0003793: gnunet9's CADET segfaults during cleanup on peer disconnect (SVN 35758) - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0003793	GNUnet	cadet service	public	2015-05-20 08:58	2018-06-07 00:24

Reporter	Christian Grothoff	Assigned To	Bart Polot
Priority	urgent	Severity	crash	Reproducibility	have not tried
Status	closed	Resolution	fixed
Platform	i7	OS	Debian GNU/Linux	OS Version	squeeze
Product Version	Git master
Target Version	0.11.0pre66	Fixed in Version	0.11.0pre66

Summary	0003793: gnunet9's CADET segfaults during cleanup on peer disconnect (SVN 35758)
Description	Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000412d16 in get_prev_hop (c=0x680350) at gnunet-service-cadet_connection.c:735 735 if (0 == c->own_pos \|\| c->path->length < 2) (gdb) ba #0 0x0000000000412d16 in get_prev_hop (c=0x680350) at gnunet-service-cadet_connection.c:735 #1 0x000000000041a60d in GCC_notify_broken (c=0x680350, peer=0x66fd70) at gnunet-service-cadet_connection.c:2989 #2 0x0000000000428dc4 in notify_broken (cls=0x66fd70, key=0x63ec60 <hc>, value=0x680350) at gnunet-service-cadet_peer.c:357 #3 0x00007f6dbb82d0a9 in GNUNET_CONTAINER_multihashmap_iterate (map=0x675810, it=0x428cf7 <notify_broken>, it_cls=0x66fd70) at container_multihashmap.c:340 #4 0x0000000000429470 in core_disconnect (cls=0x0, peer=0x672c00) at gnunet-service-cadet_peer.c:461 #5 0x00007f6dbb3e9ced in disconnect_and_free_peer_entry (cls=0x64b8f0, key=0x7fffb846dfe8, value=0x672bb0) at core_api.c:389 #6 0x00007f6dbb3ed364 in main_notify_handler (cls=0x64b8f0, msg=0x7fffb846dfe0) at core_api.c:913 #7 0x00007f6dbb8167ae in receive_task (cls=0x64c100, tc=0x7fffb846e0d0) at client.c:618 #8 0x00007f6dbb85643e in run_ready (rs=0x64ab20, ws=0x64abb0) at scheduler.c:587 #9 0x00007f6dbb856d30 in GNUNET_SCHEDULER_run (task=0x7f6dbb863767 <service_task>, task_cls=0x7fffb846e470) atProgram terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000412d16 in get_prev_hop (c=0x680350) at gnunet-service-cadet_connection.c:735 735 if (0 == c->own_pos \|\| c->path->length < 2) (gdb) ba #0 0x0000000000412d16 in get_prev_hop (c=0x680350) at gnunet-service-cadet_connection.c:735 #1 0x000000000041a60d in GCC_notify_broken (c=0x680350, peer=0x66fd70) at gnunet-service-cadet_connection.c:2989 #2 0x0000000000428dc4 in notify_broken (cls=0x66fd70, key=0x63ec60 <hc>, value=0x680350) at gnunet-service-cadet_peer.c:357 #3 0x00007f6dbb82d0a9 in GNUNET_CONTAINER_multihashmap_iterate (map=0x675810, it=0x428cf7 <notify_broken>, it_cls=0x66fd70) at container_multihashmap.c:340 #4 0x0000000000429470 in core_disconnect (cls=0x0, peer=0x672c00) at gnunet-service-cadet_peer.c:461 #5 0x00007f6dbb3e9ced in disconnect_and_free_peer_entry (cls=0x64b8f0, key=0x7fffb846dfe8, value=0x672bb0) at core_api.c:389 #6 0x00007f6dbb3ed364 in main_notify_handler (cls=0x64b8f0, msg=0x7fffb846dfe0) at core_api.c:913 #7 0x00007f6dbb8167ae in receive_task (cls=0x64c100, tc=0x7fffb846e0d0) at client.c:618 #8 0x00007f6dbb85643e in run_ready (rs=0x64ab20, ws=0x64abb0) at scheduler.c:587 #9 0x00007f6dbb856d30 in GNUNET_SCHEDULER_run (task=0x7f6dbb863767 <service_task>, task_cls=0x7fffb846e470) at scheduler.c:867 #10 0x00007f6dbb865479 in GNUNET_SERVICE_run (argc=3, argv=0x7fffb846e708, service_name=0x43954a "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x432413 <run>, task_cls=0x0) at service.c:1503 #11 0x0000000000432782 in main (argc=3, argv=0x7fffb846e708) at gnunet-service-cadet.c:174 (gdb) scheduler.c:867 #10 0x00007f6dbb865479 in GNUNET_SERVICE_run (argc=3, argv=0x7fffb846e708, service_name=0x43954a "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x432413 <run>, task_cls=0x0) at service.c:1503 #11 0x0000000000432782 in main (argc=3, argv=0x7fffb846e708) at gnunet-service-cadet.c:174 (gdb)
Steps To Reproduce	Just running the peer for about a day.
