transport_send_line crash

Bug #402503 reported by michael bishop <clever@nbnet.nb.ca> on 2008-12-09
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
CtrlProxy
Medium
anonymous

Bug Description

[2008-12-08 23:05:04] Removed client (GameSurge/oldghost.local:55932)
[2008-12-08 23:41:35] error: Closing Link: clever by Gameservers.NJ.US.GameSurge.net (Excess Flood) (GameSurge)
[2008-12-08 23:41:35] Hangup from server, scheduling reconnect (GameSurge)
[2008-12-08 23:41:35] Reconnecting in 60 seconds (GameSurge)
[2008-12-08 23:41:36] Received SIGSEGV!
[2008-12-08 23:41:36] BACKTRACE: 13 stack frames:
[2008-12-08 23:41:36] #0 /usr/local/bin/ctrlproxy [0x80504e6]
[2008-12-08 23:41:36] #1 [0xb7fc5420]
[2008-12-08 23:41:36] #2 /usr/local/bin/ctrlproxy(transport_send_line+0x10a) [0x8067ada]
[2008-12-08 23:41:36] #3 /usr/local/bin/ctrlproxy(network_send_line+0x1c0) [0x806bc10]
[2008-12-08 23:41:36] #4 /usr/local/bin/ctrlproxy [0x8057f0b]
[2008-12-08 23:41:36] #5 /usr/local/bin/ctrlproxy [0x80678a6]
[2008-12-08 23:41:36] #6 /usr/lib/libglib-2.0.so.0 [0xb7e7dfed]
[2008-12-08 23:41:36] #7 /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x176) [0xb7e49cc6]
[2008-12-08 23:41:36] #8 /usr/lib/libglib-2.0.so.0 [0xb7e4d083]
[2008-12-08 23:41:36] #9 /usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1e7) [0xb7e4d467]
[2008-12-08 23:41:36] #10 /usr/local/bin/ctrlproxy(main+0x799) [0x8050209]
[2008-12-08 23:41:36] #11 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7cd9450]
[2008-12-08 23:41:36] #12 /usr/local/bin/ctrlproxy [0x804f971]
[2008-12-08 23:41:36] Please send a bug report to <email address hidden>.
[2008-12-08 23:41:36] A gdb backtrace is appreciated if you can reproduce this bug.
}}}

{{{
[New process 4434]
#0 0xb7fc5410 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fc5410 in __kernel_vsyscall ()
#1 0xb7cee085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7cefa01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0805057d in signal_crash (sig=11) at src/main.c:101
#4 <signal handler called>
#5 0xb7e5af1e in g_queue_push_tail () from /usr/lib/libglib-2.0.so.0
#6 0x08067ada in transport_send_line (transport=0xb7ec2240, l=0x65736e6f) at lib/transport.c:287
#7 0x0806bc10 in network_send_line (s=0x8083170, c=0x8532700, ol=0xbf962bc0, is_private=1) at lib/connection.c:204
#8 0x08057f0b in process_from_client (c=0x8532700, _l=0x9221788) at src/client.c:114
#9 0x080678a6 in handle_transport_receive (c=0x82b6c28, cond=G_IO_IN, _transport=0xa308600) at lib/transport.c:79
#10 0xb7e7dfed in ?? () from /usr/lib/libglib-2.0.so.0
#11 0xb7e49cc6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0xb7e4d083 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0xb7e4d467 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x08050209 in main (argc=Cannot access memory at address 0x0
) at src/main.c:384

Related branches

Revision history for this message
michael bishop <clever@nbnet.nb.ca> (michaelbishopclevernbnet.nb.ca) wrote :

[2008-12-25 17:23:25] error: Closing Link: clever[rev] by Snoke.NL.EU.GameSurge.net (Ping timeout) (GameSurge)
[2008-12-25 17:23:25] Hangup from server, scheduling reconnect (GameSurge)
[2008-12-25 17:23:26] Reconnecting in 60 seconds (GameSurge)
[2008-12-25 17:23:26] Tracking CTCP request 'VERSION' to igalo (GameSurge/acer:3518)
[2008-12-25 17:23:26] Received SIGSEGV!
[2008-12-25 17:23:27] BACKTRACE: 13 stack frames:
[2008-12-25 17:23:27] #0 /usr/local/bin/ctrlproxy [0x80504e6]
...
[2008-12-25 17:23:27] #12 /usr/local/bin/ctrlproxy [0x804f971]
}}}
trace from core.ctrlproxy.30254.theP4
{{{
(gdb) bt
#0 0xb7f21410 in __kernel_vsyscall ()
#1 0xb7c4a085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c4ba01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0805057d in signal_crash (sig=11) at src/main.c:101
#4 <signal handler called>
#5 0xb7db6f1e in g_queue_push_tail () from /usr/lib/libglib-2.0.so.0
#6 0x08067ada in transport_send_line (transport=0xb7e1e240, l=0x56272074) at lib/transport.c:287
#7 0x0806bc10 in network_send_line (s=0x8083170, c=0x8e96f90, ol=0xbfea90b0, is_private=1) at lib/connection.c:204
#8 0x08057f0b in process_from_client (c=0x8e96f90, _l=0x8e16038) at src/client.c:114
#9 0x080678a6 in handle_transport_receive (c=0xa502d90, cond=G_IO_IN, _transport=0xbc94578) at lib/transport.c:79
#10 0xb7dd9fed in ?? () from /usr/lib/libglib-2.0.so.0
#11 0xb7da5cc6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0xb7da9083 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0xb7da9467 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x08050209 in main (argc=Cannot access memory at address 0x0
) at src/main.c:384

Revision history for this message
lordjoe@comcast.net (lordjoecomcast.net) wrote :

It seems that when I "/ctrlproxy disconnect" then "/ctrlproxy detach" or "/quit" I get this error.

I see that we enter the client disconnect hooks when we disconnect from the ctrlproxy server (e.g. disconnect irc client after "/ctrlproxy disconnect"). The auto away hook tries to call network_send_args() which uses client->network.connection->transport->backend_ops->is_connected, but transport seems corrupted.

I think I finally found the problem: free_irc_transport() does not set transport to NULL after freeing it. It does get checked in network_send_line_direct(), so it seems that it should indeed explicitely be set to NULL.

Revision history for this message
lordjoe@comcast.net (lordjoecomcast.net) wrote :

Oops, I left out an important detail. The problem is that libirc/connection.c:close_server() calls free_irc_transport() and does not set transport to NULL.

Jelmer Vernooij (jelmer) on 2009-07-24
Changed in ctrlproxy:
status: In Progress → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers