Project

General

Profile

Actions

Bug #3219

closed

osmux_test2 fails on ubuntu 17.04 and 18.04

Added by laforge almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Target version:
-
Start date:
04/28/2018
Due date:
% Done:

100%

Spec Reference:

Description

This can be seen in our OBS nightly builds, where libosmo-netif is marked as broken:
https://build.opensuse.org/project/monitor/network:osmocom:nightly

building by hand in a lxc container with ubuntu 18.04 and running a gdb backtrace on it:

(gdb) run
Starting program: /tmp/libosmo-netif/tests/osmux/.libs/osmux_test2 
===test_output_consecutive===
sys={0.000000}, mono={0.000000}: clock_override_set
sys={0.000000}, mono={0.000000}: dequeue: seq=50 ts=500 M enqueued=5

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff79aec7f in rb_set_parent (rb=0x7ffff7ffa268, p=0xfffffffc)
    at ../include/osmocom/core/linuxrbtree.h:124
124             rb->rb_parent_color = (rb->rb_parent_color & 3) | (unsigned long)p;
(gdb) bt
#0  0x00007ffff79aec7f in rb_set_parent (rb=0x7ffff7ffa268, p=0xfffffffc)
    at ../include/osmocom/core/linuxrbtree.h:124
#1  rb_erase (node=node@entry=0x7fffffffe0d0, root=root@entry=0x7ffff7bbd890 <timer_root>)
    at rbtree.c:270
#2  0x00007ffff79a36d6 in osmo_timer_del (timer=0x7fffffffe0d0) at timer.c:124
#3  0x00007ffff79a3709 in osmo_timer_add (timer=timer@entry=0x7fffffffe0d0) at timer.c:86
#4  0x00007ffff79a37f8 in osmo_timer_schedule (timer=timer@entry=0x7fffffffe0d0, seconds=0, 
    microseconds=20000) at timer.c:111
#5  0x00007ffff778f642 in osmux_xfrm_output_trigger (data=data@entry=0x7fffffffe0c0) at osmux.c:245
#6  0x00007ffff778feea in osmux_xfrm_output_sched (h=0x7fffffffe0c0, osmuxh=0x555555759e18)
    at osmux.c:310
#7  0x00005555555554ea in test_output_consecutive () at osmux/osmux_test2.c:173
#8  main (argc=<optimized out>, argv=<optimized out>) at osmux/osmux_test2.c:370

while valgrind shows:

