Bug 213819

Summary: crash probably related to DHT, in dht::UnpackBucketEntry
Product: [Applications] ktorrent Reporter: Jonathan Marten <jjm>
Component: generalAssignee: Joris Guisson <joris.guisson>
Status: RESOLVED FIXED    
Severity: crash CC: email.xenophon, emmanuel.surleau, mg, nomen.infitior
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Jonathan Marten 2009-11-09 09:16:14 UTC 
Version:            (using Devel)
Compiler:          gcc version 4.2.4 (Gentoo 4.2.4 p1.0)
 
OS:                Linux
Installed from:    Compiled sources

This has happened twice, on the same torrent - downloading works correctly for a long time (several hours) and then crashes without any other indications.  Looking at the code it seems to be trying to process something related to IPv6, but the system does not have any IPv6 interfaces configured.  The only relevant message on stderr is:

terminate called after throwing an instance of 'bt::Error'

Even if this is bad information received from a peer, the application should not really crash in this case.
Comment 1 Joris Guisson 2009-11-09 19:44:54 UTC 
Version ? Backtrace ?
Comment 2 Jonathan Marten 2009-11-09 20:36:10 UTC 
Oops, forgot to include the backtrace!  SVN r1046635.

Application: KTorrent (ktorrent), signal: Aborted
[Current thread is 0 (LWP 5444)]

Thread 6 (Thread 0xb3ac8b90 (LWP 5452)):
#0  0xb80e0424 in __kernel_vsyscall ()
#1  0xb71308a5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb71c9648 in QMutexPrivate::wait (this=0x9a60a70, timeout=-1) at thread/qmutex_unix.cpp:84
#3  0xb71c3bdd in QMutex::lock (this=0x9a5f0e4) at thread/qmutex.cpp:205
#4  0xb7fce7f9 in QMutexLocker::relock (this=0xb3ac8258) at /ws/trunk/inst/include/QtCore/qmutex.h:120
#5  0xb8043c8d in dht::RPCServerThread::handlePacket (this=0x9a5f0d8) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/rpcserver.cpp:62
#6  0xb8043f87 in dht::RPCServerThread::run (this=0x9a5f0d8) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/rpcserver.cpp:109
#7  0xb71ca0ff in QThreadPrivate::start (arg=0x9a5f0d8) at thread/qthread_unix.cpp:244
#8  0xb712c16b in start_thread () from /lib/libpthread.so.0
#9  0xb651287e in clone () from /lib/libc.so.6

Thread 5 (Thread 0xaf167b90 (LWP 5463)):
#0  0xb80e0424 in __kernel_vsyscall ()
#1  0xb71308a5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb71cab44 in QWaitCondition::wait (this=0xa016338, mutex=0xa016334, time=4294967295) at thread/qwaitcondition_unix.cpp:87
#3  0xb779c37f in QHostInfoAgent::run (this=0xa016328) at kernel/qhostinfo.cpp:252
#4  0xb71ca0ff in QThreadPrivate::start (arg=0xa016328) at thread/qthread_unix.cpp:244
#5  0xb712c16b in start_thread () from /lib/libpthread.so.0
#6  0xb651287e in clone () from /lib/libc.so.6

Thread 4 (Thread 0xae966b90 (LWP 5464)):
#0  0xb80e0424 in __kernel_vsyscall ()
#1  0xb7130bd2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb71c9910 in thread_sleep (ti=0xae966284) at thread/qthread_unix.cpp:394
#3  0xb71c9a3f in QThread::msleep (msecs=<value optimized out>) at thread/qthread_unix.cpp:420
#4  0xb7fd0252 in net::DownloadThread::update (this=0x9a3c618) at /ws/trunk/extragear/network/ktorrent/libbtcore/net/downloadthread.cpp:110
#5  0xb7fd1858 in net::NetworkThread::run (this=0x9a3c618) at /ws/trunk/extragear/network/ktorrent/libbtcore/net/networkthread.cpp:48
#6  0xb71ca0ff in QThreadPrivate::start (arg=0x9a3c618) at thread/qthread_unix.cpp:244
#7  0xb712c16b in start_thread () from /lib/libpthread.so.0
#8  0xb651287e in clone () from /lib/libc.so.6

