Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#14307 closed defect (fixed)

MSN Crashes [Invalid P2P Info version]

Reported by: noccy Owned by: QuLogic
Milestone: 2.10.0 Component: MSN
Version: 2.8.0 Keywords:
Cc:

Description

Tried to get to the bottom with the numerous segfaults that I have associated with activity on MSN accounts. Running Pidgin for a day in debug mode finally rendered this result:

I have anonymized the log slightly, will post the complete log if needed for further debugging

(06:32:51) msn: S: NS 000: NLN NLN XXX@hotmail.com 1 Atherion 1074806816:2281833472 0
(06:32:51) g_log: msn_object_get_sha1: assertion `obj != NULL' failed
(06:32:51) g_log: msn_object_find_local: assertion `sha1 != NULL' failed
(06:32:51) blist: Updating buddy status for ath-erion@hotmail.com (MSN)
(06:32:51) pidgin-libnotify: notify(), new: title: 'XXX', body: 'is online', buddy: 'XXX'
(06:32:51) pidgin-libnotify: notify(), has a prpl icon.
(06:32:51) msn: S: NS 000: UBX XXX@hotmail.com 1 87
(06:32:51) msn: UBX received.
(06:32:51) msn: msn get PSM
(06:32:51) msn: No PSM status Node
(06:32:51) msn: Get CurrentMedia
(06:32:51) msn: No CurrentMedia Node
(06:32:51) msn: No currentmedia string
(06:32:51) msn: Get EndpointData
(06:32:51) blist: Updating buddy status for XXX@hotmail.com (MSN)
(06:32:51) msn: S: NS 000: NLN NLN XXX@hotmail.com 1 XXX 1074806816:2281833472 <snip>
(06:32:51) msn: new httpconn (0xab34228)
(06:32:51) msn: C: NS 000: XFR 35 SB
(06:32:51) msn: switchboard send msg..
(06:32:51) msn: Appending message to queue.
(06:32:51) blist: Updating buddy status for XXX@hotmail.com (MSN)
(06:32:51) msn: S: NS 000: UBX XXX@hotmail.com 1 268
(06:32:51) msn: UBX received.
(06:32:51) msn: msn get PSM
(06:32:51) msn: No PSM status Node
(06:32:51) msn: Get CurrentMedia
(06:32:51) msn: No CurrentMedia Node
(06:32:51) msn: No currentmedia string
(06:32:51) msn: Get EndpointData
(06:32:51) blist: Updating buddy status for XXX@hotmail.com (MSN)
(06:32:51) msn: S: NS 000: UBX ath-erion@hotmail.com 1 575
(06:32:51) msn: UBX received.
(06:32:51) msn: msn get PSM
(06:32:51) msn: Get CurrentMedia
(06:32:51) msn: No currentmedia string
(06:32:51) msn: Get EndpointData
(06:32:51) blist: Updating buddy status for XXX@hotmail.com (MSN)
(06:32:51) msn: S: NS 000: XFR 35 SB 64.4.61.153:1863 CKI 208341467.2438442.21217881 U messenger.msn.com 1
(06:32:51) msn: Switchboard:auth:{208341467.2438442.21217881} socket:{64.4.61.153:1863}
(06:32:51) dnsquery: Performing DNS lookup for 64.4.61.153
(06:32:51) dnsquery: IP resolved for 64.4.61.153
(06:32:51) proxy: Attempting connection to 64.4.61.153
(06:32:51) proxy: Connecting to 64.4.61.153:1863 with no proxy
(06:32:51) proxy: Connection in progress
(06:32:52) proxy: Connecting to 64.4.61.153:1863.
(06:32:52) proxy: Connected to 64.4.61.153:1863.
(06:32:52) msn: C: SB 031: USR 1 noccy@chillat.net;{139E9DD3-9866-8781-9FE5-AE2C3F4D386D} 208341467.2438442.21217881
(06:32:52) msn: S: SB 031: USR 1 OK noccy@chillat.net;{139e9dd3-9866-8781-9fe5-ae2c3f4d386d} Noccy
(06:32:52) msn: C: SB 031: CAL 2 XXX@hotmail.com
(06:32:52) msn: S: SB 031: CAL 2 RINGING 208341467
(06:32:52) msn: S: SB 031: JOI XXX@hotmail.com XXX 1074806816:2281833472
(06:32:52) msn: Processing queue
(06:32:52) msn: Sending message
(06:32:52) msn: C: SB 031: MSG 3 D 817
(06:32:52) msn: switchboard send msg..
(06:32:52) msn: C: SB 031: MSG 4 U 98
(06:32:53) msn: S: SB 031: ACK 3
(06:32:53) msn: switchboard send msg..
(06:32:53) msn: C: SB 031: MSG 5 D 817
(06:32:53) msn: S: SB 031: MSG XXX@hotmail.com XXX 142
(06:32:53) msn: S: SB 031: MSG XXX@hotmail.com XXX 476
(06:32:53) msn: msn_slplink_process_msg: slpmsg complete
(06:32:53) msn: msn_slplink_process_msg: send ACK
(06:32:53) msn: switchboard send msg..
(06:32:53) msn: C: SB 031: MSG 6 D 146
(06:32:53) msn: S: SB 031: MSG XXX@hotmail.com XXX 146
(06:32:53) msn: S: SB 031: MSG XXX@hotmail.com XXX 1344
(06:32:53) msn: S: SB 031: MSG XXX@hotmail.com XXX 1304
(06:32:53) msn: Invalid P2P Info version: 85132
Segmentation fault

