Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interface crashes on bad WiFi #1119

Open
ksuprynowicz opened this issue Aug 24, 2024 · 4 comments · May be fixed by #1122
Open

Interface crashes on bad WiFi #1119

ksuprynowicz opened this issue Aug 24, 2024 · 4 comments · May be fixed by #1122

Comments

@ksuprynowicz
Copy link
Member

It crashes with:

[08/24 22:44:27] [DEBUG] [hifi.networking.ice] Silent domain checkins: 2
[08/24 22:44:27] [DEBUG] [hifi.networking] udt::Socket ( "UDP" QAbstractSocket::BoundState ) error -  0 QAbstractSocket::SocketError(22) ( "Unable to send a datagram" ) pending: 0  
[08/24 22:44:27] [DEBUG] [hifi.networking] udt::writeDatagram ( QAbstractSocket::BoundState "UDP ""195.201.114.16":49850 ) error -  0 QAbstractSocket::SocketError(22) ( "Unable to send a datagram" ) pending: 0  
malloc(): unaligned tcache chunk detected
Signal: SIGABRT (Aborted)

<unknown> 0x00007ffff04a53ac
udt::Socket::writeDatagram Socket.cpp:267
udt::Socket::writeDatagram Socket.cpp:244
udt::Socket::writePacket Socket.cpp:164
LimitedNodeList::sendUnreliablePacket LimitedNodeList.cpp:444
LimitedNodeList::sendUnreliablePacket LimitedNodeList.cpp:423
AbstractAudioInterface::emitAudioPacket AbstractAudioInterface.cpp:69
AudioClient::handleAudioInput AudioClient.cpp:1419
AudioClient::handleMicAudioInput AudioClient.cpp:1500
Application::notify Application.cpp:4292
@daleglass
Copy link
Contributor

Problem 1;

READ of size 4 at 0x5070003b4894 thread T169 (Networking: Sen)
    #0 0x81f34a in QString::length() const /usr/include/qt5/QtCore/qstring.h:1067
    #1 0x824d6c in QDebug::operator<<(QString const&) /usr/include/qt5/QtCore/qdebug.h:161
    #2 0x7f34b4aa24fb in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:268
    #3 0x7f34b4aa157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #4 0x7f34b4a776fc in udt::SendQueue::sendPacket(udt::Packet const&) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:145
    #5 0x7f34b4a7e58f in udt::SendQueue::maybeResendPacket() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:441
    #6 0x7f34b4a7aa3d in udt::SendQueue::run() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:285
    #7 0x7f34b4a94faf in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::SendQueue::*)()>::call(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #8 0x7f34b4a90573 in void QtPrivate::FunctionPointer<void (udt::SendQueue::*)()>::call<QtPrivate::List<>, void>(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #9 0x7f34b4a8c68b in QtPrivate::QSlotObject<void (udt::SendQueue::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #10 0x7f34e2aebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #11 0x7f34e28ed7bc in QThread::started(QThread::QPrivateSignal) .moc/moc_qthread.cpp:163
    #12 0x7f34e28efbae in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:345
    #13 0x7f34e28efbae in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #14 0x7f34f285df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #15 0x7f34cfea66d6 in start_thread (/lib64/libc.so.6+0x976d6) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #16 0x7f34cff2a60b in __clone3 (/lib64/libc.so.6+0x11b60b) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)

0x5070003b4894 is located 4 bytes inside of 76-byte region [0x5070003b4890,0x5070003b48dc)
freed by thread T163 (Networking: Sen) here:
    #0 0x7f34f28f6638 in free.part.0 (/lib64/libasan.so.8+0xf6638) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7f34e2973aa9 in QString::operator=(QString const&) (/lib64/libQt5Core.so.5+0x173aa9) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7f34e3b49672 in QAbstractSocketPrivate::setError(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1466
    #3 0x7f34e3b49672 in QAbstractSocketPrivate::setErrorAndEmit(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1479
    #4 0x7f34e3b4e006 in QUdpSocket::writeDatagram(char const*, long long, QHostAddress const&, unsigned short) (/lib64/libQt5Network.so.5+0x104006) (BuildId: 94a14ece044b422bc1ef9aaf1ae86ab99466455f)
    #5 0x7f34b4a4c996 in QUdpSocket::writeDatagram(QByteArray const&, QHostAddress const&, unsigned short) /usr/include/qt5/QtNetwork/qudpsocket.h:83
    #6 0x7f34b4a49c94 in NetworkSocket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/NetworkSocket.cpp:133
    #7 0x7f34b4aa1dde in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:257
    #8 0x7f34b4aa157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #9 0x7f34b4a776fc in udt::SendQueue::sendPacket(udt::Packet const&) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:145
    #10 0x7f34b4a7e58f in udt::SendQueue::maybeResendPacket() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:441
    #11 0x7f34b4a7aa3d in udt::SendQueue::run() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:285
    #12 0x7f34b4a94faf in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::SendQueue::*)()>::call(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #13 0x7f34b4a90573 in void QtPrivate::FunctionPointer<void (udt::SendQueue::*)()>::call<QtPrivate::List<>, void>(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #14 0x7f34b4a8c68b in QtPrivate::QSlotObject<void (udt::SendQueue::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #15 0x7f34e2aebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #16 0x7f34e28ed7bc in QThread::started(QThread::QPrivateSignal) .moc/moc_qthread.cpp:163
    #17 0x7f34e28efbae in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:345
    #18 0x7f34e28efbae in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #19 0x7f34f285df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

