transport_send_line crash

Bug #402503 reported by michael bishop <clever@nbnet.nb.ca>
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
CtrlProxy
Triaged
Medium
anonymous

Bug Description

[2008-12-08 23:05:04] Removed client (GameSurge/oldghost.local:55932)
[2008-12-08 23:41:35] error: Closing Link: clever by Gameservers.NJ.US.GameSurge.net (Excess Flood) (GameSurge)
[2008-12-08 23:41:35] Hangup from server, scheduling reconnect (GameSurge)
[2008-12-08 23:41:35] Reconnecting in 60 seconds (GameSurge)
[2008-12-08 23:41:36] Received SIGSEGV!
[2008-12-08 23:41:36] BACKTRACE: 13 stack frames:
[2008-12-08 23:41:36] #0 /usr/local/bin/ctrlproxy [0x80504e6]
[2008-12-08 23:41:36] #1 [0xb7fc5420]
[2008-12-08 23:41:36] #2 /usr/local/bin/ctrlproxy(transport_send_line+0x10a) [0x8067ada]
[2008-12-08 23:41:36] #3 /usr/local/bin/ctrlproxy(network_send_line+0x1c0) [0x806bc10]
[2008-12-08 23:41:36] #4 /usr/local/bin/ctrlproxy [0x8057f0b]
[2008-12-08 23:41:36] #5 /usr/local/bin/ctrlproxy [0x80678a6]
[2008-12-08 23:41:36] #6 /usr/lib/libglib-2.0.so.0 [0xb7e7dfed]
[2008-12-08 23:41:36] #7 /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x176) [0xb7e49cc6]
[2008-12-08 23:41:36] #8 /usr/lib/libglib-2.0.so.0 [0xb7e4d083]
[2008-12-08 23:41:36] #9 /usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1e7) [0xb7e4d467]
[2008-12-08 23:41:36] #10 /usr/local/bin/ctrlproxy(main+0x799) [0x8050209]
[2008-12-08 23:41:36] #11 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7cd9450]
[2008-12-08 23:41:36] #12 /usr/local/bin/ctrlproxy [0x804f971]
[2008-12-08 23:41:36] Please send a bug report to <email address hidden>.
[2008-12-08 23:41:36] A gdb backtrace is appreciated if you can reproduce this bug.
}}}

{{{
[New process 4434]
#0 0xb7fc5410 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fc5410 in __kernel_vsyscall ()
#1 0xb7cee085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7cefa01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0805057d in signal_crash (sig=11) at src/main.c:101
#4 <signal handler called>
#5 0xb7e5af1e in g_queue_push_tail () from /usr/lib/libglib-2.0.so.0
#6 0x08067ada in transport_send_line (transport=0xb7ec2240, l=0x65736e6f) at lib/transport.c:287
#7 0x0806bc10 in network_send_line (s=0x8083170, c=0x8532700, ol=0xbf962bc0, is_private=1) at lib/connection.c:204
#8 0x08057f0b in process_from_client (c=0x8532700, _l=0x9221788) at src/client.c:114
#9 0x080678a6 in handle_transport_receive (c=0x82b6c28, cond=G_IO_IN, _transport=0xa308600) at lib/transport.c:79
#10 0xb7e7dfed in ?? () from /usr/lib/libglib-2.0.so.0
#11 0xb7e49cc6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0xb7e4d083 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0xb7e4d467 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x08050209 in main (argc=Cannot access memory at address 0x0
) at src/main.c:384

Related branches

Revision history for this message
michael bishop <clever@nbnet.nb.ca> (michaelbishopclevernbnet.nb.ca) wrote :

[2008-12-25 17:23:25] error: Closing Link: clever[rev] by Snoke.NL.EU.GameSurge.net (Ping timeout) (GameSurge)
[2008-12-25 17:23:25] Hangup from server, scheduling reconnect (GameSurge)
[2008-12-25 17:23:26] Reconnecting in 60 seconds (GameSurge)
[2008-12-25 17:23:26] Tracking CTCP request 'VERSION' to igalo (GameSurge/acer:3518)
[2008-12-25 17:23:26] Received SIGSEGV!
[2008-12-25 17:23:27] BACKTRACE: 13 stack frames:
[2008-12-25 17:23:27] #0 /usr/local/bin/ctrlproxy [0x80504e6]
...
[2008-12-25 17:23:27] #12 /usr/local/bin/ctrlproxy [0x804f971]
}}}
trace from core.ctrlproxy.30254.theP4
{{{
(gdb) bt
#0 0xb7f21410 in __kernel_vsyscall ()
#1 0xb7c4a085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c4ba01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0805057d in signal_crash (sig=11) at src/main.c:101
#4 <signal handler called>
#5 0xb7db6f1e in g_queue_push_tail () from /usr/lib/libglib-2.0.so.0
#6 0x08067ada in transport_send_line (transport=0xb7e1e240, l=0x56272074) at lib/transport.c:287
#7 0x0806bc10 in network_send_line (s=0x8083170, c=0x8e96f90, ol=0xbfea90b0, is_private=1) at lib/connection.c:204
#8 0x08057f0b in process_from_client (c=0x8e96f90, _l=0x8e16038) at src/client.c:114
#9 0x080678a6 in handle_transport_receive (c=0xa502d90, cond=G_IO_IN, _transport=0xbc94578) at lib/transport.c:79
#10 0xb7dd9fed in ?? () from /usr/lib/libglib-2.0.so.0
#11 0xb7da5cc6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0xb7da9083 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0xb7da9467 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x08050209 in main (argc=Cannot access memory at address 0x0
) at src/main.c:384

Revision history for this message
lordjoe@comcast.net (lordjoecomcast.net) wrote :

It seems that when I "/ctrlproxy disconnect" then "/ctrlproxy detach" or "/quit" I get this error.

I see that we enter the client disconnect hooks when we disconnect from the ctrlproxy server (e.g. disconnect irc client after "/ctrlproxy disconnect"). The auto away hook tries to call network_send_args() which uses client->network.connection->transport->backend_ops->is_connected, but transport seems corrupted.

I think I finally found the problem: free_irc_transport() does not set transport to NULL after freeing it. It does get checked in network_send_line_direct(), so it seems that it should indeed explicitely be set to NULL.

Revision history for this message
lordjoe@comcast.net (lordjoecomcast.net) wrote :

Oops, I left out an important detail. The problem is that libirc/connection.c:close_server() calls free_irc_transport() and does not set transport to NULL.

Jelmer Vernooij (jelmer)
Changed in ctrlproxy:
status: In Progress → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.