[Ns-bugs] [Bug 130] New: Segfault when deleting a TCP socket in the "connection fail callback"

bugzilla-daemon@nsnam-www.ece.gatech.edu bugzilla-daemon at nsnam-www.ece.gatech.edu
Mon Feb 4 10:47:50 PST 2008 

http://www.nsnam.org/bugzilla/show_bug.cgi?id=130

           Summary: Segfault when deleting a TCP socket in the "connection
                    fail callback"
           Product: ns-3
           Version: pre-release
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: internet-node
        AssignedTo: ns-bugs at isi.edu
        ReportedBy: gjcarneiro at gmail.com


I have a script that removes the last reference to a TCP socket during the
"connection failed callback".  That causes a subsequent segmentation fault. 
Valgrind trace follows:

TCP connection failed.
==10582== Invalid read of size 8
==10582==    at 0x522792D: ns3::TcpSocket::ReTxTimeout() (tcp-socket.cc:992)
==10582==    by 0x52247E5: ns3::Ptr<ns3::EventImpl>
ns3::Simulator::MakeEvent<void (ns3::TcpSocket::*)(), ns3::TcpSocket*>(void
(ns3::TcpSocket::*)(), ns3::TcpSocket*)::EventMemberImpl0::Notify()
(simulator.h:661)
==10582==    by 0x5164346: ns3::EventImpl::Invoke() (event-impl.cc:39)
==10582==    by 0x516C159: ns3::SimulatorPrivate::ProcessOneEvent()
(simulator.cc:155)
==10582==    by 0x516C1A1: ns3::SimulatorPrivate::Run() (simulator.cc:183)
==10582==    by 0x516C2E2: ns3::Simulator::Run() (simulator.cc:418)
==10582==    by 0x40C442: main (bench-olsr.cc:750)
==10582==  Address 0x67fb660 is 0 bytes inside a block of size 408 free'd
==10582==    at 0x4C2162D: operator delete(void*) (vg_replace_malloc.c:336)
==10582==    by 0x522D253: ns3::TcpSocket::~TcpSocket() (tcp-socket.cc:101)
==10582==    by 0x5109A49: ns3::Object::MaybeDelete() const (object.cc:512)
==10582==    by 0x41107A: ns3::Object::Unref() const (object.h:437)
==10582==    by 0x4110A4: ns3::Ptr<ns3::Socket>::~Ptr() (ptr.h:402)
==10582==    by 0x51E6BA9: ns3::Socket::NotifyConnectionFailed()
(socket.cc:143)
==10582==    by 0x5227240: ns3::TcpSocket::Retransmit() (tcp-socket.cc:1030)
==10582==    by 0x52279CB: ns3::TcpSocket::ReTxTimeout() (tcp-socket.cc:999)
==10582==    by 0x52247E5: ns3::Ptr<ns3::EventImpl>
ns3::Simulator::MakeEvent<void (ns3::TcpSocket::*)(), ns3::TcpSocket*>(void
(ns3::TcpSocket::*)(), ns3::TcpSocket*)::EventMemberImpl0::Notify()
(simulator.h:661)
==10582==    by 0x5164346: ns3::EventImpl::Invoke() (event-impl.cc:39)
==10582== 
==10582== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==10582==  Bad permissions for mapped region at address 0x61D9F0
==10582==    at 0x61D9F0: ???
==10582==    by 0x52247E5: ns3::Ptr<ns3::EventImpl>
ns3::Simulator::MakeEvent<void (ns3::TcpSocket::*)(), ns3::TcpSocket*>(void
(ns3::TcpSocket::*)(), ns3::TcpSocket*)::EventMemberImpl0::Notify()
(simulator.h:661)
==10582==    by 0x5164346: ns3::EventImpl::Invoke() (event-impl.cc:39)
==10582==    by 0x516C159: ns3::SimulatorPrivate::ProcessOneEvent()
(simulator.cc:155)
==10582==    by 0x516C1A1: ns3::SimulatorPrivate::Run() (simulator.cc:183)
==10582==    by 0x516C2E2: ns3::Simulator::Run() (simulator.cc:418)
==10582==    by 0x40C442: main (bench-olsr.cc:750)
==10582==


-- 
Configure bugmail: http://www.nsnam.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Ns-bugs mailing list