View Issue Details

IDProjectCategoryView StatusLast Update
0003906GNUnetcadet servicepublic2018-06-07 00:24
ReporteramatusAssigned ToBart Polot 
PriorityurgentSeveritycrashReproducibilityhave not tried
Status closedResolutionfixed 
Platformx86OSDebianOS Versionjessie
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0003906: segfault in GCP_remove_path
DescriptionI got this segfault on my peer running rev 36091

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x08068b16 in GCP_remove_path (peer=0x82c3d60, path=0x8337aa0)
    at gnunet-service-cadet_peer.c:2235
2235 gnunet-service-cadet_peer.c: No such file or directory.
(gdb) bt
#0 0x08068b16 in GCP_remove_path (peer=0x82c3d60, path=0x8337aa0)
    at gnunet-service-cadet_peer.c:2235
#1 0x0806a08c in path_destroy_delayed (cls=0x8337aa0, tc=0xbfee0424)
    at cadet_path.c:57
#2 0xb7701469 in run_ready (rs=0x82cee30, ws=0x82ceeb8) at scheduler.c:587
#3 0xb7701cf7 in GNUNET_SCHEDULER_run (task=0xb770c885 <service_task>,
    task_cls=0xbfee0650) at scheduler.c:867
#4 0xb770e423 in GNUNET_SERVICE_run (argc=7, argv=0xbfee0844,
    service_name=0x806e50c "cadet", options=GNUNET_SERVICE_OPTION_NONE,
    task=0x806abbe <run>, task_cls=0x0) at service.c:1503
#5 0x0806ae50 in main (argc=7, argv=0xbfee0844) at gnunet-service-cadet.c:174
(gdb) p *iter
Cannot access memory at address 0x70
(gdb) p *peer->path_head
$1 = {next = 0x82f2530, prev = 0x67617373, peers = 0x66207365,
  length = 1635218031, c = 0x64656472, path_delete = 0x0}
(gdb) p *peer->path_head->next
$2 = {next = 0x70, prev = 0x20, peers = 0x831cf90, length = 1734439795,
  c = 0x66207365, path_delete = 0x6177726f}
(gdb) p *peer
$3 = {id = 6, last_contact = {abs_value_us = 1437257013310190},
  path_head = 0x830b8a8, path_tail = 0x831a9e0, search_h = 0x82d2268,
  search_delayed = 0x0, tunnel = 0x82dba20, connections = 0x831d268,
  core_transmit = 0x0, tmt_time = {abs_value_us = 0}, queue_head = 0x0,
  queue_tail = 0x0, queue_n = 0, hello = 0x832ce20}
(gdb) p *peer->path_tail
$4 = {next = 0x0, prev = 0x830cd60, peers = 0x82d1280, length = 9, c = 0x0,
  path_delete = 0x82f2d90}
TagsNo tags attached.

Relationships

related to 0003930 closedBart Polot cadet crash (looks like use after free) in pop_direct_path 

Activities

amatus

2015-07-27 20:57

developer   ~0009491

Here's a backtrace from a 64-bit machine running rev 36117:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000004307a0 in GCP_remove_path (peer=0x1f7cce0, path=0x1fd7610)
    at gnunet-service-cadet_peer.c:2235
2235 gnunet-service-cadet_peer.c: No such file or directory.
(gdb) bt
#0 0x00000000004307a0 in GCP_remove_path (peer=0x1f7cce0, path=0x1fd7610)
    at gnunet-service-cadet_peer.c:2235
#1 0x0000000000432abd in path_destroy_delayed (cls=0x1fd7610, tc=0x7fff0473ec80) at cadet_path.c:57
#2 0x00007f0e8308b909 in run_ready (rs=0x1f5ff00, ws=0x1f4aa20) at scheduler.c:587
#3 0x00007f0e8308c214 in GNUNET_SCHEDULER_run (task=0x7f0e83098cef <service_task>,
    task_cls=0x7fff0473f010) at scheduler.c:867
#4 0x00007f0e8309aa28 in GNUNET_SERVICE_run (argc=7, argv=0x7fff0473f2a8,
    service_name=0x43aefa "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x433bd9 <run>, task_cls=0x0)
    at service.c:1503
#5 0x0000000000433f48 in main (argc=7, argv=0x7fff0473f2a8) at gnunet-service-cadet.c:174
(gdb) p *iter
Cannot access memory at address 0xdf0adba0df0adba
(gdb) p *peer
$1 = {id = 42, last_contact = {abs_value_us = 1437755716285648}, path_head = 0x1f63a00,
  path_tail = 0x1fd69e0, search_h = 0x1f70eb0, search_delayed = 0x0, tunnel = 0x1f93470,
  connections = 0x1fdf5e0, core_transmit = 0x0, tmt_time = {abs_value_us = 0}, queue_head = 0x0,
  queue_tail = 0x0, queue_n = 0, hello = 0x1fcb510}
(gdb) p *peer->path_head
$2 = {next = 0x1f6ed00, prev = 0x1fad940, peers = 0xdf0adba0df0adba, length = 233876922,
  c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}
(gdb) p *peer->path_tail
$3 = {next = 0x7f0e81ef86e8 <main_arena+200>, prev = 0x1f84090, peers = 0xdf0adba0df0adba,
  length = 233876922, c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}
(gdb) p *peer->path_head->next
$4 = {next = 0xdf0adba0df0adba, prev = 0x41, peers = 0x1f7bf90, length = 32913904,
  c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}

