Assertion failures when running on Fedora 28 #133

jar1karp · 2018-05-07T11:45:53Z

Hi,

Below is a backtrace from gdb that I get by calling blogdown::serve_site(). This happens both with version 1.4.2 on CRAN and also if I install latest master from github. I'm running R version 3.5.0 Patched (2018-05-03 r74699) on Fedora 28 x86_64.

/usr/include/c++/8/bits/stl_vector.h:932: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = char&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Thread 1 "R" received signal SIGABRT, Aborted.
0x00007ffff42e7f4b in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff42e7f4b in raise () from /lib64/libc.so.6
#1  0x00007ffff42d2591 in abort () from /lib64/libc.so.6
#2  0x00007fffe6372928 in std::__replacement_assert (__file=__file@entry=0x7fffe63bfba8 "/usr/include/c++/8/bits/stl_vector.h", __line=__line@entry=932, 
    __function=__function@entry=0x7fffe63bfe00 <std::vector<char, std::allocator<char> >::operator[](unsigned long)::__PRETTY_FUNCTION__> "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = cha"..., __condition=__condition@entry=0x7fffe63bfb78 "__builtin_expect(__n < this->size(), true)") at /usr/include/c++/8/x86_64-redhat-linux/bits/c++config.h:2389
#3  0x00007fffe6378517 in std::vector<char, std::allocator<char> >::operator[] (__n=0, this=<optimized out>) at /home/jkarppin/R/x86_64-redhat-linux-gnu-library/3.5/BH/include/boost/smart_ptr/detail/shared_count.hpp:426
#4  HttpRequest::_call_r_on_ws_open() () at httprequest.cpp:687
#5  0x00007fffe63715c6 in boost::function0<void>::operator() (this=0x7fffe0002868) at /home/jkarppin/R/x86_64-redhat-linux-gnu-library/3.5/BH/include/boost/function/function_base.hpp:601
#6  BoostFunctionCallback::operator() (this=0x7fffe0002860) at callback.h:29
#7  invoke_callback(void*) () at callback.cpp:7
#8  0x00007fffe680a9c2 in boost::function0<void>::operator() (this=<optimized out>) at /home/jkarppin/R/x86_64-redhat-linux-gnu-library/3.5/BH/include/boost/function/function_base.hpp:601
#9  Callback::operator() (this=<optimized out>) at callback_registry.h:28
#10 execCallbacks(double) () at later.cpp:91
#11 0x00007fffe680abe9 in execCallbacksForTopLevel () at later.cpp:109
#12 0x00007fffe680bfef in async_input_handler(void*) () at later_posix.cpp:117
#13 0x00007ffff79b6314 in R_runHandlers () from /usr/lib64/R/lib/libR.so
#14 0x00007ffff79b675e in ?? () from /usr/lib64/R/lib/libR.so
#15 0x00007ffff78c89c4 in Rf_ReplIteration () from /usr/lib64/R/lib/libR.so
#16 0x00007ffff78c8f11 in ?? () from /usr/lib64/R/lib/libR.so
#17 0x00007ffff78c8fd0 in run_Rmainloop () from /usr/lib64/R/lib/libR.so
#18 0x000055555555491f in main ()

In case anyone else has the same problem: this worked previously with httpuv version 1.3.6 and seems that at least temporarily the crash can be avoided by installing the old version by devtools::install_version('httpuv', '1.3.6').

The text was updated successfully, but these errors were encountered:

wch · 2018-05-07T15:50:55Z

Can you provide the output of devtools::session_info() after running serve_site()?

jar1karp · 2018-05-07T16:34:05Z

Not exactly, because this happens on running blogdown::serve_site():

> blogdown::serve_site()
[...]
> /usr/include/c++/8/bits/stl_vector.h:932: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = char&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
Keskeytetty (luotiin core-tiedosto)

i.e. R aborts and dumps core.

However, it seems that building the site with blogdown::build_site(local = TRUE) and then serving the output directory by servr::httd(dir = 'public') doesn't crash. Here's the output of devtools::session_info() after running those commands:

> devtools::session_info()
Session info ------------------------------------------------------------------
 setting  value                                      
 version  R version 3.5.0 Patched (2018-05-03 r74699)
 system   x86_64, linux-gnu                          
 ui       X11                                        
 language (EN)                                       
 collate  fi_FI.UTF-8                                
 tz       Europe/Helsinki                            
 date     2018-05-07                                 

Packages ----------------------------------------------------------------------
 package   * version    date       source                         
 backports   1.1.2      2017-12-13 CRAN (R 3.5.0)                 
 base      * 3.5.0      2018-05-06 local                          
 blogdown    0.6        2018-04-18 CRAN (R 3.5.0)                 
 bookdown    0.7        2018-02-18 CRAN (R 3.5.0)                 
 compiler    3.5.0      2018-05-06 local                          
 datasets  * 3.5.0      2018-05-06 local                          
 devtools    1.13.5     2018-02-18 CRAN (R 3.5.0)                 
 digest      0.6.15     2018-01-28 CRAN (R 3.5.0)                 
 evaluate    0.10.1     2017-06-24 CRAN (R 3.5.0)                 
 graphics  * 3.5.0      2018-05-06 local                          
 grDevices * 3.5.0      2018-05-06 local                          
 htmltools   0.3.6      2017-04-28 CRAN (R 3.5.0)                 
 httpuv      1.4.2.9000 2018-05-07 Github (rstudio/httpuv@4a44b53)
 knitr       1.20       2018-02-20 CRAN (R 3.5.0)                 
 later       0.7.2      2018-05-01 CRAN (R 3.5.0)                 
 magrittr    1.5        2014-11-22 CRAN (R 3.5.0)                 
 memoise     1.1.0      2017-04-21 CRAN (R 3.5.0)                 
 methods   * 3.5.0      2018-05-06 local                          
 mime        0.5        2016-07-07 CRAN (R 3.5.0)                 
 promises    1.0.1      2018-04-13 CRAN (R 3.5.0)                 
 R6          2.2.2      2017-06-17 CRAN (R 3.5.0)                 
 Rcpp        0.12.16    2018-03-13 CRAN (R 3.5.0)                 
 rmarkdown   1.9        2018-03-01 CRAN (R 3.5.0)                 
 rprojroot   1.3-2      2018-01-03 CRAN (R 3.5.0)                 
 servr       0.9        2018-03-25 CRAN (R 3.5.0)                 
 stats     * 3.5.0      2018-05-06 local                          
 stringi     1.2.2      2018-05-02 CRAN (R 3.5.0)                 
 stringr     1.3.0      2018-02-19 CRAN (R 3.5.0)                 
 tools       3.5.0      2018-05-06 local                          
 utils     * 3.5.0      2018-05-06 local                          
 withr       2.1.2      2018-03-15 CRAN (R 3.5.0)                 
 xfun        0.1        2018-01-22 CRAN (R 3.5.0)

wch · 2018-05-07T17:42:44Z

Sorry, I meant, can you run session_info() with httpuv 1.3.6? I think the output might be exactly the same as what you provided above, though.

wch · 2018-05-07T17:45:00Z

Does the crash happen with a bare site -- if you run new_site() and then serve_site()?

jar1karp · 2018-05-07T17:52:36Z

Yes, the session_info() output would be the same except for version of httpuv.

The crash also happens with freshly created site. Also, it seems that the older version 1.3.6 of httpuv also crashes after serve_site(), but that only happens after closing the browser. With the latest version it happens immediately.

wch · 2018-05-07T17:58:33Z

One more quick comment: thanks for the detailed report with the stack trace from gdb. Right now I'm trying to figure out a minimal case to reproduce the problem, since I haven't been able to do so locally (on my Mac). Off the top of my head, some variables that might matter are:

OS (Fedora vs. Debian vs. Mac)
R version (3.5.0-patched vs. 3.5.0 vs. 3.4.4)
Compiler
Compiler settings

And it would also be good to be able to reproduce the problem at a lower level, like with just the servr package, or, even better, just httpuv.

Do you know if this problem happens with R 3.5.0 (not patched)?

jar1karp · 2018-05-07T18:08:00Z

I think I tested with R 3.5.0 built from the released tarball (i.e. without patches from svn branch) and got the same crash. However I built those binaries using the RPM spec which by default uses hardening flags.

