View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003785 | GNUnet | transport service | public | 2015-05-13 18:19 | 2018-06-07 00:25 |
| Reporter | Sree Harsha Totakura | Assigned To | amatus | ||
| Priority | normal | Severity | crash | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0003785: Transport randomly (but frequently) crashes | ||||
| Description | gdb --core vgcore.11976 /usr/local/lib/gnunet/libexec/gnunet-service-transport GNU gdb (GDB) 7.9 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/lib/gnunet/libexec/gnunet-service-transport...done. warning: core file may not match specified executable file. [New LWP 11976] Core was generated by `'. Program terminated with signal SIGSEGV, Segmentation fault. #0 free_neighbour (n=0x731ef30) at gnunet-service-transport_neighbours.c:991 991 gnunet-service-transport_neighbours.c: No such file or directory. (gdb) bt #0 free_neighbour (n=0x731ef30) at gnunet-service-transport_neighbours.c:991 #1 0x000000000041a3a9 in delayed_disconnect (cls=0x731ef30, tc=0xffefffe90) at gnunet-service-transport_neighbours.c:3646 #2 0x0000000005abab73 in run_ready (rs=0x722ac90, ws=0x722ad40) at scheduler.c:587 #3 0x0000000005abb47e in GNUNET_SCHEDULER_run (task=0x5ac7f59 <service_task>, task_cls=0xfff000220) at scheduler.c:867 #4 0x0000000005ac9c92 in GNUNET_SERVICE_run (argc=3, argv=0xfff0004a8, service_name=0x422b1c "transport", options=GNUNET_SERVICE_OPTION_NONE, task=0x405bd0 <run>, task_cls=0x0) at service.c:1503 #5 0x00000000004062ae in main (argc=3, argv=0xfff0004a8) at gnunet-service-transport.c:929 (gdb) bt full #0 free_neighbour (n=0x731ef30) at gnunet-service-transport_neighbours.c:991 mq = 0xdf0adba0df0adba __FUNCTION__ = "free_neighbour" #1 0x000000000041a3a9 in delayed_disconnect (cls=0x731ef30, tc=0xffefffe90) at gnunet-service-transport_neighbours.c:3646 n = 0x731ef30 __FUNCTION__ = "delayed_disconnect" #2 0x0000000005abab73 in run_ready (rs=0x722ac90, ws=0x722ad40) at scheduler.c:587 p = GNUNET_SCHEDULER_PRIORITY_DEFAULT pos = 0x72c6250 tc = {reason = GNUNET_SCHEDULER_REASON_TIMEOUT, read_ready = 0x722ac90, write_ready = 0x722ad40} __FUNCTION__ = "run_ready" #3 0x0000000005abb47e in GNUNET_SCHEDULER_run (task=0x5ac7f59 <service_task>, task_cls=0xfff000220) at scheduler.c:867 rs = 0x722ac90 ws = 0x722ad40 timeout = {rel_value_us = 0} ret = 8 shc_int = 0x722ae20 shc_term = 0x720ca80 shc_quit = 0x720cc40 shc_hup = 0x720cd20 shc_pipe = 0x720cb60 last_tr = 9024301 busy_wait_warning = 0 pr = 0x722a6b0 c = 0 '\000' __FUNCTION__ = "GNUNET_SCHEDULER_run" #4 0x0000000005ac9c92 in GNUNET_SERVICE_run (argc=3, argv=0xfff0004a8, service_name=0x422b1c "transport", options=GNUNET_SERVICE_OPTION_NONE, task=0x405bd0 <run>, task_cls=0x0) at service.c:1503 err = 0 ret = 3 cfg_fn = 0x720c8a0 "~/.config/gnunet.conf" opt_cfg_fn = 0x720ca40 "/home/troll/.config/gnunet.conf" loglev = 0x0 logfile = 0x0 do_daemonize = 0 i = 4217808 skew_offset = 68702700704 skew_variance = 4209536 clock_offset = 1431239506 sctx = {cfg = 0x720c8e0, server = 0x720cfd0, addrs = 0x0, service_name = 0x422b1c "transport", task = 0x405bd0 <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x722abe0, v6_allowed = 0x722ac20, my_handlers = 0x720d0f0, addrlens = 0x0, lsocks = 0x721e6b0, shutdown_task = 0x720d080, timeout = {rel_value_us = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 0, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE} cfg = 0x720c8e0 xdg = 0x0 service_options = {{shortName = 99 'c', name = 0x5ad81cd "config", argumentHelp = 0x5ad81d4 "FILENAME", description = 0x5ad81e0 "use configuration file FILENAME", require_argument = 1, processor = 0x5aa816c <GNUNET_GETOPT_set_string>, scls = 0xfff0002d8}, {shortName = 100 'd', name = 0x5ad8200 "daemonize", argumentHelp = 0x0, description = 0x5ad8210 "do daemonize (detach from terminal)", require_argument = 0, processor = 0x5aa813f <GNUNET_GETOPT_set_one>, scls = 0xfff0002c4}, {shortName = 104 'h', name = 0x5ad8234 "help", argumentHelp = 0x0, description = 0x5ad8239 "print this help", require_argument = 0, processor = 0x5aa7c0a <GNUNET_GETOPT_format_help_>, scls = 0x0}, {shortName = 76 'L', name = 0x5ad8249 "log", argumentHelp = 0x5ad824d "LOGLEVEL", description = 0x5ad8258 "configure logging to use LOGLEVEL", require_argument = 1, processor = 0x5aa816c <GNUNET_GETOPT_set_string>, scls = 0xfff0002d0}, {shortName = 108 'l', name = 0x5ad827a "logfile", argumentHelp = 0x5ad8282 "LOGFILE", description = 0x5ad8290 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x5aa816c <GNUNET_GETOPT_set_string>, scls = 0xfff0002c8}, {shortName = 118 'v', name = 0x5ad82bb "version", argumentHelp = 0x0, description = 0x5ad82c3 "print the version number", require_argument = 0, processor = 0x5aa7bc4 <GNUNET_GETOPT_print_version_>, scls = 0x5ad82dc}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}} __FUNCTION__ = "GNUNET_SERVICE_run" #5 0x00000000004062ae in main (argc=3, argv=0xfff0004a8) at gnunet-service-transport.c:929 No locals. (gdb) q | ||||
| Additional Information | Transport is running under Valgrind/massif. Code is from SVN 35676. | ||||
| Tags | No tags attached. | ||||
|
|
Logic looks totally fine upon manual inspection, also haven't seen this myself. Trace with valgrind (memcheck) would help, as this looks like an (inexplicable) use-after-free (or general memory corruption). |
|
|
Amatus had an interesting fix with SVN 35980 which would explain this crash. |
|
|
Marking as resolved for now, as Amatus's 35980 explains this pretty well. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-05-13 18:19 | Sree Harsha Totakura | New Issue | |
| 2015-05-13 18:19 | Sree Harsha Totakura | Status | new => assigned |
| 2015-05-13 18:19 | Sree Harsha Totakura | Assigned To | => Matthias Wachs |
| 2015-05-18 21:59 | Christian Grothoff | Assigned To | Matthias Wachs => Christian Grothoff |
| 2015-05-18 22:00 | Christian Grothoff | Product Version | => Git master |
| 2015-05-18 22:00 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2015-05-21 11:34 | Christian Grothoff | Note Added: 0009145 | |
| 2015-05-21 11:34 | Christian Grothoff | Assigned To | Christian Grothoff => |
| 2015-05-21 11:34 | Christian Grothoff | Status | assigned => feedback |
| 2015-05-21 11:34 | Christian Grothoff | Target Version | 0.11.0pre66 => |
| 2015-06-24 21:12 | Christian Grothoff | Note Added: 0009333 | |
| 2015-06-24 21:12 | Christian Grothoff | Assigned To | => amatus |
| 2015-06-24 21:12 | Christian Grothoff | Status | feedback => assigned |
| 2015-06-24 21:12 | Christian Grothoff | Note Added: 0009334 | |
| 2015-06-24 21:12 | Christian Grothoff | Status | assigned => resolved |
| 2015-06-24 21:12 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2015-06-24 21:12 | Christian Grothoff | Resolution | open => fixed |
| 2015-06-24 21:12 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2018-06-07 00:25 | Christian Grothoff | Status | resolved => closed |
