Bug 261903

Summary: Torrent up/download freezes, then ktorrent crashes when doing exit.
Product: [Applications] ktorrent Reporter: thordn
Component: generalAssignee: Joris Guisson <joris.guisson>
Status: RESOLVED FIXED    
Severity: crash CC: andrestepeite, marko.gabriel.cz, thordn
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Slackware   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: valgrind log as requested. This time ktorrent crashed with segfault without user intervention.

Description thordn 2011-01-02 22:14:24 UTC 
Application: ktorrent (4.0.5)
KDE Platform Version: 4.4.3 (KDE 4.4.3)
Qt Version: 4.6.2
Operating System: Linux 2.6.33.4 x86_64
Distribution (Platform): Slackware Packages

-- Information about the crash:
I am running ktorrent 4.0.5 with about 6000 loaded torrents,  max downloads = 150, max uploads =100.  Adter a while (normally within 20-30 minutes the up/download stops. When I exit ktorrent it crashes. 

Console logs:

$  ktorrent
Warning: Connecting to deprecated signal QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString)

<some delay>

<unknown program name>(31656)/: Communication problem with  "ktorrent" , it probably crashed. 
Error message was:  "org.freedesktop.DBus.Error.NoReply" : " "Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken." "

<some delay> Warning: QSystemTrayIcon::setVisible: No Icon set
Warning: Calling appendChild() on a null node does nothing.
Warning: Calling appendChild() on a null node does nothing.
kdeinit4: preparing to launch /usr/lib64/kde4/kio_file.so
kdeinit4: preparing to launch /usr/lib64/kde4/kio_file.so
<snip>
kdeinit4: preparing to launch /usr/lib64/kde4/kio_file.so
<snip>
knotify(24937) KNotify::event: 2696  ref= 1
knotify(24937) KNotify::slotPluginFinished: 2696  ref= 1
knotify(24937) KNotify::closeNotification: 2696  ref= 0

