453820 – Crash in bt::CircularBuffer::read

Bug 453820 - Crash in bt::CircularBuffer::read

Summary: Crash in bt::CircularBuffer::read

Status:	REPORTED

Alias:	None

Product:	ktorrent
Classification:	Applications
Component:	general (show other bugs)
Version:	22.04.0
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Joris Guisson

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2022-05-15 11:33 UTC by Jaime Torres
Modified:	2022-05-15 11:33 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jaime Torres 2022-05-15 11:33:55 UTC

Application: ktorrent (22.04.0)

Qt Version: 5.15.2
Frameworks Version: 5.93.0
Operating System: Linux 5.18.0-rc5-2.g1b401d7-default x86_64
Windowing System: Wayland
Distribution: "openSUSE Tumbleweed"
DrKonqi: 5.24.5 [KCrashBackend]

-- Information about the crash:
- What I was doing when the application crashed:
Nothing special. It just crashed, probably because something received from internet.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: KTorrent (ktorrent), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = 0x0}
[KCrash Handler]
#6  __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:592
#7  0x00007f3e741c2b38 in memcpy (__len=384, __src=<optimized out>, __dest=0x100055ab5af3b3bc) at /usr/include/bits/string_fortified.h:29
#8  bt::CircularBuffer::read(unsigned char*, unsigned int) (this=0x55ab5ff001d0, ptr=0x100055ab5af3b3bc <error: Cannot access memory at address 0x100055ab5af3b3bc>, max_len=<optimized out>) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/util/circularbuffer.cpp:38
#9  0x00007f3e74256eff in utp::PacketBuffer::fillData(bt::CircularBuffer&, unsigned int) (this=0x7f3e477fd540, cbuf=..., to_read=384) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/packetbuffer.cpp:67
#10 0x00007f3e7425399b in utp::Connection::sendPackets() (this=0x55ab5ff001a0) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/connection.cpp:403
#11 0x00007f3e74254018 in utp::Connection::handlePacket(utp::PacketParser const&, QSharedPointer<bt::Buffer>) (this=0x55ab5ff001a0, parser=..., packet=...) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/connection.cpp:171
#12 0x00007f3e74254d16 in utp::UTPServer::handlePacket(QSharedPointer<bt::Buffer>, net::Address const&) (this=0x55ab556cf340, buffer=..., addr=<optimized out>) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/utpserver.cpp:321
#13 0x00007f3e74250857 in utp::UTPServer::Private::dataReceived(QSharedPointer<bt::Buffer>, net::Address const&) (this=0x55ab5568f040, buffer=..., addr=...) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/utpserver.cpp:183
#14 0x00007f3e741d6330 in net::ServerSocket::readyToRead(int) (this=0x55ab556bf680) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/net/serversocket.cpp:133
#15 0x00007f3e72311453 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7f3e477fd890, r=0x55ab556bf680, this=0x7f3e480147c0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#16 doActivate<false>(QObject*, int, void**) (sender=0x55ab556bf0c0, signal_index=3, argv=0x7f3e477fd890) at kernel/qobject.cpp:3886
#17 0x00007f3e7230a7af in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x55ab556bf0c0, m=m@entry=0x7f3e725b0880 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7f3e477fd890) at kernel/qobject.cpp:3946
#18 0x00007f3e7231483f in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x55ab556bf0c0, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#19 0x00007f3e7231503b in QSocketNotifier::event(QEvent*) (this=0x55ab556bf0c0, e=0x7f3e477fd9b0) at kernel/qsocketnotifier.cpp:302
#20 0x00007f3e72fa5b0f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x55ab556bf0c0, e=0x7f3e477fd9b0) at kernel/qapplication.cpp:3632
#21 0x00007f3e722dab5a in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55ab556bf0c0, event=0x7f3e477fd9b0) at kernel/qcoreapplication.cpp:1064
#22 0x00007f3e72332e6d in socketNotifierSourceDispatch(GSource*, GSourceFunc, gpointer) (source=source@entry=0x7f3e38004840) at kernel/qeventdispatcher_glib.cpp:107
