deallocation issue in fd-netdevice
After a3349a59 we're having non-consistent crashes in src/fd-net-device/examples/dummy-network.cc
.
I have been able to reproduce the problem, but it's (apparently) quite random. Sometimes it happens, sometimes it doesn't.
The "problem" is exactly in the added object deletion logic. I changed it to add some debug statements and now it looks like:
CriticalSection cs (m_deviceStopMutex);
for (auto index = 0; index < m_pendingQueue.size (); index++)
{
std::pair<uint8_t *, ssize_t> next = m_pendingQueue.front ();
std::cout << m_pendingQueue.size () << " - Trying to deallocate " << (void *) (next.first)
<< " size " << next.second << std::endl;
if (next.first)
FreeBuffer (next.first);
m_pendingQueue.pop ();
}
The CriticalSection cs (m_deviceStopMutex);
is new - I was wondering if it could have been a concurrency issue. It isn't.
The output (when the problem happens) looks like:
PING 10.0.0.1 - 56 bytes of data - 84 bytes including ICMP and IPv4 headers.
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=+2000ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=+1000ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=+0ms
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time +4000ms
rtt min/avg/max/mdev = 0/1000/2000/1000 ms
1 - Trying to deallocate 0x7fdb9201d000 size 98
18446744073709551615 - Trying to deallocate 0x0 size 0
18446744073709551614 - Trying to deallocate 0x0 size 0
18446744073709551613 - Trying to deallocate 0x0 size 0
18446744073709551612 - Trying to deallocate 0x0 size 0
18446744073709551611 - Trying to deallocate 0x0 size 0
18446744073709551610 - Trying to deallocate 0x0 size 0
18446744073709551609 - Trying to deallocate 0x0 size 0
Problem is: why?
----- spoiler alert: I know why.