Actions
Bug #3219
closedosmux_test2 fails on ubuntu 17.04 and 18.04
Start date:
04/28/2018
Due date:
% Done:
100%
Spec Reference:
Description
This can be seen in our OBS nightly builds, where libosmo-netif is marked as broken:
https://build.opensuse.org/project/monitor/network:osmocom:nightly
building by hand in a lxc container with ubuntu 18.04 and running a gdb backtrace on it:
(gdb) run
Starting program: /tmp/libosmo-netif/tests/osmux/.libs/osmux_test2
===test_output_consecutive===
sys={0.000000}, mono={0.000000}: clock_override_set
sys={0.000000}, mono={0.000000}: dequeue: seq=50 ts=500 M enqueued=5
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff79aec7f in rb_set_parent (rb=0x7ffff7ffa268, p=0xfffffffc)
at ../include/osmocom/core/linuxrbtree.h:124
124 rb->rb_parent_color = (rb->rb_parent_color & 3) | (unsigned long)p;
(gdb) bt
#0 0x00007ffff79aec7f in rb_set_parent (rb=0x7ffff7ffa268, p=0xfffffffc)
at ../include/osmocom/core/linuxrbtree.h:124
#1 rb_erase (node=node@entry=0x7fffffffe0d0, root=root@entry=0x7ffff7bbd890 <timer_root>)
at rbtree.c:270
#2 0x00007ffff79a36d6 in osmo_timer_del (timer=0x7fffffffe0d0) at timer.c:124
#3 0x00007ffff79a3709 in osmo_timer_add (timer=timer@entry=0x7fffffffe0d0) at timer.c:86
#4 0x00007ffff79a37f8 in osmo_timer_schedule (timer=timer@entry=0x7fffffffe0d0, seconds=0,
microseconds=20000) at timer.c:111
#5 0x00007ffff778f642 in osmux_xfrm_output_trigger (data=data@entry=0x7fffffffe0c0) at osmux.c:245
#6 0x00007ffff778feea in osmux_xfrm_output_sched (h=0x7fffffffe0c0, osmuxh=0x555555759e18)
at osmux.c:310
#7 0x00005555555554ea in test_output_consecutive () at osmux/osmux_test2.c:173
#8 main (argc=<optimized out>, argv=<optimized out>) at osmux/osmux_test2.c:370
while valgrind shows:
root@ubuntu1804:/tmp/libosmo-netif/tests/osmux/.libs# valgrind ./osmux_test2
==517== Memcheck, a memory error detector
==517== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==517== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==517== Command: ./osmux_test2
==517==
===test_output_consecutive===
sys={0.000000}, mono={0.000000}: clock_override_set
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x54E4A41: vfprintf (vfprintf.c:1643)
==517== by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)
==517== by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)
==517== by 0x10A2BD: snprintf (stdio2.h:64)
==517== by 0x10A2BD: tx_cb (osmux_test2.c:140)
==517== by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x4C32CF2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==517== by 0x54E64D2: vfprintf (vfprintf.c:1643)
==517== by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)
==517== by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)
==517== by 0x10A2BD: snprintf (stdio2.h:64)
==517== by 0x10A2BD: tx_cb (osmux_test2.c:140)
==517== by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x4C32D04: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==517== by 0x54E64D2: vfprintf (vfprintf.c:1643)
==517== by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)
==517== by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)
==517== by 0x10A2BD: snprintf (stdio2.h:64)
==517== by 0x10A2BD: tx_cb (osmux_test2.c:140)
==517== by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x5517532: _IO_default_xsputn (genops.c:412)
==517== by 0x54E5FEA: vfprintf (vfprintf.c:1643)
==517== by 0x55BB168: __vsnprintf_chk (vsnprintf_chk.c:63)
==517== by 0x55BB094: __snprintf_chk (snprintf_chk.c:34)
==517== by 0x10A2BD: snprintf (stdio2.h:64)
==517== by 0x10A2BD: tx_cb (osmux_test2.c:140)
==517== by 0x527E5C4: osmux_xfrm_output_trigger (osmux.c:253)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
sys={0.000000}, mono={0.000000}: dequeue: seq=50 ts=500 M enqueued=5
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x505A6B6: osmo_timer_del (timer.c:122)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x5065C65: rb_erase (rbtree.c:224)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x5065CDD: rb_erase (rbtree.c:269)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x5065C85: rb_erase (rbtree.c:271)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x5065C87: rb_erase (rbtree.c:273)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x5065C8B: rb_erase (rbtree.c:273)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x5065C95: rb_erase (rbtree.c:276)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x5065C9C: rb_erase (rbtree.c:282)
==517== by 0x505A6D5: osmo_timer_del (timer.c:124)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Conditional jump or move depends on uninitialised value(s)
==517== at 0x505A6E1: osmo_timer_del (timer.c:126)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Use of uninitialised value of size 8
==517== at 0x505A6E7: __llist_del (linuxlist.h:114)
==517== by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517== by 0x505A6E7: osmo_timer_del (timer.c:127)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517==
==517== Invalid write of size 8
==517== at 0x505A6E7: __llist_del (linuxlist.h:114)
==517== by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517== by 0x505A6E7: osmo_timer_del (timer.c:127)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517== Address 0x8 is not stack'd, malloc'd or (recently) free'd
==517==
==517==
==517== Process terminating with default action of signal 11 (SIGSEGV)
==517== Access not within mapped region at address 0x8
==517== at 0x505A6E7: __llist_del (linuxlist.h:114)
==517== by 0x505A6E7: llist_del_init (linuxlist.h:136)
==517== by 0x505A6E7: osmo_timer_del (timer.c:127)
==517== by 0x505A708: osmo_timer_add (timer.c:86)
==517== by 0x505A7F7: osmo_timer_schedule (timer.c:111)
==517== by 0x527E641: osmux_xfrm_output_trigger (osmux.c:245)
==517== by 0x527EEE9: osmux_xfrm_output_sched (osmux.c:310)
==517== by 0x1094E9: test_output_consecutive (osmux_test2.c:173)
==517== by 0x1094E9: main (osmux_test2.c:370)
==517== If you believe this happened as a result of a stack
==517== overflow in your program's main thread (unlikely but
==517== possible), you can try to increase the size of the
==517== main thread stack using the --main-stacksize= flag.
==517== The main thread stack size used in this run was 8388608.
==517==
==517== HEAP SUMMARY:
==517== in use at exit: 4,659 bytes in 13 blocks
==517== total heap usage: 15 allocs, 2 frees, 5,944 bytes allocated
==517==
==517== LEAK SUMMARY:
==517== definitely lost: 0 bytes in 0 blocks
==517== indirectly lost: 0 bytes in 0 blocks
==517== possibly lost: 4,659 bytes in 13 blocks
==517== still reachable: 0 bytes in 0 blocks
==517== suppressed: 0 bytes in 0 blocks
==517== Rerun with --leak-check=full to see details of leaked memory
==517==
==517== For counts of detected and suppressed errors, rerun with: -v
==517== Use --track-origins=yes to see where uninitialised values come from
==517== ERROR SUMMARY: 17 errors from 15 contexts (suppressed: 0 from 0)
Segmentation fault
Actions
