Bug 284627

Summary: KTorrent crashes on start
Product: [Applications] ktorrent Reporter: Christoph Feck <cfeck>
Component: generalAssignee: Joris Guisson <joris.guisson>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: "faulty" ktorrentrc
Log from "valgrind tool=--memcheck"

Description Christoph Feck 2011-10-21 16:52:26 UTC 
Application: ktorrent (4.2dev)
KDE Platform Version: 4.7.2 (4.7.2) (Compiled from sources)
Qt Version: 4.8.0
Operating System: Linux 3.1.0-rc9-1-desktop i686
Distribution: "openSUSE 12.1 RC 1 (i586)"

-- Information about the crash:
- What I was doing when the application crashed:

I just started KTorrent from master, and got this crash. I tried removing ktorrentrc, and no longer got the crash, so I am attaching the "faulty" ktorrentrc.

libktorrent at 2e18bb16ec31223f2eb17f09ed7ebee354e679f0
ktorrent at e54ee64a48f75d51d7b86519c8ff88d8fff2dc1f

The crash can be reproduced every time.

-- Backtrace:
Application: KTorrent (ktorrent), signal: Segmentation fault
82	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0xb333e930 (LWP 18239))]

Thread 6 (Thread 0xb1126b70 (LWP 18241)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S:237
#1  0xb60b4581 in QWaitConditionPrivate::wait (this=0x89eee88, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:84
#2  0xb60b43a1 in QWaitCondition::wait (this=0x89eee50, mutex=0x89eee4c, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:158
#3  0xb60a3928 in QThreadPoolThread::run (this=0x89365c0) at /local/git/Qt/qt/src/corelib/concurrent/qthreadpool.cpp:141
#4  0xb60b31b9 in QThreadPrivate::start (arg=0x89365c0) at /local/git/Qt/qt/src/corelib/thread/qthread_unix.cpp:298
#5  0xb6009a7d in start_thread (arg=0xb1126b70) at pthread_create.c:301
#6  0xb51088fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 5 (Thread 0xb046eb70 (LWP 18242)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S:237
#1  0xb60b4581 in QWaitConditionPrivate::wait (this=0x89eee88, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:84
#2  0xb60b43a1 in QWaitCondition::wait (this=0x89eee50, mutex=0x89eee4c, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:158
#3  0xb60a3928 in QThreadPoolThread::run (this=0x8903280) at /local/git/Qt/qt/src/corelib/concurrent/qthreadpool.cpp:141
#4  0xb60b31b9 in QThreadPrivate::start (arg=0x8903280) at /local/git/Qt/qt/src/corelib/thread/qthread_unix.cpp:298
#5  0xb6009a7d in start_thread (arg=0xb046eb70) at pthread_create.c:301
#6  0xb51088fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 4 (Thread 0xafc53b70 (LWP 18243)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S:237
#1  0xb60b4581 in QWaitConditionPrivate::wait (this=0x89eee88, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:84
#2  0xb60b43a1 in QWaitCondition::wait (this=0x89eee50, mutex=0x89eee4c, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:158
#3  0xb60a3928 in QThreadPoolThread::run (this=0x8901758) at /local/git/Qt/qt/src/corelib/concurrent/qthreadpool.cpp:141
#4  0xb60b31b9 in QThreadPrivate::start (arg=0x8901758) at /local/git/Qt/qt/src/corelib/thread/qthread_unix.cpp:298
#5  0xb6009a7d in start_thread (arg=0xafc53b70) at pthread_create.c:301
#6  0xb51088fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 3 (Thread 0xaf453b70 (LWP 18250)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S:237
#1  0xb60b4581 in QWaitConditionPrivate::wait (this=0x89eee88, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:84
#2  0xb60b43a1 in QWaitCondition::wait (this=0x89eee50, mutex=0x89eee4c, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:158
#3  0xb60a3928 in QThreadPoolThread::run (this=0x8a9bde0) at /local/git/Qt/qt/src/corelib/concurrent/qthreadpool.cpp:141
#4  0xb60b31b9 in QThreadPrivate::start (arg=0x8a9bde0) at /local/git/Qt/qt/src/corelib/thread/qthread_unix.cpp:298
#5  0xb6009a7d in start_thread (arg=0xaf453b70) at pthread_create.c:301
#6  0xb51088fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 2 (Thread 0xaec53b70 (LWP 18252)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S:237
