search

CESNET / libnetconf2

C NETCONF library
BSD 3-Clause "New" or "Revised" License
203 stars 147 forks source link

Crash in netopeer server-2 #100

Closed shishirpandey29 closed 2 years ago

shishirpandey29 commented 6 years ago

Hi , I observed crash in netopeer-server2 . setup details :
1) libnetconf2-0.11-r1 2) Netopeer2-0.5-r1 3) sysrepo-0.7.4/

backtrace : gdb) bt

0 0x00007f4a241a32b0 in nc_session_free (session=0x7f4a140033c0, data_free=0x407bff )

at /home/test/libnetconf2-0.11-r1/src/session.c:713

1 0x0000000000408f60 in np2srv_del_session_clb (session=0x7f4a140033c0)

at /home/test/Netopeer2-0.5-r1/server/main.c:756

2 0x000000000040a6b6 in worker_thread (arg=0x1bf8830)

at /home/test/Netopeer2-0.5-r1/server/main.c:1302

3 0x00007f4a232d2e25 in start_thread () from /lib64/libpthread.so.0

4 0x00007f4a2265734d in clone () from /lib64/libc.so.6

local struct info at time of crash gdb) info locals r = 1 i = 19999 rpc_locked = 1 sock = -1 connected = 1 multisession = 1 siter = 0x0

Analysis : 1)libnetconf2-0.11-r1 maintains circular linked list of netconf sessions over same ssh .

2)In issue , multiple netconf sessions were created over same ssh as multisession = 1. I think, two netconf session over same ssh.

3)At line number 706 in libnetconf2-0.11-r1/src/session.c, in case of there are two netconf sessions over same ssh, libnetconf2-0.11-r1 marks siter->ti.libssh.next = NULL; At this step, netconf session list over same ssh is no more circular list.

4)At line number 713 in libnetconf2-0.11-r1/src/session.c, try to find out context of existed netconf session having status NC_STATUS_RUNNING for setting ssh call back, and while iterating over netconf session list , try to access siter->ti.libssh.next (made it NULL at line number 706) and crash occurred at siter->status != NC_STATUS_RUNNING at line number 713.

code : libnetconf2-0.11-r1/src/session.c: 706 siter->ti.libssh.next = NULL; 707 } else { 708 / there are still multiple sessions, keep the ring list / 709 siter->ti.libssh.next = session->ti.libssh.next; 710 } 711 / change nc_sshcb_msg() argument, we need a RUNNING session and this one will be freed / 712 if (session->flags & NC_SESSION_SSH_MSG_CB) { 713 for (siter = session->ti.libssh.next; siter->status != NC_STATUS_RUNNING; siter = si ter->ti.libssh.next) { 714 if (siter->ti.libssh.next == session) { 715 ERRINT; 716 break; 717 } 718 }

Please check it once.

Regards Shishir

michalvasko commented 6 years ago

Hi Shishir, seems like a duplicate of #92, should be fixed by e50b6b115732b26ac89c0ab4e75c3e68d64f76ac. Please, do not create issues unless you encounter a problem on current devel or master branch.

Regards, Michal

achrc commented 6 years ago

Hi,

I have the same issue in the same versions of the code. The above fix does not solve the issue. In my case connected = 0.

Best Regards Anne

michalvasko commented 6 years ago

Hi Anne, firstly, what same versions of the code? Unless you have the current version (libnetconf2 0.12.27) I will not help you with any issues.

Secondly, do you have the same stack trace as was posted here? Whether the session is connected or not should not matter. Most helpful would be if you could post the stack trace of all the threads after the crash.

Regards, Michal

achrc commented 6 years ago

Hi Michal,

Same versions of code: libnetconf2-0.11-r1 Netopeer2-0.5-r1 sysrepo-0.7.4/

I can try to upgrade the libnetconf, but I guess that requires upgrades of the other versions also.

I have same stack trace and same analysis. I can add that there is only one element in the list and that the status is CLOSING for that element in my case. When the list is iterated the next element is NULL.

I will see if I can get the information you request.

Best Regards Anne

From: Michal Vasko [mailto:notifications@github.com] Sent: 19. oktober 2018 14:29 To: CESNET/libnetconf2 libnetconf2@noreply.github.com Cc: Anne Christensen Anne.Christensen@mtigroup.com; Comment comment@noreply.github.com Subject: Re: [CESNET/libnetconf2] Crash in netopeer server-2 (#100)

Hi Anne, firstly, what same versions of the code? Unless you have the current version (libnetconf2 0.12.27) I will not help you with any issues.

Secondly, do you have the same stack trace as was posted here? Whether the session is connected or not should not matter. Most helpful would be if you could post the stack trace of all the threads after the crash.

Regards, Michal

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/CESNET/libnetconf2/issues/100#issuecomment-431346527, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Aggw41bZb5uhsvdEKZIvgcSx02TuuRZfks5umcWTgaJpZM4Xb_of.

=== MICROELECTRONICS TECHNOLOGY INC. === This message (and any attachments) may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please destroy the message or delete it from your system immediately and notify the sender.