iprohc_client: corrupted double-linked list

Bug #1270576 reported by A.
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rohc
High
Didier Barvaux
Iprohc-main
High
Didier Barvaux

Bug Description

[rohc_comp.c:1365 rohc_comp_set_wlsb_window_width()] width of W-LSB sliding window set to 4
[rohc_comp.c:1423 rohc_comp_set_periodic_refreshes()] IR timeout for context periodic refreshes set to 1700
[rohc_comp.c:1425 rohc_comp_set_periodic_refreshes()] FO timeout for context periodic refreshes set to 700
[rohc_comp.c:1479 rohc_comp_set_list_trans_nr()] uncompressed transmissions of list compression set to 5
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 1234 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 36780 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 33238 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 5020 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 5002 added to the UDP port list for RTP traffic
[rohc_comp.c:3922 c_create_contexts()] create enough room for 16 contexts (MAX_CID = 15)
*** glibc detected *** iprohc_client: corrupted double-linked list: 0x00000000011cdcb0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x760e6)[0x7fac5238e0e6]
/lib64/libc.so.6(+0x78e74)[0x7fac52390e74]
iprohc_client[0x409741]
iprohc_client[0x404279]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7fac52336cdd]
iprohc_client[0x4032f9]
======= Memory map: ========
00400000-00411000 r-xp 00000000 103:00 714572 /usr/local/sbin/iprohc_client
00611000-00612000 rw-p 00011000 103:00 714572 /usr/local/sbin/iprohc_client
011a8000-011e9000 rw-p 00000000 00:00 0 [heap]
7fac4c000000-7fac4c05a000 rw-p 00000000 00:00 0
7fac4c05a000-7fac50000000 ---p 00000000 00:00 0
7fac50c5e000-7fac50c74000 r-xp 00000000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7fac50c74000-7fac50e73000 ---p 00016000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7fac50e73000-7fac50e74000 rw-p 00015000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7fac50e74000-7fac50e75000 ---p 00000000 00:00 0
7fac50e75000-7fac51875000 rw-p 00000000 00:00 0
7fac51875000-7fac51877000 r-xp 00000000 103:00 538045 /lib64/libdl-2.12.so
7fac51877000-7fac51a77000 ---p 00002000 103:00 538045 /lib64/libdl-2.12.so
7fac51a77000-7fac51a78000 r--p 00002000 103:00 538045 /lib64/libdl-2.12.so
7fac51a78000-7fac51a79000 rw-p 00003000 103:00 538045 /lib64/libdl-2.12.so
7fac51a79000-7fac51a7c000 r-xp 00000000 103:00 538239 /lib64/libgpg-error.so.0.5.0
7fac51a7c000-7fac51c7b000 ---p 00003000 103:00 538239 /lib64/libgpg-error.so.0.5.0
7fac51c7b000-7fac51c7c000 r--p 00002000 103:00 538239 /lib64/libgpg-error.so.0.5.0
7fac51c7c000-7fac51c7d000 rw-p 00003000 103:00 538239 /lib64/libgpg-error.so.0.5.0
7fac51c7d000-7fac51cef000 r-xp 00000000 103:00 526050 /lib64/libgcrypt.so.11.5.3
7fac51cef000-7fac51eee000 ---p 00072000 103:00 526050 /lib64/libgcrypt.so.11.5.3
7fac51eee000-7fac51eef000 r--p 00071000 103:00 526050 /lib64/libgcrypt.so.11.5.3
7fac51eef000-7fac51ef2000 rw-p 00072000 103:00 526050 /lib64/libgcrypt.so.11.5.3
7fac51ef2000-7fac51f07000 r-xp 00000000 103:00 538227 /lib64/libz.so.1.2.3
7fac51f07000-7fac52106000 ---p 00015000 103:00 538227 /lib64/libz.so.1.2.3