Warning: QTreeView::rowsInserted internal representation of the model has been corrupted, resetting. 
*** glibc detected *** ktorrent: corrupted double-linked list: 0x0000000007b89b20 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x76ce6)[0x7f13f2dd1ce6]
/lib64/libc.so.6(+0x7a125)[0x7f13f2dd5125]
/lib64/libc.so.6(cfree+0x73)[0x7f13f2dd8553]
/usr/lib64/libQtCore.so.4(_ZN20QEventDispatcherGlibD2Ev+0x54)[0x7f13f4903274]
/usr/lib64/libQtGui.so.4(+0x2928f2)[0x7f13f3b0a8f2]
/usr/lib64/libQtCore.so.4(_ZN14QObjectPrivate14deleteChildrenEv+0x7c)[0x7f13f48e776c]
/usr/lib64/libQtCore.so.4(_ZN7QObjectD2Ev+0x384)[0x7f13f48ee824]
/usr/lib64/libQtGui.so.4(_ZN12QApplicationD2Ev+0x4af)[0x7f13f3a694bf]
ktorrent[0x4285b3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f13f2d79b6d]
ktorrent[0x424a59]
======= Memory map: ========
00400000-004d4000 r-xp 00000000 08:02 3614126                            /usr/bin/ktorrent
006d3000-006d6000 rw-p 000d3000 08:02 3614126                            /usr/bin/ktorrent
006d6000-09e26000 rw-p 00000000 00:00 0                                  [heap]
7f13c4000000-7f13c462b000 rw-p 00000000 00:00 0 
7f13c462b000-7f13c8000000 ---p 00000000 00:00 0 
7f13cb7a0000-7f13cb7a1000 ---p 00000000 00:00 0 
7f13cb7a1000-7f13cbfa1000 rwxp 00000000 00:00 0 
7f13cbfa1000-7f13cbfa2000 ---p 00000000 00:00 0 
7f13cbfa2000-7f13cc7a2000 rwxp 00000000 00:00 0 
7f13cdb82000-7f13cdb9d000 r-xp 00000000 08:02 5203256                    /usr/lib64/qt/plugins/inputmethods/im-scim-bridge.so
7f13cdb9d000-7f13cdd9c000 ---p 0001b000 08:02 5203256                    /usr/lib64/qt/plugins/inputmethods/im-scim-bridge.so
7f13cdd9c000-7f13cdd9e000 rw-p 0001a000 08:02 5203256                    /usr/lib64/qt/plugins/inputmethods/im-scim-bridge.so
7f13cdd9e000-7f13cdda4000 r-xp 00000000 08:02 5203132                    /usr/lib64/qt/plugins/inputmethods/libqimsw-multi.so
7f13cdda4000-7f13cdfa4000 ---p 00006000 08:02 5203132                    /usr/lib64/qt/plugins/inputmethods/libqimsw-multi.so
7f13cdfa4000-7f13cdfa5000 rw-p 00006000 08:02 5203132                    /usr/lib64/qt/plugins/inputmethods/libqimsw-multi.so
7f13cdfa5000-7f13cdfaa000 r-xp 00000000 08:02 868431                     /lib64/libnss_dns-2.11.1.so
7f13cdfaa000-7f13ce1a9000 ---p 00005000 08:02 868431                     /lib64/libnss_dns-2.11.1.so
7f13ce1a9000-7f13ce1aa000 r--p 00004000 08:02 868431                     /lib64/libnss_dns-2.11.1.so
7f13ce1aa000-7f13ce1ab000 rw-p 00005000 08:02 868431                     /lib64/libnss_dns-2.11.1.so
7f13d056a000-7f13d0572000 r-xp 00000000 08:02 3581191                    /usr/lib64/libgif.so.4.1.6
7f13d0572000-7f13d0772000 ---p 00008000 08:02 3581191                    /usr/lib64/libgif.so.4.1.6
7f13d0772000-7f13d0773000 rw-p 00008000 08:02 3581191                    /usr/lib64/libgif.so.4.1.6
7f13d0773000-7f13d07a9000 r-xp 00000000 08:02 3580327                    /usr/lib64/libktexteditor.so.4.4.0
7f13d07a9000-7f13d09a9000 ---p 00036000 08:02 3580327                    /usr/lib64/libktexteditor.so.4.4.0
7f13d09a9000-7f13d09ad000 rw-p 00036000 08:02 3580327                    /usr/lib64/libktexteditor.so.4.4.0
7f13d09ad000-7f13d104f000 r-xp 00000000 08:02 3580325                    /usr/lib64/libkhtml.so.5.4.0
7f13d104f000-7f13d124f000 ---p 006a2000 08:02 3580325                    /usr/lib64/libkhtml.so.5.4.0
7f13d124f000-7f13d12db000 rw-p 006a2000 08:02 3580325                    /usr/lib64/libkhtml.so.5.4.0
7f13d12db000-7f13d12dd000 rw-p 00000000 00:00 0 