root@ubuntu1804:/tmp/libosmo-netif/tests/osmux/.libs# valgrind ./osmux_test2                                                                                   
==517== Memcheck, a memory error detector                                                                                                                      
==517== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.                                                                                        
==517== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info                                                                                     
==517== Command: ./osmux_test2                                                                                                                                 
==517==                                                                                                                                     
===test_output_consecutive===                                                                                                                                  
sys={0.000000}, mono={0.000000}: clock_override_set                                                                                                            
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x54E4A41: vfprintf (vfprintf.c:1643)                                                                                                            
==517==    by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)                                                                                                  
==517==    by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)                                                                                                    
==517==    by 0x10A2BD: snprintf (stdio2.h:64)                                                                                                                 
==517==    by 0x10A2BD: tx_cb (osmux_test2.c:140)                                                                                                              
==517==    by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Use of uninitialised value of size 8                                                                                                                   
==517==    at 0x4C32CF2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)                                                                       
==517==    by 0x54E64D2: vfprintf (vfprintf.c:1643)                                                                                                            
==517==    by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)                                                                                                  
==517==    by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)                                                                                                    
==517==    by 0x10A2BD: snprintf (stdio2.h:64)                                                                                                                 
==517==    by 0x10A2BD: tx_cb (osmux_test2.c:140)                                                                                                              
==517==    by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Use of uninitialised value of size 8                                                                                                                   
==517==    at 0x4C32D04: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)                                                                       
==517==    by 0x54E64D2: vfprintf (vfprintf.c:1643)                                                                                                            
==517==    by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)                                                                                                  
==517==    by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)                                                                                                    
==517==    by 0x10A2BD: snprintf (stdio2.h:64)                                                                                                                 
==517==    by 0x10A2BD: tx_cb (osmux_test2.c:140)                                                                                                              
==517==    by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Use of uninitialised value of size 8                                                                                                                   
==517==    at 0x5517532: _IO_default_xsputn (genops.c:412)                                                                                                     
==517==    by 0x54E5FEA: vfprintf (vfprintf.c:1643)                                                                                                            
==517==    by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)                                                                                                  
==517==    by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)                                                                                                    
==517==    by 0x10A2BD: snprintf (stdio2.h:64)                                                                                                                 
==517==    by 0x10A2BD: tx_cb (osmux_test2.c:140)                                                                                                              
==517==    by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==              
    sys={0.000000}, mono={0.000000}: dequeue: seq=50 ts=500 M enqueued=5                                                                                           
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x505A6B6: osmo_timer_del (timer.c:122)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x5065C65: rb_erase (rbtree.c:224)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x5065CDD: rb_erase (rbtree.c:269)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x5065C85: rb_erase (rbtree.c:271)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Use of uninitialised value of size 8                                                                                                                   
==517==    at 0x5065C87: rb_erase (rbtree.c:273)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Conditional jump or move depends on uninitialised value(s)                                                                                             
==517==    at 0x5065C8B: rb_erase (rbtree.c:273)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)                                                                                                               
==517==                                                                                                                                     
==517== Use of uninitialised value of size 8                                                                                                                   
==517==    at 0x5065C95: rb_erase (rbtree.c:276)                                                                                                               
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)                                                                                                          
==517==    by 0x505A708: osmo_timer_add (timer.c:86)                                                                                                           
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)                                                                                                     
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)                                                                                               
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)                                                                                                 
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)                                                                                            
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517== 
       ==517== Conditional jump or move depends on uninitialised value(s)
==517==    at 0x5065C9C: rb_erase (rbtree.c:282)
==517==    by 0x505A6D5: osmo_timer_del (timer.c:124)
==517==    by 0x505A708: osmo_timer_add (timer.c:86)
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517== 
==517== Conditional jump or move depends on uninitialised value(s)
==517==    at 0x505A6E1: osmo_timer_del (timer.c:126)
==517==    by 0x505A708: osmo_timer_add (timer.c:86)
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517== 
==517== Use of uninitialised value of size 8
==517==    at 0x505A6E7: __llist_del (linuxlist.h:114)
==517==    by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517==    by 0x505A6E7: osmo_timer_del (timer.c:127)
==517==    by 0x505A708: osmo_timer_add (timer.c:86)
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517== 
==517== Invalid write of size 8
==517==    at 0x505A6E7: __llist_del (linuxlist.h:114)
==517==    by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517==    by 0x505A6E7: osmo_timer_del (timer.c:127)
==517==    by 0x505A708: osmo_timer_add (timer.c:86)
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==517== 
==517== 
==517== Process terminating with default action of signal 11 (SIGSEGV)
==517==  Access not within mapped region at address 0x8
==517==    at 0x505A6E7: __llist_del (linuxlist.h:114)
==517==    by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517==    by 0x505A6E7: osmo_timer_del (timer.c:127)
==517==    by 0x505A708: osmo_timer_add (timer.c:86)
==517==    by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517==    by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517==    by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517==    by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517==    by 0x1094E9: main (osmux_test2.c:370)
==517==  If you believe this happened as a result of a stack
==517==  overflow in your program's main thread (unlikely but
==517==  possible), you can try to increase the size of the
==517==  main thread stack using the --main-stacksize= flag.
==517==  The main thread stack size used in this run was 8388608.
==517== 
==517== HEAP SUMMARY:
==517==     in use at exit: 4,659 bytes in 13 blocks
==517==   total heap usage: 15 allocs, 2 frees, 5,944 bytes allocated
==517== 
==517== LEAK SUMMARY:
==517==    definitely lost: 0 bytes in 0 blocks
==517==    indirectly lost: 0 bytes in 0 blocks
==517==      possibly lost: 4,659 bytes in 13 blocks
==517==    still reachable: 0 bytes in 0 blocks
==517==         suppressed: 0 bytes in 0 blocks
==517== Rerun with --leak-check=full to see details of leaked memory
              ==517== 
==517== For counts of detected and suppressed errors, rerun with: -v
==517== Use --track-origins=yes to see where uninitialised values come from
==517== ERROR SUMMARY: 17 errors from 15 contexts (suppressed: 0 from 0)
Segmentation fault
Actions #1

Updated by laforge almost 6 years ago

Actions #2

Updated by laforge almost 6 years ago

  • Assignee changed from pespin to laforge
  • % Done changed from 0 to 50

the following diff makes it pass:

diff --git a/tests/osmux/osmux_test2.c b/tests/osmux/osmux_test2.c
index ecd9296..b3e0aa4 100644
--- a/tests/osmux/osmux_test2.c
+++ b/tests/osmux/osmux_test2.c
@@ -159,6 +159,8 @@ static void test_output_consecutive(void)
 {
        struct osmux_out_handle h_output;

+       memset(&h_output, 0, sizeof(h_output));
+
        printf("===test_output_consecutive===\n");

        clock_override_enable(true);

so somehow osmux_xfrm_output_init() is not clearing the h_output ?

In Change-Id: I2efed6d726a1b8e77e686c7a5fe1940d3f4901a7 we're adding a new member to 'struct osmux_out_handle' which is not initialized....

Actions #3

Updated by laforge almost 6 years ago

  • % Done changed from 50 to 80
Actions #4

Updated by laforge almost 6 years ago

  • Status changed from New to In Progress
  • Assignee changed from laforge to pespin

the build on 18.04 is now fixed, but 17.04 is still failing and debian9 is now also failing:
https://build.opensuse.org/package/live_build_log/network:osmocom:nightly/libosmo-netif/Debian_9.0/x86_64

handing back to pespin.

Actions #5

Updated by laforge almost 6 years ago

  • Status changed from In Progress to Resolved
  • Assignee changed from pespin to laforge
  • % Done changed from 80 to 100

I accidentially triggered the last build before merging the patch. After merging it, all distros/architectures are building fine.

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)