Thread 3 (Thread 0xae165b90 (LWP 5465)):
#0  0xb80e0424 in __kernel_vsyscall ()
#1  0xb71308a5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb71cab44 in QWaitCondition::wait (this=0x9a3c9b0, mutex=0x9a3c9b4, time=4294967295) at thread/qwaitcondition_unix.cpp:87
#3  0xb7fcf626 in net::UploadThread::update (this=0x9a3c978) at /ws/trunk/extragear/network/ktorrent/libbtcore/net/uploadthread.cpp:73
#4  0xb7fd1858 in net::NetworkThread::run (this=0x9a3c978) at /ws/trunk/extragear/network/ktorrent/libbtcore/net/networkthread.cpp:48
#5  0xb71ca0ff in QThreadPrivate::start (arg=0x9a3c978) at thread/qthread_unix.cpp:244
#6  0xb712c16b in start_thread () from /lib/libpthread.so.0
#7  0xb651287e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xad964b90 (LWP 5466)):
#0  0xb80e0424 in __kernel_vsyscall ()
#1  0xb71308a5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb71cab44 in QWaitCondition::wait (this=0xa071cac, mutex=0xa071ca8, time=4294967295) at thread/qwaitcondition_unix.cpp:87
#3  0xb7fd58bb in net::ReverseResolverThread::run (this=0xa071ca0) at /ws/trunk/extragear/network/ktorrent/libbtcore/net/reverseresolver.cpp:120
#4  0xb71ca0ff in QThreadPrivate::start (arg=0xa071ca0) at thread/qthread_unix.cpp:244
#5  0xb712c16b in start_thread () from /lib/libpthread.so.0
#6  0xb651287e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb563e920 (LWP 5444)):
[KCrash Handler]
#6  0xb80e0424 in __kernel_vsyscall ()
#7  0xb6474125 in raise () from /lib/libc.so.6
#8  0xb6475931 in abort () from /lib/libc.so.6
#9  0xb666e7a0 in __gnu_cxx::__verbose_terminate_handler () from /usr/lib/gcc/i686-pc-linux-gnu/4.2.4/libstdc++.so.6
#10 0xb666c0a5 in ?? () from /usr/lib/gcc/i686-pc-linux-gnu/4.2.4/libstdc++.so.6
#11 0xb666c0e2 in std::terminate () from /usr/lib/gcc/i686-pc-linux-gnu/4.2.4/libstdc++.so.6
#12 0xb666c20a in __cxa_throw () from /usr/lib/gcc/i686-pc-linux-gnu/4.2.4/libstdc++.so.6
#13 0xb803fcae in dht::UnpackBucketEntry (ba=@0xe656f44, off=0, ip_version=6) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/pack.cpp:81
#14 0xb8033128 in dht::NodeLookup::callFinished (this=0xa6376d0, rsp=0xe65f910) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/nodelookup.cpp:66
#15 0xb804892c in dht::Task::onResponse (this=0xa6376d0, c=0xe6bca00, rsp=0xe65f910) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/task.cpp:68
#16 0xb8048064 in dht::RPCCallListener::qt_metacall (this=0xa6376d0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfa6dd1c)
    at /ws/BUILD.keelhaul/extragear-trunk-BUILD/network/ktorrent/libbtcore/rpccall.moc:75
#17 0xb8048d12 in dht::Task::qt_metacall (this=0xa6376d0, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfa6dd1c) at /ws/BUILD.keelhaul/extragear-trunk-BUILD/network/ktorrent/libbtcore/task.moc:73
#18 0xb72fa3f0 in QMetaObject::metacall (object=0xa6376d0, cl=QMetaObject::InvokeMetaMethod, idx=4, argv=0xbfa6dd1c) at kernel/qmetaobject.cpp:237
#19 0xb730b90b in QMetaObject::activate (sender=0xe6bca00, m=0xb80b6334, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3395
#20 0xb8047fbd in dht::RPCCall::onCallResponse (this=0xe6bca00, _t1=0xe6bca00, _t2=0xe65f910) at /ws/BUILD.keelhaul/extragear-trunk-BUILD/network/ktorrent/libbtcore/rpccall.moc:155
#21 0xb8047feb in dht::RPCCall::response (this=0xe6bca00, rsp=0xe65f910) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/rpccall.cpp:62