previously allocated by thread T169 (Networking: Sen) here:
    #0 0x7f34f28f7997 in malloc (/lib64/libasan.so.8+0xf7997) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7f34e28fafe9 in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/lib64/libQt5Core.so.5+0xfafe9) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7f34e2973467 in QString::QString(int, Qt::Initialization) (/lib64/libQt5Core.so.5+0x173467) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #3 0x7f34e2b0f7e1 in QUtf8::convertToUnicode(char const*, int) (/lib64/libQt5Core.so.5+0x30f7e1) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #4 0x7f34e2977b39 in QString::fromUtf8_helper(char const*, int) (/lib64/libQt5Core.so.5+0x177b39) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #5 0x7f34e2ab777d in QCoreApplication::translate(char const*, char const*, char const*, int) (/lib64/libQt5Core.so.5+0x2b777d) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #6 0x7f34e2ac028d in tr kernel/qmetaobject.cpp:398
    #7 0x7f34e3b4dff6 in QUdpSocket::tr(char const*, char const*, int) socket/qudpsocket.h:58
    #8 0x7f34b4a4c996 in QUdpSocket::writeDatagram(QByteArray const&, QHostAddress const&, unsigned short) /usr/include/qt5/QtNetwork/qudpsocket.h:83
    #9 0x7f34b4a49c94 in NetworkSocket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/NetworkSocket.cpp:133
    #10 0x7f34b4aa1dde in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:257
    #11 0x7f34b4aa157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #12 0x7f34b4a776fc in udt::SendQueue::sendPacket(udt::Packet const&) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:145
    #13 0x7f34b4a7e58f in udt::SendQueue::maybeResendPacket() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:441
    #14 0x7f34b4a7aa3d in udt::SendQueue::run() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:285
    #15 0x7f34b4a94faf in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::SendQueue::*)()>::call(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #16 0x7f34b4a90573 in void QtPrivate::FunctionPointer<void (udt::SendQueue::*)()>::call<QtPrivate::List<>, void>(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #17 0x7f34b4a8c68b in QtPrivate::QSlotObject<void (udt::SendQueue::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #18 0x7f34e2aebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #19 0x7f34e28ed7bc in QThread::started(QThread::QPrivateSignal) .moc/moc_qthread.cpp:163
    #20 0x7f34e28efbae in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:345
    #21 0x7f34e28efbae in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #22 0x7f34f285df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

Thread T169 (Networking: Sen) created by T41 (NodeList Thread) here:
    #0 0x7f34f28ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7f34e28ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7f34b4a73856 in udt::SendQueue::create(udt::Socket*, SockAddr, udt::SequenceNumber, unsigned int, bool) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:90
    #3 0x7f34b4a0c673 in udt::Connection::getSendQueue() /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:102
    #4 0x7f34b4a0f81a in udt::Connection::sendReliablePacketList(std::unique_ptr<udt::PacketList, std::default_delete<udt::PacketList> >) /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:155
    #5 0x7f34b4aa12c2 in udt::Socket::writeReliablePacketList(udt::PacketList*, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:234
    #6 0x7f34b447fdaf in udt::Socket::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/dale/git/build-debug/libraries/networking/networking_autogen/CX623MDDSI/moc_Socket.cpp:140
    #7 0x7f34e2ae3d62 in QObject::event(QEvent*) (/lib64/libQt5Core.so.5+0x2e3d62) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #8 0x7f34b6b8cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3640
    #9 0xa6891e in Application::notify(QObject*, QEvent*) /home/dale/git/overte/interface/src/Application.cpp:4292
    #10 0x7f34e2ab7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1064
    #11 0x7f34e2aba71b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) kernel/qcoreapplication.cpp:1821
    #12 0x7f34e2b0c0fe in postEventSourceDispatch kernel/qeventdispatcher_glib.cpp:277
    #13 0x7f34d210ee8b in g_main_context_dispatch_unlocked.lto_priv.0 (/lib64/libglib-2.0.so.0+0x5ce8b) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #14 0x7f34d2170c97 in g_main_context_iterate_unlocked.isra.0 (/lib64/libglib-2.0.so.0+0xbec97) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #15 0x7f34d2110382 in g_main_context_iteration (/lib64/libglib-2.0.so.0+0x5e382) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #16 0x7f34e2b0bbec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x30bbec) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #17 0x7f34e2ab5ada in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x2b5ada) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #18 0x7f34e28ee826 in QThread::exec() (/lib64/libQt5Core.so.5+0xee826) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #19 0x7f34e28efbc5 in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:350
    #20 0x7f34e28efbc5 in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #21 0x7f34f285df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

