View Issue Details

IDProjectCategoryView StatusLast Update
0004678GNUnetotherpublic2018-06-07 00:24
Reporterch3Assigned Toch3 
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0004678: segfault in service_new (?)
DescriptionNot exactly sure what the causing module is.

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f25770765f4 in GNUNET_MQ_destroy (mq=0x20699e0) at mq.c:1019
1019 mq->destroy_impl (mq, mq->impl_state);
(gdb) bt
#0 0x00007f25770765f4 in GNUNET_MQ_destroy (mq=0x20699e0) at mq.c:1019
#1 0x00007f257709e479 in GNUNET_SERVICE_client_drop (c=0x2069760) at service_new.c:2352
#2 0x00007f257709cc64 in service_mq_error_handler (cls=0x2069760, error=GNUNET_MQ_ERROR_MALFORMED) at service_new.c:1918
#3 0x00007f25770748b6 in GNUNET_MQ_inject_error (mq=0x20699e0, error=GNUNET_MQ_ERROR_MALFORMED) at mq.c:325
#4 0x00007f2577074650 in GNUNET_MQ_inject_message (mq=0x20699e0, mh=0x206d520) at mq.c:273
#5 0x00007f257709cfe5 in service_client_mst_cb (cls=0x2069760, message=0x206d520) at service_new.c:1971
#6 0x00007f2577073dba in GNUNET_MST_from_buffer (mst=0x20697e0, buf=0x0, size=0, purge=0, one_shot=-1) at mst.c:232
#7 0x00007f257707449a in GNUNET_MST_read (mst=0x20697e0, sock=0x20699c0, purge=0, one_shot=1) at mst.c:359
#8 0x00007f257709d034 in service_client_recv (cls=0x2069760) at service_new.c:1990
#9 0x00007f2577087078 in run_ready (rs=0x206c4b0, ws=0x206c540) at scheduler.c:620
#10 0x00007f25770879c3 in GNUNET_SCHEDULER_run (task=0x7f257709769a <service_main>, task_cls=0x7ffe7a415860) at scheduler.c:887
#11 0x00007f257709c09f in GNUNET_SERVICE_ruN_ (argc=3, argv=0x7ffe7a415c18, service_name=0x413ca7 "rps", options=GNUNET_SERVICE_OPTION_NONE, service_init_cb=0x4117eb <run>,
    connect_cb=0x41148b <client_connect_cb>, disconnect_cb=0x4116fd <client_disconnect_cb>, cls=0x0, handlers=0x7ffe7a4159f0) at service_new.c:1700
#12 0x00000000004121a2 in main (argc=3, argv=0x7ffe7a415c18) at gnunet-service-rps.c:2416
Steps To Reproducerun rps testcases (src/rps/test_rps_*)
cd src/rps/ && make check
Additional Information(gdb) bt f
#0 0x00007f25770765f4 in GNUNET_MQ_destroy (mq=0x20699e0) at mq.c:1019
        dnh = 0x0
        __FUNCTION__ = "GNUNET_MQ_destroy"
#1 0x00007f257709e479 in GNUNET_SERVICE_client_drop (c=0x2069760) at service_new.c:2352
        sh = 0x7ffe7a415860
        __FUNCTION__ = "GNUNET_SERVICE_client_drop"
#2 0x00007f257709cc64 in service_mq_error_handler (cls=0x2069760, error=GNUNET_MQ_ERROR_MALFORMED) at service_new.c:1918
        client = 0x2069760
        sh = 0x7ffe7a415860
        __FUNCTION__ = "service_mq_error_handler"
#3 0x00007f25770748b6 in GNUNET_MQ_inject_error (mq=0x20699e0, error=GNUNET_MQ_ERROR_MALFORMED) at mq.c:325
        __FUNCTION__ = "GNUNET_MQ_inject_error"
#4 0x00007f2577074650 in GNUNET_MQ_inject_message (mq=0x20699e0, mh=0x206d520) at mq.c:273
        handler = 0x2069ad0
        handled = 1
        ms = 76
        __FUNCTION__ = "GNUNET_MQ_inject_message"
#5 0x00007f257709cfe5 in service_client_mst_cb (cls=0x2069760, message=0x206d520) at service_new.c:1971
        client = 0x2069760
        __FUNCTION__ = "service_client_mst_cb"
#6 0x00007f2577073dba in GNUNET_MST_from_buffer (mst=0x20697e0, buf=0x0, size=0, purge=0, one_shot=-1) at mst.c:232
        hdr = 0x206d520
        delta = 12884901889
        want = 76
        ibuf = 0x206d520 "`i\006\002"
        need_align = 0
        offset = 34002212
        ret = 1
        __FUNCTION__ = "GNUNET_MST_from_buffer"
#7 0x00007f257707449a in GNUNET_MST_read (mst=0x20697e0, sock=0x20699c0, purge=0, one_shot=1) at mst.c:359
        ret = 72
        left = 72
        buf = 0x206d520 "`i\006\002"
        __FUNCTION__ = "GNUNET_MST_read"
#8 0x00007f257709d034 in service_client_recv (cls=0x2069760) at service_new.c:1990
        client = 0x2069760
        ret = 11
        __FUNCTION__ = "service_client_recv"
#9 0x00007f2577087078 in run_ready (rs=0x206c4b0, ws=0x206c540) at scheduler.c:620
        p = GNUNET_SCHEDULER_PRIORITY_DEFAULT
        pos = 0x2069ba0
        __FUNCTION__ = "run_ready"