Additional Information	(gdb) bt full #0 0x0000000000412d16 in get_prev_hop (c=0x680350) at gnunet-service-cadet_connection.c:735 id = 0 __FUNCTION__ = "get_prev_hop" #1 0x000000000041a60d in GCC_notify_broken (c=0x680350, peer=0x66fd70) at gnunet-service-cadet_connection.c:2989 hop = 0x0 fwd = 1 __FUNCTION__ = "GCC_notify_broken" #2 0x0000000000428dc4 in notify_broken (cls=0x66fd70, key=0x63ec60 <hc>, value=0x680350) at gnunet-service-cadet_peer.c:357 peer = 0x66fd70 c = 0x680350 __FUNCTION__ = "notify_broken" #3 0x00007f6dbb82d0a9 in GNUNET_CONTAINER_multihashmap_iterate (map=0x675810, it=0x428cf7 <notify_broken>, it_cls=0x66fd70) at container_multihashmap.c:340 sme = 0x6cad60 nxt = 0x6d48c0 count = 15 i = 56 me = {sme = 0x6cb210, bme = 0x6cb210} kc = {bits = {0, 781002208, 32, 1101, 6761472, 0, 6602000, 0, 3091652064, 32767, 4159961677, 233876922, 3091652032, 32767, 3145918057, 32621}} __FUNCTION__ = "GNUNET_CONTAINER_multihashmap_iterate" #4 0x0000000000429470 in core_disconnect (cls=0x0, peer=0x672c00) at gnunet-service-cadet_peer.c:461 p = 0x66fd70 direct_path = 0x66ffe0 own_id = "DSTJ", '\000' <repeats 11 times> __FUNCTION__ = "core_disconnect" #5 0x00007f6dbb3e9ced in disconnect_and_free_peer_entry (cls=0x64b8f0, key=0x7fffb846dfe8, value=0x672bb0) at core_api.c:389 h = 0x64b8f0 th = 0x675730 pr = 0x672bb0 __FUNCTION__ = "disconnect_and_free_peer_entry" #6 0x00007f6dbb3ed364 in main_notify_handler (cls=0x64b8f0, msg=0x7fffb846dfe0) at core_api.c:913 h = 0x64b8f0 m = 0x403600 <_start> cnm = 0x672df0 dnm = 0x7fffb846dfe0 ntm = 0x38 em = 0x7fffb846dfa0 smr = 0x4b0006ccd88 mh = 0x6ccf20 init = 0x6ccf20 pr = 0x672bb0 th = 0x7f6dbb81b296 <GNUNET_xfree_+332> hpos = 0 trigger = 0 msize = 40 et = 0 __FUNCTION__ = "main_notify_handler" #7 0x00007f6dbb8167ae in receive_task (cls=0x64c100, tc=0x7fffb846e0d0) at client.c:618 client = 0x64c100 handler = 0x7f6dbb3ec38e <main_notify_handler> cmsg = 0x6c1cf0 handler_cls = 0x64b8f0 msize = 40 mbuf = 0x7fffb846dfe0 "" msg = 0x7fffb846dfe0 __FUNCTION__ = "receive_task" #8 0x00007f6dbb85643e in run_ready (rs=0x64ab20, ws=0x64abb0) at scheduler.c:587 p = GNUNET_SCHEDULER_PRIORITY_DEFAULT pos = 0x6abf80 tc = {reason = GNUNET_SCHEDULER_REASON_TIMEOUT, read_ready = 0x64ab20, write_ready = 0x64abb0} __FUNCTION__ = "run_ready" #9 0x00007f6dbb856d30 in GNUNET_SCHEDULER_run (task=0x7f6dbb863767 <service_task>, task_cls=0x7fffb846e470) at scheduler.c:867 rs = 0x64ab20 ws = 0x64abb0 timeout = {rel_value_us = 0} ret = 0 shc_int = 0x64ac60 shc_term = 0x64ad20 shc_quit = 0x64aea0 shc_hup = 0x64b3c0 shc_pipe = 0x64ade0 last_tr = 5333813 busy_wait_warning = 0 pr = 0x65cbc0 ---Type <return> to continue, or q <return> to quit--- c = 0 '\000' __FUNCTION__ = "GNUNET_SCHEDULER_run" #10 0x00007f6dbb865479 in GNUNET_SERVICE_run (argc=3, argv=0x7fffb846e708, service_name=0x43954a "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x432413 <run>, task_cls=0x0) at service.c:1503 err = 0 ret = 3 cfg_fn = 0x64a7c0 "~/.config/gnunet.conf" opt_cfg_fn = 0x64a910 "/home/gnunet9/.config/gnunet.conf" loglev = 0x0 logfile = 0x0 do_daemonize = 0 i = 4400147 skew_offset = 140109280888064 skew_variance = 140736285042256 clock_offset = 4208128 sctx = {cfg = 0x64a7e0, server = 0x64b680, addrs = 0x65ecb0, service_name = 0x43954a "cadet", task = 0x432413 <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x65f6e0, v6_allowed = 0x64aac0, my_handlers = 0x64a9c0, addrlens = 0x64aa20, lsocks = 0x0, shutdown_task = 0x64b710, timeout = {rel_value_us = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE} cfg = 0x64a7e0 xdg = 0x0 service_options = {{shortName = 99 'c', name = 0x7f6dbb873aad "config", argumentHelp = 0x7f6dbb873ab4 "FILENAME", description = 0x7f6dbb873ac0 "use configuration file FILENAME", require_argument = 1, processor = 0x7f6dbb843bd0 <GNUNET_GETOPT_set_string>, scls = 0x7fffb846e528}, {shortName = 100 'd', name = 0x7f6dbb873ae0 "daemonize", argumentHelp = 0x0, description = 0x7f6dbb873af0 "do daemonize (detach from terminal)", require_argument = 0, processor = 0x7f6dbb843ba3 <GNUNET_GETOPT_set_one>, scls = 0x7fffb846e514}, {shortName = 104 'h', name = 0x7f6dbb873b14 "help", argumentHelp = 0x0, description = 0x7f6dbb873b19 "print this help", require_argument = 0, processor = 0x7f6dbb84366a <GNUNET_GETOPT_format_help_>, scls = 0x0}, {shortName = 76 'L', name = 0x7f6dbb873b29 "log", argumentHelp = 0x7f6dbb873b2d "LOGLEVEL", description = 0x7f6dbb873b38 "configure logging to use LOGLEVEL", require_argument = 1, processor = 0x7f6dbb843bd0 <GNUNET_GETOPT_set_string>, scls = 0x7fffb846e520}, {shortName = 108 'l', name = 0x7f6dbb873b5a "logfile", argumentHelp = 0x7f6dbb873b62 "LOGFILE", description = 0x7f6dbb873b70 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x7f6dbb843bd0 <GNUNET_GETOPT_set_string>, scls = 0x7fffb846e518}, { shortName = 118 'v', name = 0x7f6dbb873b9b "version", argumentHelp = 0x0, description = 0x7f6dbb873ba3 "print the version number", require_argument = 0, processor = 0x7f6dbb843624 <GNUNET_GETOPT_print_version_>, scls = 0x7f6dbb873bbc}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}} __FUNCTION__ = "GNUNET_SERVICE_run" #11 0x0000000000432782 in main (argc=3, argv=0x7fffb846e708) at gnunet-service-cadet.c:174 r = 0
Tags	No tags attached.

Christian Grothoff 2015-05-20 09:02 manager ~0009132	(gdb) print c $1 = (const struct CadetConnection ) 0x680350 (gdb) print c->path $2 = (struct CadetPeerPath ) 0xdf0adba2bff8707 (gdb) print c->path->length Cannot access memory at address 0xdf0adba2bff871f (gdb) print c $3 = {t = 0x94b5b50601cc00, fwd_fc = {c = 0xdf8460ecc6b10506, queue_n = 3563883204, queue_max = 2488962428, last_pid_sent = 2280260853, last_pid_recv = 3162997369, recv_bitmap = 1238128283, last_ack_sent = 117549056, last_ack_recv = 33554432, poll_task = 0xa895012ac392a6f9, poll_time = {rel_value_us = 17898390117736746799}, poll_msg = 0x86627e77e8a61346, ack_msg = 0xa96ab50186fc1f03}, bck_fc = {c = 0x732d4b7f895c626a, queue_n = 1271095911, queue_max = 3023518710, last_pid_sent = 168880512, last_pid_recv = 2037011407, recv_bitmap = 262518367, last_ack_sent = 1476395008, last_ack_recv = 352321536, poll_task = 0x711605005de81c59, poll_time = { rel_value_us = 16942828102250110059}, poll_msg = 0xb6e82ded0e7272b7, ack_msg = 0x34865ae868531949}, perf = 0x27ef3de49b0983c2, id = { bits = "s\026\063\345\071=\256\204\004T\256\346\025\vVU?\331y\214\265\373\361\201\274\\`\216\202}\222", <incomplete sequence \334>}, state = 769588226, path = 0xdf0adba2bff8707, own_pos = 224, fwd_maintenance_task = 0x31, bck_maintenance_task = 0x68d080, maintenance_q = 0x0, create_retry = 0, pending_messages = 0, destroy = 0} Looks like most other pointers in 'c' are also invalid: (gdb) print c->t Cannot access memory at address 0x94b5b50601cc00 (gdb) print *c->fwd_fc.poll_task Cannot access memory at address 0xa895012ac392a6f9

