[omniORB] omni::giopRope::match() crash

Michael Teske subscribe at teskor.de
Wed Apr 8 10:23:52 BST 2015 

Hi,

ok, this is really the last one :)

The problem is, that there's this other thread:

#0  0xffffe410 in __kernel_vsyscall ()
#1  0x00375839 in __lll_lock_wait () from /lib/libpthread.so.0
#2  0x00370e9f in _L_lock_885 () from /lib/libpthread.so.0
#3  0x00370d66 in pthread_mutex_lock () from /lib/libpthread.so.0
#4  0xf7e822ac in lock (this=0xebb1fca0, ior=0xebb1fc30, key=0xebb06c2c "ExchangeAgenting,l\260\353\r", keysize=13, calldesc=0xf43fdfb0) at ../../../../include/omnithread.h:257
#5  ~omni_tracedmutex_unlock (this=0xebb1fca0, ior=0xebb1fc30, key=0xebb06c2c "ExchangeAgenting,l\260\353\r", keysize=13, calldesc=0xf43fdfb0) at ../../../../include/omniORB4/tracedthread.h:172
#6  omni::giopRope::acquireClient (this=0xebb1fca0, ior=0xebb1fc30, key=0xebb06c2c "ExchangeAgenting,l\260\353\r", keysize=13, calldesc=0xf43fdfb0) at giopRope.cc:164
#7  0xf7e7a7c8 in omni::IOP_C_Holder::IOP_C_Holder (this=0xf43fdef8, ior=0xebb1fc30, key=0xebb06c2c "ExchangeAgenting,l\260\353\r", keysize=13, rope=0xebb1fca0, calldesc=0xf43fdfb0) at omniTransport.cc:74
#8  0xf7e6d85c in omniRemoteIdentity::dispatch (this=0xebb06c28, call_desc=...) at remoteIdentity.cc:93
#9  0xf7e4e7f0 in omniObjRef::_invoke (this=0xebb1e3c4, call_desc=..., do_assert=false) at omniObjRef.cc:674
#10 0xf7e4f6a9 in omniObjRef::_remote_is_a (this=0xebb1e3c4, a_repoId=0x81ce888 "IDL:exchangeAgent/eaServer:1.0") at omniObjRef.cc:338
#11 0xf7e4f79d in omniObjRef::_real_is_a (this=0xebb1e3c4, repoId=0x81ce888 "IDL:exchangeAgent/eaServer:1.0") at omniObjRef.cc:109
#12 0xf7e4f954 in omniObjRef::_realNarrow (this=0xebb1e3c4, repoId=0x81ce888 "IDL:exchangeAgent/eaServer:1.0") at omniObjRef.cc:172

It tries to get the lock but this is not before calling filterAndSortAddressList() but after, I misread the 
omni_tracedmutex_unlock for omni_tracedmutex_lock in line 163. So all is clear, filterAndSortAddressList() modifies pd_addresses while the mutex is
_not_ locked and if the vector needs to be reallocated any iterator from match() points into nirvana. 
The question is, why is the mutex unlocked right before calling filterAndSortAddressList()? Is this because name resolution
is slow? Then I would suggest locking the transportMutex again in line 702 when pd_addresses is accessed. This is ugly but should
work I think. I'll try this and write again if this works.