#10 0x00007f25770879c3 in GNUNET_SCHEDULER_run (task=0x7f257709769a <service_main>, task_cls=0x7ffe7a415860) at scheduler.c:887
        rs = 0x206c4b0
        ws = 0x206c540
        timeout = {rel_value_us = 1720029}
        ret = 1
        shc_int = 0x206cf00
        shc_term = 0x206cfc0
        shc_quit = 0x206d140
        shc_hup = 0x206d200
        shc_pipe = 0x206d080
        last_tr = 44
        busy_wait_warning = 0
        pr = 0x206dcb0
        c = 91 '['
        __FUNCTION__ = "GNUNET_SCHEDULER_run"
#11 0x00007f257709c09f in GNUNET_SERVICE_ruN_ (argc=3, argv=0x7ffe7a415c18, service_name=0x413ca7 "rps", options=GNUNET_SERVICE_OPTION_NONE, service_init_cb=0x4117eb <run>,
---Type <return> to continue, or q <return> to quit---
    connect_cb=0x41148b <client_connect_cb>, disconnect_cb=0x4116fd <client_disconnect_cb>, cls=0x0, handlers=0x7ffe7a4159f0) at service_new.c:1700
        sh = {cfg = 0x2063720, service_name = 0x413ca7 "rps", service_init_cb = 0x4117eb <run>, connect_cb = 0x41148b <client_connect_cb>, disconnect_cb = 0x4116fd <client_disconnect_cb>, cb_cls = 0x0,
          slc_head = 0x206c350, slc_tail = 0x206c350, clients_head = 0x0, clients_tail = 0x0, handlers = 0x7ffe7a4159f0, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x20744f0,
          v6_allowed = 0x206ac40, match_uid = 0, match_gid = 1, got_shutdown = 0, options = GNUNET_SERVICE_OPTION_NONE, ready_confirm_fd = -1, ret = 0, require_found = 1}
        cfg_filename = 0x2063700 "~/.config/gnunet.conf"
        opt_cfg_filename = 0x2063850 "/tmp/testbedMdvxJ7/0/config"
        loglev = 0x0
        xdg = 0x0
        logfile = 0x0
        do_daemonize = 0
        skew_offset = 44349769
        skew_variance = 2838385273
        clock_offset = 3
        cfg = 0x2063720
        ret = 3
        err = 0
        service_options = {{shortName = 99 'c', name = 0x7f25770aea37 "config", argumentHelp = 0x7f25770aea3e "FILENAME", description = 0x7f25770aea48 "use configuration file FILENAME", require_argument = 1,
            processor = 0x7f25770709f3 <GNUNET_GETOPT_set_string>, scls = 0x7ffe7a415850}, {shortName = 100 'd', name = 0x7f25770aea68 "daemonize", argumentHelp = 0x0,
            description = 0x7f25770aea78 "do daemonize (detach from terminal)", require_argument = 0, processor = 0x7f25770709c6 <GNUNET_GETOPT_set_one>, scls = 0x7ffe7a41583c}, {shortName = 104 'h',
            name = 0x7f25770aea9c "help", argumentHelp = 0x0, description = 0x7f25770aeaa1 "print this help", require_argument = 0, processor = 0x7f257707044a <GNUNET_GETOPT_format_help_>, scls = 0x0}, {
            shortName = 76 'L', name = 0x7f25770aeab1 "log", argumentHelp = 0x7f25770aeab5 "LOGLEVEL", description = 0x7f25770aeac0 "configure logging to use LOGLEVEL", require_argument = 1,
            processor = 0x7f25770709f3 <GNUNET_GETOPT_set_string>, scls = 0x7ffe7a415848}, {shortName = 108 'l', name = 0x7f25770aeae2 "logfile", argumentHelp = 0x7f25770aeaea "LOGFILE",
            description = 0x7f25770aeaf8 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x7f25770709f3 <GNUNET_GETOPT_set_string>, scls = 0x7ffe7a415840}, {shortName = 118 'v',
            name = 0x7f25770aeb23 "version", argumentHelp = 0x0, description = 0x7f25770aeb2b "print the version number", require_argument = 0, processor = 0x7f2577070404 <GNUNET_GETOPT_print_version_>,
            scls = 0x7f25770aeb44}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0x0, scls = 0x0}}
        __FUNCTION__ = "GNUNET_SERVICE_ruN_"
#12 0x00000000004121a2 in main (argc=3, argv=0x7ffe7a415c18) at gnunet-service-rps.c:2416
        mh = {{mv = 0x0, cb = 0x40cb1d <handle_client_request>, cls = 0x0, type = 954, expected_size = 12}, {mv = 0x0, cb = 0x40cf24 <handle_client_request_cancel>, cls = 0x0, type = 956, expected_size = 8}, {
            mv = 0x0, cb = 0x40d208 <handle_client_seed>, cls = 0x0, type = 957, expected_size = 4}, {mv = 0x0, cb = 0x40e8ba <handle_client_act_malicious>, cls = 0x0, type = 958, expected_size = 4}, {mv = 0x0,
            cb = 0x0, cls = 0x0, type = 0, expected_size = 0}}
TagsNo tags attached.