Thread T41 (NodeList Thread) created by T0 here:
    #0 0x7f34f28ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7f34e28ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7f34b1a7101f in moveToNewNamedThread(QObject*, QString const&, std::function<void (QThread*)>, std::function<void ()>, QThread::Priority) /home/dale/git/overte/libraries/shared/src/ThreadHelpers.cpp:68
    #3 0x7f34b1a715c3 in moveToNewNamedThread(QObject*, QString const&, QThread::Priority) /home/dale/git/overte/libraries/shared/src/ThreadHelpers.cpp:79
    #4 0x7f34b485e9f5 in NodeList::startThread() /home/dale/git/overte/libraries/networking/src/NodeList.cpp:1415
    #5 0x9f0a84 in Application::initialize(QCommandLineParser const&) /home/dale/git/overte/interface/src/Application.cpp:1188
    #6 0x1739c9b in main /home/dale/git/overte/interface/src/main.cpp:743
    #7 0x7f34cfe39087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #8 0x7f34cfe3914a in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2a14a) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #9 0x66cfc4 in _start (/home/dale/git/build-debug/interface/interface+0x66cfc4) (BuildId: 452a3e965d089fa7076b019d89ce0c086943070d)

Thread T163 (Networking: Sen) created by T41 (NodeList Thread) here:
    #0 0x7f34f28ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7f34e28ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7f34b4a73856 in udt::SendQueue::create(udt::Socket*, SockAddr, udt::SequenceNumber, unsigned int, bool) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:90
    #3 0x7f34b4a0c673 in udt::Connection::getSendQueue() /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:102
    #4 0x7f34b4a0f81a in udt::Connection::sendReliablePacketList(std::unique_ptr<udt::PacketList, std::default_delete<udt::PacketList> >) /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:155
    #5 0x7f34b4aa12c2 in udt::Socket::writeReliablePacketList(udt::PacketList*, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:234
    #6 0x7f34b447fdaf in udt::Socket::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/dale/git/build-debug/libraries/networking/networking_autogen/CX623MDDSI/moc_Socket.cpp:140
    #7 0x7f34e2ae3d62 in QObject::event(QEvent*) (/lib64/libQt5Core.so.5+0x2e3d62) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #8 0x7f34b6b8cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3640
    #9 0xa6891e in Application::notify(QObject*, QEvent*) /home/dale/git/overte/interface/src/Application.cpp:4292
    #10 0x7f34e2ab7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1064
    #11 0x7f34e2aba71b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) kernel/qcoreapplication.cpp:1821
    #12 0x7f34e2b0c0fe in postEventSourceDispatch kernel/qeventdispatcher_glib.cpp:277
    #13 0x7f34d210ee8b in g_main_context_dispatch_unlocked.lto_priv.0 (/lib64/libglib-2.0.so.0+0x5ce8b) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #14 0x7f34d2170c97 in g_main_context_iterate_unlocked.isra.0 (/lib64/libglib-2.0.so.0+0xbec97) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #15 0x7f34d2110382 in g_main_context_iteration (/lib64/libglib-2.0.so.0+0x5e382) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #16 0x7f34e2b0bbec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x30bbec) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #17 0x7f34e2ab5ada in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x2b5ada) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #18 0x7f34e28ee826 in QThread::exec() (/lib64/libQt5Core.so.5+0xee826) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #19 0x7f34e28efbc5 in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:350
    #20 0x7f34e28efbc5 in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #21 0x7f34f285df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/qt5/QtCore/qstring.h:1067 in QString::length() const
Shadow bytes around the buggy address:
  0x5070003b4600: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x5070003b4680: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00
  0x5070003b4700: 00 00 00 02 fa fa fa fa fd fd fd fd fd fd fd fd
  0x5070003b4780: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x5070003b4800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x5070003b4880: fa fa[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x5070003b4900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x5070003b4980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x5070003b4a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x5070003b4a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x5070003b4b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==90349==ABORTING

@daleglass
Copy link
Contributor

Problem 2:

=================================================================
==90719==ERROR: AddressSanitizer: attempting double-free on 0x507000e6d0e0 in thread T186 (Networking: Sen):
    #0 0x7ff7984f6638 in free.part.0 (/lib64/libasan.so.8+0xf6638) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff788573aa9 in QString::operator=(QString const&) (/lib64/libQt5Core.so.5+0x173aa9) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff789749672 in QAbstractSocketPrivate::setError(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1466
    #3 0x7ff789749672 in QAbstractSocketPrivate::setErrorAndEmit(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1479
    #4 0x7ff78974e006 in QUdpSocket::writeDatagram(char const*, long long, QHostAddress const&, unsigned short) (/lib64/libQt5Network.so.5+0x104006) (BuildId: 94a14ece044b422bc1ef9aaf1ae86ab99466455f)
    #5 0x7ff75a64c996 in QUdpSocket::writeDatagram(QByteArray const&, QHostAddress const&, unsigned short) /usr/include/qt5/QtNetwork/qudpsocket.h:83
    #6 0x7ff75a649c94 in NetworkSocket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/NetworkSocket.cpp:133
    #7 0x7ff75a6a1dde in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:257
    #8 0x7ff75a6a157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #9 0x7ff75a6776fc in udt::SendQueue::sendPacket(udt::Packet const&) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:145
    #10 0x7ff75a67e58f in udt::SendQueue::maybeResendPacket() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:441
    #11 0x7ff75a67aa3d in udt::SendQueue::run() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:285
    #12 0x7ff75a694faf in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::SendQueue::*)()>::call(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #13 0x7ff75a690573 in void QtPrivate::FunctionPointer<void (udt::SendQueue::*)()>::call<QtPrivate::List<>, void>(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #14 0x7ff75a68c68b in QtPrivate::QSlotObject<void (udt::SendQueue::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #15 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #16 0x7ff7884ed7bc in QThread::started(QThread::QPrivateSignal) .moc/moc_qthread.cpp:163
    #17 0x7ff7884efbae in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:345
    #18 0x7ff7884efbae in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #19 0x7ff79845df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #20 0x7ff775aa66d6 in start_thread (/lib64/libc.so.6+0x976d6) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #21 0x7ff775b2a60b in __clone3 (/lib64/libc.so.6+0x11b60b) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)

0x507000e6d0e0 is located 0 bytes inside of 76-byte region [0x507000e6d0e0,0x507000e6d12c)
freed by thread T188 (Networking: Sen) here:
    #0 0x7ff7984f6638 in free.part.0 (/lib64/libasan.so.8+0xf6638) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff788573aa9 in QString::operator=(QString const&) (/lib64/libQt5Core.so.5+0x173aa9) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff789749672 in QAbstractSocketPrivate::setError(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1466
    #3 0x7ff789749672 in QAbstractSocketPrivate::setErrorAndEmit(QAbstractSocket::SocketError, QString const&) socket/qabstractsocket.cpp:1479
    #4 0x7ff78974e006 in QUdpSocket::writeDatagram(char const*, long long, QHostAddress const&, unsigned short) (/lib64/libQt5Network.so.5+0x104006) (BuildId: 94a14ece044b422bc1ef9aaf1ae86ab99466455f)
    #5 0x7ff75a64c996 in QUdpSocket::writeDatagram(QByteArray const&, QHostAddress const&, unsigned short) /usr/include/qt5/QtNetwork/qudpsocket.h:83
    #6 0x7ff75a649c94 in NetworkSocket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/NetworkSocket.cpp:133
    #7 0x7ff75a6a1dde in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:257
    #8 0x7ff75a6a157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #9 0x7ff75a6776fc in udt::SendQueue::sendPacket(udt::Packet const&) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:145
    #10 0x7ff75a67e58f in udt::SendQueue::maybeResendPacket() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:441
    #11 0x7ff75a67aa3d in udt::SendQueue::run() /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:285
    #12 0x7ff75a694faf in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::SendQueue::*)()>::call(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #13 0x7ff75a690573 in void QtPrivate::FunctionPointer<void (udt::SendQueue::*)()>::call<QtPrivate::List<>, void>(void (udt::SendQueue::*)(), udt::SendQueue*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #14 0x7ff75a68c68b in QtPrivate::QSlotObject<void (udt::SendQueue::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #15 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #16 0x7ff7884ed7bc in QThread::started(QThread::QPrivateSignal) .moc/moc_qthread.cpp:163
    #17 0x7ff7884efbae in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:345
    #18 0x7ff7884efbae in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #19 0x7ff79845df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