I'll try verifying this, but I think with R built from the sources as such (i.e. the configure && make && make install routine) it worked fine.

wch · 2018-05-07T19:20:57Z

I'm able to reproduce what may be the same problem using RDsan in the wch1/r-debug docker image. The first time I run serve_site(), it crashes immediately. When I run it a second time, it emits an error message (but keeps running) when I visit the web page.

docker run --rm -ti -p 4321:4321 wch1/r-debug

mkdir temp
cd temp

RDsan
install.packages('blogdown')
new_site()                  # This opens vim; need to :wq before continuing
serve_site(host="0.0.0.0")  # Crashes immediately


# Second run
RDsan
library(blogdown)
serve_site(host="0.0.0.0") # Prints error message when web browser visits page

The output:

> library(blogdown)
> new_site() # This opens vim; need to :wq before continuing
trying URL 'https://github.com/yihui/hugo-lithium/archive/master.zip'
Content type 'application/zip' length 118535 bytes (115 KB)
==================================================
downloaded 115 KB

Rendering content/post/2015-07-23-r-rmarkdown.Rmd
serve_site(host="0.0.0.0")

                   | EN  
+------------------+----+
  Pages            | 20  
  Paginator pages  |  0  
  Non-page files   |  0  
  Static files     | 11  
  Processed images |  0  
  Aliases          |  0  
  Sitemaps         |  1  
  Cleaned          |  0  

Total in 17 ms
Serving the directory /temp at http://127.0.0.1:4321
To stop the server, run servr::daemon_stop("106858787111720") or restart your R session
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: www-browser: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links2: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: elinks: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: lynx: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: w3m: not found
xdg-open: no method available for opening 'http://127.0.0.1:4321'
> serve_site(host="0.0.0.0")

                   | EN  
+------------------+----+
  Pages            | 20  
  Paginator pages  |  0  
  Non-page files   |  0  
  Static files     | 11  
  Processed images |  0  
  Aliases          |  0  
  Sitemaps         |  1  
  Cleaned          |  0  

Total in 14 ms
=================================================================
==16556==ERROR: AddressSanitizer: heap-use-after-free on address 0x6130000c0508 at pc 0x7f67bf645759 bp 0x7f67c3ec8ea0 sp 0x7f67c3ec8e90
WRITE of size 8 at 0x6130000c0508 thread T3
    #0 0x7f67bf645758 in uv__stream_init src/unix/stream.c:76
    #1 0x7f67bf64ecc1 in uv_tcp_init_ex src/unix/tcp.c:127
    #2 0x7f67bf64ee1e in uv_tcp_init src/unix/tcp.c:146
    #3 0x7f67bf5408ad in createTcpServer(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:120
    #4 0x7f67bf541321 in createTcpServerSync(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:172
    #5 0x7f67bf5c22bd in void boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> >::operator()<void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0&, int) /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:676
    #6 0x7f67bf5bec87 in boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >::operator()() /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:1294
    #7 0x7f67bf5bc8d7 in boost::detail::function::void_function_obj_invoker0<boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >, void>::invoke(boost::detail::function::function_buffer&) /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:159
    #8 0x7f67bf532331 in boost::function0<void>::operator()() const /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:759
    #9 0x7f67bf535c6b in CallbackQueue::flush() /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:47
    #10 0x7f67bf535885 in flush_callback_queue(uv_async_s*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:12
    #11 0x7f67bf62cd01 in uv__async_io src/unix/async.c:118
    #12 0x7f67bf65b310 in uv__io_poll src/unix/linux-core.c:400
    #13 0x7f67bf62e9d4 in uv_run src/unix/core.c:368
    #14 0x7f67bf5a49e1 in io_thread(void*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/httpuv.cpp:112
    #15 0x7f67d34437fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb)
    #16 0x7f67d3b7bb5e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x114b5e)