amatus

2015-08-03 14:45

developer   ~0009524

Hit it again at rev 36159:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000430b94 in GCP_remove_path (peer=0x12c0200, path=0x12e76e0)
    at gnunet-service-cadet_peer.c:2241
2241 gnunet-service-cadet_peer.c: No such file or directory.
(gdb) bt
#0 0x0000000000430b94 in GCP_remove_path (peer=0x12c0200, path=0x12e76e0)
    at gnunet-service-cadet_peer.c:2241
#1 0x0000000000432d39 in path_destroy_delayed (cls=0x12e76e0, tc=0x7ffdc0c88ec0) at cadet_path.c:58
#2 0x00007f2f1f371263 in run_ready (rs=0x12b87e0, ws=0x12b8870) at scheduler.c:587
#3 0x00007f2f1f371b6e in GNUNET_SCHEDULER_run (task=0x7f2f1f37e649 <service_task>,
    task_cls=0x7ffdc0c89250) at scheduler.c:867
#4 0x00007f2f1f380382 in GNUNET_SERVICE_run (argc=7, argv=0x7ffdc0c894e8,
    service_name=0x43b1aa "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x433e57 <run>, task_cls=0x0)
    at service.c:1503
#5 0x00000000004341c6 in main (argc=7, argv=0x7ffdc0c894e8) at gnunet-service-cadet.c:174
(gdb) p *peer
$1 = {id = 6, last_contact = {abs_value_us = 1438513531481697}, path_head = 0x12d6750,
  path_tail = 0x12fd5c0, search_h = 0x1349fc0, search_delayed = 0x0, tunnel = 0x12eab40,
  connections = 0x1328290, core_transmit = 0x0, tmt_time = {abs_value_us = 0}, queue_head = 0x0,
  queue_tail = 0x0, queue_n = 0, hello = 0x12fdf10}
(gdb) p *peer->path_head
$2 = {next = 0x134b5a0, prev = 0xdf0adba0df0adba, peers = 0xdf0adba0df0adba, length = 233876922,
  c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}
(gdb) p *peer->path_head->next
$3 = {next = 0xdf0adba0df0adba, prev = 0x41, peers = 0x1347820, length = 233876922,
  c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}

amatus

2015-08-03 16:10

developer   ~0009525

Another box at rev 36159 running AddressSanitizer:

=================================================================
==13988==ERROR: AddressSanitizer: heap-use-after-free on address 0xad3bd3a0 at pc 0x808baf8 bp 0xbf8720a8 sp 0xbf87209c
READ of size 4 at 0xad3bd3a0 thread T0
    #0 0x808baf7 in GCP_remove_path /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:2241
    #1 0x808ecf9 in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:58
    #2 0xb71f3ad3 in run_ready /root/gnunet/src/util/scheduler.c:587
    #3 0xb71f47f2 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:867
    #4 0xb721187b in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #5 0x8090cdd in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #6 0xb6f35722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)
    #7 0x804acf0 (/opt/gnunet/lib/gnunet/libexec/gnunet-service-cadet+0x804acf0)