7f13d12dd000-7f13d1315000 r-xp 00000000 08:02 4755232                    /usr/lib64/kde4/ktsearchplugin.so
7f13d1315000-7f13d1514000 ---p 00038000 08:02 4755232                    /usr/lib64/kde4/ktsearchplugin.so
7f13d1514000-7f13d1519000 rw-p 00037000 08:02 4755232                    /usr/lib64/kde4/ktsearchplugin.so
7f13d1519000-7f13d1520000 r-xp 00000000 08:02 4754280                    /usr/lib64/kde4/krossqts.so
7f13d1520000-7f13d171f000 ---p 00007000 08:02 4754280                    /usr/lib64/kde4/krossqts.so
7f13d171f000-7f13d1720000 rw-p 00006000 08:02 4754280                    /usr/lib64/kde4/krossqts.so
7f13d1720000-7f13d1722000 r-xp 00000000 08:02 4571229                    /usr/lib64/libpcreposix.so.0.0.0
7f13d1722000-7f13d1921000 ---p 00002000 08:02 4571229                    /usr/lib64/libpcreposix.so.0.0.0
7f13d1921000-7f13d1922000 rw-p 00001000 08:02 4571229                    /usr/lib64/libpcreposix.so.0.0.0
7f13d1922000-7f13d1941000 r-xp 00000000 08:02 4571231                    /usr/lib64/libpcre.so.0.0.1
7f13d1941000-7f13d1b40000 ---p 0001f000 08:02 4571231                    /usr/lib64/libpcre.so.0.0.1
7f13d1b40000-7f13d1b41000 rw-p 0001e000 08:02 4571231                    /usr/lib64/libpcre.so.0.0.1
7f13d1b41000-7f13d1c80000 r-xp 00000000 08:02 3580336                    /usr/lib64/libkjsembed.so.4.4.0
7f13d1c80000-7f13d1e80000 ---p 0013f000 08:02 3580336                    /usr/lib64/libkjsembed.so.4.4.0
7f13d1e80000-7f13d1e8e000 rw-p 0013f000 08:02 3580336                    /usr/lib64/libkjsembed.so.4.4.0
7f13d1e8e000-7f13d1f40000 r-xp 00000000 08:02 3580344                    /usr/lib64/libkjs.so.4.4.0
7f13d1f40000-7f13d213f000 ---p 000b2000 08:02 3580344                    /usr/lib64/libkjs.so.4.4.0
7f13d213f000-7f13d214e000 rw-p 000b1000 08:02 3580344                    /usr/lib64/libkjs.so.4.4.0
7f13d214e000-7f13d2158000 rw-p 00000000 00:00 0 
7f13d2158000-7f13d2163000 r-xp 00000000 08:02 4754263                    /usr/lib64/kde4/krosskjs.so
7f13d2163000-7f13d2362000 ---p 0000b000 08:02 4754263                    /usr/lib64/kde4/krosskjs.so
7f13d2362000-7f13d2363000 rw-p 0000a000 08:02 4754263                    /usr/lib64/kde4/krosskjs.so
7f13d2363000-7f13d236c000 r-xp 00000000 08:02 868425                     /lib64/libcrypt-2.11.1.so
7f13d236c000-7f13d256c000 ---p 00009000 08:02 868425                     /lib64/libcrypt-2.11.1.so
7f13d256c000-7f13d256d000 r--p 00009000 08:02 868425                     /lib64/libcrypt-2.11.1.so
7f13d256d000-7f13d256e000 rw-p 0000a000 08:02 868425                     /lib64/libcrypt-2.11.1.so
7f13d256e000-7f13d259c000 rw-p 00000000 00:00 0 
7f13d259c000-7f13d272b000 r-xp 00000000 08:02 3579925                    /usr/lib64/libruby.so.1.9.1
7f13d272b000-7f13d292a000 ---p 0018f000 08:02 3579925                    /usr/lib64/libruby.so.1.9.1
7f13d292a000-7f13d2934000 rw-p 0018e000 08:02 3579925                    /usr/lib64/libruby.so.1.9.1
7f13d2934000-7f13d2953000 rw-p 00000000 00:00 0 
7f13d2953000-7f13d2973000 r-xp 00000000 08:02 4753985                    /usr/lib64/kde4/krossruby.so
7f13d2973000-7f13d2b72000 ---p 00020000 08:02 4753985                    /usr/lib64/kde4/krossruby.so
7f13d2b72000-7f13d2b75000 rw-p 0001f000 08:02 4753985                    /usr/lib64/kde4/krossruby.soKCrash: Application 'ktorrent' crashing...
sock_file=/home/tn/.kde/socket-hex/kdeinit4_localhost_10
kdeinit4: preparing to launch /usr/lib64/kde4/libexec/drkonqi