0x6130000c0508 is located 72 bytes inside of 360-byte region [0x6130000c04c0,0x6130000c0628)
freed by thread T3 here:
    #0 0x7f67d4a272d0 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe12d0)
    #1 0x7f67bf551465 in boost::detail::sp_counted_impl_pd<Socket*, boost::detail::sp_ms_deleter<Socket> >::~sp_counted_impl_pd() (/usr/local/RDsan/lib/R/site-library/httpuv/libs/httpuv.so+0x31d465)
    #2 0x7f67bf542444 in boost::detail::sp_counted_base::destroy() /usr/local/RDsan/lib/R/site-library/BH/include/boost/smart_ptr/detail/sp_counted_base_std_atomic.hpp:89
    #3 0x7f67bf5428f7 in boost::detail::sp_counted_base::weak_release() /usr/local/RDsan/lib/R/site-library/BH/include/boost/smart_ptr/detail/sp_counted_base_std_atomic.hpp:124
    #4 0x7f67bf542730 in boost::detail::sp_counted_base::release() /usr/local/RDsan/lib/R/site-library/BH/include/boost/smart_ptr/detail/sp_counted_base_std_atomic.hpp:111
    #5 0x7f67bf542b52 in boost::detail::shared_count::~shared_count() /usr/local/RDsan/lib/R/site-library/BH/include/boost/smart_ptr/detail/shared_count.hpp:426
    #6 0x7f67bf545446 in boost::shared_ptr<Socket>::~shared_ptr() /usr/local/RDsan/lib/R/site-library/BH/include/boost/smart_ptr/shared_ptr.hpp:341
    #7 0x7f67bf54114d in createTcpServer(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:117
    #8 0x7f67bf541321 in createTcpServerSync(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:172
    #9 0x7f67bf5c22bd in void boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> >::operator()<void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0&, int) /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:676
    #10 0x7f67bf5bec87 in boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >::operator()() /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:1294
    #11 0x7f67bf5bc8d7 in boost::detail::function::void_function_obj_invoker0<boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >, void>::invoke(boost::detail::function::function_buffer&) /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:159
    #12 0x7f67bf532331 in boost::function0<void>::operator()() const /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:759
    #13 0x7f67bf535c6b in CallbackQueue::flush() /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:47
    #14 0x7f67bf535885 in flush_callback_queue(uv_async_s*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:12
    #15 0x7f67bf62cd01 in uv__async_io src/unix/async.c:118
    #16 0x7f67bf65b310 in uv__io_poll src/unix/linux-core.c:400
    #17 0x7f67bf62e9d4 in uv_run src/unix/core.c:368
    #18 0x7f67bf5a49e1 in io_thread(void*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/httpuv.cpp:112
    #19 0x7f67d34437fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb)

previously allocated by thread T3 here:
    #0 0x7f67d4a26458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x7f67bf54d9e4 in boost::detail::shared_count::shared_count<Socket*, boost::detail::sp_ms_deleter<Socket> >(Socket*, boost::detail::sp_inplace_tag<boost::detail::sp_ms_deleter<Socket> >) (/usr/local/RDsan/lib/R/site-library/httpuv/libs/httpuv.so+0x3199e4)
    #2 0x7f67bf54b9eb in boost::shared_ptr<Socket>::shared_ptr<Socket, boost::detail::sp_inplace_tag<boost::detail::sp_ms_deleter<Socket> > >(Socket*, boost::detail::sp_inplace_tag<boost::detail::sp_ms_deleter<Socket> >) (/usr/local/RDsan/lib/R/site-library/httpuv/libs/httpuv.so+0x3179eb)
    #3 0x7f67bf549dd8 in boost::detail::sp_if_not_array<Socket>::type boost::make_shared<Socket, boost::shared_ptr<WebApplication>&, CallbackQueue*&>(boost::shared_ptr<WebApplication>&, CallbackQueue*&) (/usr/local/RDsan/lib/R/site-library/httpuv/libs/httpuv.so+0x315dd8)
    #4 0x7f67bf540888 in createTcpServer(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:117
    #5 0x7f67bf541321 in createTcpServerSync(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/http.cpp:172
    #6 0x7f67bf5c22bd in void boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> >::operator()<void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list0&, int) /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:676
    #7 0x7f67bf5bec87 in boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >::operator()() /usr/local/RDsan/lib/R/site-library/BH/include/boost/bind/bind.hpp:1294
    #8 0x7f67bf5bc8d7 in boost::detail::function::void_function_obj_invoker0<boost::_bi::bind_t<void, void (*)(uv_loop_s*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, boost::shared_ptr<WebApplication>, CallbackQueue*, uv_stream_s**, Barrier*), boost::_bi::list7<boost::_bi::value<uv_loop_s*>, boost::_bi::value<char const*>, boost::_bi::value<int>, boost::_bi::value<boost::shared_ptr<WebApplication> >, boost::_bi::value<CallbackQueue*>, boost::_bi::value<uv_stream_s**>, boost::_bi::value<Barrier*> > >, void>::invoke(boost::detail::function::function_buffer&) /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:159
    #9 0x7f67bf532331 in boost::function0<void>::operator()() const /usr/local/RDsan/lib/R/site-library/BH/include/boost/function/function_template.hpp:759
    #10 0x7f67bf535c6b in CallbackQueue::flush() /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:47
    #11 0x7f67bf535885 in flush_callback_queue(uv_async_s*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/callbackqueue.cpp:12
    #12 0x7f67bf62cd01 in uv__async_io src/unix/async.c:118
    #13 0x7f67bf65b310 in uv__io_poll src/unix/linux-core.c:400
    #14 0x7f67bf62e9d4 in uv_run src/unix/core.c:368
    #15 0x7f67bf5a49e1 in io_thread(void*) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/httpuv.cpp:112
    #16 0x7f67d34437fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb)

