Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash when a ipv4 packet is received #6

Closed
io4 opened this issue May 25, 2017 · 5 comments
Closed

Crash when a ipv4 packet is received #6

io4 opened this issue May 25, 2017 · 5 comments

Comments

@io4
Copy link

io4 commented May 25, 2017

When a ipv4 packet is sent (I reply successfully to ARP), node has a crash:

*** Error in `node': double free or corruption (!prev): 0x000055a74504ab30 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7908b)[0x7f436149208b]
/lib/x86_64-linux-gnu/libc.so.6(+0x826fa)[0x7f436149b6fa]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f436149f12c]
node(_ZN2v88internal18ArrayBufferTracker18FreeDeadInNewSpaceEPNS0_4HeapE+0x13c)[0x55a74266d50c]
node(_ZN2v88internal4Heap8ScavengeEv+0x189b)[0x55a74268e43b]
node(_ZN2v88internal4Heap24PerformGarbageCollectionENS0_16GarbageCollectorENS_15GCCallbackFlagsE+0x119)[0x55a74268ecf9]
node(_ZN2v88internal4Heap14CollectGarbageENS0_16GarbageCollectorENS0_23GarbageCollectionReasonEPKcNS_15GCCallbackFlagsE+0x153)[0x55a74268f7c3]
node(_ZN2v88internal7Factory15NewFillerObjectEibNS0_15AllocationSpaceE+0x7f)[0x55a74263a9cf]
node(_ZN2v88internal26Runtime_AllocateInNewSpaceEiPPNS0_6ObjectEPNS0_7IsolateE+0x78)[0x55a742941bc8]
[0x37977ff843a7]
@Dagrut
Copy link
Contributor

Dagrut commented May 26, 2017

Could you give us some more information please? :

  • What is your nodejs version?
  • What is your tuntap configuration object?
  • Does it crash on the input or output (When the packet goes from the network to nodejs, or from nodejs to the network?).

The best thing would be a complete example producing this crash, of course :-) .

@io4
Copy link
Author

io4 commented May 26, 2017

Node version: v7.8.0
As I send no sort of reply to IPv4 I assume its a input error.

The example causing crash: https://pastebin.com/nubUuG4M
The crash happens a second after I try to send packets to "192.168.100.2"

@Dagrut
Copy link
Contributor

Dagrut commented May 29, 2017
edited
Loading

Okay, thanks!

It seems that I can have this bug on node v7, but it doesnt crash on node v6. This may be a specific problem to this nodejs version.
I'll look closer at it :-)

Edit: Also FYI I had to replace ** by Math.pow() to make it work with v6.

@Dagrut
Copy link
Contributor

Dagrut commented May 29, 2017

I nailed down the problem, it comes from void Tuntap::do_read() in tuntap.cc. It seems that having a scope here is "confusing"? the garbage collector. Just calling node::Buffer::New and then leaving causes this bug too. It seems that the newly created buffer is freed twice by node.

I also found that the bug happens in node v6, but I have to use --expose_gc and global.gc(); to force garbage collection and make it crash.

I just don't know if and how I can fix it, I'll try to report it to the nodejs team.

@Dagrut Dagrut mentioned this issue May 29, 2017
Closed
@Dagrut
Copy link
Contributor

Dagrut commented May 29, 2017

Thanks to @bnoordhuis, I fixed it in commit 08f6ec4 . I pushed it to npm [email protected] . 😃

@Dagrut Dagrut closed this as completed May 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dagrut @io4