previously allocated by thread T41 (NodeList Thread) here:
    #0 0x7ff7984f7997 in malloc (/lib64/libasan.so.8+0xf7997) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff7884fafe9 in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/lib64/libQt5Core.so.5+0xfafe9) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff788573467 in QString::QString(int, Qt::Initialization) (/lib64/libQt5Core.so.5+0x173467) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #3 0x7ff78870f7e1 in QUtf8::convertToUnicode(char const*, int) (/lib64/libQt5Core.so.5+0x30f7e1) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #4 0x7ff788577b39 in QString::fromUtf8_helper(char const*, int) (/lib64/libQt5Core.so.5+0x177b39) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #5 0x7ff7886b777d in QCoreApplication::translate(char const*, char const*, char const*, int) (/lib64/libQt5Core.so.5+0x2b777d) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #6 0x7ff7886c028d in tr kernel/qmetaobject.cpp:398
    #7 0x7ff78974dff6 in QUdpSocket::tr(char const*, char const*, int) socket/qudpsocket.h:58
    #8 0x7ff75a64c996 in QUdpSocket::writeDatagram(QByteArray const&, QHostAddress const&, unsigned short) /usr/include/qt5/QtNetwork/qudpsocket.h:83
    #9 0x7ff75a649c94 in NetworkSocket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/NetworkSocket.cpp:133
    #10 0x7ff75a6a1dde in udt::Socket::writeDatagram(QByteArray const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:257
    #11 0x7ff75a6a157d in udt::Socket::writeDatagram(char const*, long long, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:244
    #12 0x7ff75a69e2e1 in udt::Socket::writeBasePacket(udt::BasePacket const&, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:143
    #13 0x7ff75a611798 in udt::Connection::sendACK() /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:224
    #14 0x7ff75a613613 in udt::Connection::processReceivedSequenceNumber(udt::SequenceNumber, int, int) /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:278
    #15 0x7ff75a6a90d4 in udt::Socket::readPendingDatagrams() /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:467
    #16 0x7ff75a6cc20f in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::Socket::*)()>::call(void (udt::Socket::*)(), udt::Socket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #17 0x7ff75a6c52f3 in void QtPrivate::FunctionPointer<void (udt::Socket::*)()>::call<QtPrivate::List<>, void>(void (udt::Socket::*)(), udt::Socket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #18 0x7ff75a6bf78b in QtPrivate::QSlotObject<void (udt::Socket::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #21 0x7ff75a64e0df in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (NetworkSocket::*)()>::call(void (NetworkSocket::*)(), NetworkSocket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #22 0x7ff75a64dc93 in void QtPrivate::FunctionPointer<void (NetworkSocket::*)()>::call<QtPrivate::List<>, void>(void (NetworkSocket::*)(), NetworkSocket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #23 0x7ff75a64d4fb in QtPrivate::QSlotObject<void (NetworkSocket::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #24 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #25 0x7ff789749006 in QAbstractSocketPrivate::emitReadyRead(int) socket/qabstractsocket.cpp:1323
    #26 0x7ff789749006 in QAbstractSocketPrivate::canReadNotification() socket/qabstractsocket.cpp:748
    #27 0x7ff78975f728 in QReadNotifier::event(QEvent*) socket/qnativesocketengine.cpp:1274
    #28 0x7ff75c78cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3640
    #29 0xa6891e in Application::notify(QObject*, QEvent*) /home/dale/git/overte/interface/src/Application.cpp:4292
    #30 0x7ff7886b7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1064