Thread T3 created by T0 here:
    #0 0x7f67d497dd2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7f67bf650d76 in uv_thread_create src/unix/thread.c:198
    #2 0x7f67bf5a4d27 in ensure_io_thread() /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/httpuv.cpp:133
    #3 0x7f67bf5a673c in makeTcpServer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, Rcpp::Function_Impl<Rcpp::PreserveStorage>, Rcpp::Function_Impl<Rcpp::PreserveStorage>, Rcpp::Function_Impl<Rcpp::PreserveStorage>, Rcpp::Function_Impl<Rcpp::PreserveStorage>, Rcpp::Function_Impl<Rcpp::PreserveStorage>, Rcpp::Function_Impl<Rcpp::PreserveStorage>) /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/httpuv.cpp:234
    #4 0x7f67bf51e851 in _httpuv_makeTcpServer /tmp/Rtmp8mbtGj/R.INSTALL77b308b85e2/httpuv/src/RcppExports.cpp:46
    #5 0x7f67d4087cc1 in R_doDotCall /tmp/r-source/src/main/dotcode.c:596
    #6 0x7f67d40a3a6c in do_dotcall /tmp/r-source/src/main/dotcode.c:1252
    #7 0x7f67d414ebd5 in bcEval /tmp/r-source/src/main/eval.c:6771
    #8 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #9 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #10 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #11 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #12 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #13 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #14 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #15 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #16 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #17 0x7f67d4121988 in forcePromise /tmp/r-source/src/main/eval.c:520
    #18 0x7f67d413960d in FORCE_PROMISE /tmp/r-source/src/main/eval.c:4970
    #19 0x7f67d4139968 in getvar /tmp/r-source/src/main/eval.c:5012
    #20 0x7f67d4147941 in bcEval /tmp/r-source/src/main/eval.c:6503
    #21 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #22 0x7f67d4121988 in forcePromise /tmp/r-source/src/main/eval.c:520
    #23 0x7f67d413960d in FORCE_PROMISE /tmp/r-source/src/main/eval.c:4970
    #24 0x7f67d4139968 in getvar /tmp/r-source/src/main/eval.c:5012
    #25 0x7f67d4147941 in bcEval /tmp/r-source/src/main/eval.c:6503
    #26 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #27 0x7f67d4121988 in forcePromise /tmp/r-source/src/main/eval.c:520
    #28 0x7f67d413960d in FORCE_PROMISE /tmp/r-source/src/main/eval.c:4970
    #29 0x7f67d4139968 in getvar /tmp/r-source/src/main/eval.c:5012
    #30 0x7f67d4147941 in bcEval /tmp/r-source/src/main/eval.c:6503
    #31 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #32 0x7f67d4121988 in forcePromise /tmp/r-source/src/main/eval.c:520
    #33 0x7f67d413960d in FORCE_PROMISE /tmp/r-source/src/main/eval.c:4970
    #34 0x7f67d4139968 in getvar /tmp/r-source/src/main/eval.c:5012
    #35 0x7f67d4147941 in bcEval /tmp/r-source/src/main/eval.c:6503
    #36 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #37 0x7f67d4121988 in forcePromise /tmp/r-source/src/main/eval.c:520
    #38 0x7f67d413960d in FORCE_PROMISE /tmp/r-source/src/main/eval.c:4970
    #39 0x7f67d4139968 in getvar /tmp/r-source/src/main/eval.c:5012
    #40 0x7f67d4147941 in bcEval /tmp/r-source/src/main/eval.c:6503
    #41 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #42 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #43 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #44 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #45 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #46 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #47 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #48 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #49 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #50 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #51 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #52 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #53 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #54 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #55 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #56 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #57 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #58 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #59 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #60 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #61 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #62 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #63 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #64 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #65 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #66 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #67 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #68 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #69 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #70 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #71 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #72 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #73 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #74 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #75 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #76 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #77 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #78 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #79 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #80 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #81 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #82 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #83 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #84 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #85 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #86 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #87 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #88 0x7f67d414e321 in bcEval /tmp/r-source/src/main/eval.c:6739
    #89 0x7f67d4122179 in Rf_eval /tmp/r-source/src/main/eval.c:624
    #90 0x7f67d4127e5f in R_execClosure /tmp/r-source/src/main/eval.c:1764
    #91 0x7f67d41275b7 in Rf_applyClosure /tmp/r-source/src/main/eval.c:1692
    #92 0x7f67d4123442 in Rf_eval /tmp/r-source/src/main/eval.c:747
    #93 0x7f67d41c2ad9 in Rf_ReplIteration /tmp/r-source/src/main/main.c:258
    #94 0x7f67d41c2ed4 in R_ReplConsole /tmp/r-source/src/main/main.c:308
    #95 0x7f67d41c518d in run_Rmainloop /tmp/r-source/src/main/main.c:1082
    #96 0x7f67d41c51a3 in Rf_mainloop /tmp/r-source/src/main/main.c:1089
    #97 0x400942 in main /tmp/r-source/src/main/Rmain.c:29
    #98 0x7f67d3a881c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)

