You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running the 'lighttpd' test on Genode/Linux, the TCP/IP thread in the 'lighttpd' program often crashes after a while on my machine when running the Apache benchmark tool from another terminal:
ab -n 10000 -c 150 <IP address of lighttpd server>/index.html
GDB output for the TCP/IP thread:
Program received signal SIGSEGV, Segmentation fault.
0x000000007cfc80b6 in ?? ()
(gdb) bt
#0 0x000000007cfc80b6 in ?? ()
#1 0x00000000011a9f79 in err_tcp (arg=0x2afba8b57534, err=-10 '\366') at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/api/api_msg.c:369
#2 0x00000000011c16ea in tcp_abandon (pcb=0x2afba8afc304, reset=1) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/core/tcp.c:398
#3 0x00000000011c1709 in tcp_abort (pcb=0x2afba8afc304) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/core/tcp.c:415
#4 0x00000000011c48ac in tcp_process (pcb=0x2afba8afc304) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/core/tcp_in.c:700
#5 0x00000000011c3c10 in tcp_input (p=0x2afba8c476c4, inp=0x11d96a0) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/core/tcp_in.c:304
#6 0x00000000011b1e37 in ip_input (p=0x2afba8c476c4, inp=0x11d96a0) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/core/ipv4/ip.c:559
#7 0x00000000011b0f81 in ethernet_input (p=0x2afba8c476c4, netif=0x11d96a0) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/netif/etharp.c:1363
#8 0x00000000011c8a92 in tcpip_thread (arg=0x0) at /home/christian/projects/genode/genode/libports/contrib/lwip-STABLE-1_4_1-RC1/src/api/tcpip.c:103
#9 0x00000000011bff01 in Lwip::Lwip_thread::entry (this=0x2afba8aa6220) at /home/christian/projects/genode/genode/libports/src/lib/lwip/include/thread.h:39
#10 0x0000000050051646 in thread_start () at /home/christian/projects/genode/genode/base-linux/src/base/thread/thread_linux.cc:48
#11 0x0000000050050b60 in thread_start () at /home/christian/projects/genode/genode/base-linux/../base-linux/src/platform/x86_64/lx_clone.S:59
Some added log output shows that the 'err_tcp()' function is using a pointer to a 'netconn' object which has already been freed before in the 'accept_function()' function, which got called from the 'tcp_process()' function before the 'tcp_abort()' function got called:
--- tcp_process() in tcp_in.c ---
...
printf("tcp_process(): calling TCP_EVENT_ACCEPT()\n");
/* Call the accept function. */
TCP_EVENT_ACCEPT(pcb, ERR_OK, err);
if (err != ERR_OK) {
/* If the accept function returns with an error, we abort
* the connection. */
/* Already aborted? */
if (err != ERR_ABRT) {
printf("tcp_process(): TCP_EVENT_ACCEPT() returned with error, calling tcp_abort()\n");
tcp_abort(pcb);
}
return ERR_ABRT;
}
(The GDB output above and the following log messages are from different runs and therefore show different connection and callback addresses)
The connection object gets freed and the memory it occupied gets overwritten shortly after by a different thread, changing the 'callback' pointer to some random value which gets then called from 'err_tcp()'.
The text was updated successfully, but these errors were encountered:
When running the 'lighttpd' test on Genode/Linux, the TCP/IP thread in the 'lighttpd' program often crashes after a while on my machine when running the Apache benchmark tool from another terminal:
GDB output for the TCP/IP thread:
Some added log output shows that the 'err_tcp()' function is using a pointer to a 'netconn' object which has already been freed before in the 'accept_function()' function, which got called from the 'tcp_process()' function before the 'tcp_abort()' function got called:
(The GDB output above and the following log messages are from different runs and therefore show different connection and callback addresses)
The connection object gets freed and the memory it occupied gets overwritten shortly after by a different thread, changing the 'callback' pointer to some random value which gets then called from 'err_tcp()'.
The text was updated successfully, but these errors were encountered: