Ticket #263 (closed crash: fixed)

Opened 2 months ago

Last modified 6 weeks ago

Fix crash with direct connections

Reported by: diederik Owned by: diederik
Priority: critical Milestone: kmess-2.0
Component: Protocol - P2P/DC Version: 2.0-alpha
Keywords: Cc:

Description

Creating a ticket so I won't forget.

What confuses me is the (this=0xffffff85) line, which indicates the calling code has some pointer set very wrong. 

kmess(30359) ApplicationList::sendMessage: there is a direct connection object, test if the socket is still connected and not timed out.                                                                      
WARNING: kmess(30359) CrashHandler::kmessCrashed: "KMess crashed! -- this should not happen.           
Please submit a report at http://www.kmess.org/board/.                                                 

Application version: 2.0alpha-svn (3345 >= 20080624)
Compiled at: KDE 4.00.82 (KDE 4.0.82 >= 20080610) "release 3.5", Qt 4.4.0
Running at:  KDE 4.00.82 (KDE 4.0.82 >= 20080610) "release 3.5", Qt 4.4.0
"                                                                        
kmess(30729) CrashHandler::kmessCrashed: Running gdb for binary "/usr/local/bin/kmess" pid 30359
kmess(30729) CrashHandler::kmessCrashed: full gdb command: "gdb --quiet --batch --nw --nx --ex 'set width 0' --ex 'set height 0' --ex 'echo \n==== (gdb) bt ====\n' --ex bt /usr/local/bin/kmess 30359"       
[Thread debugging using libthread_db enabled]                                                          
[New Thread 0xb5e1a6d0 (LWP 30359)]                                                                    
[New Thread 0xb44bdb90 (LWP 30361)]                                                                    
0xffffe430 in __kernel_vsyscall ()                                                                     

==== (gdb) bt ====
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6e14bab in waitpid () from /lib/libpthread.so.0
#2  0x0815c70a in CrashHandler::kmessCrashed (signal=11) at /home/adria/apps/kmess/src/utils/crashhandler.cpp:105                                                                                             
#3  <signal handler called>                                                                            
#4  0x081213c5 in DirectConnectionPool::verifyActiveConnection (this=0xffffff85) at /home/adria/apps/kmess/src/network/extra/directconnectionpool.cpp:448                                                     
#5  0x080f376b in ApplicationList::sendMessage (this=0x9028b18, source=0x9310c58, header=@0xbfd126e8, messageData=@0xbfd127c4, footerCode=0) at /home/adria/apps/kmess/src/network/applications/applicationlist.cpp:1511                                                                                             
#6  0x08104ee6 in P2PApplicationBase::sendP2PMessage (this=0x9310c58, messageData=@0xbfd127c4, flagField=4, footerCode=0, messageType=P2PApplicationBase::P2P_MSG_UNKNOWN, messageID=1094886) at /home/adria/apps/kmess/src/network/applications/p2papplicationbase.cpp:1788                                         
#7  0x081056a5 in P2PApplicationBase::sendP2PWaitingError (this=0x9310c58) at /home/adria/apps/kmess/src/network/applications/p2papplicationbase.cpp:1880                                                     
#8  0x08105996 in P2PApplicationBase::slotCleanup (this=0x9310c58) at /home/adria/apps/kmess/src/network/applications/p2papplicationbase.cpp:2094
#9  0x08105a21 in P2PApplicationBase::qt_metacall (this=0x9310c58, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfd128f8) at /home/adria/apps/kmess/build/src/p2papplicationbase.moc:65
#10 0x0810eebc in P2PApplication::qt_metacall (this=0x9310c58, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0xbfd128f8) at /home/adria/apps/kmess/build/src/p2papplication.moc:64
#11 0xb6ff43fa in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#12 0xb6ff4972 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#13 0xb70299a7 in QTimer::timeout () from /usr/lib/libQtCore.so.4
#14 0xb6ffbabe in QTimer::timerEvent () from /usr/lib/libQtCore.so.4
#15 0xb6ff0d1f in QObject::event () from /usr/lib/libQtCore.so.4
#16 0xb64d0ecc in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4
#17 0xb64d731e in QApplication::notify () from /usr/lib/libQtGui.so.4
#18 0xb7b6f09d in KApplication::notify () from /usr/lib/libkdeui.so.5
#19 0xb6fe2b51 in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4
#20 0xb700b181 in ?? () from /usr/lib/libQtCore.so.4
#21 0xb700b3fb in QEventDispatcherUNIX::processEvents () from /usr/lib/libQtCore.so.4
#22 0xb655b0a2 in ?? () from /usr/lib/libQtGui.so.4
#23 0xb6fe12ca in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#24 0xb6fe148a in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#25 0xb6fe366d in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#26 0xb64d0d47 in QApplication::exec () from /usr/lib/libQtGui.so.4
#27 0x081a222b in main (argc=1, argv=0xbfd13624) at /home/adria/apps/kmess/src/main.cpp:173

Attachments

kmessdebug.log (71.5 kB) - added by diederik 6 weeks ago.
Debug log by swiftscythe, stripped and anonymized

Change History

Changed 2 months ago by diederik

  • status changed from new to assigned

Changed 2 months ago by diederik

  • priority changed from major to critical

This seams more serious then I thought.

Also reported at http://www.kmess.org/board/viewtopic.php?f=4&t=3256

I guess the direct connection is deleted somewhere earlier, and the ApplicationList did not got any notice from it.

Changed 6 weeks ago by diederik

I'm working on this, but it will take some time..

Changed 6 weeks ago by diederik

  • status changed from assigned to closed
  • resolution set to fixed

This should be fixed now in r3524.

The root of the problem is found in the "temporary P2PApplication" instance which is created to handle an invalid packet.

Changed 6 weeks ago by diederik

Additional fix in r3525.

Changed 6 weeks ago by diederik

This bug problem was not visible before because it was triggered by our recently added support for reverse invitations. I've backported it to KMess 1.5.x as well, just in case (r2527).

Changed 6 weeks ago by diederik

Debug log by swiftscythe, stripped and anonymized

Note: See TracTickets for help on using tickets.