I'm looking over the tinc-1.1 branch again. I'm getting some errors that I haven't been able to track down yet. tinc sometimes crashes either on its own (I think after a timeout has fired?) or when I hit ctrl-C. I've seen a few different behaviors in particular, as reported by valgrind. Dumps below. I suspected the bufferevent changes, but I haven't gotten any revision before 1550 to crash. Looks like revisions 1546 and up started adding new crypto code, but 1550 was the first to actually use it. 1550 definitely crashes. How well-tested is this stuff? Have you seen crashes like this? I'll keep looking for the problem. I'm working on {tincctl,control}.c changes in another working copy, but I don't want to muddy the waters by committing anything significant when there's still a crash going on. crash 1: ==28913== Invalid read of size 8 ==28913== at 0x412150: list_unlink_node (list.c:97) ==28913== by 0x412278: list_delete_node (list.c:111) ==28913== by 0x407143: flush_queue (net_packet.c:451) ==28913== by 0x40E2AE: ans_key_h (protocol_key.c:239) ==28913== by 0x40BC58: receive_request (protocol.c:157) ==28913== by 0x405B87: receive_meta (meta.c:138) ==28913== by 0x406867: handle_meta_connection_data (net.c:225) ==28913== by 0x4C0FAC0: event_base_loop (event.c:318) ==28913== by 0x40601F: main_loop (net.c:374) ==28913== by 0x411853: main (tincd.c:329) ==28913== Address 0x9E8DE1BDD5EA3BE6 is not stack'd, malloc'd or (recently) free'd (The "Invalid read of size 8" is the "prev" pointer; this is on Linux/x86_64.) crash 2: ==931== Jump to the invalid address stated on the next line ==931== at 0x771BBEEEFD5804F2: ??? ==931== Address 0x771BBEEEFD5804F2 is not stack'd, malloc'd or (recently) free'd crash 3: ==4264== Invalid read of size 4 ==4264== at 0x4C1BBAD: evsignal_process (signal.c:172) ==4264== by 0x4C1B7C9: epoll_dispatch (epoll.c:201) ==4264== by 0x4C0F97E: event_base_loop (event.c:427) ==4264== by 0x40601F: main_loop (net.c:374) ==4264== by 0x411853: main (tincd.c:329) ==4264== Address 0x104CA62EC is not stack'd, malloc'd or (recently) free'd Best regards, Scott -- Scott Lamb <http://www.slamb.org/>
On Fri, Jul 20, 2007 at 10:45:59AM -0700, Scott Lamb wrote:> I'm looking over the tinc-1.1 branch again. I'm getting some errors that > I haven't been able to track down yet. tinc sometimes crashes either on > its own (I think after a timeout has fired?) or when I > hit ctrl-C. I've seen a few different behaviors in particular, as > reported by valgrind. Dumps below. > > I suspected the bufferevent changes, but I haven't gotten any revision > before 1550 to crash. Looks like revisions 1546 and up started adding > new crypto code, but 1550 was the first to actually use it. 1550 > definitely crashes. > > How well-tested is this stuff? Have you seen crashes like this?I must admit that it worked ok until the last commits. At the moment I have no time to look at it in detail. If you want, you can join #tinc on irc.oftc.net, there are other people trying to work with the 1.1 branch (mjt is one). If you can't find the problem but if you want to keep on developing in the 1.1 branch, feel free to back out the latest changes. Thank you for working on tinc again! I hope I have some more time myself in two or three weeks. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20070720/75791da7/attachment.pgp