Christian Grothoff 2015-05-20 17:18 manager ~0009137	Reproduced on another machine: Core was generated by `/home/grothoff/lib//gnunet/libexec/gnunet-service-cadet -c /home/grothoff/.conf'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000412d44 in get_prev_hop (c=0xa7b390) at gnunet-service-cadet_connection.c:735 735 if (0 == c->own_pos \|\| c->path->length < 2) (gdb) ba #0 0x0000000000412d44 in get_prev_hop (c=0xa7b390) at gnunet-service-cadet_connection.c:735 #1 0x000000000041a60e in GCC_notify_broken (c=0xa7b390, peer=0x9d7830) at gnunet-service-cadet_connection.c:2989 #2 0x0000000000428df6 in notify_broken (cls=0x9d7830, key=0x63ecc0 <hc>, value=0xa7b390) at gnunet-service-cadet_peer.c:357 #3 0x00007f5dc610221f in GNUNET_CONTAINER_multihashmap_iterate (map=0x9d1d50, it=0x428d29 <notify_broken>, it_cls=0x9d7830) at container_multihashmap.c:340 #4 0x00000000004294a5 in core_disconnect (cls=0x0, peer=0x9d77f0) at gnunet-service-cadet_peer.c:461 #5 0x00007f5dc5cbed08 in disconnect_and_free_peer_entry (cls=0x9d1590, key=0x7ffddd3b60a0, value=0x9d77a0) at core_api.c:389 #6 0x00007f5dc61039a9 in GNUNET_CONTAINER_multipeermap_iterate (map=0x9d19d0, it=0x7f5dc5cbea53 <disconnect_and_free_peer_entry>, it_cls=0x9d1590) at container_multipeermap.c:361 #7 0x00007f5dc5cc4165 in GNUNET_CORE_disconnect (handle=0x9d1590) at core_api.c:1259 #8 0x000000000042db6e in GCP_shutdown () at gnunet-service-cadet_peer.c:1716 #9 0x0000000000432374 in shutdown_task (cls=0x0, tc=0x7ffddd3b61a0) at gnunet-service-cadet.c:115 #10 0x00007f5dc612b6bd in run_ready (rs=0x9e7010, ws=0x9e70a0) at scheduler.c:587 #11 0x00007f5dc612bfc8 in GNUNET_SCHEDULER_run (task=0x7f5dc6138aa3 <service_task>, task_cls=0x7ffddd3b6530) at scheduler.c:867 #12 0x00007f5dc613a7dc in GNUNET_SERVICE_run (argc=3, argv=0x7ffddd3b67c8, service_name=0x43954a "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x432404 <run>, task_cls=0x0) at service.c:1503 #13 0x0000000000432773 in main (argc=3, argv=0x7ffddd3b67c8) at gnunet-service-cadet.c:174

Bart Polot 2015-10-02 05:56 manager ~0009675	Haven't seen this is a while, seems a duplicate of 0003794 anyway.

Date Modified	Username	Field	Change
2015-05-20 08:58	Christian Grothoff	New Issue
2015-05-20 08:58	Christian Grothoff	Status	new => assigned
2015-05-20 08:58	Christian Grothoff	Assigned To	=> Bart Polot
2015-05-20 09:02	Christian Grothoff	Note Added: 0009132
2015-05-20 09:02	Christian Grothoff	Summary	gnunet9's CADET segfaults (SVN 35758) => gnunet9's CADET segfaults during cleanup on peer disconnect (SVN 35758)
2015-05-20 17:18	Christian Grothoff	Note Added: 0009137
2015-06-08 10:50	Christian Grothoff	Relationship added	related to 0003696
2015-06-09 10:50	Christian Grothoff	Assigned To	Bart Polot => Christian Grothoff
2015-06-24 00:40	Christian Grothoff	Assigned To	Christian Grothoff => Bart Polot
2015-06-24 16:52	Bart Polot	Status	assigned => feedback
2015-10-02 05:56	Bart Polot	Note Added: 0009675
2015-10-02 05:56	Bart Polot	Status	feedback => resolved
2015-10-02 05:56	Bart Polot	Fixed in Version	=> Git master
2015-10-02 05:56	Bart Polot	Resolution	open => fixed
2015-10-02 14:33	Christian Grothoff	Fixed in Version	Git master => 0.11.0pre66
2018-06-07 00:24	Christian Grothoff	Status	resolved => closed