Bug 216021

Summary: Kopete crashes when the network connection is lost [QList::*, DNSSD::ServiceBrowserPrivate::gotRemoveService, ..., OrgFreedesktopAvahiServiceBrowserInterface::ItemRemove]
Product: [Unmaintained] kopete Reporter: unapiedra <devoutlytobewished>
Component: generalAssignee: Kopete Developers <kopete-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: crash CC: andresbajotierra, jnelson-kde, jpalecek, kdelibs-bugs, mss, v.plessky
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
Full backtrace showing the nested event loop problem

Description unapiedra 2009-11-24 23:47:04 UTC 
Application that crashed: kopete
Version of the application: 0.80.2
KDE Version: 4.3.2 (KDE 4.3.2)
Qt Version: 4.5.2
Operating System: Linux 2.6.31-14-generic i686
Distribution: Ubuntu 9.10

What I was doing when the application crashed:
The network cable was accidentially pulled out. Then Kopete crashed. Running protocols at that time: ICQ and Bonjour. 

 -- Backtrace:
Application: Kopete (kopete), signal: Segmentation fault
[Current thread is 1 (Thread 0xb76e3700 (LWP 1957))]

Thread 2 (Thread 0xb5f69b70 (LWP 1997)):
#0  0x0048f422 in __kernel_vsyscall ()
#1  0x00a49e15 in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
#2  0x003a378d in __pthread_cond_wait (cond=0xa077430, mutex=0xa077418) at forward.c:139
#3  0x098b6e67 in QWaitConditionPrivate::wait (this=0xa15c5d8, mutex=0xa15c5d4, time=4294967295) at thread/qwaitcondition_unix.cpp:87
#4  QWaitCondition::wait (this=0xa15c5d8, mutex=0xa15c5d4, time=4294967295) at thread/qwaitcondition_unix.cpp:159
#5  0x05bde922 in QHostInfoAgent::run (this=0xa15c5c8) at kernel/qhostinfo.cpp:260
#6  0x098b5e32 in QThreadPrivate::start (arg=0xa15c5c8) at thread/qthread_unix.cpp:188
#7  0x00a4580e in start_thread (arg=0xb5f69b70) at pthread_create.c:300
#8  0x003967ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb76e3700 (LWP 1957)):
[KCrash Handler]
#6  QBasicAtomicInt::operator!= (this=0xb306980, name=..., type=..., domain=...) at /usr/include/qt4/QtCore/qbasicatomic.h:69
#7  QList<KSharedPtr<DNSSD::RemoteService> >::detach (this=0xb306980, name=..., type=..., domain=...) at /usr/include/qt4/QtCore/qlist.h:119
#8  QList<KSharedPtr<DNSSD::RemoteService> >::removeAll (this=0xb306980, name=..., type=..., domain=...) at /usr/include/qt4/QtCore/qlist.h:575
#9  DNSSD::ServiceBrowserPrivate::gotRemoveService (this=0xb306980, name=..., type=..., domain=...) at ../../dnssd/avahi-servicebrowser.cpp:130
#10 0x05137266 in DNSSD::ServiceBrowserPrivate::qt_metacall (this=0xb306980, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbf9eb3b4) at ./avahi-servicebrowser_p.moc:78
#11 0x099bc263 in QMetaObject::activate (sender=0xb81bf80, from_signal_index=9, to_signal_index=9, argv=0xbf9eb3b4) at kernel/qobject.cpp:3113