#1  0xb60b4581 in QWaitConditionPrivate::wait (this=0x89eee88, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:84
#2  0xb60b43a1 in QWaitCondition::wait (this=0x89eee50, mutex=0x89eee4c, time=30000) at /local/git/Qt/qt/src/corelib/thread/qwaitcondition_unix.cpp:158
#3  0xb60a3928 in QThreadPoolThread::run (this=0x8ab1548) at /local/git/Qt/qt/src/corelib/concurrent/qthreadpool.cpp:141
#4  0xb60b31b9 in QThreadPrivate::start (arg=0x8ab1548) at /local/git/Qt/qt/src/corelib/thread/qthread_unix.cpp:298
#5  0xb6009a7d in start_thread (arg=0xaec53b70) at pthread_create.c:301
#6  0xb51088fe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 1 (Thread 0xb333e930 (LWP 18239)):
[KCrash Handler]
#6  0xb756463e in QByteArray::operator[] (this=0xbfbf3608, i=0) at /local/qt4/include/QtCore/qbytearray.h:418
#7  0xb75632ad in bt::BDecoder::decode (this=0xbfbf35f4) at /local/git/extragear/network/libktorrent/src/bcodec/bdecoder.cpp:44
#8  0xb75f374c in dht::RPCServer::Private::dataReceived (this=0x82d9c90, ptr=..., addr=...) at /local/git/extragear/network/libktorrent/src/dht/rpcserver.cpp:90
#9  0xb7577a9d in net::ServerSocket::readyToRead (this=0x82b73d8) at /local/git/extragear/network/libktorrent/src/net/serversocket.cpp:139
#10 0xb754c069 in net::ServerSocket::qt_static_metacall (_o=0x82b73d8, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbfbf37a8) at /local/build/extragear/network/libktorrent/src/moc_serversocket.cpp:53
#11 0xb61eb611 in QMetaObject::activate (sender=0x829e690, m=0xb637b3f8, local_signal_index=0, argv=0xbfbf37a8) at /local/git/Qt/qt/src/corelib/kernel/qobject.cpp:3546
#12 0xb6245288 in QSocketNotifier::activated (this=0x829e690, _t1=17) at .moc/debug-shared/moc_qsocketnotifier.cpp:103
#13 0xb61f38e9 in QSocketNotifier::event (this=0x829e690, e=0xbfbf3d18) at /local/git/Qt/qt/src/corelib/kernel/qsocketnotifier.cpp:317
#14 0xb545d6be in QApplicationPrivate::notify_helper (this=0x8196910, receiver=0x829e690, e=0xbfbf3d18) at /local/git/Qt/qt/src/gui/kernel/qapplication.cpp:4518
#15 0xb545afce in QApplication::notify (this=0xbfbf3fb4, receiver=0x829e690, e=0xbfbf3d18) at /local/git/Qt/qt/src/gui/kernel/qapplication.cpp:3900
#16 0x0807fd54 in kt::App::notify (this=0xbfbf3fb4, receiver=0x829e690, event=0xbfbf3d18) at /local/git/extragear/network/ktorrent/ktorrent/app.cpp:99
#17 0xb61d00c2 in QCoreApplication::notifyInternal (this=0xbfbf3fb4, receiver=0x829e690, event=0xbfbf3d18) at /local/git/Qt/qt/src/corelib/kernel/qcoreapplication.cpp:876
#18 0xb61d3777 in QCoreApplication::sendEvent (receiver=0x829e690, event=0xbfbf3d18) at ../../include/QtCore/../../../../git/Qt/qt/src/corelib/kernel/qcoreapplication.h:231
#19 0xb6206434 in socketNotifierSourceDispatch (source=0x81563a8) at /local/git/Qt/qt/src/corelib/kernel/qeventdispatcher_glib.cpp:110
#20 0xb41dbe2f in g_main_dispatch (context=0x81a07a8) at gmain.c:2425
#21 g_main_context_dispatch (context=0x81a07a8) at gmain.c:2995
#22 0xb41dc560 in g_main_context_iterate (context=0x81a07a8, block=-1273057456, dispatch=1, self=<optimized out>) at gmain.c:3073
#23 0xb41dc7fa in g_main_context_iteration (context=0x81a07a8, may_block=1) at gmain.c:3136
#24 0xb6207030 in QEventDispatcherGlib::processEvents (this=0x81a7c70, flags=...) at /local/git/Qt/qt/src/corelib/kernel/qeventdispatcher_glib.cpp:424
#25 0xb552554a in QGuiEventDispatcherGlib::processEvents (this=0x81a7c70, flags=...) at /local/git/Qt/qt/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#26 0xb61cdb85 in QEventLoop::processEvents (this=0xbfbf3f3c, flags=...) at /local/git/Qt/qt/src/corelib/kernel/qeventloop.cpp:149
#27 0xb61cdcf3 in QEventLoop::exec (this=0xbfbf3f3c, flags=...) at /local/git/Qt/qt/src/corelib/kernel/qeventloop.cpp:204
#28 0xb61d073e in QCoreApplication::exec () at /local/git/Qt/qt/src/corelib/kernel/qcoreapplication.cpp:1148
#29 0xb545ac60 in QApplication::exec () at /local/git/Qt/qt/src/gui/kernel/qapplication.cpp:3779
#30 0x0806d50e in main (argc=5, argv=0xbfbf43e4) at /local/git/extragear/network/ktorrent/ktorrent/main.cpp:177

