Topic: Race condition in UBT code? (Read 2234 times)

phoenix · « **on:** June 25, 2005, 01:52:49 AM »

:O This forum has been soooo boooring ;)

I have enabled some debug code in wx. I am having this problem since long. amuleIPV4Address destruction is failing, and it is a local variable, this should not happen, it has certainly not been deleted. And the error was inside free(). Please, tell me what you think, I am out of ideas here.

Code: [Select]

GSocket_Output_Timeout, didn't try select!
GSocket_Write #3, size 32
GSocket_Write #4, size 32
GSocket_Write #5, size 32 ret 32
GSocket_SetNonBlocking: 0
GSocket_SetNonBlocking: 1
GSocket_SetNonBlocking: 1
GSocket_Write #1, size 2
GSocket_Write #2, size 2
m_non_blocking has: 1
GSocket_Output_Timeout, didn't try select!
GSocket_Write #3, size 2
GSocket_Write #4, size 2
GSocket_Write error IOERR
GSocket_SetNonBlocking: 0
Error in CClientUDPSocket: 2
GSocket_SetNonBlocking: 0

[1]+  Aborted                 (core dumped) LANG=en_US.UTF-8 LD_LIBRARY_PATH=/usr/local/wxWidgets-cvsu/lib/ verb-cvsu/src

...

Core was generated by `verb-cvsu/src/amule'.
Program terminated with signal 6, Aborted.

...

#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) thread apply all bt

Thread 2 (process 4577):
#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x0040613e in __lll_mutex_lock_wait () from /lib/tls/libpthread.so.0
#2  0x00402d9b in _L_mutex_lock_32 () from /lib/tls/libpthread.so.0
#3  0x000000d8 in ?? ()
#4  0xb7985b9e in wxMutexInternal::Lock (this=0x924b850) at ./src/unix/threadpsx.cpp:245
#5  0xb7988fe7 in wxMutex::Lock (this=0x96f77a4) at thrimpl.cpp:44
#6  0x080cd366 in CClientUDPSocket::SendPacket (this=0x96f7660, packet=0xe07c038, dwIP=1959996755, nPort=4672)
    at ClientUDPSocket.cpp:351
#7  0x080cc899 in CClientUDPSocket::ProcessPacket (this=0x96f7660,
    packet=0xbfffdb42 "ñÅÈd=\211d\211)íÇ\206\035\017ÐÜs", size=18, opcode=144 '\220', host=1959996755, port=4672)
    at ClientUDPSocket.cpp:199
#8  0x080cbfc6 in CClientUDPSocket::OnReceive (this=0x96f7660) at ClientUDPSocket.cpp:95
#9  0x08081297 in CamuleApp::ClientUDPSocketHandler (this=0x86766c0, event=@0xddca648) at amule.cpp:2035
#10 0xb78eae3c in wxAppConsole::HandleEvent (this=0x86766c0, handler=0x86766c0, func=
      {__pfn = 0x8081144 , __delta = 0}, event=@0xddca648)
    at ./src/common/appbase.cpp:320
#11 0xb798b50d in wxEvtHandler::ProcessEventIfMatches (entry=@0x8455530, handler=0x86766c0, event=@0xddca648)
    at ./src/common/event.cpp:1185
#12 0xb798a4a8 in wxEventHashTable::HandleEvent (this=0x84554e0, event=@0xddca648, self=0x86766c0)
    at ./src/common/event.cpp:867
#13 0xb798b723 in wxEvtHandler::ProcessEvent (this=0x86766c0, event=@0xddca648) at ./src/common/event.cpp:1247
#14 0xb798b3c8 in wxEvtHandler::ProcessPendingEvents (this=0x86766c0) at ./src/common/event.cpp:1144
#15 0xb78eadae in wxAppConsole::ProcessPendingEvents (this=0x86766c0) at ./src/common/appbase.cpp:292
#16 0xb7c26395 in wxAppBase::OnIdle (this=0x86766c0) at ./src/common/appcmn.cpp:458
#17 0xb78eae3c in wxAppConsole::HandleEvent (this=0x86766c0, handler=0x86766c0, func=
      {__pfn = 0xb7c2636e , __delta = 0}, event=@0xbffff1a0)
    at ./src/common/appbase.cpp:320
#18 0xb798b50d in wxEvtHandler::ProcessEventIfMatches (entry=@0xb7dc65c0, handler=0x86766c0, event=@0xbffff1a0)
    at ./src/common/event.cpp:1185
#19 0xb798a4a8 in wxEventHashTable::HandleEvent (this=0x84554e0, event=@0xbffff1a0, self=0x86766c0)
    at ./src/common/event.cpp:867
#20 0xb798b723 in wxEvtHandler::ProcessEvent (this=0x86766c0, event=@0xbffff1a0) at ./src/common/event.cpp:1247
#21 0xb7c2620f in wxAppBase::ProcessIdle (this=0x86766c0) at ./src/common/appcmn.cpp:412
#22 0xb7b762b8 in wxapp_idle_callback () at ./src/gtk/app.cpp:279
#23 0x0064cb5a in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
#24 0x006497bb in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#25 0x0064b242 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
#26 0x0064b4ef in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#27 0x00987f97 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#28 0xb7b95fd7 in wxEventLoop::Run (this=0x97ad6c0) at ./src/gtk/evtloop.cpp:80
#29 0xb7c25e11 in wxAppBase::MainLoop (this=0x86766c0) at ./src/common/appcmn.cpp:272
#30 0xb7c25f7d in wxAppBase::OnRun (this=0x86766c0) at ./src/common/appcmn.cpp:340
#31 0xb7928576 in wxEntry (argc=@0xbffff4d0, argv=0x8649568) at ./src/common/init.cpp:439
#32 0xb79286b9 in wxEntry (argc=@0xbffff4d0, argv=0xbffff554) at ./src/common/init.cpp:451
#33 0x0808411f in main (argc=1, argv=0xbffff554) at amule-gui.cpp:297