#12 0x099bcec2 in QMetaObject::activate (sender=0xb81bf80, m=0x514adc4, local_signal_index=4, argv=0xbf9eb3b4) at kernel/qobject.cpp:3187
#13 0x0514661b in OrgFreedesktopAvahiServiceBrowserInterface::ItemRemove (this=0xb81bf80, _t1=2, _t2=0, _t3=..., _t4=..., _t5=..., _t6=4) at avahi_servicebrowser_interface.moc:123
#14 0x0514695e in OrgFreedesktopAvahiServiceBrowserInterface::qt_metacall (this=0xb81bf80, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbf9eb56c) at avahi_servicebrowser_interface.moc:83
#15 0x002797b4 in QDBusConnectionPrivate::deliverCall (this=0xa2a67f0, object=0xb81bf80, msg=..., metaTypes=..., slotIdx=9) at qdbusintegrator.cpp:891
#16 0x00281197 in QDBusCallDeliveryEvent::placeMetaCall(QObject*) () from /usr/lib/libQtDBus.so.4
#17 0x099b65fe in QObject::event (this=0xb81bf80, e=0xb8acb58) at kernel/qobject.cpp:1111
#18 0x038ecf54 in QApplicationPrivate::notify_helper (this=0x9d71120, receiver=0xb81bf80, e=0xb8acb58) at kernel/qapplication.cpp:4056
#19 0x038f467c in QApplication::notify (this=0xbf9ebd74, receiver=0xb81bf80, e=0xb8acb58) at kernel/qapplication.cpp:3603
#20 0x00efdbfa in KApplication::notify (this=0xbf9ebd74, receiver=0xb81bf80, event=0xb8acb58) at ../../kdeui/kernel/kapplication.cpp:302
#21 0x099a66cb in QCoreApplication::notifyInternal (this=0xbf9ebd74, receiver=0xb81bf80, event=0xb8acb58) at kernel/qcoreapplication.cpp:610
#22 0x099a72b2 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x9d53d10) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#23 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x9d53d10) at kernel/qcoreapplication.cpp:1247
#24 0x099a747d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1140
#25 0x099d13ff in QCoreApplication::sendPostedEvents (s=0x9d73710) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#26 postEventSourceDispatch (s=0x9d73710) at kernel/qeventdispatcher_glib.cpp:210
#27 0x09021e78 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#28 0x09025720 in ?? () from /lib/libglib-2.0.so.0
#29 0x09025853 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#30 0x099d102c in QEventDispatcherGlib::processEvents (this=0x9d53ee8, flags=...) at kernel/qeventdispatcher_glib.cpp:327
#31 0x0398dbe5 in QGuiEventDispatcherGlib::processEvents (this=0x9d53ee8, flags=...) at kernel/qguieventdispatcher_glib.cpp:202
#32 0x099a4c79 in QEventLoop::processEvents (this=0xbf9ebcd4, flags=) at kernel/qeventloop.cpp:149
#33 0x099a50ca in QEventLoop::exec (this=0xbf9ebcd4, flags=...) at kernel/qeventloop.cpp:201
#34 0x099a753f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#35 0x038ecdd7 in QApplication::exec () at kernel/qapplication.cpp:3525
#36 0x08059a8c in _start ()

