Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bus fault in mqtt3_subs_clean_session with musl libc (openwrt) #32

Closed
ralight opened this issue Mar 15, 2016 · 0 comments
Closed

bus fault in mqtt3_subs_clean_session with musl libc (openwrt) #32

ralight opened this issue Mar 15, 2016 · 0 comments
Labels
Type: Bug

Comments

@ralight
Copy link
Contributor

ralight commented Mar 15, 2016

migrated from Bugzilla #475707
status CLOSED severity normal in component Mosquitto for 1.4
Reported in version 1.4 on platform PC
Assigned to: Roger Light

Original attachment names and IDs:

On 2015-08-24 09:34:57 -0400, Karl Palsson wrote:

Presumably tied to openwrt's switch to musl libc, but I haven't rebuilt it all with uclibc again. Reported with 1.4.2 and confirmed with 1.4.3 as well.

Starting the broker as just "mosquitto -v" (no config file) and then publishing a single message from a remote client (mosquitto_sub) is sufficient to crash the broker with a bus fault.

Program received signal SIGBUS, Bus error.
0x77f78b30 in malloc_usable_size ()
from /home/karlp/src/openwrt-trunk-upstream/scripts/../staging_dir/target-mips_34kc_musl-1.1.10/root-ar71xx/lib/ld-musl-mips-sf.so.1
(gdb) bt
Python Exception <type 'exceptions.ImportError'> No module named gdb.frames:

0 0x77f78b30 in malloc_usable_size ()

from /home/karlp/src/openwrt-trunk-upstream/scripts/../staging_dir/target-mips_34kc_musl-1.1.10/root-ar71xx/lib/ld-musl-mips-sf.so.1

1 0x00408ca2 in _mosquitto_free (mem=0x0) at ../lib/memory_mosq.c:57

2 0x0041007c in mqtt3_subs_clean_session (db=db@entry=0x428280 <int_db>, context=context@entry=0x77d81290) at subs.c:631

3 0x00407208 in mqtt3_context_cleanup (db=db@entry=0x428280 <int_db>, context=0x77d81290, do_free=do_free@entry=true)

at context.c:138

4 0x00407454 in mosquitto__free_disused_contexts (db=db@entry=0x428280 <int_db>) at context.c:224

5 0x004085ae in mosquitto_main_loop (db=db@entry=0x428280 <int_db>, listensock=listensock@entry=0x77ff2ad0,

listensock_count=listensock_count@entry=2, listener_max=listener_max@entry=4) at loop.c:130

6 0x00402f1e in main (argc=, argv=) at mosquitto.c:366

(gdb) up

1 0x00408ca2 in _mosquitto_free (mem=0x0) at ../lib/memory_mosq.c:57

57 memcount -= malloc_usable_size(mem);
(gdb) up

2 0x0041007c in mqtt3_subs_clean_session (db=db@entry=0x428280 <int_db>, context=context@entry=0x77d81290) at subs.c:631

631 _mosquitto_free(context->subs);
(gdb) info locals
i = 0
leaf =
hier =
(gdb) info args
db = 0x428280 <int_db>
context = 0x77d81290
(gdb) p *context
$1 = {sock = -1, protocol = mosq_p_mqtt31, address = 0x77d811d0 "192.168.255.124", id = 0x0, username = 0x0,
password = 0x0, keepalive = 60, last_mid = 0, state = mosq_cs_disconnected, last_msg_in = 2660, last_msg_out = 2660,
ping_t = 0, in_packet = {payload = 0x0, next = 0x0, remaining_mult = 1, remaining_length = 0, packet_length = 0,
to_process = 0, pos = 0, mid = 0, command = 0 '\000', remaining_count = 0 '\000'}, current_out_packet = 0x0,
out_packet = 0x0, will = 0x0, ssl = 0x0, ssl_ctx = 0x0, tls_cafile = 0x0, tls_capath = 0x0, tls_certfile = 0x0,
tls_keyfile = 0x0, tls_pw_callback = 0x0, tls_version = 0x0, tls_ciphers = 0x0, tls_psk = 0x0, tls_psk_identity = 0x0,
tls_cert_reqs = 0, tls_insecure = false, want_write = false, want_connect = false, clean_session = true,
is_dropping = false, is_bridge = false, bridge = 0x0, msgs = 0x0, last_msg = 0x0, msg_count = 0, msg_count12 = 0,
acl_list = 0x0, listener = 0x0, disconnect_t = 1440421836, out_packet_last = 0x0, subs = 0x0, sub_count = 0,
pollfd_index = 2, ws_context = 0x0, wsi = 0x0, hh_id = {tbl = 0x77d81560, prev = 0x0, next = 0x0, hh_prev = 0x0,
hh_next = 0x0, key = 0x77d81540, keylen = 18, hashv = 974165546}, hh_sock = {tbl = 0x77d811f0, prev = 0x0,
next = 0x0, hh_prev = 0x0, hh_next = 0x0, key = 0x77d81290, keylen = 4, hashv = 1015908205}, for_free_next = 0x0}
(gdb)

Running again, context->subs and context->sub_count are both 0 at entry to this function.

Grossly adding a check on ->subs before the _mosquitto_free call works, but I'm not sure if that's the real fix or not.

On 2015-08-24 15:17:34 -0400, Roger Light wrote:

Created attachment 256079
General fix

On 2015-08-24 16:08:51 -0400, Roger Light wrote:

This is also fixed in the develop branch:

http:https://git.eclipse.org/c/mosquitto/org.eclipse.mosquitto.git/commit/?h=develop&id=SHA: 3f86d31

On 2015-09-16 16:22:10 -0400, Roger Light wrote:

Fixed in the fixes branch as well.
@ralight ralight closed this as completed Mar 15, 2016
@lock lock bot locked as resolved and limited conversation to collaborators Aug 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ralight