Bug 22535

Summary: Crashes if you disconnect while waiting for GTalk relay's /create_session reply
Product: Telepathy Reporter: Will Thompson <will>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: critical    
Priority: medium Keywords: patch
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://git.collabora.co.uk/?p=user/wjt/telepathy-gabble-wjt.git;a=shortlog;h=refs/heads/crash-on-google-relay-cb
Whiteboard:
i915 platform: i915 features:

Description Will Thompson 2009-06-29 10:34:10 UTC
If you disconnect before the /create_session HTTP request gets a response, Gabble crashes as follows:

#0  0x00002b8dabac9065 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00002b8dabacc153 in *__GI_abort () at abort.c:88
#2  0x00002b8dab3080be in IA__g_logv (log_domain=0x2b8dab335ec6 "GLib", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x2b8dab33e65d "%s: assertion `%s' failed", args1=0x7fff011e4040)
    at /tmp/buildd/glib2.0-2.20.3/glib/gmessages.c:506
#3  0x00002b8dab308143 in IA__g_log (log_domain=0x139f <Address 0x139f out of bounds>, log_level=5023, 
    format=0x6 <Address 0x6 out of bounds>) at /tmp/buildd/glib2.0-2.20.3/glib/gmessages.c:526
#4  0x00002b8dab2f117b in g_hash_table_remove_internal (hash_table=0x0, key=0xa2efe0, notify=1)
    at /tmp/buildd/glib2.0-2.20.3/glib/ghash.c:971
#5  0x000000000041f3e0 in session_terminated_cb (session=<value optimized out>, 
    local_terminator=<value optimized out>, reason=<value optimized out>, factory=0x9e5030) at jingle-factory.c:915
#6  0x00002b8daa83411d in IA__g_closure_invoke (closure=0x9dcc30, return_value=0x0, n_param_values=3, 
    param_values=0x9eb450, invocation_hint=0x7fff011e42c0) at /tmp/buildd/glib2.0-2.20.3/gobject/gclosure.c:767
#7  0x00002b8daa847c2b in signal_emit_unlocked_R (node=0x9f73e0, detail=0, instance=0x9f2710, emission_return=0x0, 
    instance_and_params=0x9eb450) at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:3247
#8  0x00002b8daa849022 in IA__g_signal_emit_valist (instance=0x9f2710, signal_id=<value optimized out>, detail=0, 
    var_args=0x7fff011e44a0) at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:2980
#9  0x00002b8daa8494f3 in IA__g_signal_emit (instance=0x139f, signal_id=5023, detail=6)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:3037
#10 0x0000000000424884 in gabble_jingle_session_terminate (sess=0x9f2710, reason=TP_CHANNEL_GROUP_CHANGE_REASON_NONE, 
    error=<value optimized out>) at jingle-session.c:2026
#11 0x0000000000473342 in gabble_media_channel_close (self=0x9f9ae0) at media-channel.c:910
#12 0x0000000000476a05 in gabble_media_channel_dispose (object=0x9f9ae0) at media-channel.c:850
#13 0x00002b8daa836092 in IA__g_object_unref (_object=<value optimized out>)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gobject.c:2393
#14 0x00000000004737ac in stream_creation_data_free (p=<value optimized out>) at media-channel.c:2677
#15 0x000000000041ec06 in relay_session_data_call (p=<value optimized out>) at jingle-factory.c:988
#16 0x000000000041ecd8 in on_http_response (soup=<value optimized out>, msg=0x9e5190, user_data=<value optimized out>)
    at jingle-factory.c:1146
#17 0x00002b8da9b150b5 in ?? () from /usr/lib/libsoup-2.4.so.1
#18 0x00002b8daa83411d in IA__g_closure_invoke (closure=0xa204c0, return_value=0x0, n_param_values=1, 
    param_values=0xa2bb20, invocation_hint=0x7fff011e4830) at /tmp/buildd/glib2.0-2.20.3/gobject/gclosure.c:767
#19 0x00002b8daa8481ac in signal_emit_unlocked_R (node=0xa08bd0, detail=0, instance=0x9e5190, emission_return=0x0, 
    instance_and_params=0xa2bb20) at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:3317
#20 0x00002b8daa849022 in IA__g_signal_emit_valist (instance=0x9e5190, signal_id=<value optimized out>, detail=0, 
    var_args=0x7fff011e4a10) at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:2980
#21 0x00002b8daa8494f3 in IA__g_signal_emit (instance=0x139f, signal_id=5023, detail=6)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gsignal.c:3037
#22 0x00002b8da9b12429 in soup_session_abort () from /usr/lib/libsoup-2.4.so.1
#23 0x00002b8da9b13e95 in ?? () from /usr/lib/libsoup-2.4.so.1
#24 0x00002b8daa836092 in IA__g_object_unref (_object=<value optimized out>)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gobject.c:2393
#25 0x000000000041f699 in gabble_jingle_factory_dispose (object=0x9e5030) at jingle-factory.c:464
#26 0x00002b8daa836092 in IA__g_object_unref (_object=<value optimized out>)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gobject.c:2393
#27 0x0000000000416b08 in gabble_connection_dispose (object=0x9de310) at connection.c:869
#28 0x00002b8daa836092 in IA__g_object_unref (_object=<value optimized out>)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gobject.c:2393
#29 0x00002b8daa856353 in IA__g_value_unset (value=0xa22c30) at /tmp/buildd/glib2.0-2.20.3/gobject/gvalue.c:276
#30 0x00002b8daa8573dd in IA__g_value_array_free (value_array=0xa2da20)
    at /tmp/buildd/glib2.0-2.20.3/gobject/gvaluearray.c:149
#31 0x00002b8daa3d141f in ?? () from /usr/lib/libdbus-glib-1.so.2
#32 0x00002b8daa603f11 in ?? () from /usr/lib/libdbus-1.so.3
#33 0x00002b8daa5f6746 in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.3
#34 0x00002b8daa3cf2a5 in ?? () from /usr/lib/libdbus-glib-1.so.2
#35 0x00002b8dab2fdf7a in IA__g_main_context_dispatch (context=0x9c5200)
    at /tmp/buildd/glib2.0-2.20.3/glib/gmain.c:1814
#36 0x00002b8dab3015f8 in g_main_context_iterate (context=0x9c5200, block=1, dispatch=1, self=<value optimized out>)
    at /tmp/buildd/glib2.0-2.20.3/glib/gmain.c:2445
#37 0x00002b8dab301aed in IA__g_main_loop_run (loop=0x9c52e0) at /tmp/buildd/glib2.0-2.20.3/glib/gmain.c:2653
#38 0x00002b8dab62cdc8 in tp_run_connection_manager (prog_name=<value optimized out>, version=0x48547b "0.7.30.1", 
    construct_cm=0x41d1f0 <construct_cm>, argc=<value optimized out>, argv=<value optimized out>) at run.c:281
#39 0x00002b8dabab55a6 in __libc_start_main (main=0x413050 <main>, argc=1, ubp_av=0x7fff011e54a8, 
    init=0x4849b0 <__libc_csu_init>, fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff011e5498) at libc-start.c:222
#40 0x0000000000412f89 in _start () at ../sysdeps/x86_64/elf/start.S:113

I've also seen a slightly different crash when gabble_media_channel_dispose attempts to call a method on its connection and TP_IS_BASE_CONNECTION fails; presumably it's outlived the connection, but I'm not sure exactly how it happens, and lost the backtrace. :(
Comment 1 Will Thompson 2009-06-29 11:23:03 UTC
My branch 'crash-on-google-relay-cb' fixes this.
Comment 2 Will Thompson 2009-07-01 09:03:10 UTC
Merged; will be in 0.7.31.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.