#23 0x00007f3e7046e122 in g_main_dispatch (context=0x7f3e38000c30) at ../glib/gmain.c:3417
#24 g_main_context_dispatch (context=0x7f3e38000c30) at ../glib/gmain.c:4135
#25 0x00007f3e7046e4b8 in g_main_context_iterate (context=context@entry=0x7f3e38000c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#26 0x00007f3e7046e56f in g_main_context_iteration (context=0x7f3e38000c30, may_block=1) at ../glib/gmain.c:4276
#27 0x00007f3e72332326 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f3e38000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#28 0x00007f3e722d955b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f3e477fdbc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#29 0x00007f3e720f4cce in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#30 0x00007f3e720f5e3f in QThreadPrivate::start(void*) (arg=0x55ab556c24f0) at thread/qthread_unix.cpp:331
#31 0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#32 0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 7 (Thread 0x7f3e47fff640 (LWP 32657) "Qt bearer threa"):
#1  0x00007f3e7046e44e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f3e400029e0, timeout=<optimized out>, context=0x7f3e40000c30) at ../glib/gmain.c:4516
#2  g_main_context_iterate (context=context@entry=0x7f3e40000c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4206
#3  0x00007f3e7046e56f in g_main_context_iteration (context=0x7f3e40000c30, may_block=1) at ../glib/gmain.c:4276
#4  0x00007f3e72332326 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f3e40000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#5  0x00007f3e722d955b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f3e47ffebc0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#6  0x00007f3e720f4cce in QThread::exec() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f3e720f5e3f in QThreadPrivate::start(void*) (arg=0x55ab556bf000) at thread/qthread_unix.cpp:331
#8  0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#9  0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 6 (Thread 0x7f3e68e33640 (LWP 32655) "QDBusConnection"):
#1  0x00007f3e7046c2d5 in g_source_iter_next (iter=iter@entry=0x7f3e68e329d0, source=source@entry=0x7f3e68e329c8) at ../glib/gmain.c:1097
#2  0x00007f3e7046d803 in g_main_context_prepare (context=context@entry=0x7f3e48000c30, priority=priority@entry=0x7f3e68e32a50) at ../glib/gmain.c:3711
#3  0x00007f3e7046e37b in g_main_context_iterate (context=context@entry=0x7f3e48000c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4191
#4  0x00007f3e7046e56f in g_main_context_iteration (context=0x7f3e48000c30, may_block=1) at ../glib/gmain.c:4276
#5  0x00007f3e72332326 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f3e48000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#6  0x00007f3e722d955b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f3e68e32b90, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#7  0x00007f3e720f4cce in QThread::exec() (this=this@entry=0x7f3e735f4060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#8  0x00007f3e7357c297 in QDBusConnectionManager::run() (this=0x7f3e735f4060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#9  0x00007f3e720f5e3f in QThreadPrivate::start(void*) (arg=0x7f3e735f4060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:331
#10 0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#11 0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 5 (Thread 0x7f3e69733640 (LWP 32654) "ktorren:disk$0"):
#1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x55ab555b55f8, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0, cancel=cancel@entry=true) at futex-internal.c:87
#2  0x00007f3e718a097f in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x55ab555b55f8, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#3  0x00007f3e718a35b0 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55ab555b55a8, cond=0x55ab555b55d0) at pthread_cond_wait.c:503
#4  ___pthread_cond_wait (cond=0x55ab555b55d0, mutex=0x55ab555b55a8) at pthread_cond_wait.c:618
