Bug 356011

Summary:	[maybe already fixed] Error in `ktorrent': corrupted double-linked list
Product:	[Applications] ktorrent	Reporter:	maksim.levental
Component:	general	Assignee:	Joris Guisson <joris.guisson>
Status:	RESOLVED WORKSFORME
Severity:	normal	CC:	shafff
Priority:	NOR
Version First Reported In:	4.3.1
Target Milestone:	---
Platform:	Other
OS:	Linux
Latest Commit:		Version Fixed/Implemented In:
Sentry Crash Report:

Description maksim.levental 2015-11-28 04:17:32 UTC

All of a sudden I'm getting this on startup.

Here's the vg.log

==2826== Memcheck, a memory error detector
==2826== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2826== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==2826== Command: /usr/bin/ktorrent --nofork
==2826== Parent PID: 1875
==2826== 
==2826== Conditional jump or move depends on uninitialised value(s)
==2826==    at 0x4EC6BA2: bt::Peer::percentAvailable() const (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EC6CEA: bt::Peer::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ECEA08: bt::PeerManager::Private::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x450997: ??? (in /usr/bin/ktorrent)
==2826==    by 0x42D28D: ??? (in /usr/bin/ktorrent)
==2826==    by 0x435E6C: ??? (in /usr/bin/ktorrent)
==2826==    by 0x803DF5F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x8043BD2: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7372CDB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.6)
==2826==    by 0x7379C15: QApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.6)
==2826==    by 0x43D0F0: ??? (in /usr/bin/ktorrent)
==2826==    by 0x802985C: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826== 
==2826== Invalid write of size 8
==2826==    at 0x4C306DB: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2826==    by 0x4F5948D: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED4B88: bt::UTMetaData::data(bt::BDictNode*, QByteArray const&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED554E: bt::UTMetaData::handlePacket(unsigned char const*, unsigned int) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED2DBC: bt::PacketReader::update(bt::PeerInterface&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EC6C27: bt::Peer::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ECEA08: bt::PeerManager::Private::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x450997: ??? (in /usr/bin/ktorrent)
==2826==    by 0x42D28D: ??? (in /usr/bin/ktorrent)
==2826==    by 0x435E6C: ??? (in /usr/bin/ktorrent)
==2826==    by 0x803DF5F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x8043BD2: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==  Address 0x21e1f6e0 is 0 bytes after a block of size 32 alloc'd
==2826==    at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2826==    by 0x7F1BC94: QByteArray::realloc(int) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x4F59472: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED4B88: bt::UTMetaData::data(bt::BDictNode*, QByteArray const&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED554E: bt::UTMetaData::handlePacket(unsigned char const*, unsigned int) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED2DBC: bt::PacketReader::update(bt::PeerInterface&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EC6C27: bt::Peer::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ECEA08: bt::PeerManager::Private::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x450997: ??? (in /usr/bin/ktorrent)
==2826==    by 0x42D28D: ??? (in /usr/bin/ktorrent)
==2826==    by 0x435E6C: ??? (in /usr/bin/ktorrent)
==2826==    by 0x803DF5F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826== 
--2826-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--2826-- si_code=128;  Faulting address: 0x0;  sp: 0x802ca9e40

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==2826==    at 0x38091C62: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==2826==    by 0x38051349: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==2826==    by 0x380D4CD3: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==2826==    by 0x380E3926: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 2826)
==2826==    at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2826==    by 0x7F69AEF: QString::realloc(int) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F6D342: QString::append(QString const&) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x4E9E270: bt::Log::operator<<(QString const&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4F58EFB: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4F591F2: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4F59567: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED4B88: bt::UTMetaData::data(bt::BDictNode*, QByteArray const&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED554E: bt::UTMetaData::handlePacket(unsigned char const*, unsigned int) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED2DBC: bt::PacketReader::update(bt::PeerInterface&) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EC6C27: bt::Peer::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ECEA08: bt::PeerManager::Private::update() (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x450997: ??? (in /usr/bin/ktorrent)
==2826==    by 0x42D28D: ??? (in /usr/bin/ktorrent)
==2826==    by 0x435E6C: ??? (in /usr/bin/ktorrent)
==2826==    by 0x803DF5F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x8043BD2: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7372CDB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.6)
==2826==    by 0x7379C15: QApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.6)
==2826==    by 0x43D0F0: ??? (in /usr/bin/ktorrent)
==2826==    by 0x802985C: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x805C6BF: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x8059830: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xCCE7FF6: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4600.1)
==2826==    by 0xCCE824F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4600.1)
==2826==    by 0xCCE82FB: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4600.1)
==2826==    by 0x805A1ED: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x741DC25: ??? (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.6)
==2826==    by 0x80280D0: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x8028444: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x802E428: QCoreApplication::exec() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x427C71: ??? (in /usr/bin/ktorrent)
==2826==    by 0x8C52A3F: (below main) (libc-start.c:289)