warning: the debug information found in "/usr/lib64/libqca.so.2.0.2.debug" does not match "/usr/lib64/libqca.so.2" (CRC mismatch).

kdeinit4: preparing to launch /usr/lib64/libkdeinit4_kwalletd.so
Connecting to deprecated signal QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString)
kdeinit4: preparing to launch /usr/lib64/kde4/kio_http.so
kdeinit4: preparing to launch /usr/lib64/kde4/kio_http.so



Please tell me if you want me to recompile with some special debug-options.


I also just now noticed that Instead of the above error, ktorrent may also crash with a segfault,
see separate report.


regards,
/Thord.







The crash can be reproduced every time.

 -- Backtrace:
Application: KTorrent (ktorrent), signal: Aborted
Traceback (most recent call last):
  File "/usr/share/gdb/auto-load/usr/lib64/libgobject-2.0.so.0.2200.5-gdb.py", line 9, in <module>
    from gobject import register
  File "/usr/share/glib-2.0/gdb/gobject.py", line 3, in <module>
    import gdb.backtrace
ImportError: No module named backtrace
[KCrash Handler]
#5  0x00007f13f2d8e5a5 in raise () from /lib64/libc.so.6
#6  0x00007f13f2d8fdb0 in abort () from /lib64/libc.so.6
#7  0x00007f13f2dcc28b in __libc_message () from /lib64/libc.so.6
#8  0x00007f13f2dd1ce6 in malloc_printerr () from /lib64/libc.so.6
#9  0x00007f13f2dd5125 in _int_free () from /lib64/libc.so.6
#10 0x00007f13f2dd8553 in free () from /lib64/libc.so.6
#11 0x00007f13f4903274 in QEventDispatcherGlib::~QEventDispatcherGlib() () from /usr/lib64/libQtCore.so.4
#12 0x00007f13f3b0a8f2 in ?? () from /usr/lib64/libQtGui.so.4
#13 0x00007f13f48e776c in QObjectPrivate::deleteChildren() () from /usr/lib64/libQtCore.so.4
#14 0x00007f13f48ee824 in QObject::~QObject() () from /usr/lib64/libQtCore.so.4
#15 0x00007f13f3a694bf in QApplication::~QApplication() () from /usr/lib64/libQtGui.so.4
#16 0x00000000004285b3 in main (argc=<value optimized out>, argv=<value optimized out>) at /thome/tn/sw/ktorrent/ktorrent-4.0.5/ktorrent/main.cpp:176

Reported using DrKonqi
Comment 1 Joris Guisson 2011-01-03 18:27:41 UTC 
What would be interesting if you would run ktorrent under valgrind:

valgrind --log-file=vg.log /usr/bin/ktorrent --nofork

Post the vg.log file.

Note that running things under valgrind is slow, but it should result in valuable information.
Comment 2 thordn 2011-01-04 20:11:20 UTC 
Created attachment 55578 [details]
valgrind log as requested.

This time ktorrent crashed with segfault without user intervention.
Comment 3 thordn 2011-01-04 20:14:10 UTC 
When the log was made, ktorrent segfaulted without any user intervention.
Comment 4 Joris Guisson 2011-01-04 21:43:49 UTC 
This is very interesting, I think I see what is causing it.
Comment 5 Joris Guisson 2011-01-05 20:12:50 UTC 
commit ddc854c6365c355f6b1d80276db70b5f57657836
branch master
Author: Joris <joris.guisson@gmail.com>
Date:   Wed Jan 5 20:11:02 2011 +0100

    Fix crash due to manipulating timers in the wrong thread
    
    BUG: 261903

diff --git a/ChangeLog b/ChangeLog
index 00b85e4..4aa73d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Changes in 1.2:
 
 Changes in 1.1rc1:
 - Fix bug in UPnP so that it works properly with D-Link DIR 635 routers
+- Fix crash due to manipulating timers in the wrong thread (261903)
 