7fac52106000-7fac52107000 r--p 00014000 103:00 538227 /lib64/libz.so.1.2.3
7fac52107000-7fac52108000 rw-p 00015000 103:00 538227 /lib64/libz.so.1.2.3
7fac52108000-7fac52118000 r-xp 00000000 103:00 812693 /usr/lib64/libtasn1.so.3.1.6
7fac52118000-7fac52317000 ---p 00010000 103:00 812693 /usr/lib64/libtasn1.so.3.1.6
7fac52317000-7fac52318000 rw-p 0000f000 103:00 812693 /usr/lib64/libtasn1.so.3.1.6
7fac52318000-7fac524a2000 r-xp 00000000 103:00 538274 /lib64/libc-2.12.so
7fac524a2000-7fac526a1000 ---p 0018a000 103:00 538274 /lib64/libc-2.12.so
7fac526a1000-7fac526a5000 r--p 00189000 103:00 538274 /lib64/libc-2.12.so
7fac526a5000-7fac526a6000 rw-p 0018d000 103:00 538274 /lib64/libc-2.12.so
7fac526a6000-7fac526ab000 rw-p 00000000 00:00 0
7fac526ab000-7fac526b2000 r-xp 00000000 103:00 700462 /usr/local/lib/librohc_common.so.0.2.0
7fac526b2000-7fac528b1000 ---p 00007000 103:00 700462 /usr/local/lib/librohc_common.so.0.2.0
7fac528b1000-7fac528b2000 rw-p 00006000 103:00 700462 /usr/local/lib/librohc_common.so.0.2.0
7fac528b2000-7fac528f9000 r-xp 00000000 103:00 700473 /usr/local/lib/librohc_comp.so.0.2.0
7fac528f9000-7fac52af9000 ---p 00047000 103:00 700473 /usr/local/lib/librohc_comp.so.0.2.0
7fac52af9000-7fac52afa000 rw-p 00047000 103:00 700473 /usr/local/lib/librohc_comp.so.0.2.0
7fac52afa000-7fac52b44000 r-xp 00000000 103:00 700506 /usr/local/lib/librohc_decomp.so.0.2.0
7fac52b44000-7fac52d44000 ---p 0004a000 103:00 700506 /usr/local/lib/librohc_decomp.so.0.2.0
7fac52d44000-7fac52d45000 rw-p 0004a000 103:00 700506 /usr/local/lib/librohc_decomp.so.0.2.0
7fac52d45000-7fac52d46000 r-xp 00000000 103:00 700512 /usr/local/lib/librohc.so.0.2.0
7fac52d46000-7fac52f45000 ---p 00001000 103:00 700512 /usr/local/lib/librohc.so.0.2.0
7fac52f45000-7fac52f46000 rw-p 00000000 103:00 700512 /usr/local/lib/librohc.so.0.2.0
7fac52f46000-7fac52fe2000 r-xp 00000000 103:00 807385 /usr/lib64/libgnutls.so.26.14.12
7fac52fe2000-7fac531e2000 ---p 0009c000 103:00 807385 /usr/lib64/libgnutls.so.26.14.12
7fac531e2000-7fac531e9000 rw-p 0009c000 103:00 807385 /usr/lib64/libgnutls.so.26.14.12
7fac531e9000-7fac53208000 r-xp 00000000 103:00 807396 /usr/lib64/libyaml-0.so.2.0.2
7fac53208000-7fac53407000 ---p 0001f000 103:00 807396 /usr/lib64/libyaml-0.so.2.0.2
7fac53407000-7fac53408000 rw-p 0001e000 103:00 807396 /usr/lib64/libyaml-0.so.2.0.2
7fac53408000-7fac5341f000 r-xp 00000000 103:00 538309 /lib64/libpthread-2.12.so
7fac5341f000-7fac5361f000 ---p 00017000 103:00 538309 /lib64/libpthread-2.12.so
7fac5361f000-7fac53620000 r--p 00017000 103:00 538309 /lib64/libpthread-2.12.so
7fac53620000-7fac53621000 rw-p 00018000 103:00 538309 /lib64/libpthread-2.12.so
7fac53621000-7fac53625000 rw-p 00000000 00:00 0
7fac53625000-7fac53645000 r-xp 00000000 103:00 525695 /lib64/ld-2.12.so
7fac53822000-7fac5382a000 rw-p 00000000 00:00 0
7fac53841000-7fac53844000 rw-p 00000000 00:00 0
7fac53844000-7fac53845000 r--p 0001f000 103:00 525695 /lib64/ld-2.12.so
7fac53845000-7fac53846000 rw-p 00020000 103:00 525695 /lib64/ld-2.12.so
7fac53846000-7fac53847000 rw-p 00000000 00:00 0
7ffff9a6e000-7ffff9a83000 rw-p 00000000 00:00 0 [stack]
7ffff9b92000-7ffff9b93000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