Thread T186 (Networking: Sen) created by T41 (NodeList Thread) here:
    #0 0x7ff7984ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff7884ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff75a673856 in udt::SendQueue::create(udt::Socket*, SockAddr, udt::SequenceNumber, unsigned int, bool) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:90
    #3 0x7ff75a60c673 in udt::Connection::getSendQueue() /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:102
    #4 0x7ff75a60f33a in udt::Connection::sendReliablePacket(std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> >) /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:150
    #5 0x7ff75a6a0f22 in udt::Socket::writeReliablePacket(udt::Packet*, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:221
    #6 0x7ff75a69fbb0 in udt::Socket::writePacket(std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> >, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:178
    #7 0x7ff75a3143cb in LimitedNodeList::sendPacket(std::unique_ptr<NLPacket, std::default_delete<NLPacket> >, SockAddr const&, HMACAuth*) /home/dale/git/overte/libraries/networking/src/LimitedNodeList.cpp:466
    #8 0x7ff75a3129b2 in LimitedNodeList::sendPacket(std::unique_ptr<NLPacket, std::default_delete<NLPacket> >, Node const&) /home/dale/git/overte/libraries/networking/src/LimitedNodeList.cpp:452
    #9 0x7ff75a450c9a in NodeList::sendIgnoreRadiusStateToNode(QSharedPointer<Node> const&) /home/dale/git/overte/libraries/networking/src/NodeList.cpp:1051
    #10 0x7ff75a4573f8 in NodeList::maybeSendIgnoreSetToNode(QSharedPointer<Node>) /home/dale/git/overte/libraries/networking/src/NodeList.cpp:1230
    #11 0x7ff75a4b0482 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QSharedPointer<Node> >, void, void (NodeList::*)(QSharedPointer<Node>)>::call(void (NodeList::*)(QSharedPointer<Node>), NodeList*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #12 0x7ff75a4a3f63 in void QtPrivate::FunctionPointer<void (NodeList::*)(QSharedPointer<Node>)>::call<QtPrivate::List<QSharedPointer<Node> >, void>(void (NodeList::*)(QSharedPointer<Node>), NodeList*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #13 0x7ff75a49627b in QtPrivate::QSlotObject<void (NodeList::*)(QSharedPointer<Node>), QtPrivate::List<QSharedPointer<Node> >, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #14 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #15 0x7ff75a0350c1 in LimitedNodeList::nodeActivated(QSharedPointer<Node>) /home/dale/git/build-debug/libraries/networking/networking_autogen/UVLADIE3JM/moc_LimitedNodeList.cpp:629
    #16 0x7ff75a31d51e in operator() /home/dale/git/overte/libraries/networking/src/LimitedNodeList.cpp:767
    #17 0x7ff75a345580 in call /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
    #18 0x7ff75a344026 in call<QtPrivate::List<>, void> /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
    #19 0x7ff75a3419e4 in impl /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
    #20 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #21 0x7ff75a046031 in NetworkPeer::socketActivated(SockAddr const&) /home/dale/git/build-debug/libraries/networking/networking_autogen/UVLADIE3JM/moc_NetworkPeer.cpp:198
    #22 0x7ff75a4032c4 in NetworkPeer::setActiveSocket(SockAddr*) /home/dale/git/overte/libraries/networking/src/NetworkPeer.cpp:124
    #23 0x7ff75a403976 in NetworkPeer::activateLocalSocket() /home/dale/git/overte/libraries/networking/src/NetworkPeer.cpp:131
    #24 0x7ff75a44e027 in NodeList::activateSocketFromNodeCommunication(ReceivedMessage&, QSharedPointer<Node> const&) /home/dale/git/overte/libraries/networking/src/NodeList.cpp:1001
    #25 0x7ff75a4311c3 in NodeList::processPingReplyPacket(QSharedPointer<ReceivedMessage>, QSharedPointer<Node>) /home/dale/git/overte/libraries/networking/src/NodeList.cpp:282
    #26 0x7ff75a4cbca1 in PacketReceiver::SourcedListenerReference<NodeList>::invokeDirectly(QSharedPointer<ReceivedMessage> const&, QSharedPointer<Node> const&) /home/dale/git/overte/libraries/networking/src/PacketReceiver.h:173
    #27 0x7ff75a4df73b in operator() /home/dale/git/overte/libraries/networking/src/PacketReceiver.cpp:33
    #28 0x7ff75a4e8e70 in call /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
    #29 0x7ff75a4e8d96 in call<QtPrivate::List<>, void> /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
    #30 0x7ff75a4e8d64 in impl /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
    #31 0x7ff7886c1a09 in QMetaObject::invokeMethodImpl(QObject*, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, void*) (/lib64/libQt5Core.so.5+0x2c1a09) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #32 0x7ff75a4e8702 in invokeMethod<PacketReceiver::ListenerReference::invokeWithQt(const QSharedPointer<ReceivedMessage>&, const QSharedPointer<Node>&)::<lambda()> > /usr/include/qt5/QtCore/qobjectdefs.h:525