0xad3bd3a0 is located 0 bytes inside of 24-byte region [0xad3bd3a0,0xad3bd3b8)
freed by thread T0 here:
    #0 0xb72c44c4 in free (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e4c4)
    #1 0xb7173b79 in GNUNET_xfree_ /root/gnunet/src/util/common_allocation.c:256
    #2 0x808ff2f in path_destroy /root/gnunet/src/cadet/cadet_path.c:301
    #3 0x808ed0b in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:61
    #4 0xb71f3ad3 in run_ready /root/gnunet/src/util/scheduler.c:587
    #5 0xb71f47f2 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:867
    #6 0xb721187b in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #7 0x8090cdd in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #8 0xb6f35722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

previously allocated by thread T0 here:
    #0 0xb72c46e4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e6e4)
    #1 0xb7173854 in GNUNET_xmalloc_unchecked_ /root/gnunet/src/util/common_allocation.c:154
    #2 0xb71732b2 in GNUNET_xmalloc_ /root/gnunet/src/util/common_allocation.c:75
    #3 0x808ed30 in path_new /root/gnunet/src/cadet/cadet_path.c:77
    #4 0x8082292 in core_connect /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:431
    #5 0xb711953d in main_notify_handler /root/gnunet/src/core/core_api.c:882
    #6 0xb716a9f6 in receive_task /root/gnunet/src/util/client.c:623
    #7 0xb71f3ad3 in run_ready /root/gnunet/src/util/scheduler.c:587
    #8 0xb71f47f2 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:867
    #9 0xb721187b in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #10 0x8090cdd in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #11 0xb6f35722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

SUMMARY: AddressSanitizer: heap-use-after-free /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:2241 GCP_remove_path
Shadow bytes around the buggy address:
  0x35a77a20: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
  0x35a77a30: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
  0x35a77a40: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x35a77a50: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
  0x35a77a60: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
=>0x35a77a70: fd fa fa fa[fd]fd fd fa fa fa fd fd fd fd fa fa
  0x35a77a80: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
  0x35a77a90: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x35a77aa0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x35a77ab0: fa fa fa fa fa fa fd fd fd fd fa fa fa fa fa fa
  0x35a77ac0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Contiguous container OOB:fc
  ASan internal: fe
==13988==ABORTING

amatus

2015-08-05 19:41

developer   ~0009540

I think this is a related crash, it also has a corrupt path list (rev 36159):

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000043184e in GCP_notify_broken_link (peer=0x1a159a0, peer1=0x7ffed135dc48,
    peer2=0x7ffed135dc68) at gnunet-service-cadet_peer.c:2556
2556 gnunet-service-cadet_peer.c: No such file or directory.
(gdb) bt
#0 0x000000000043184e in GCP_notify_broken_link (peer=0x1a159a0, peer1=0x7ffed135dc48,
    peer2=0x7ffed135dc68) at gnunet-service-cadet_peer.c:2556
#1 0x00000000004181b0 in GCC_handle_broken (cls=0x0, id=0x7ffed135dc04, message=0x7ffed135dc24)
    at gnunet-service-cadet_connection.c:2203
#2 0x00007ff760e45a0c in main_notify_handler (cls=0x1a021d0, msg=0x7ffed135dc00) at core_api.c:967
#3 0x00007ff76126f13b in receive_task (cls=0x1a015e0, tc=0x7ffed135dd60) at client.c:623
#4 0x00007ff7612b1263 in run_ready (rs=0x1a007e0, ws=0x1a00870) at scheduler.c:587
#5 0x00007ff7612b1b6e in GNUNET_SCHEDULER_run (task=0x7ff7612be649 <service_task>,
    task_cls=0x7ffed135e0f0) at scheduler.c:867
#6 0x00007ff7612c0382 in GNUNET_SERVICE_run (argc=7, argv=0x7ffed135e388,
    service_name=0x43b1aa "cadet", options=GNUNET_SERVICE_OPTION_NONE, task=0x433e57 <run>, task_cls=0x0)
    at service.c:1503
#7 0x00000000004341c6 in main (argc=7, argv=0x7ffed135e388) at gnunet-service-cadet.c:174
(gdb) p iter
$1 = (struct CadetPeerPath *) 0x1a1d6b0
(gdb) p *iter
$2 = {next = 0x1a209b0, prev = 0xdf0adba0df0adba, peers = 0xdf0adba0df0adba, length = 233876922,
  c = 0xdf0adba0df0adba, path_delete = 0xdf0adba0df0adba}
(gdb) p *peer
$3 = {id = 5, last_contact = {abs_value_us = 1438783568016119}, path_head = 0x1a1d6b0,
  path_tail = 0x1a046e0, search_h = 0x1a15f90, search_delayed = 0x0, tunnel = 0x1a1b820,
  connections = 0x1a30710, core_transmit = 0x0, tmt_time = {abs_value_us = 0}, queue_head = 0x0,
  queue_tail = 0x0, queue_n = 0, hello = 0x1a23a40}

amatus

2015-08-14 22:32

developer   ~0009566

Here are some INFO log messages showing the lifetime of the CadetPeerPaths involved:

Aug 14 15:18:11-487200 cadet-pth-5866 INFO New path 0xad9aeeb0 (7)
...
Aug 14 16:03:58-482084 cadet-pth-5866 INFO New path 0xae375940 (2)
...
Aug 14 16:03:59-505127 cadet-pth-5866 INFO Invalidating path 0xae375940 (2)
...
Aug 14 16:04:01-344340 cadet-pth-5866 INFO Invalidating path 0xad9aeeb0 (6)
...
Aug 14 16:04:59-566296 cadet-pth-5866 INFO Destroy delayed 0xae375940 (2)
Aug 14 16:04:59-566389 cadet-pth-5866 INFO destroying path 0xae375940 (2)
...
Aug 14 16:05:01-419838 cadet-pth-5866 INFO Destroy delayed 0xad9aeeb0 (6)
Aug 14 16:05:01-419939 cadet-p2p-5866 INFO Removing path 0xad9aeeb0 (6) from 3YJ5
=================================================================
==5866==ERROR: AddressSanitizer: heap-use-after-free on address 0xae375940 at pc 0x808be64 bp 0xbfd5f808 sp 0xbfd5f7fc
READ of size 4 at 0xae375940 thread T0
    #0 0x808be63 in GCP_remove_path /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:2241
    #1 0x808f065 in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:58
    #2 0xb7204a56 in run_ready /root/gnunet/src/util/scheduler.c:587
    #3 0xb7205774 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #4 0xb72227d3 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #5 0x8091049 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #6 0xb6f46722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)
    #7 0x804acf0 (/opt/gnunet/lib/gnunet/libexec/gnunet-service-cadet+0x804acf0)

0xae375940 is located 0 bytes inside of 24-byte region [0xae375940,0xae375958)
freed by thread T0 here:
    #0 0xb72d54c4 in free (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e4c4)
    #1 0xb7184b89 in GNUNET_xfree_ /root/gnunet/src/util/common_allocation.c:256
    #2 0x809029b in path_destroy /root/gnunet/src/cadet/cadet_path.c:301
    #3 0x808f077 in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:61
    #4 0xb7204a56 in run_ready /root/gnunet/src/util/scheduler.c:587
    #5 0xb7205774 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #6 0xb72227d3 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #7 0x8091049 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #8 0xb6f46722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

previously allocated by thread T0 here:
    #0 0xb72d56e4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e6e4)
    #1 0xb7184864 in GNUNET_xmalloc_unchecked_ /root/gnunet/src/util/common_allocation.c:154
    #2 0xb71842c2 in GNUNET_xmalloc_ /root/gnunet/src/util/common_allocation.c:75
    #3 0x808f09c in path_new /root/gnunet/src/cadet/cadet_path.c:77
    #4 0x80825fe in core_connect /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:431
    #5 0xb712a53d in main_notify_handler /root/gnunet/src/core/core_api.c:882
    #6 0xb717ba06 in receive_task /root/gnunet/src/util/client.c:623
    #7 0xb7204a56 in run_ready /root/gnunet/src/util/scheduler.c:587
    #8 0xb7205774 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #9 0xb72227d3 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #10 0x8091049 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #11 0xb6f46722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

amatus

2015-08-25 20:36

developer   ~0009584

Here's another instance:

Aug 22 07:23:34-378233 cadet-p2p-16958 INFO CONNECTED GN10 <= 64TF
Aug 22 07:23:34-378292 cadet-pth-16958 INFO New path 0xaf050e90 (2)
Aug 22 07:23:34-378440 cadet-pth-16958 INFO New path 0xad486110 (2)
Aug 22 07:23:34-378567 cadet-pth-16958 INFO Invalidating path 0xaf050e90 (2)
Aug 22 07:23:34-378601 cadet-pth-16958 INFO destroying path 0xad486110 (2)
...
Aug 22 07:23:34-581497 cadet-pth-16958 INFO New path 0xb181b820 (5)
Aug 22 07:23:34-581602 cadet-pth-16958 INFO New path 0xaf05da00 (5)
Aug 22 07:23:34-581690 cadet-pth-16958 INFO Invalidating path 0xb181b820 (5)
...
Aug 22 07:24:34-378781 cadet-pth-16958 INFO Destroy delayed 0xaf050e90 (2)
Aug 22 07:24:34-378862 cadet-pth-16958 INFO destroying path 0xaf050e90 (2)
Aug 22 07:24:34-582034 cadet-pth-16958 INFO Destroy delayed 0xb181b820 (5)
Aug 22 07:24:34-582109 cadet-p2p-16958 INFO Removing path 0xb181b820 (5) from 64TF