Activities

Christian Grothoff

2016-09-25 20:47

manager   ~0011148

Valgrind says:
==4864== Invalid read of size 8
==4864== at 0x507ED91: GNUNET_MQ_destroy (mq.c:1017)
==4864== by 0x50A4006: GNUNET_SERVICE_client_drop (service_new.c:2352)
==4864== by 0x50A414B: GNUNET_SERVICE_shutdown (service_new.c:2382)
==4864== by 0x509D607: service_shutdown (service_new.c:354)
==4864== by 0x508E893: run_ready (scheduler.c:620)
==4864== by 0x508F162: GNUNET_SCHEDULER_run (scheduler.c:887)
==4864== by 0x50A1E00: GNUNET_SERVICE_ruN_ (service_new.c:1700)
==4864== by 0x40F706: main (gnunet-service-rps.c:2412)
==4864== Address 0x73c1770 is 16 bytes inside a block of size 136 free'd
==4864== at 0x4C29E90: free (vg_replace_malloc.c:473)
==4864== by 0x504FA78: GNUNET_xfree_ (common_allocation.c:321)
==4864== by 0x507F300: GNUNET_MQ_destroy (mq.c:1061)
==4864== by 0x40AC1E: destroy_cli_ctx (gnunet-service-rps.c:942)
==4864== by 0x40EE95: client_disconnect_cb (gnunet-service-rps.c:2239)
==4864== by 0x50A3F6B: GNUNET_SERVICE_client_drop (service_new.c:2333)
==4864== by 0x50A414B: GNUNET_SERVICE_shutdown (service_new.c:2382)
==4864== by 0x509D607: service_shutdown (service_new.c:354)
==4864== by 0x508E893: run_ready (scheduler.c:620)
==4864== by 0x508F162: GNUNET_SCHEDULER_run (scheduler.c:887)
==4864== by 0x50A1E00: GNUNET_SERVICE_ruN_ (service_new.c:1700)
==4864== by 0x40F706: main (gnunet-service-rps.c:2412)
==4864==
=

Christian Grothoff

2016-09-25 20:48

manager   ~0011149

So the bug is actually in RPS: you must not call GNUNET_MQ_destroy() for the MQs of the service. So just remove line 942 and it might be OK ;-).

Hint: change rps.conf.in to include:

[rps]
PREFIX = valgrind

and you can easily get the above yourself ;-).

Issue History

Date Modified Username Field Change
2016-09-25 17:27 ch3 New Issue
2016-09-25 20:47 Christian Grothoff Note Added: 0011148
2016-09-25 20:48 Christian Grothoff Note Added: 0011149
2016-09-25 20:49 Christian Grothoff Assigned To => ch3
2016-09-25 20:49 Christian Grothoff Status new => assigned
2016-09-25 20:49 Christian Grothoff Target Version => 0.11.0pre66
2016-09-25 22:39 ch3 Status assigned => resolved
2016-09-25 22:39 ch3 Resolution open => fixed
2016-09-25 22:39 ch3 Fixed in Version => SVN HEAD
2016-09-30 14:40 Christian Grothoff Fixed in Version SVN HEAD => 0.11.0pre66
2018-06-07 00:24 Christian Grothoff Status resolved => closed