System is "Linux localhost.localdomain 2.6.32-279.19.1.el6.centos.plus.x86_64 #1 SMP Wed Dec 19 06:20:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux"

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Which IP/ROHC software version did you run? If possible, provide me the steps to reproduce the problem and/or the coredump of the crash (along with the iprohc_client binary and the ROHC libraries).

Changed in rohc:
assignee: nobody → Didier Barvaux (didier-barvaux)
milestone: none → iprohc-0.8.0
status: New → Incomplete
tags: added: iprohc
Revision history for this message
A. (zakaz-h) wrote :
Download full text (8.7 KiB)

Segfault after about 5-10 min inactivity.

(gdb) set args -b ppp0 -i ipip0 -P /root/user1-cert.p12 -r 193.0.0.0 -p 126
(gdb) r
Starting program: /usr/local/sbin/iprohc_client -b ppp0 -i ipip0 -P /root/user1-cert.p12 -r 193.0.0.0 -p 126
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff602c700 (LWP 10124)]
please define a callback for compressor traces
[rohc_comp.c:1365 rohc_comp_set_wlsb_window_width()] width of W-LSB sliding window set to 4
[rohc_comp.c:1423 rohc_comp_set_periodic_refreshes()] IR timeout for context periodic refreshes set to 1700
[rohc_comp.c:1425 rohc_comp_set_periodic_refreshes()] FO timeout for context periodic refreshes set to 700
[rohc_comp.c:1479 rohc_comp_set_list_trans_nr()] uncompressed transmissions of list compression set to 5
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 1234 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 36780 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 33238 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 5020 added to the UDP port list for RTP traffic
[rohc_comp.c:2292 rohc_comp_add_rtp_port()] port 5002 added to the UDP port list for RTP traffic
[rohc_comp.c:3922 c_create_contexts()] create enough room for 16 contexts (MAX_CID = 15)
[Thread 0x7ffff602c700 (LWP 10124) exited]
*** glibc detected *** /usr/local/sbin/iprohc_client: corrupted double-linked list: 0x0000000000637cb0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x760e6)[0x7ffff6b460e6]
/lib64/libc.so.6(+0x78e74)[0x7ffff6b48e74]
/usr/local/sbin/iprohc_client[0x409741]
/usr/local/sbin/iprohc_client[0x404279]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff6aeecdd]
/usr/local/sbin/iprohc_client[0x4032f9]
======= Memory map: ========
00400000-00411000 r-xp 00000000 103:00 714572 /usr/local/sbin/iprohc_client
00611000-00612000 rw-p 00011000 103:00 714572 /usr/local/sbin/iprohc_client
00612000-00653000 rw-p 00000000 00:00 0 [heap]
7ffff0000000-7ffff005a000 rw-p 00000000 00:00 0
7ffff005a000-7ffff4000000 ---p 00000000 00:00 0
7ffff5416000-7ffff542c000 r-xp 00000000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7ffff542c000-7ffff562b000 ---p 00016000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7ffff562b000-7ffff562c000 rw-p 00015000 103:00 557388 /lib64/libgcc_s-4.4.7-20120601.so.1
7ffff562c000-7ffff562d000 ---p 00000000 00:00 0
7ffff562d000-7ffff602d000 rw-p 00000000 00:00 0
7ffff602d000-7ffff602f000 r-xp 00000000 103:00 538045 /lib64/libdl-2.12.so
7ffff602f000-7ffff622f000 ---p 00002000 103:00 538045 /lib64/libdl-2.12.so
7ffff622f000-7ffff6230000 r--p 00002000 103:00 538045 /lib64/libdl-2.12.so
7ffff6230000-7ffff6231000 rw-p 00003000 103:00 538045 /lib64/libdl-2.12.so
7ffff6231000-7ffff6234000 r-xp 00000000 103:00 538239 /lib64/libgpg-error.so.0.5.0
7ffff6234000-7ffff6433000 ---p 00003000 103:00 538239 /lib64/libgpg-er...

Read more...

Revision history for this message
A. (zakaz-h) wrote :

(gdb) generate-core-file

Revision history for this message
A. (zakaz-h) wrote :

iprohc_client --version
IP/ROHC client, version 0.8.0~173

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Thank you. I also need all the *.so* files that are listed by the following command:
  $ ldd /usr/local/sbin/iprohc_client

Revision history for this message
A. (zakaz-h) wrote :
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Thanks. I will analyze the problem asap.

Changed in rohc:
status: Incomplete → In Progress
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

I checked the coredump. The problem seems to happen when the client disconnects because it does receives any answer to its keepalive (because network interruption for example). A thread is stopped twice. I'm working on a fix.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

OK, I found the problem. Please try again with the attached patch applied on the IP/ROHC sources.