Regards,
  Michael

> 
> (gdb) where
> #0  0xf7e82d47 in omni::giopRope::match (this=0xebb1fca0, addrlist=..., info=0x9d09778) at giopRope.cc:647
> #1  0xf7e83ef4 in omni::giopRope::selectRope (addrlist=..., info=0x9d09778, rope=@0xf41fcc4c, is_local=@0xf41fcc47) at giopRope.cc:588
> #2  0xf7e44e4a in omni::createIdentity (ior=0x9cfbee0, target=0xf7ed6465 "IDL:omg.org/CORBA/Object:1.0", locked=false) at omniInternal.cc:734
> #3  0xf7e46b09 in omni::createObjRef (targetRepoId=0xf7ed6465 "IDL:omg.org/CORBA/Object:1.0", ior=0x9cfbee0, locked=false, id=0x0) at omniInternal.cc:810
> #4  0xf7e75933 in omni::corbalocURIHandler::locToObject (c=@0xf41fd01c, cycles=0, def_key=0x0) at uri.cc:889
> #5  0xf7e76c86 in omni::corbalocURIHandler::toObject (this=0xf7f2ed34, uri=0x9c4917c "corbaloc::sbz1:5571/ExchangeAgent", cycles=0) at uri.cc:488
> #6  0xf7e742f4 in omni::omniURI::stringToObject (uri=0x9c4917c "corbaloc::sbz1:5571/ExchangeAgent", cycles=0) at uri.cc:277
> #7  0xf7e15be1 in omniOrbORB::string_to_object (this=0x9c2ed50, uri=0x9c4917c "corbaloc::sbz1:5571/ExchangeAgent") at corbaOrb.cc:426
> #8  0x0807b4da in UsedEA::run (this=0x9c491a8) at /home/build/Builds/Trader-build857/Trader/src/LoginServer/EAInfo.cpp:500
> #9  0x0808215e in tools::P0Hook<UsedEA>::run (this=0x9c492b8) at /home/build/Builds/Trader-build857/Trader/include/tools/ThreadHook.hpp:41
> #10 0x081c54d8 in omniJTCThread::entrance_hook (this=0x9c492b8) at /home/build/Builds/Trader-build857/Trader/src/libomniJTC/Thread.cpp:772
> #11 0x081c5612 in lsf_thread_adapter (arg=0x9c492b8) at /home/build/Builds/Trader-build857/Trader/src/libomniJTC/Thread.cpp:85
> #12 0xf7f33edc in omni_thread_wrapper (ptr=0x9c49560) at posix.cc:447
> #13 0x0036e912 in start_thread () from /lib/libpthread.so.0
> #14 0x002ad7ce in clone () from /lib/libc.so.6
> (gdb) p addrlist
> $1 = (const omni::giopAddressList &) @0x9d0977c: {
>   start = 0x9c6faa0,
>   finish = 0x9c6faa4,
>   end_of_storage = 0x9c6faa4
> }
> (gdb) p i
> $2 = (omni::giopAddress * const *) 0x9c6faa0
> (gdb) p *(*i)
> $3 = (omni::tcpAddress) {
>   <omni::giopAddress> = {
>     _vptr.giopAddress = 0xf7f2a788
>   },
>   members of omni::tcpAddress:
>   pd_address = {
>     host = {
>       _ptr = 0x9cfc090 "sbz1"
>     },
>     port = 5571
>   },
>   pd_address_string = {
>     _data = 0x9cfc0a0 "giop:tcp:sbz1:5571"
>   }
> }
> 
> (gdb) p pd_addresses
> $4 = {
>   start = 0xebb1fd28,
>   finish = 0xebb1fd30,
>   end_of_storage = 0xebb1fd30
> }
> 
> (gdb) p j
> $5 = (omni::giopAddress * const *) 0xebb06160
> (gdb) p *(*j)
> Cannot access memory at address 0x1
> 
> (gdb) p *(*(pd_addresses.start))
> $9 = (omni::tcpAddress) {
>   <omni::giopAddress> = {
>     _vptr.giopAddress = 0xf7f2a788
>   },
>   members of omni::tcpAddress:
>   pd_address = {
>     host = {
>       _ptr = 0xebb01130 "sbz1"
>     },
>     port = 46036
>   },
>   pd_address_string = {
>     _data = 0xebb00618 "giop:tcp:sbz1:46036"
>   }
> }
> 
> (gdb) p *(*(pd_addresses.start+1))
> $8 = (omni::tcpAddress) {
>   <omni::giopAddress> = {
>     _vptr.giopAddress = 0xf7f2a788
>   },
>   members of omni::tcpAddress:
>   pd_address = {
>     host = {
>       _ptr = 0xebb07118 "192.168.68.194"
>     },
>     port = 46036
>   },
>   pd_address_string = {
>     _data = 0xebb06e88 "giop:tcp:192.168.68.194:46036"
>   }
> }
> 
> 
> (gdb) p *this
> $10 = (omni::giopRope) {
>   <omni::Rope> = {
>     _vptr.Rope = 0xf7f250c8,
>     pd_strands = {
>       next = 0xebb1fca4,
>       prev = 0xebb1fca4
>     }
>   },
>   <omni::RopeLink> = {
>     next = 0xf461782c,
>     prev = 0x9cf55e4
>   },
>   members of omni::giopRope:
>   pd_refcount = 1,
>   pd_addresses = {
>     start = 0xebb1fd28,
>     finish = 0xebb1fd30,
>     end_of_storage = 0xebb1fd30
>   },
>   pd_ior_addr_size = 1,
>   pd_addresses_order = {
>     start = 0xebb06160,
>     finish = 0xebb06164,
>     end_of_storage = 0xebb06164
>   },
>   pd_address_in_use = 0,
>   pd_maxStrands = 5,
>   pd_oneCallPerConnection = true,
>   pd_nwaiting = 0,
>   pd_cond = {
>     <omni_condition> = {
>       mutex = 0x9c2e1e0,
>       posix_cond = {
>         __data = {
>           __lock = 0,
>           __futex = 0,
>           __total_seq = 0,
>           __wakeup_seq = 0,
>           __woken_seq = 0,
>           __mutex = 0x0,
>           __nwaiters = 0,
>           __broadcast_seq = 0
>         },
>         __size = '\000' <repeats 44 times>, "!\000\000",
>         __align = 0
>       }
>     }, <No data fields>},
>   pd_flags = 0,
>   pd_ior_flags = 0,
>   pd_offerBiDir = false,
>   pd_addrs_filtered = false,
>   pd_filtering = true,
>   static ropes = {
>     next = 0x9c53f5c,
>     prev = 0xeae3b804
>   }
> }
> 
> Greetings,
>   Michael
> 
> 
> 
> 
> _______________________________________________
> omniORB-list mailing list
> omniORB-list at omniorb-support.com
> http://www.omniorb-support.com/mailman/listinfo/omniorb-list
>

More information about the omniORB-list mailing list