SUMMARY: AddressSanitizer: heap-use-after-free src/unix/stream.c:76 in uv__stream_init
Shadow bytes around the buggy address:
  0x0c2680010050: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2680010060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2680010070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2680010080: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
  0x0c2680010090: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c26800100a0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800100b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800100c0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa
  0x0c26800100d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c26800100e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c26800100f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==16556==ABORTING
root@34a6ee1600c7:/temp# RDsan

R Under development (unstable) (2018-04-26 r74644) -- "Unsuffered Consequences"
Copyright (C) 2018 The R Foundation for Statistical Computing
Platform: x86_64-pc-linux-gnu (64-bit)

R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under certain conditions.
Type 'license()' or 'licence()' for distribution details.

R is a collaborative project with many contributors.
Type 'contributors()' for more information and
'citation()' on how to cite R or R packages in publications.

Type 'demo()' for some demos, 'help()' for on-line help, or
'help.start()' for an HTML browser interface to help.
Type 'q()' to quit R.

> library(blogdown)
> serve_site(host="0.0.0.0")

                   | EN  
+------------------+----+
  Pages            | 20  
  Paginator pages  |  0  
  Non-page files   |  0  
  Static files     | 11  
  Processed images |  0  
  Aliases          |  0  
  Sitemaps         |  1  
  Cleaned          |  0  

Total in 14 ms
Serving the directory /temp at http://0.0.0.0:4321
To stop the server, run servr::daemon_stop("106858786914600") or restart your R session
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: www-browser: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links2: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: elinks: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: lynx: not found
/usr/bin/xdg-open: 778: /usr/bin/xdg-open: w3m: not found
xdg-open: no method available for opening 'http://0.0.0.0:4321'
> /usr/include/c++/7/bits/stl_vector.h:798:34: runtime error: reference binding to null pointer of type 'value_type'

EDIT: I just realized that the first crash might be because it's already serving the site before I ran serve_site().

wch · 2018-05-07T20:37:19Z

@jar1karp Can you test if this causes the crash for you with 1.4.2?

library(httpuv)

startServer("0.0.0.0", 8000, list())
startServer("0.0.0.0", 8000, list())
startServer("0.0.0.0", 8001, list())

jar1karp · 2018-05-08T05:26:25Z

No, here's the output

> library(httpuv)
> startServer("0.0.0.0", 8000, list())
[1] "140511063052696"
> startServer("0.0.0.0", 8000, list())
Error in startServer("0.0.0.0", 8000, list()) : Failed to create server
> startServer("0.0.0.0", 8001, list())
[1] "140511063053368"

wch · 2018-05-08T17:12:36Z

OK, I've reproduced the problem using Docker.

Dockerfile:

# docker build -t r-fedora .
# docker run --rm -ti -p 4321:4321 --security-opt seccomp=unconfined

FROM fedora:latest

RUN dnf install -y R pandoc gdb
# If you have weird compile problems, it might be because -j4 causes the container
# to run out of memory. You can reduce the number or coment this out if needed.
RUN echo "MAKEFLAGS=-j4" > ~/.Renviron
RUN R -e "install.packages('httpuv', repos = c(CRAN='https://cloud.r-project.org'))"

Commands to run:

docker build -t r-fedora .
docker run --rm -ti -p 4321:4321 --security-opt seccomp=unconfined r-fedora /bin/bash
R
library(httpuv)
startServer("0.0.0.0", 4321, list(
  call = function(req) {
    list(
      status = 200L,
      headers = list('Content-Type' = 'text/html'),
      body = "hello"
    )
  }
))

Visiting http://localhost:4321 with a browser works fine. However, if you try to connect with a websocket, it causes the crash. To do this, run the following in another terminal:

R
devtools::install_github('rstudio/websocket')
library(websocket)
ws <- WebsocketClient$new("ws://localhost:4321/",
  onOpen    = function()    cat("Connection opened\n"),
  onMessage = function(msg) cat("Client got msg: ", msg, "\n"),
  onClose   = function()    cat("Client disconnected\n")
)

Output from running under gdb

> serve_site(host="0.0.0.0")  # Crashes when visited with a web browser
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
Detaching after fork from child process 184.
Detaching after fork from child process 186.
Detaching after fork from child process 192.

                   | EN  
+------------------+----+
  Pages            | 20  
  Paginator pages  |  0  
  Non-page files   |  0  
  Static files     | 11  
  Processed images |  0  
  Aliases          |  0  
  Sitemaps         |  1  
  Cleaned          |  0  

Total in 14 ms
[New Thread 0x7fffec9a5700 (LWP 200)]
[New Thread 0x7fffe7fff700 (LWP 201)]
Detaching after fork from child process 202.
Serving the directory /temp at http://0.0.0.0:4321
To stop the server, run servr::daemon_stop("140737085706648") or restart your R session
/usr/bin/xdg-open: line 854: www-browser: command not found
/usr/bin/xdg-open: line 854: links2: command not found
/usr/bin/xdg-open: line 854: elinks: command not found
/usr/bin/xdg-open: line 854: links: command not found
/usr/bin/xdg-open: line 854: lynx: command not found
/usr/bin/xdg-open: line 854: w3m: command not found
xdg-open: no method available for opening 'http://0.0.0.0:4321'
> Detaching after fork from child process 270.
Detaching after fork from child process 272.
Detaching after fork from child process 274.
Detaching after fork from child process 276.
Detaching after fork from child process 278.
Detaching after fork from child process 280.
/usr/include/c++/8/bits/stl_vector.h:932: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = char&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Thread 1 "R" received signal SIGABRT, Aborted.
0x00007ffff4337f4b in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff4337f4b in raise () from /lib64/libc.so.6
#1  0x00007ffff4322591 in abort () from /lib64/libc.so.6
#2  0x00007fffec9c9b18 in std::__replacement_assert (
    __file=__file@entry=0x7fffeca0b688 "/usr/include/c++/8/bits/stl_vector.h", __line=__line@entry=932, 
    __function=__function@entry=0x7fffeca0b8e0 <std::vector<char, std::allocator<char> >::operator[](unsigned long)::__PRETTY_FUNCTION__> "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = cha"..., 
    __condition=__condition@entry=0x7fffeca0b658 "__builtin_expect(__n < this->size(), true)")
    at /usr/include/c++/8/x86_64-redhat-linux/bits/c++config.h:2389
#3  0x00007fffec9cf707 in std::vector<char, std::allocator<char> >::operator[] (__n=0, this=<optimized out>)
    at /usr/lib64/R/library/BH/include/boost/smart_ptr/detail/shared_count.hpp:426
#4  HttpRequest::_call_r_on_ws_open() () at httprequest.cpp:687
#5  0x00007fffec9c87b6 in boost::function0<void>::operator() (this=0x7fffe8002398)
    at /usr/lib64/R/library/BH/include/boost/function/function_base.hpp:601
#6  BoostFunctionCallback::operator() (this=0x7fffe8002390) at callback.h:29
#7  invoke_callback(void*) () at callback.cpp:7
#8  0x00007fffece569c2 in boost::function0<void>::operator() (this=<optimized out>)
    at /usr/lib64/R/library/BH/include/boost/function/function_base.hpp:601
#9  Callback::operator() (this=<optimized out>) at callback_registry.h:28
#10 execCallbacks(double) () at later.cpp:91
#11 0x00007fffece56be9 in execCallbacksForTopLevel () at later.cpp:109
#12 0x00007fffece57fef in async_input_handler(void*) () at later_posix.cpp:117
#13 0x00007ffff79bd984 in R_runHandlers () from /usr/lib64/R/lib/libR.so
#14 0x00007ffff79bddbb in Rstd_ReadConsole () from /usr/lib64/R/lib/libR.so
#15 0x00007ffff78edc94 in Rf_ReplIteration () from /usr/lib64/R/lib/libR.so
#16 0x00007ffff78ee1c1 in R_ReplConsole () from /usr/lib64/R/lib/libR.so
#17 0x00007ffff78ee280 in run_Rmainloop () from /usr/lib64/R/lib/libR.so
#18 0x000055555555491f in main ()

wch · 2018-05-08T18:33:36Z

@jcheng5 and I were able to get a truly minimal C++ example. This works on Linux.

test.c:

#include <vector>
#include <iostream>

int main() {
  std::vector<char> buf;
  printf("%p\n", &buf[0]);
  return 0;
}

Compile and run:

g++ -D _GLIBCXX_ASSERTIONS test.c
./a.out

The error:

/usr/include/c++/7/bits/stl_vector.h:797: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = char; _Alloc = std::allocator<char>; std::vector<_Tp, _Alloc>::reference = char&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
Aborted (core dumped)

The problem is that we use the construct &x[0], where x is a std::vector of length 0. The behavior in that case is undefined, and the _GLIBCXX_ASSERTIONS flag tells it to check for that.

wch · 2018-05-08T21:21:15Z

It looks like that compilation flag was turned on by default in Fedora 28: https://fedoraproject.org/wiki/Changes/HardeningFlags28

Fix #133: Assertion failures when running on Fedora 28

Ran into this doing Pro Server work on an Ubuntu Bionic (18) VM, with a Debug build of the product. Server would assert and terminate on startup. This is same issue that httpuv project was hitting here: rstudio/httpuv#133 Debug build uses _GLIBCXX_ASSERTIONS and which asserts on usage of this pattern: &v[0], where "v" is a vector Take address of first element of a potentially empty vector is undefined behavior in C++. Also can't just use vector::data(), because the return value of data() may or may not be nullptr for an empty vector, per C++ docs. (D'oh) So added `safe_vec_addr` as used by httuv. I only fixed the one case that was preventing me from starting the server with a Debug build. I will open an issue to do a comprehensive survey of the codebase to find other potential problems of this sort and/or fix them as I hit them.

wch mentioned this issue May 7, 2018

Sanitizer complains when starting app after a failed app start #134

Closed

wch mentioned this issue May 8, 2018

debug assertion on Windows when sourcing C++ file rstudio/rstudio#2154

Closed

jcheng5 changed the title ~~blogdown::serve_site() -> received signal SIGABRT, Aborted~~ Assertion failures when running on Fedora 28 May 8, 2018

jcheng5 closed this as completed in 6cf767f May 8, 2018

jcheng5 added a commit that referenced this issue May 8, 2018

Merge pull request #136 from rstudio/joe/bugfix/safe-addr

2487235

Fix #133: Assertion failures when running on Fedora 28

wch mentioned this issue May 9, 2018

Compile R with debugging flags wch/r-debug#4

Closed

aimylios mentioned this issue Aug 30, 2018

arachne-pnr crashes when compiled with _GLIBCXX_ASSERTIONS YosysHQ/arachne-pnr#126

Open

gtritchie mentioned this issue Oct 15, 2018

can't safely get address of empty vector rstudio/rstudio#3677

Merged

space88man mentioned this issue Mar 6, 2019

Explicitly set CKA_ID to zero-length byte string on PRIVATE_KEY causes assertion on retrieval opendnssec/SoftHSMv2#449

Closed

Ezibenroc mentioned this issue Jun 24, 2019

BitMap([]) crashes Ezibenroc/PyRoaringBitMap#49

Closed

Desour mentioned this issue Jul 4, 2019

Minetest crashes when shift clicking on an item in the 3x3 crafting space (Flatpak, Fedora 30) minetest/minetest#7761

Closed

danilaml mentioned this issue Mar 31, 2021

Possible UB that can lead to a crash due to assertions in GLIBC david-cortes/outliertree#3

Closed

ajm-ska mentioned this issue Mar 18, 2022

crash when opening a region file on CentOS8 CARTAvis/carta-backend#909

Closed

KavalchukD mentioned this issue May 16, 2023

Assertion in stl_vector.h:1123 on Fedora 28 Qucs/qucsator#37

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assertion failures when running on Fedora 28 #133

Assertion failures when running on Fedora 28 #133

jar1karp commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018 •

edited

Loading

wch commented May 7, 2018

jar1karp commented May 8, 2018

wch commented May 8, 2018 •

edited

Loading

wch commented May 8, 2018 •

edited

Loading

wch commented May 8, 2018

Assertion failures when running on Fedora 28 #133

Assertion failures when running on Fedora 28 #133

Comments

jar1karp commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018

jar1karp commented May 7, 2018

wch commented May 7, 2018 • edited Loading

wch commented May 7, 2018

jar1karp commented May 8, 2018

wch commented May 8, 2018 • edited Loading

wch commented May 8, 2018 • edited Loading

wch commented May 8, 2018

wch commented May 7, 2018 •

edited

Loading

wch commented May 8, 2018 •

edited

Loading

wch commented May 8, 2018 •

edited

Loading