Reported using DrKonqi
Comment 1 Christoph Feck 2011-10-21 16:53:23 UTC 
Created attachment 64765 [details]
"faulty" ktorrentrc
Comment 2 Joris Guisson 2011-10-25 16:28:20 UTC 
By reverting to the default settings, you probably disabled DHT, the crash is in the DHT code. 

Not quite clear yet why this is happening.
Comment 3 Christoph Feck 2011-10-25 21:18:37 UTC 
Okey, I tested a bit.

First, the crash is indeed related to enabling DHT. When I remove all configuration, and start KTorrent, it opens correctly (note that I have active torrents in share/apps/ktorrent). When I go to Settings dialog, and enable the DHT option, it crashes as soon as I hit OK in the settings dialog.

Second, I found the faulty commit by bisecting in libktorrent.
    Good: e3f22c5a9a9fc0a71ef4be21da4a0b293d95123f
    Bad: 441025c20d6e62b660b6a418ed0ba4258e5ebaf3

Third, when renaming the apps/ktorrent folder, I get no crash, so it is actually the existing torrent data that causes it, not the configuration itself. So what you would probably have to test is:
- go back to Good revision
- enable DHT, start a torrent
- exit before it is completed
- now run Bad version, and see it crash (hopefully :)
Comment 4 Joris Guisson 2011-10-27 16:55:44 UTC 
It was pretty clear to me that the bug was introduced by 441025c20d6e62b660b6a418ed0ba4258e5ebaf3. But I have been unable to reproduce it. I have downloaded several torrents with DHT enabled, no crash, nothing.

And looking at the code, I don't understand how this is possible. 

Could you try to reproduce it when running under valgrind ?

valgrind --tool=memcheck --log-file=vg.log /usr/bin/ktorrent --nofork
Comment 5 Christoph Feck 2011-10-27 18:55:26 UTC 
Created attachment 64949 [details]
Log from "valgrind tool=--memcheck"

Because of the slow speed when running under valgrind, I could see that it actually starts seeding, then crashes.
Comment 6 Joris Guisson 2011-10-28 17:15:31 UTC 
Git commit 7873891cb53a1b2865f0fd21ceed9015935804db by Joris Guisson.
Committed on 28/10/2011 at 19:14.
Pushed by guisson into branch 'master'.

Fix crash in DHT packet receive code

BUG: 284627

M  +1    -0    ChangeLog
M  +36   -29   src/bcodec/bdecoder.cpp
M  +19   -7    src/bcodec/bdecoder.h
M  +1    -1    src/dht/rpcserver.cpp

http://commits.kde.org/libktorrent/7873891cb53a1b2865f0fd21ceed9015935804db
Comment 7 Christoph Feck 2011-10-28 17:22:19 UTC 
Confirmed. Thanks!