Thread 1 (process 4580):
#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x001e17d5 in raise () from /lib/tls/libc.so.6
#2  0x001e3149 in abort () from /lib/tls/libc.so.6
#3  0xb7990ece in wxFatalSignalHandler () at ./src/unix/utilsunx.cpp:1016
#4  
#5  0x0021bdf9 in free () from /lib/tls/libc.so.6
#6  0xb7a46977 in GAddress_destroy (address=0xb4e008f8) at ./src/unix/gsocket.cpp:1593
#7  0xb7a3a458 in ~wxSockAddress (this=0xb75661a0) at ./src/common/sckaddr.cpp:84
#8  0xb7a3a768 in ~wxIPaddress (this=0xb75661a0) at ./src/common/sckaddr.cpp:120
#9  0xb7a3a984 in ~wxIPV4address (this=0xb75661a0) at ./src/common/sckaddr.cpp:138
#10 0x08082100 in ~amuleIPV4Address (this=0xb75661a0) at ServerUDPSocket.cpp:63
#11 0x080cd2dd in CClientUDPSocket::SendTo (this=0x96f7660, lpBuf=0xb4e00678 "Å\223à´\227\003\001´¿ûßÿ\035", nBufLen=2,
    dwIP=1830526802, nPort=4672) at ClientUDPSocket.cpp:337
#12 0x080cd072 in CClientUDPSocket::SendControlData (this=0x96f7660, maxNumberOfBytesToSend=17)
    at ClientUDPSocket.cpp:288
#13 0x0825a7e4 in UploadBandwidthThrottler::Entry (this=0x91c7a18) at UploadBandwidthThrottler.cpp:453
#14 0xb7986a19 in wxThreadInternal::PthreadStart (thread=0x91c7a18) at ./src/unix/threadpsx.cpp:763
#15 0xb79868d2 in wxPthreadStart (ptr=0x91c7a18) at ./src/unix/threadpsx.cpp:715
#16 0x00401341 in start_thread () from /lib/tls/libpthread.so.0
#17 0x00280fee in clone () from /lib/tls/libc.so.6
(gdb)

ken · « **Reply #1 on:** June 26, 2005, 06:10:12 AM »

There's a memory corruption bug haunting amule-cvs. This looks like a symptom of that. Nobody's been able to find it, so far.

I haven't encountered it, either because I'm on a Mac or because I'm low-id and I don't use the buggy code.

phoenix · « **Reply #2 on:** June 27, 2005, 02:27:59 AM »

Quote

There's a memory corruption bug haunting amule-cvs.

Oh, really?

The interesting part here is that this is extremelly repeatable. Takes some time, but eventually it crashes exactly the same way. So, it does not look like a random memory corruption, lets say it looks like a deterministic memory corruption

Just another clue for us.

Cheers!

phoenix · « **Reply #3 on:** June 27, 2005, 02:57:38 AM »

Code: [Select]

m_non_blocking has: 1
GSocket_Output_Timeout, didn't try select!
GSocket_Write #3, size 2600
GSocket_Write #4, size 2600
GSocket_Write error WOULDBLOCK
GSocket_SetNonBlocking: 0
GSocket_SetNonBlocking: 1
GSocket_Write #1, size 2600
GSocket_Write #2, size 2600
m_non_blocking has: 1
GSocket_Output_Timeout, didn't try select!
GSocket_Write #3, size 2600
GSocket_Write #4, size 2600
GSocket_Write error WOULDBLOCK
GSocket_SetNonBlocking: 0
GSocket_SetNonBlocking: 1
GSocket_Write #1, size 2600
GSocket_Write #2, size 2600
m_non_blocking has: 1
GSocket_Output_Timeout, didn't try select!
GSocket_Write #3, size 2600
GSocket_Write #4, size 2600
GSocket_Write error WOULDBLOCK
GSocket_SetNonBlocking: 0

[1]+  Aborted                 (core dumped) LANG=en_US.UTF-8 LD_LIBRARY_PATH=/usr/local/wxWidgets-cvsu/lib/ verb-cvsu/src/amule
#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) thread apply all bt