#5  0x00007f3e6a2c1c6b in cnd_wait (mtx=0x55ab555b55a8, cond=0x55ab555b55d0) at ../include/c11/threads_posix.h:155
#6  util_queue_thread_func(void*) (input=input@entry=0x55ab555b6f20) at ../src/util/u_queue.c:294
#7  0x00007f3e6a2bbe07 in impl_thrd_routine(void*) (p=<optimized out>) at ../include/c11/threads_posix.h:87
#8  0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#9  0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 4 (Thread 0x7f3e6a075640 (LWP 32653) "ktorrent:rcs0"):
#1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x55ab555b9880, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0, cancel=cancel@entry=true) at futex-internal.c:87
#2  0x00007f3e718a097f in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x55ab555b9880, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#3  0x00007f3e718a35b0 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55ab555b9830, cond=0x55ab555b9858) at pthread_cond_wait.c:503
#4  ___pthread_cond_wait (cond=0x55ab555b9858, mutex=0x55ab555b9830) at pthread_cond_wait.c:618
#5  0x00007f3e6a2c1c6b in cnd_wait (mtx=0x55ab555b9830, cond=0x55ab555b9858) at ../include/c11/threads_posix.h:155
#6  util_queue_thread_func(void*) (input=input@entry=0x55ab555b8d40) at ../src/util/u_queue.c:294
#7  0x00007f3e6a2bbe07 in impl_thrd_routine(void*) (p=<optimized out>) at ../include/c11/threads_posix.h:87
#8  0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#9  0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 3 (Thread 0x7f3e6c458640 (LWP 32652) "WaylandEventThr"):
#1  0x00007f3e6f72f0ec in poll (__timeout=-1, __nfds=2, __fds=0x7f3e6c457bb0) at /usr/include/bits/poll2.h:39
#2  QtWaylandClient::EventThread::run() (this=0x55ab5550ea80) at qwaylanddisplay.cpp:208
#3  0x00007f3e720f5e3f in QThreadPrivate::start(void*) (arg=0x55ab5550ea80) at thread/qthread_unix.cpp:331
#4  0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#5  0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 2 (Thread 0x7f3e6cc59640 (LWP 32651) "WaylandEventThr"):
#1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x55ab55506554, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0, cancel=cancel@entry=true) at futex-internal.c:87
#2  0x00007f3e718a097f in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x55ab55506554, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#3  0x00007f3e718a35b0 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55ab55506500, cond=0x55ab55506528) at pthread_cond_wait.c:503
#4  ___pthread_cond_wait (cond=0x55ab55506528, mutex=0x55ab55506500) at pthread_cond_wait.c:618
#5  0x00007f3e720fbcbb in QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., deadline=..., this=0x55ab55506500) at thread/qwaitcondition_unix.cpp:146
#6  QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=this@entry=0x55ab55518c30, mutex=mutex@entry=0x55ab55518c28, deadline=...) at thread/qwaitcondition_unix.cpp:225
#7  0x00007f3e6f72f08f in QtWaylandClient::EventThread::waitForReading() (this=0x55ab55518bf0) at /usr/include/qt5/QtCore/qdeadlinetimer.h:68
#8  QtWaylandClient::EventThread::run() (this=0x55ab55518bf0) at qwaylanddisplay.cpp:206
#9  0x00007f3e720f5e3f in QThreadPrivate::start(void*) (arg=0x55ab55518bf0) at thread/qthread_unix.cpp:331
#10 0x00007f3e718a42ba in start_thread (arg=<optimized out>) at pthread_create.c:442
#11 0x00007f3e7192e460 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Thread 1 (Thread 0x7f3e6f108940 (LWP 32644) "ktorrent"):
#1  0x00007f3e720f6175 in QtLinuxFutex::_q_futex(int*, int, int, unsigned long long, int*, int) (val3=0, addr2=0x0, val2=0, val=3, op=0, addr=0x55ab556cf3e8) at thread/qfutex_p.h:116
#2  QtLinuxFutex::futexWait<QBasicAtomicPointer<QMutexData> >(QBasicAtomicPointer<QMutexData>&, QBasicAtomicPointer<QMutexData>::Type) (expectedValue=0x3, futex=...) at thread/qfutex_p.h:135
#3  lockInternal_helper<false> (timeout=-1, elapsedTimer=0x0, d_ptr=...) at thread/qmutex_linux.cpp:142
#4  QBasicMutex::lockInternal() (this=0x55ab556cf3e8) at thread/qmutex_linux.cpp:159