#22 0xb80408e9 in dht::RPCServer::handlePackets (this=0x9a5f540) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/rpcserver.cpp:229
#23 0xb802f5ab in dht::DHT::update (this=0x9a616b0) at /ws/trunk/extragear/network/ktorrent/libbtcore/dht/dht.cpp:334
#24 0xb802f3d7 in dht::DHT::qt_metacall (this=0x9a616b0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfa6de68) at /ws/BUILD.keelhaul/extragear-trunk-BUILD/network/ktorrent/libbtcore/dht.moc:76
#25 0xb72fa3f0 in QMetaObject::metacall (object=0x9a616b0, cl=QMetaObject::InvokeMetaMethod, idx=6, argv=0xbfa6de68) at kernel/qmetaobject.cpp:237
#26 0xb730b90b in QMetaObject::activate (sender=0x9a616ec, m=0xb73ce664, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3395
#27 0xb7369815 in QTimer::timeout (this=0x9a616ec) at .moc/debug-shared/moc_qtimer.cpp:134
#28 0xb73152c0 in QTimer::timerEvent (this=0x9a616ec, e=0xbfa6e3b8) at kernel/qtimer.cpp:271
#29 0xb7307b1c in QObject::event (this=0x9a616ec, e=0xbfa6e3b8) at kernel/qobject.cpp:1210
#30 0xb67ffe4d in QApplicationPrivate::notify_helper (this=0x9a656c0, receiver=0x9a616ec, e=0xbfa6e3b8) at kernel/qapplication.cpp:4251
#31 0xb6802432 in QApplication::notify (this=0xbfa6e628, receiver=0x9a616ec, e=0xbfa6e3b8) at kernel/qapplication.cpp:4216
#32 0xb7a13917 in KApplication::notify (this=0xbfa6e628, receiver=0x9a616ec, event=0xbfa6e3b8) at /ws/trunk/kdelibs/kdeui/kernel/kapplication.cpp:302
#33 0xb72f32bd in QCoreApplication::notifyInternal (this=0xbfa6e628, receiver=0x9a616ec, event=0xbfa6e3b8) at kernel/qcoreapplication.cpp:704
#34 0xb73280a3 in QTimerInfoList::activateTimers (this=0x9a65f50) at kernel/qcoreapplication.h:215
#35 0xb732940c in QEventDispatcherUNIX::processEvents (this=0x9a5b628, flags=@0xbfa6e528) at kernel/qeventdispatcher_unix.cpp:924
#36 0xb68c3271 in QEventDispatcherX11::processEvents (this=0x9a5b628, flags=@0xbfa6e55c) at kernel/qeventdispatcher_x11.cpp:152
#37 0xb72f23a1 in QEventLoop::processEvents (this=0xbfa6e5c0, flags=@0xbfa6e598) at kernel/qeventloop.cpp:149
#38 0xb72f261d in QEventLoop::exec (this=0xbfa6e5c0, flags=@0xbfa6e5c8) at kernel/qeventloop.cpp:197
#39 0xb72f511a in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#40 0xb67fd044 in QApplication::exec () at kernel/qapplication.cpp:3590
#41 0x0806887f in main (argc=5, argv=0xbfa6e9d4) at /ws/trunk/extragear/network/ktorrent/ktorrent/main.cpp:172
Comment 3 Joris Guisson 2009-11-09 21:30:06 UTC 
SVN commit 1046842 by guisson:

Make sure exceptions in DHT code are caught, fixes a crash 

BUG: 213819


 M  +3 -0      ChangeLog  
 M  +22 -8     libbtcore/dht/announcetask.cpp  
 M  +17 -9     libbtcore/dht/dht.cpp  
 M  +22 -8     libbtcore/dht/nodelookup.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1046842
Comment 4 Joris Guisson 2009-11-09 21:34:55 UTC 
It seems a peer was sending bad data, this resulted in an exception being thrown which wasn't caught. So the solution is simple, catch the exceptions and ignore the bad data.
Comment 5 Marcin Gryszkalis 2009-11-11 13:03:22 UTC 
*** Bug 214096 has been marked as a duplicate of this bug. ***
Comment 6 Joris Guisson 2009-11-15 13:37:36 UTC 
*** Bug 214103 has been marked as a duplicate of this bug. ***
Comment 7 Dario Andres 2009-11-17 14:38:29 UTC 
*** Bug 214925 has been marked as a duplicate of this bug. ***
Comment 8 Joris Guisson 2009-11-21 12:11:03 UTC 
*** Bug 215525 has been marked as a duplicate of this bug. ***