "rps", options=GNUNET_SERVICE_OPTION_NONE, task=0x407196 <run>, task_cls=0x0) at service.c:1503 #7 0x00000000004076e6 in main (argc=3, argv=0x7fffa50c30d8) at gnunet-service-rps.c:1682 (gdb) up 3 #3 0x00007f482cd262b3 in GNUNET_NETWORK_fdset_set_native (to=0xc54560, nfd=233876922) at network.c:1220 1220 GNUNET_assert ((nfd >= 0) && (nfd < FD_SETSIZE)); (gdb) p nfd $1 = 233876922 (gdb) p/x nfd $2 = 0xdf0adba (gdb) p *to $3 = {nsds = 0, sds = {fds_bits = {0 <repeats 16 times>}}} (gdb) up 1 #4 0x00007f482cd31593 in update_sets (rs=0xc54560, ws=0xc545f0, timeout=0x7fffa50c2b40) at scheduler.c:331 331 GNUNET_NETWORK_fdset_set_native (rs, pos->read_fd); (gdb) p *rs $4 = {nsds = 0, sds = {fds_bits = {0 <repeats 16 times>}}} (gdb) p *ws $5 = {nsds = 0, sds = {fds_bits = {0 <repeats 16 times>}}} (gdb) p *timeout $6 = {rel_value_us = 2893531} (gdb) p/x *timeout $7 = {rel_value_us = 0x2c26db} (gdb) p *pos $8 = {next = 0xc66730, prev = 0xdf0adba0df0adba, callback = 0xdf0adba0df0adba, callback_cls = 0xdf0adba0df0adba, read_set = 0xdf0adba0df0adba, write_set = 0xdf0adba0df0adba, timeout = {abs_value_us = 1004493731513019834}, reason = (GNUNET_SCHEDULER_REASON_SHUTDOWN | GNUNET_SCHEDULER_REASON_READ_READY | GNUNET_SCHEDULER_REASON_WRITE_READY | GNUNET_SCHEDULER_REASON_PREREQ_DONE | unknown: 233876864), priority = 233876922, read_fd = 233876922, write_fd = 233876922, lifeness = 233876922, in_ready_list = 233876922} (gdb) p/x *pos $9 = {next = 0xc66730, prev = 0xdf0adba0df0adba, callback = 0xdf0adba0df0adba, callback_cls = 0xdf0adba0df0adba, read_set = 0xdf0adba0df0adba, write_set = 0xdf0adba0df0adba, timeout = {abs_value_us = 0xdf0adba0df0adba}, reason = 0xdf0adba, priority = 0xdf0adba, read_fd = 0xdf0adba, write_fd = 0xdf0adba, lifeness = 0xdf0adba, in_ready_list = 0xdf0adba} (gdb) p *pending_head $10 = {next = 0xc66730, prev = 0xdf0adba0df0adba, callback = 0xdf0adba0df0adba, callback_cls = 0xdf0adba0df0adba, read_set = 0xdf0adba0df0adba, write_set = 0xdf0adba0df0adba, timeout = {abs_value_us = 1004493731513019834}, reason = (GNUNET_SCHEDULER_REASON_SHUTDOWN | GNUNET_SCHEDULER_REASON_READ_READY | GNUNET_SCHEDULER_REASON_WRITE_READY | GNUNET_SCHEDULER_REASON_PREREQ_DONE | unknown: 233876864), priority = 233876922, read_fd = 233876922, write_fd = 233876922, lifeness = 233876922, in_ready_list = 233876922} (gdb) p/x *pending_head $11 = {next = 0xc66730, prev = 0xdf0adba0df0adba, callback = 0xdf0adba0df0adba, callback_cls = 0xdf0adba0df0adba, read_set = 0xdf0adba0df0adba, write_set = 0xdf0adba0df0adba, timeout = {abs_value_us = 0xdf0adba0df0adba}, reason = 0xdf0adba, priority = 0xdf0adba, read_fd = 0xdf0adba, write_fd = 0xdf0adba, lifeness = 0xdf0adba, in_ready_list = 0xdf0adba} (gdb) | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-01-28 17:00 | Bart Polot | New Issue | |
| 2015-01-28 17:00 | Bart Polot | Status | new => assigned |
| 2015-01-28 17:00 | Bart Polot | Assigned To | => Christian Grothoff |
| 2015-01-29 00:46 | Bart Polot | Note Added: 0008819 | |
| 2015-01-29 00:46 | Bart Polot | Status | assigned => resolved |
| 2015-01-29 00:46 | Bart Polot | Fixed in Version | => 0.11.0pre66 |
| 2015-01-29 00:46 | Bart Polot | Resolution | open => fixed |
| 2015-01-29 00:46 | Bart Polot | Assigned To | Christian Grothoff => Bart Polot |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