#5  0x00007f3e720f6483 in QBasicMutex::lock() (this=0x55ab556cf3e8) at thread/qmutex.h:81
#6  QRecursiveMutexPrivate::lock(int) (this=0x55ab556cf3d0, timeout=timeout@entry=-1) at thread/qmutex.cpp:780
#7  0x00007f3e720f6375 in QMutex::lock() (this=<optimized out>) at thread/qmutex.cpp:235
#8  0x00007f3e74250bdc in QMutexLocker::QMutexLocker(QBasicMutex*) (m=<optimized out>, this=0x7ffce4508658) at /usr/include/qt5/QtCore/qmutex.h:238
#9  QMutexLocker::QMutexLocker(QRecursiveMutex*) (m=<optimized out>, this=0x7ffce4508658) at /usr/include/qt5/QtCore/qmutex.h:243
#10 utp::UTPServer::preparePolling(net::Poll*, net::Poll::Mode, QSharedPointer<utp::Connection>&) (this=0x55ab556cf340, p=0x55ab54356460 <bt::AuthenticationMonitor::self>, mode=net::Poll::OUTPUT, conn=...) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/utpserver.cpp:405
#11 0x00007f3e74259b9e in utp::UTPSocket::prepare(net::Poll*, net::Poll::Mode) (this=0x55ab5d653e00, p=0x55ab54356460 <bt::AuthenticationMonitor::self>, mode=net::Poll::OUTPUT) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/utp/utpsocket.cpp:191
#12 0x00007f3e741d412e in bt::AuthenticationMonitor::update() (this=0x55ab54356460 <bt::AuthenticationMonitor::self>) at /usr/src/debug/libktorrent-22.04.0-1.1.x86_64/src/peer/authenticationmonitor.cpp:76
#13 0x000055ab5429afb4 in kt::Core::update() (this=0x55ab556937c0) at /usr/include/KF5/libktorrent/peer/authenticationmonitor.h:63
#14 0x00007f3e72311453 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffce45088d0, r=0x55ab556937c0, this=0x55ab556cc450) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false>(QObject*, int, void**) (sender=0x55ab556937e8, signal_index=3, argv=0x7ffce45088d0) at kernel/qobject.cpp:3886
#16 0x00007f3e7230a7af in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=<optimized out>, m=m@entry=0x7f3e725b09c0, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffce45088d0) at kernel/qobject.cpp:3946
#17 0x00007f3e7231531a in QTimer::timeout(QTimer::QPrivateSignal) (this=<optimized out>, _t1=...) at .moc/moc_qtimer.cpp:205
#18 0x00007f3e723071af in QObject::event(QEvent*) (this=0x55ab556937e8, e=0x7ffce4508a50) at kernel/qobject.cpp:1336
#19 0x00007f3e72fa5b0f in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x55ab556937e8, e=0x7ffce4508a50) at kernel/qapplication.cpp:3632
#20 0x00007f3e722dab5a in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55ab556937e8, event=0x7ffce4508a50) at kernel/qcoreapplication.cpp:1064
#21 0x00007f3e7233165b in QTimerInfoList::activateTimers() (this=this@entry=0x55ab555190d0) at kernel/qtimerinfo_unix.cpp:643
#22 0x00007f3e72331ef4 in timerSourceDispatch(GSource*, GSourceFunc, gpointer) (source=source@entry=0x55ab55519070) at kernel/qeventdispatcher_glib.cpp:183
#23 0x00007f3e7046e122 in g_main_dispatch (context=0x55ab5551f730) at ../glib/gmain.c:3417
#24 g_main_context_dispatch (context=0x55ab5551f730) at ../glib/gmain.c:4135
#25 0x00007f3e7046e4b8 in g_main_context_iterate (context=context@entry=0x55ab5551f730, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#26 0x00007f3e7046e56f in g_main_context_iteration (context=0x55ab5551f730, may_block=1) at ../glib/gmain.c:4276
#27 0x00007f3e723322b4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x55ab55517140, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#28 0x00007f3e722d955b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffce4508c90, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#29 0x00007f3e722e1820 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#30 0x00007f3e7276d61c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867
#31 0x00007f3e72fa5a85 in QApplication::exec() () at kernel/qapplication.cpp:2824
#32 0x000055ab5428e8dc in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/ktorrent-22.04.0-1.1.x86_64/ktorrent/main.cpp:253
[Inferior 1 (process 32644) detached]

Possible duplicates by query: bug 421299, bug 411002, bug 409848, bug 387945, bug 383127.

Reported using DrKonqi