==16958==ERROR: AddressSanitizer: heap-use-after-free on address 0xaf050e90 at pc 0x808c061 bp 0xbfb7f698 sp 0xbfb7f68c
READ of size 4 at 0xaf050e90 thread T0
    #0 0x808c060 in GCP_remove_path /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:2241
    #1 0x808f262 in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:58
    #2 0xb717fa97 in run_ready /root/gnunet/src/util/scheduler.c:587
    #3 0xb71807b5 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #4 0xb719d814 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #5 0x8091246 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #6 0xb6ec1722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)
    #7 0x804acf0 (/opt/gnunet/lib/gnunet/libexec/gnunet-service-cadet+0x804acf0)

0xaf050e90 is located 0 bytes inside of 24-byte region [0xaf050e90,0xaf050ea8)
freed by thread T0 here:
    #0 0xb72504c4 in free (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e4c4)
    #1 0xb70ffb89 in GNUNET_xfree_ /root/gnunet/src/util/common_allocation.c:256
    #2 0x8090498 in path_destroy /root/gnunet/src/cadet/cadet_path.c:301
    #3 0x808f274 in path_destroy_delayed /root/gnunet/src/cadet/cadet_path.c:61
    #4 0xb717fa97 in run_ready /root/gnunet/src/util/scheduler.c:587
    #5 0xb71807b5 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #6 0xb719d814 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #7 0x8091246 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #8 0xb6ec1722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

previously allocated by thread T0 here:
    #0 0xb72506e4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e6e4)
    #1 0xb70ff864 in GNUNET_xmalloc_unchecked_ /root/gnunet/src/util/common_allocation.c:154
    #2 0xb70ff2c2 in GNUNET_xmalloc_ /root/gnunet/src/util/common_allocation.c:75
    #3 0x808f299 in path_new /root/gnunet/src/cadet/cadet_path.c:77
    #4 0x80827fb in core_connect /root/gnunet/src/cadet/gnunet-service-cadet_peer.c:431
    #5 0xb70a553d in main_notify_handler /root/gnunet/src/core/core_api.c:882
    #6 0xb70f6a06 in receive_task /root/gnunet/src/util/client.c:623
    #7 0xb717fa97 in run_ready /root/gnunet/src/util/scheduler.c:587
    #8 0xb71807b5 in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:868
    #9 0xb719d814 in GNUNET_SERVICE_run /root/gnunet/src/util/service.c:1503
    #10 0x8091246 in main /root/gnunet/src/cadet/gnunet-service-cadet.c:174
    #11 0xb6ec1722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)

Bart Polot

2015-10-02 05:40

manager   ~0009671

Fixed at r36429. Path was being destroyed with delay (wrongly) but not removed from peer (double trouble).

Issue History

Date Modified Username Field Change
2015-07-20 17:41 amatus New Issue
2015-07-20 17:41 amatus Status new => assigned
2015-07-20 17:41 amatus Assigned To => Bart Polot
2015-07-27 20:57 amatus Note Added: 0009491
2015-08-03 14:45 amatus Note Added: 0009524
2015-08-03 16:10 amatus Note Added: 0009525
2015-08-05 19:41 amatus Note Added: 0009540
2015-08-14 22:32 amatus Note Added: 0009566
2015-08-25 20:36 amatus Note Added: 0009584
2015-08-25 20:36 amatus Priority normal => urgent
2015-09-03 17:38 Bart Polot Status assigned => acknowledged
2015-09-03 17:38 Bart Polot Target Version => 0.11.0pre66
2015-10-02 05:40 Bart Polot Note Added: 0009671
2015-10-02 05:40 Bart Polot Status acknowledged => resolved
2015-10-02 05:40 Bart Polot Fixed in Version => SVN HEAD
2015-10-02 05:40 Bart Polot Resolution open => fixed
2015-10-02 05:40 Bart Polot Relationship added related to 0003930
2015-10-02 14:32 Christian Grothoff Fixed in Version SVN HEAD => 0.11.0pre66
2018-06-07 00:24 Christian Grothoff Status resolved => closed