 Changes in 1.1beta1:
 - Use UTF-8 as default codec in bt::Value::toString
diff --git a/src/download/httpconnection.cpp b/src/download/httpconnection.cpp
index 536e1aa..51fc500 100644
--- a/src/download/httpconnection.cpp
+++ b/src/download/httpconnection.cpp
@@ -37,8 +37,12 @@ namespace bt
 		status = i18n("Not connected");
 		connect(&reply_timer,SIGNAL(timeout()),this,SLOT(replyTimeout()));
 		connect(&connect_timer,SIGNAL(timeout()),this,SLOT(connectTimeout()));
+		connect(this,SIGNAL(startReplyTimer(int)),&reply_timer,SLOT(start(int)),Qt::QueuedConnection);
+		connect(this,SIGNAL(stopReplyTimer()),&reply_timer,SLOT(stop()),Qt::QueuedConnection);
+		connect(this,SIGNAL(stopConnectTimer()),&connect_timer,SLOT(stop()),Qt::QueuedConnection);
 		up_gid = down_gid = 0;
 		close_when_finished = false;
+		redirected = false;
 	}
 
 
@@ -133,7 +137,7 @@ namespace bt
 					response_code = request->response_code;
 				}
 				else if (request->response_header_received)
-					reply_timer.stop();
+					stopReplyTimer();
 			}
 		}
 	}
@@ -154,7 +158,7 @@ namespace bt
 				state = ERROR;
 				status = i18n("Error: Failed to connect to webseed");
 			}
-			connect_timer.stop();
+			stopConnectTimer();
 		}
 		else if (state == ACTIVE && request)
 		{
@@ -173,7 +177,7 @@ namespace bt
 				g->buffer.clear();
 				g->request_sent = true;
 				// wait 60 seconds for a reply
-				reply_timer.start(60 * 1000);
+				startReplyTimer(60 * 1000);
 			}
 			return len;
 		}
@@ -324,9 +328,12 @@ namespace bt
 	void HttpConnection::replyTimeout()
 	{
 		QMutexLocker locker(&mutex);
-		status = i18n("Error: request timed out");
-		state = ERROR;
-		reply_timer.stop();
+		if (!request || !request->response_header_received)
+		{
+			status = i18n("Error: request timed out");
+			state = ERROR;
+			reply_timer.stop();
+		}
 	}
 	
 	////////////////////////////////////////////
diff --git a/src/download/httpconnection.h b/src/download/httpconnection.h
index 4a5c319..c2a8414 100644
--- a/src/download/httpconnection.h
+++ b/src/download/httpconnection.h
@@ -160,6 +160,11 @@ namespace bt
 		void hostResolved(KNetwork::KResolverResults res);
 		void connectTimeout();
 		void replyTimeout();
+		
+	signals:
+		void startReplyTimer(int timeout);
+		void stopReplyTimer();
+		void stopConnectTimer();
 	};
 }
Comment 6 Joris Guisson 2011-01-05 20:14:28 UTC 
commit 8059530289168be14f26a4786e9dd8cf18d67f90
branch 1.1
Author: Joris <joris.guisson@gmail.com>
Date:   Wed Jan 5 20:11:02 2011 +0100

    Backport fix crash due to manipulating timers in the wrong thread to 1.1 branch
    
    CCBUG: 261903

diff --git a/ChangeLog b/ChangeLog
index 70eae64..026c730 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 Changes in 1.1rc1:
 - Fix bug in UPnP so that it works properly with D-Link DIR 635 routers
+- Fix crash due to manipulating timers in the wrong thread (261903)
 
 Changes in 1.1beta1:
 - Use UTF-8 as default codec in bt::Value::toString
diff --git a/src/download/httpconnection.cpp b/src/download/httpconnection.cpp
index 536e1aa..51fc500 100644
--- a/src/download/httpconnection.cpp
+++ b/src/download/httpconnection.cpp
@@ -37,8 +37,12 @@ namespace bt
 		status = i18n("Not connected");
 		connect(&reply_timer,SIGNAL(timeout()),this,SLOT(replyTimeout()));
 		connect(&connect_timer,SIGNAL(timeout()),this,SLOT(connectTimeout()));
+		connect(this,SIGNAL(startReplyTimer(int)),&reply_timer,SLOT(start(int)),Qt::QueuedConnection);
+		connect(this,SIGNAL(stopReplyTimer()),&reply_timer,SLOT(stop()),Qt::QueuedConnection);
+		connect(this,SIGNAL(stopConnectTimer()),&connect_timer,SLOT(stop()),Qt::QueuedConnection);
 		up_gid = down_gid = 0;
 		close_when_finished = false;
+		redirected = false;
 	}
 
 
@@ -133,7 +137,7 @@ namespace bt
 					response_code = request->response_code;
 				}
 				else if (request->response_header_received)
-					reply_timer.stop();
+					stopReplyTimer();
 			}
 		}
 	}
@@ -154,7 +158,7 @@ namespace bt
 				state = ERROR;
 				status = i18n("Error: Failed to connect to webseed");
 			}
-			connect_timer.stop();
+			stopConnectTimer();
 		}
 		else if (state == ACTIVE && request)
 		{
@@ -173,7 +177,7 @@ namespace bt
 				g->buffer.clear();
 				g->request_sent = true;
 				// wait 60 seconds for a reply
-				reply_timer.start(60 * 1000);
+				startReplyTimer(60 * 1000);
 			}
 			return len;
 		}
@@ -324,9 +328,12 @@ namespace bt
 	void HttpConnection::replyTimeout()
 	{
 		QMutexLocker locker(&mutex);
-		status = i18n("Error: request timed out");
-		state = ERROR;
-		reply_timer.stop();
+		if (!request || !request->response_header_received)
+		{
+			status = i18n("Error: request timed out");
+			state = ERROR;
+			reply_timer.stop();
+		}
 	}
 	
 	////////////////////////////////////////////
diff --git a/src/download/httpconnection.h b/src/download/httpconnection.h
index 4a5c319..c2a8414 100644
--- a/src/download/httpconnection.h
+++ b/src/download/httpconnection.h
@@ -160,6 +160,11 @@ namespace bt
 		void hostResolved(KNetwork::KResolverResults res);
 		void connectTimeout();
 		void replyTimeout();
+		
+	signals:
+		void startReplyTimer(int timeout);
+		void stopReplyTimer();
+		void stopConnectTimer();
 	};
 }
Comment 7 Joris Guisson 2011-01-05 20:15:49 UTC 
*** Bug 261902 has been marked as a duplicate of this bug. ***
Comment 8 Joris Guisson 2011-01-05 20:17:14 UTC 
*** Bug 261346 has been marked as a duplicate of this bug. ***
Comment 9 thordn 2011-01-07 01:27:23 UTC 
I have now tested this patch for a while. I could not compile 1.1beta, so ported it back to libktorrent-1.0.5-3 and running 4.0.5. No crashes sofar. 

However after 1-2 hours the up/downloading stops. I have checked the "reduce priority" on stalled torrent and set timeout to 1 minute. When stopped and if I do:
find . -name "stats" -exec grep PRIORITY {} \;

I see PRIORITY=xxx mostly in the range of 1 to 8, after exiting ktorrent the values are a few thousands. Is this the way it is supposed to work?
When restarting ktorrent the up/downloading continues for another 1-2 hours then stops.

Another thing I see when removing a completed torrent is the warning:

Warning: QTreeView::rowsInserted internal representation of the model has been corrupted, resetting. Don't know if this is a problem tough.

/Thord.
Comment 10 Joris Guisson 2011-01-12 19:29:18 UTC 
*** Bug 257668 has been marked as a duplicate of this bug. ***