Revision history for this message
A. (zakaz-h) wrote :
Download full text (3.9 KiB)

Thanks for the patch. I've applied it and think error is fixed.
But i've found a new problem.....
I'm tryind to download big file from server and it pauses after 2-3 min ( 27mb downloaded):

<code>
Connecting to 172.31.4.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 94880337 (90M) [application/octet-stream]
Saving to: “0179683.flv”

28% [===================> ] 27,204,763 --.-K/s eta 24m 40s

</code>

in server log i've found this :

<code>
Feb 1 15:04:45 free iprohc_server[10928]: 255 IP addresses available for 5 clients in IP range 172.31.4.1/24
Feb 1 15:04:45 free iprohc_server[10928]: Max clients : 5
Feb 1 15:04:45 free iprohc_server[10928]: Port : 126
Feb 1 15:04:45 free iprohc_server[10928]: P12 file : /etc/server-cert.p12
Feb 1 15:04:45 free iprohc_server[10928]: Pidfile : /var/run/iprohc_server.pid
Feb 1 15:04:45 free iprohc_server[10928]: Tunnel params :
Feb 1 15:04:45 free iprohc_server[10928]: . Local IP : 172.31.4.1/24
Feb 1 15:04:45 free iprohc_server[10928]: . Packing : 5
Feb 1 15:04:45 free iprohc_server[10928]: . Max cid : 15
Feb 1 15:04:45 free iprohc_server[10928]: . Unid : 0
Feb 1 15:04:45 free iprohc_server[10928]: . Keepalive : 60
Feb 1 15:04:45 free iprohc_server[10928]: [main] set system limit for the number of file descriptors to 70
Feb 1 15:04:45 free iprohc_server[10928]: [main] load server certificate from file '/etc/server-cert.p12'
Feb 1 15:04:45 free iprohc_server[10928]: [main] generate Diffie–Hellman parameters (it takes a few seconds)
Feb 1 15:04:48 free iprohc_server[10928]: [main] listen on TCP 0.0.0.0:126
Feb 1 15:04:48 free iprohc_server[10928]: [main] create TUN interface
Feb 1 15:04:48 free iprohc_server[10928]: MTU of underlying interface 'eth0' set to 1492 bytes
Feb 1 15:04:48 free iprohc_server[10928]: MTU of tunnel interface 'tun_ipip' set to 1450 bytes
Feb 1 15:04:48 free kernel: tun_ipip: Disabled Privacy Extensions
Feb 1 15:04:48 free iprohc_server[10928]: [main] start TUN routing thread
Feb 1 15:04:48 free iprohc_server[10928]: [main] create RAW socket
Feb 1 15:04:48 free iprohc_server[10928]: [main] start RAW routing thread
Feb 1 15:04:48 free iprohc_server[10928]: [main] server is now ready to accept requests from clients
Feb 1 15:04:48 free iprohc_server[10928]: [route] Initializing routing thread
Feb 1 15:04:48 free iprohc_server[10928]: [route] Initializing routing thread
Feb 1 15:05:25 free iprohc_server[10928]: [main] new connection from client
Feb 1 15:05:25 free iprohc_server[10928]: [main] will store client 1/5 at index 0
Feb 1 15:05:25 free iprohc_server[10928]: [55.18.41.23] new connection from 55.18.41.23:48166
Feb 1 15:05:25 free iprohc_server[10928]: start of thread
Feb 1 15:05:25 free iprohc_server[10928]: TLS handshake succeeded
Feb 1 15:05:25 free iprohc_server[10928]: remote certificate accepted
Feb 1 15:05:25 free iprohc_server[10928]: [client 55.18.41.23] connection request received from client
Feb 1 15:05:25 free iprohc_server[10928]: [client 55.18.41.23] connection asked, negotating parameters
Feb 1 15:05:25 free iprohc_server[10928]: [client 55.18.41.23] connection ask...

Read more...

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Thanks for the feedback on the first problem! I will push it to master soon.

> Feb 1 15:07:25 free iprohc_server[10928]: [client 55.18.41.23] disconnection asked by client
> Feb 1 15:07:25 free iprohc_server[10928]: session closed
> Feb 1 15:07:25 free iprohc_server[10928]: client thread was asked to stop
> Feb 1 15:07:25 free iprohc_server[10928]: close TLS session
> Feb 1 15:07:25 free iprohc_server[10928]: end of thread

The problem seems to be located on client side. Do you have the related client logs?

Didier

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix bug #1270576: iprohc_client: corrupted double-linked list
https://bugs.launchpad.net/rohc/+bug/1270576

When client exits because of a network timeout:
* avoid joining an already-joined thread,
* avoid freeing an already-freed thread stack.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

> The problem seems to be located on client side. Do you have the
> related client logs?

Any news on this topic?

Didier

Revision history for this message
A. (zakaz-h) wrote :

I think it solved the problem. Thank you !

Changed in rohc:
status: In Progress → Fix Committed
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers