Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warning "Trying to add the user "@...." but it's already in the user list" then SEGV #668

Open
berrange opened this issue Jun 5, 2023 · 3 comments
Labels
crash A crash occurs in the library code

Comments

@berrange
Copy link

berrange commented Jun 5, 2023

Describe the bug
Quaterion suddenly crashed on me, and on subsequent attempts to restart it, it always crashes. Immediately preceeding the crash is the message:

 Trying to add the user "@_oftc_xxxx:matrix.org" but it's already in the user list

NB I've replaced their real username with 'xxxx'

This seems relevant as that user is someone I was talking with at the time it first crashed.

Stack trace is as follows

Trying to add the user "@_oftc_ehuelsmann:matrix.org" but it's already in the user list

Thread 1 "quaternion" received signal SIGSEGV, Segmentation fault.
Quotient::Room::isEventNotable (this=0x5555567f0c80, ti=...) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:982
Downloading source file /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp
982         const auto& evt = *ti;                                                                                                                                       
(gdb) bt
#0  Quotient::Room::isEventNotable(Quotient::TimelineItem const&) const (this=0x5555567f0c80, ti=...) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:982
#1  0x00007ffff7edc669 in operator() (ti=..., acc=..., __closure=<synthetic pointer>) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/eventstats.cpp:20
#2  std::accumulate<std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, const Quotient::TimelineItem&, const Quotient::TimelineItem*> >, Quotient::EventStats, Quotient::EventStats::fromRange(const Quotient::Room*, const Quotient::Room::rev_iter_t&, const Quotient::Room::rev_iter_t&, const Quotient::EventStats&)::<lambda(Quotient::EventStats, const Quotient::TimelineItem&)> > (__binary_op=..., __init=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_numeric.h:169
#3  Quotient::EventStats::fromRange(Quotient::Room const*, std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, Quotient::TimelineItem const&, Quotient::TimelineItem const*> > const&, std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, Quotient::TimelineItem const&, Quotient::TimelineItem const*> > const&, Quotient::EventStats const&) (room=room@entry=0x5555567f0c80, from=..., to=..., init=...) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/eventstats.cpp:18
#4  0x00007ffff7edcbd4 in Quotient::EventStats::updateOnMarkerMove(Quotient::Room const*, std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, Quotient::TimelineItem const&, Quotient::TimelineItem const*> > const&, std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, Quotient::TimelineItem const&, Quotient::TimelineItem const*> > const&) (this=0x55555695f2f0, room=0x5555567f0c80, oldMarker=<optimized out>, newMarker=...)
    at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/eventstats.cpp:66
#5  0x00007ffff7ea90c1 in Quotient::Room::Private::setLocalLastReadReceipt(std::reverse_iterator<std::_Deque_iterator<Quotient::TimelineItem, Quotient::TimelineItem const&, Quotient::TimelineItem const*> > const&, Quotient::ReadReceipt, bool) (this=0x55555695f1b0, newMarker=..., newReceipt=..., deferStatsUpdate=<optimized out>)
    at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:780
#6  0x00007ffff7ec4329 in operator() (evt=<optimized out>, __closure=<optimized out>) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:3278
#7  Quotient::switchOnType<Quotient::Event, Quotient::Room::processEphemeralEvent(Quotient::EventPtr&&)::<lambda(const Quotient::ReceiptEvent&)> >
    (tail=<optimized out>, event=<optimized out>) at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/events/event.h:608
#8  Quotient::switchOnType<Quotient::Event, Quotient::Room::processEphemeralEvent(Quotient::EventPtr&&)::<lambda(const Quotient::TypingEvent&)>, Quotient::Room::processEphemeralEvent(Quotient::EventPtr&&)::<lambda(const Quotient::ReceiptEvent&)> > (fn1=<optimized out>, event=<optimized out>)
    at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/events/event.h:621
#9  Quotient::Room::processEphemeralEvent(std::unique_ptr<Quotient::Event, std::default_delete<Quotient::Event> >&&) (this=<optimized out>, event=<optimized out>)
    at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:3234
#10 0x00007ffff7eb0f88 in Quotient::Room::updateData(Quotient::SyncRoomData&&, bool) (this=0x5555567f0c80, data=..., fromCache=false)
    at /usr/src/debug/libquotient-0.7.1-2.fc38.x86_64/lib/room.cpp:1938
#11 0x00007ffff5edf73b in QObject::event(QEvent*) (this=0x5555567f0c80, e=0x555559cd91b0) at kernel/qobject.cpp:1347
#12 0x00007ffff77aeb75 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x5555567f0c80, e=0x555559cd91b0)
    at kernel/qapplication.cpp:3640
#13 0x00007ffff5eb3d48 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5555567f0c80, event=0x555559cd91b0) at kernel/qcoreapplication.cpp:1064
#14 0x00007ffff5eb3f62 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#15 0x00007ffff5eb71f5 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x555555678eb0)
    at kernel/qcoreapplication.cpp:1821
#16 0x00007ffff5eb74ad in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=<optimized out>, event_type=<optimized out>) at kernel/qcoreapplication.cpp:1680
#17 0x00007ffff5f06e2f in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x5555556be260) at kernel/qeventdispatcher_glib.cpp:277
#18 0x00007ffff471339c in g_main_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:3460
#19 g_main_context_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:4200
#20 0x00007ffff4771438 in g_main_context_iterate.isra.0 (context=0x7fffdc000ee0, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
#21 0x00007ffff4710a23 in g_main_context_iteration (context=0x7fffdc000ee0, may_block=1) at ../glib/gmain.c:4343
#22 0x00007ffff5f06919 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5555556bddf0, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#23 0x00007ffff5eb270b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffda20, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#24 0x00007ffff5eba99b in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#25 0x00007ffff63606bd in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#26 0x00007ffff77aeae9 in QApplication::exec() () at kernel/qapplication.cpp:2832
#27 0x00005555555a93c0 in main(int, char**) (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/quaternion-0.0.95.50~20230106g0315b395-1.fc38.x86_64/client/main.cpp:195

The memory for the 'ti' parameter passed in seems invalid

(gdb) print ti
$1 = (const Quotient::TimelineItem &) <error reading variable: Cannot access memory at address 0x7670001e1>

To Reproduce
Unknown how to reproduce independently of my system

Expected behavior
No crash

Is it environment-specific?

Fedora 38, x86_64 host install running

libquotient-0.7.1-2.fc38.x86_64
quaternion-0.0.95.50~20230106g0315b395-1.fc38.x86_64

@KitsuneRal
Copy link
Member

Thanks. The log line seems to be a red herring; the stacktrace is unrelated to it. This uncannily reminds me of #588; however, #588 was triggered (so I think, at least) by NeoChat using deprecated Room methods that seemed to be more harmful than I thought.

I'd appreciate it if you can check what [from, to) interval looks like (garbage pointers or referring to something reasonable), at frame 3.

@berrange
Copy link
Author

berrange commented Jun 5, 2023

I'd appreciate it if you can check what [from, to) interval looks like (garbage pointers or referring to something reasonable), at frame 3.

Looks like they're valid pointers

@KitsuneRal KitsuneRal added the crash A crash occurs in the library code label Jun 6, 2023
@KitsuneRal
Copy link
Member

Are all of them TimelineItems pointing to some *Event objects? std::accumulate traverses this very interval, a segfault means at least one of them must be garbage or nullptr.

Also: what is the interval size (to - from)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crash A crash occurs in the library code
Projects
Status: 0.9 - To Do
Development

No branches or pull requests

2 participants