Thread 2: status = VgTs_WaitSys (lwpid 2859)
==2826==    at 0xBDE5149: pthread_cond_timedwait@@GLIBC_2.3.2 (pthread_cond_timedwait.S:238)
==2826==    by 0x7F1A263: QWaitCondition::wait(QMutex*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F0CF96: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 3: status = VgTs_WaitSys (lwpid 2860)
==2826==    at 0x8D2D8DD: ??? (syscall-template.S:81)
==2826==    by 0x131AAC29: send_dg (res_send.c:1101)
==2826==    by 0x131AAC29: __libc_res_nsend (res_send.c:564)
==2826==    by 0x131A8B43: __libc_res_nquery (res_query.c:227)
==2826==    by 0x131A95E9: __libc_res_nquerydomain (res_query.c:594)
==2826==    by 0x131A95E9: __libc_res_nsearch (res_query.c:433)
==2826==    by 0x1C40BC78: _nss_dns_gethostbyname4_r (dns-host.c:315)
==2826==    by 0x8D1DDAC: gaih_inet (getaddrinfo.c:862)
==2826==    by 0x8D2132B: getaddrinfo (getaddrinfo.c:2417)
==2826==    by 0x67ECC74: ??? (in /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4.8.6)
==2826==    by 0x67E1556: ??? (in /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4.8.6)
==2826==    by 0x7F0CDB9: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 4: status = VgTs_WaitSys (lwpid 2861)
==2826==    at 0xBDE5149: pthread_cond_timedwait@@GLIBC_2.3.2 (pthread_cond_timedwait.S:238)
==2826==    by 0x7F1A263: QWaitCondition::wait(QMutex*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F0CF96: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 5: status = VgTs_WaitSys (lwpid 2862)
==2826==    at 0xBDE5149: pthread_cond_timedwait@@GLIBC_2.3.2 (pthread_cond_timedwait.S:238)
==2826==    by 0x7F1A263: QWaitCondition::wait(QMutex*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F0CF96: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 6: status = VgTs_WaitSys (lwpid 2873)
==2826==    at 0xBDE5149: pthread_cond_timedwait@@GLIBC_2.3.2 (pthread_cond_timedwait.S:238)
==2826==    by 0x7F1A263: QWaitCondition::wait(QMutex*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F0CF96: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 7: status = VgTs_WaitSys (lwpid 2876)
==2826==    at 0x8D2D8DD: ??? (syscall-template.S:81)
==2826==    by 0x4EB373B: net::Poll::poll(int) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB05E3: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0715: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0918: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 8: status = VgTs_WaitSys (lwpid 2877)
==2826==    at 0x8D39F4F: send (send.c:31)
==2826==    by 0x4EAD988: net::Socket::send(unsigned char const*, int) (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4ED9634: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EABCF0: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB1A07: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB1C8F: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0B66: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0D95: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0224: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB0918: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)

Thread 9: status = VgTs_WaitSys (lwpid 2878)
==2826==    at 0x8D2D8DD: ??? (syscall-template.S:81)
==2826==    by 0x131AAC29: send_dg (res_send.c:1101)
==2826==    by 0x131AAC29: __libc_res_nsend (res_send.c:564)
==2826==    by 0x131A8B43: __libc_res_nquery (res_query.c:227)
==2826==    by 0x1C40C03F: _nss_dns_gethostbyaddr2_r (dns-host.c:485)
==2826==    by 0x1C40C502: _nss_dns_gethostbyaddr_r (dns-host.c:544)
==2826==    by 0x8D4B78C: gethostbyaddr_r@@GLIBC_2.2.5 (getXXbyYY_r.c:266)
==2826==    by 0x8D53ACF: getnameinfo (getnameinfo.c:224)
==2826==    by 0x4EB2D45: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB2DC7: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x4EB3129: ??? (in /usr/lib/libktorrent.so.5.0.1)
==2826==    by 0x7F19D1B: ??? (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6)
==2826==    by 0xBDDF6A9: start_thread (pthread_create.c:333)
==2826==    by 0x8D38EEC: clone (clone.S:109)


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.



Reproducible: Always

Steps to Reproduce:
1. Start ktorrent.
2. crash.

Comment 1 Nick Shaforostoff 2016-02-28 03:10:15 UTC

Git commit 77d90c4f952b086027a24521fa35b66d2a2cd6a8 by Nick Shaforostoff.
Committed on 28/02/2016 at 03:09.
Pushed by shaforo into branch 'master'.

blindly fix the crash

M  +6    -1    src/magnet/metadatadownload.cpp

http://commits.kde.org/libktorrent/77d90c4f952b086027a24521fa35b66d2a2cd6a8

Comment 2 Justin Zobel 2022-10-19 22:10:44 UTC

Thank you for reporting this bug in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!

Comment 3 Bug Janitor Service 2022-11-03 05:06:50 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 4 Bug Janitor Service 2022-11-18 05:17:05 UTC

This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!