    #33 0x7ff75a4dffab in PacketReceiver::ListenerReference::invokeWithQt(QSharedPointer<ReceivedMessage> const&, QSharedPointer<Node> const&) /home/dale/git/overte/libraries/networking/src/PacketReceiver.cpp:32
    #34 0x7ff75a4e686c in PacketReceiver::handleVerifiedMessage(QSharedPointer<ReceivedMessage>, bool) /home/dale/git/overte/libraries/networking/src/PacketReceiver.cpp:219
    #35 0x7ff75a4e3a07 in PacketReceiver::handleVerifiedPacket(std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> >) /home/dale/git/overte/libraries/networking/src/PacketReceiver.cpp:148
    #36 0x7ff75a2fd503 in operator() /home/dale/git/overte/libraries/networking/src/LimitedNodeList.cpp:104
    #37 0x7ff75a34354b in __invoke_impl<void, LimitedNodeList::LimitedNodeList(int, int)::<lambda(std::unique_ptr<udt::Packet>)>&, std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> > > /usr/include/c++/14/bits/invoke.h:61
    #38 0x7ff75a340c66 in __invoke_r<void, LimitedNodeList::LimitedNodeList(int, int)::<lambda(std::unique_ptr<udt::Packet>)>&, std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> > > /usr/include/c++/14/bits/invoke.h:150
    #39 0x7ff75a33ef48 in _M_invoke /usr/include/c++/14/bits/std_function.h:290
    #40 0x7ff75a6b4562 in std::function<void (std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> >)>::operator()(std::unique_ptr<udt::Packet, std::default_delete<udt::Packet> >) const /usr/include/c++/14/bits/std_function.h:591
    #41 0x7ff75a6a99fa in udt::Socket::readPendingDatagrams() /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:489
    #42 0x7ff75a6cc20f in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (udt::Socket::*)()>::call(void (udt::Socket::*)(), udt::Socket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #43 0x7ff75a6c52f3 in void QtPrivate::FunctionPointer<void (udt::Socket::*)()>::call<QtPrivate::List<>, void>(void (udt::Socket::*)(), udt::Socket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #44 0x7ff75a6bf78b in QtPrivate::QSlotObject<void (udt::Socket::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #45 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #46 0x7ff75a0796f0 in NetworkSocket::readyRead() /home/dale/git/build-debug/libraries/networking/networking_autogen/CX623MDDSI/moc_NetworkSocket.cpp:228
    #47 0x7ff75a64e0df in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (NetworkSocket::*)()>::call(void (NetworkSocket::*)(), NetworkSocket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
    #48 0x7ff75a64dc93 in void QtPrivate::FunctionPointer<void (NetworkSocket::*)()>::call<QtPrivate::List<>, void>(void (NetworkSocket::*)(), NetworkSocket*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
    #49 0x7ff75a64d4fb in QtPrivate::QSlotObject<void (NetworkSocket::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
    #50 0x7ff7886ebf1d in void doActivate<false>(QObject*, int, void**) ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
    #51 0x7ff789749006 in QAbstractSocketPrivate::emitReadyRead(int) socket/qabstractsocket.cpp:1323
    #52 0x7ff789749006 in QAbstractSocketPrivate::canReadNotification() socket/qabstractsocket.cpp:748
    #53 0x7ff78975f728 in QReadNotifier::event(QEvent*) socket/qnativesocketengine.cpp:1274
    #54 0x7ff75c78cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3640
    #55 0xa6891e in Application::notify(QObject*, QEvent*) /home/dale/git/overte/interface/src/Application.cpp:4292
    #56 0x7ff7886b7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1064
    #57 0x7ff78870c6af in socketNotifierSourceDispatch kernel/qeventdispatcher_glib.cpp:107
    #58 0x7ff777d0ee8b in g_main_context_dispatch_unlocked.lto_priv.0 (/lib64/libglib-2.0.so.0+0x5ce8b) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #59 0x7ff777d70c97 in g_main_context_iterate_unlocked.isra.0 (/lib64/libglib-2.0.so.0+0xbec97) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #60 0x7ff777d10382 in g_main_context_iteration (/lib64/libglib-2.0.so.0+0x5e382) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #61 0x7ff78870bbec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x30bbec) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #62 0x7ff7886b5ada in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x2b5ada) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #63 0x7ff7884ee826 in QThread::exec() (/lib64/libQt5Core.so.5+0xee826) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #64 0x7ff7884efbc5 in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:350
    #65 0x7ff7884efbc5 in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #66 0x7ff79845df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