Thread 2 (process 6799):
#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00406be6 in __nanosleep_nocancel () from /lib/tls/libpthread.so.0
#2  0xb798ec6c in wxMicroSleep (microseconds=1000) at ./src/unix/utilsunx.cpp:175
#3  0xb798ecaf in wxMilliSleep (milliseconds=1) at ./src/unix/utilsunx.cpp:196
#4  0xb7987208 in wxThread::Sleep (milliseconds=1) at ./src/unix/threadpsx.cpp:973
#5  0x0825a15c in UploadBandwidthThrottler::Entry (this=0x91cc568) at UploadBandwidthThrottler.cpp:367
#6  0xb7986a19 in wxThreadInternal::PthreadStart (thread=0x91cc568) at ./src/unix/threadpsx.cpp:763
#7  0xb79868d2 in wxPthreadStart (ptr=0x91cc568) at ./src/unix/threadpsx.cpp:715
#8  0x00401341 in start_thread () from /lib/tls/libpthread.so.0
#9  0x00280fee in clone () from /lib/tls/libc.so.6

Thread 1 (process 6796):
#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x001e17d5 in raise () from /lib/tls/libc.so.6
#2  0x001e3149 in abort () from /lib/tls/libc.so.6
#3  0xb7990ece in wxFatalSignalHandler () at ./src/unix/utilsunx.cpp:1016
#4  
#5  0x1cdb6718 in ?? ()
#6  0xb7b98565 in _GSocket_GDK_Input (data=0x1cda5640, source=577, condition=GDK_INPUT_WRITE)
    at ./src/gtk/gsockgtk.cpp:35
#7  0x00b67873 in gdk_get_show_events () from /usr/lib/libgdk-x11-2.0.so.0
#8  0x1cda5640 in ?? ()
#9  0x00000241 in ?? ()
#10 0x0066d9c7 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#11 0x006497bb in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0x0064b242 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
#13 0x0064b4ef in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x00987f97 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0xb7b95fd7 in wxEventLoop::Run (this=0x977ee10) at ./src/gtk/evtloop.cpp:80
#16 0xb7c25e11 in wxAppBase::MainLoop (this=0x86766c0) at ./src/common/appcmn.cpp:272
#17 0xb7c25f7d in wxAppBase::OnRun (this=0x86766c0) at ./src/common/appcmn.cpp:340
#18 0xb7928576 in wxEntry (argc=@0xbffff4d0, argv=0x8649568) at ./src/common/init.cpp:439
#19 0xb79286b9 in wxEntry (argc=@0xbffff4d0, argv=0xbffff554) at ./src/common/init.cpp:451
#20 0x080840df in main (argc=1, argv=0xbffff554) at amule-gui.cpp:297
(gdb) thread 1
[Switching to thread 1 (process 6796)]#0  0x001a07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) frame 6
#6  0xb7b98565 in _GSocket_GDK_Input (data=0x1cda5640, source=577, condition=GDK_INPUT_WRITE)
    at ./src/gtk/gsockgtk.cpp:35
35          socket->Detected_Write();
(gdb) p socket
$1 = (class GSocket *) 0x1cda5640
(gdb) p *socket
$2 = {_vptr.GSocket = 0x32, m_ok = 11, m_fd = 60, m_local = 0xc, m_peer = 0x1cd276d8, m_error = GSOCK_IOERR,
  m_non_blocking = false, m_server = false, m_stream = true, m_establishing = false, m_reusable = 49, m_timeout = 11,
  m_detected = 11, m_cbacks = {0x49, 0x13, 0x3a, 0xb}, m_data = {0x3b "", 0xb "", 0x0, 0x0}, m_gui_dependent = 0x30 ""}
(gdb) l
30        GSocket *socket = (GSocket *)data;
31
32        if (condition & GDK_INPUT_READ)
33          socket->Detected_Read();
34        if (condition & GDK_INPUT_WRITE)
35          socket->Detected_Write();
36      }
37      }
38
39      bool GSocketGUIFunctionsTableConcrete::CanUseEventLoop()
(gdb)

phoenix · « **Reply #4 on:** June 28, 2005, 02:58:08 AM »

Look, from the first two bt's

Code: [Select]

#8 0x080cbfc6 in CClientUDPSocket::OnReceive (this=0x96f7660) at ClientUDPSocket.cpp:95

Code: [Select]

#11 0x080cd2dd in CClientUDPSocket::SendTo (this=0x96f7660, lpBuf=0xb4e00678 "Å\223à´\227\003\001´¿ûßÿ\035", nBufLen=2,
    dwIP=1830526802, nPort=4672) at ClientUDPSocket.cpp:337

Both threads are messing with exactly the same socket. Not good.

Cheers!

aMule Forum

News:

Author Topic: Race condition in UBT code? (Read 2234 times)

phoenix

Race condition in UBT code?

ken

Re: Race condition in UBT code?

phoenix

Re: Race condition in UBT code?

phoenix

similar...

phoenix

Re: Race condition in UBT code?