This bug may be a duplicate of or related to bug 206181

Reported using DrKonqi
Comment 1 Dario Andres 2009-11-25 02:07:40 UTC 
Seems to be a kdelibs-related issue.
Comment 2 Dario Andres 2009-11-25 02:08:06 UTC 
*** Bug 206181 has been marked as a duplicate of this bug. ***
Comment 3 Dario Andres 2010-01-30 23:13:50 UTC 
From bug 224915:
-- Information about the crash:
I had my laptop in standby. I returned, and the networkmanager had connected me
to the wrong WLAN (which needs activated VPN to work). So I changed it to the
other one. At this point Kopete crashed.
Comment 4 Dario Andres 2010-01-30 23:13:55 UTC 
*** Bug 224915 has been marked as a duplicate of this bug. ***
Comment 5 Malte S. Stretz 2010-08-09 13:56:27 UTC 
Created attachment 49940 [details]
New crash information added by DrKonqi

kopete (1.0.80) on KDE Platform 4.4.92 (KDE 4.4.92 (KDE 4.5 RC2)) using Qt 4.7.0

- What I was doing when the application crashed:

Network cable was pulled accidently, Kopete crashed.  Used protocols: Jabber and Bonjour.

-- Backtrace (Reduced):
#7  0x06aeb179 in QList<KSharedPtr<DNSSD::RemoteService> >::removeAll(KSharedPtr<DNSSD::RemoteService> const&) () from /usr/lib/libkdnssd.so.4
#8  0x06ae8d4d in DNSSD::ServiceBrowserPrivate::gotRemoveService (this=0xa3f3cf0, name=..., type=..., domain=...) at ../../dnssd/avahi-servicebrowser.cpp:137
#9  0x06ae8e56 in DNSSD::ServiceBrowserPrivate::qt_metacall (this=0xa3f3cf0, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbfbab804) at ./avahi-servicebrowser_p.moc:84
[...]
[...]
#12 0x06afb6ab in OrgFreedesktopAvahiServiceBrowserInterface::ItemRemove (this=0xa3bc840, _t1=2, _t2=0, _t3=..., _t4=..., _t5=..., _t6=4) at avahi_servicebrowser_interface.moc:129
#13 0x06afb9ee in OrgFreedesktopAvahiServiceBrowserInterface::qt_metacall (this=0xa3bc840, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfbab99c) at avahi_servicebrowser_interface.moc:89
Comment 6 Christoph Feck 2010-09-28 23:19:34 UTC 
*** Bug 252285 has been marked as a duplicate of this bug. ***
Comment 7 Jiri Palecek 2018-04-11 13:34:27 UTC 
This seems to be a problem with DNSSD::ServiceBrowserPrivate::gotRemoveService code. It emits a signal and then proceeds to delete some element of the m_services QList:

     emit m_parent->serviceRemoved(found);
     m_services.removeAll(found);

What happens in Kopete, and particularly its Bonjour code, is that from that signal, Kopete goes offline and deletes the ServiceBrowser instance. The control then returns to gotRemovalService, which tries to do the deletion an a freed object.

The best solution is probably to postpone the deletion of found to the main loop with QTimer::singleShot, because that can be made so deletion of the ServiceBrowser object automatically cancels its execution. (I've got a patch for it, tested and seems to work.) However, I wonder whether in essence all code that emits signals shouldn't be treated that way, since you don't really know what happens when the slot connected to the signal executes.

I've also considered if Kopete couldn't be changed so as not to delete the ServiceBrowser, however, I haven't found a way.

1. Stopping the ServiceBrowser without actually deleting it (and then maybe restarting it) could work, but I can't see how you could do it.

2. Postponing the deletion to the main loop via ->deleteLater doesn't work, because it just so happens that the main loop can be nested in kopete. The call stack looks like this:

(BonjourAccount::disconnect would be called here)
0xaffd45dd in DNSSD::ServiceBrowserPrivate::gotRemoveService (this=0x21ace40, name=..., type=..., domain=...) at ./dnssd/avahi-servicebrowser.cpp:137
...
0xaffd8a05 in DNSSD::RemoteService::resolve (this=0x21a9e00) at ./dnssd/avahi-remoteservice.cpp:49
0xb006fefe in BonjourAccount::goingOffline (this=0x207abe0, pointer=...) at ./protocols/bonjour/bonjouraccount.cpp:273
...
0xaffd3e01 in DNSSD::ServiceBrowser::serviceRemoved (this=0x21133f0, _t1=...) at ./obj-i686-linux-gnu/dnssd/servicebrowser.moc:111
0xaffd45c9 in DNSSD::ServiceBrowserPrivate::gotRemoveService (this=0x21ace40, name=..., type=..., domain=...) at ./dnssd/avahi-servicebrowser.cpp:136

DNSSD::RemoteService::resolve contains an event loop, which means the deferred deletion would be effective by the time control returns there. The gotRemoveService sitting up above it in the stack, would be doomed. (Also tested.) Of course this nested event loop is bad design, but what can you do?
Comment 8 Jiri Palecek 2018-04-11 13:38:18 UTC 
Created attachment 111955 [details]
Full backtrace showing the nested event loop problem
Comment 9 Justin Zobel 2020-12-17 05:35:31 UTC 
Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 10 Bug Janitor Service 2021-01-01 04:34:16 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 11 Bug Janitor Service 2021-01-16 04:33:50 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!