Thread T41 (NodeList Thread) created by T0 here:
    #0 0x7ff7984ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff7884ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff75767101f in moveToNewNamedThread(QObject*, QString const&, std::function<void (QThread*)>, std::function<void ()>, QThread::Priority) /home/dale/git/overte/libraries/shared/src/ThreadHelpers.cpp:68
    #3 0x7ff7576715c3 in moveToNewNamedThread(QObject*, QString const&, QThread::Priority) /home/dale/git/overte/libraries/shared/src/ThreadHelpers.cpp:79
    #4 0x7ff75a45e9f5 in NodeList::startThread() /home/dale/git/overte/libraries/networking/src/NodeList.cpp:1415
    #5 0x9f0a84 in Application::initialize(QCommandLineParser const&) /home/dale/git/overte/interface/src/Application.cpp:1188
    #6 0x1739c9b in main /home/dale/git/overte/interface/src/main.cpp:743
    #7 0x7ff775a39087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #8 0x7ff775a3914a in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2a14a) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
    #9 0x66cfc4 in _start (/home/dale/git/build-debug/interface/interface+0x66cfc4) (BuildId: 452a3e965d089fa7076b019d89ce0c086943070d)

Thread T188 (Networking: Sen) created by T41 (NodeList Thread) here:
    #0 0x7ff7984ef871 in pthread_create (/lib64/libasan.so.8+0xef871) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)
    #1 0x7ff7884ef609 in QThread::start(QThread::Priority) (/lib64/libQt5Core.so.5+0xef609) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #2 0x7ff75a673856 in udt::SendQueue::create(udt::Socket*, SockAddr, udt::SequenceNumber, unsigned int, bool) /home/dale/git/overte/libraries/networking/src/udt/SendQueue.cpp:90
    #3 0x7ff75a60c673 in udt::Connection::getSendQueue() /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:102
    #4 0x7ff75a60f81a in udt::Connection::sendReliablePacketList(std::unique_ptr<udt::PacketList, std::default_delete<udt::PacketList> >) /home/dale/git/overte/libraries/networking/src/udt/Connection.cpp:155
    #5 0x7ff75a6a12c2 in udt::Socket::writeReliablePacketList(udt::PacketList*, SockAddr const&) /home/dale/git/overte/libraries/networking/src/udt/Socket.cpp:234
    #6 0x7ff75a07fdaf in udt::Socket::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/dale/git/build-debug/libraries/networking/networking_autogen/CX623MDDSI/moc_Socket.cpp:140
    #7 0x7ff7886e3d62 in QObject::event(QEvent*) (/lib64/libQt5Core.so.5+0x2e3d62) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #8 0x7ff75c78cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3640
    #9 0xa6891e in Application::notify(QObject*, QEvent*) /home/dale/git/overte/interface/src/Application.cpp:4292
    #10 0x7ff7886b7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1064
    #11 0x7ff7886ba71b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) kernel/qcoreapplication.cpp:1821
    #12 0x7ff78870c0fe in postEventSourceDispatch kernel/qeventdispatcher_glib.cpp:277
    #13 0x7ff777d0ee8b in g_main_context_dispatch_unlocked.lto_priv.0 (/lib64/libglib-2.0.so.0+0x5ce8b) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #14 0x7ff777d70c97 in g_main_context_iterate_unlocked.isra.0 (/lib64/libglib-2.0.so.0+0xbec97) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #15 0x7ff777d10382 in g_main_context_iteration (/lib64/libglib-2.0.so.0+0x5e382) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649)
    #16 0x7ff78870bbec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x30bbec) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #17 0x7ff7886b5ada in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x2b5ada) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #18 0x7ff7884ee826 in QThread::exec() (/lib64/libQt5Core.so.5+0xee826) (BuildId: cbe9627b0e3c019c0832a55096a129215d44377b)
    #19 0x7ff7884efbc5 in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > thread/qthread_unix.cpp:350
    #20 0x7ff7884efbc5 in QThreadPrivate::start(void*) thread/qthread_unix.cpp:310
    #21 0x7ff79845df95 in asan_thread_start(void*) (/lib64/libasan.so.8+0x5df95) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64)

SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.8+0xf6638) (BuildId: 79824421bd82bb3ef4addf048e1265e2a93cfc64) in free.part.0
==90719==ABORTING

@daleglass
Copy link
Contributor

daleglass commented Aug 26, 2024
edited
Loading

Looked at the code, poked around...

my conclusion is that QUdpSocket isn't thread safe but we're using the same socket from several threads at once for whatever reason, and shouldn't be doing that.

setError is very simple code that doesn't try to do any kind of thread safety, and there doesn't seem to be anything up the chain either:

https://code.qt.io/cgit/qt/qtbase.git/tree/src/network/socket/qabstractsocket.cpp?h=5.15#n1462

That it only blows up in setError() is probably because there's not that much to a socket and an internal QString is the one fiddly bit that has a tendency to blow up. The problem probably manifests in other ways that don't crash.

The reason why it only happens on unreliable connections is because network errors invoke the code that exercise this path.

@daleglass
Copy link
Contributor

Further investigation:

In SendQueue::create, in SendQueue.cpp we hand off an existing socket to a thread. I thought this was a Qt object, but it's actually ours, udt::Socket. And it already has some provisions for locking:

    Mutex _unreliableSequenceNumbersMutex;
    Mutex _connectionsHashMutex;

Looks like we need a third lock for the inner socket (which may be UDP or WebRTC). And that should neatly solve the issue.

daleglass added a commit to daleglass-overte/overte that referenced this issue Aug 27, 2024
@daleglass
Add locking around sockets, since QUdpSocket isn't thread safe enough.
964dbbb 
This fixes overte-org#1119
@daleglass daleglass linked a pull request Aug 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add locking around sockets, since QUdpSocket isn't thread safe enough. daleglass-overte/overte
2 participants
@ksuprynowicz @daleglass