Attachments (1)

screenlog.0 (7.9 KB) - added by noccy 8 years ago.
full backtrace w. debug info

Download all attachments as: .zip

Change History (17)

comment:1 Changed 8 years ago by noccy

  • Summary changed from MSN Crashes to MSN Crashes [Invalid P2P Info version]

comment:2 Changed 8 years ago by darkrain42

  • Status changed from new to pending

Please follow the instructions to get a backtrace and attach it to this ticket.

comment:3 Changed 8 years ago by noccy

  • Status changed from pending to new
Program received signal SIGSEGV, Segmentation fault.
0xb5372725 in msn_p2p_info_get_session_id () from /usr/lib/purple-2/libmsn.so

Backtrace:

#0  0xb5372725 in msn_p2p_info_get_session_id () from /usr/lib/purple-2/libmsn.so
#1  0xb5378098 in msn_slplink_process_msg () from /usr/lib/purple-2/libmsn.so
#2  0xb535f845 in msn_p2p_msg () from /usr/lib/purple-2/libmsn.so
#3  0xb5354589 in msn_cmdproc_process_msg () from /usr/lib/purple-2/libmsn.so
#4  0xb537ba17 in ?? () from /usr/lib/purple-2/libmsn.so
#5  0xb53543dd in msn_cmdproc_process_payload () from /usr/lib/purple-2/libmsn.so
#6  0xb5373c91 in msn_servconn_process_data () from /usr/lib/purple-2/libmsn.so
#7  0xb5373e3b in ?? () from /usr/lib/purple-2/libmsn.so
#8  0x080ab713 in ?? ()
#9  0xb76ef78b in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#10 0xb76a7aa8 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#11 0xb76a8270 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#12 0xb76a892b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#13 0xb7aa9c39 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#14 0x080c7ade in main ()

comment:4 Changed 8 years ago by darkrain42

  • Status changed from new to pending

Please install the debug symbols for your version of libpurple (apt-get install pidgin-dbg on Debian/Ubuntu?, or similar on other distros) and get another backtrace.

comment:5 Changed 8 years ago by noccy

  • Status changed from pending to new

Already done, just have to wait for it to crash again (i.e. wait for a msn contact to message me) and I will post it to you.

Changed 8 years ago by noccy

full backtrace w. debug info

comment:6 Changed 8 years ago by noccy

It seem to be one single user causing these crashes by simply logging on. However, this doesn't occur every time but frequently enough. He is using Digsby.

comment:7 Changed 8 years ago by QuLogic

Ticket #14318 has been marked as a duplicate of this ticket.

comment:8 Changed 8 years ago by QuLogic

Ticket #14350 has been marked as a duplicate of this ticket.

comment:9 Changed 8 years ago by QuLogic

Ticket #14377 has been marked as a duplicate of this ticket.

comment:10 Changed 8 years ago by D_V

Might be related, pidgin 2.9.0 from the ubuntu ppa, running ubuntu 10.04 x64.

Pidgin crashes at random times, seems to always be when AFK...

Core was generated by `pidgin'.
Program terminated with signal 6, Aborted.
#0  0x00007fb80bd57a75 in raise () from /lib/libc.so.6
(gdb) bt full
#0  0x00007fb80bd57a75 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0x00007fb80bd5b5c0 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0x00000000004871b1 in sighandler (sig=11) at /build/buildd/pidgin-2.9.0/./pidgin/gtkmain.c:179
        written = <value optimized out>
#3  <signal handler called>
No symbol table info available.
#4  msn_p2p_info_get_session_id (info=0x0) at /build/buildd/pidgin-2.9.0/./libpurple/protocols/msn/p2p.c:520
        session_id = <value optimized out>
#5  0x00007fb7f5562239 in msn_slplink_message_find (slplink=0x2127880, part=0x22fc8c0)
    at /build/buildd/pidgin-2.9.0/./libpurple/protocols/msn/slplink.c:433
        e = 0x2168ae0
#6  msn_slplink_process_msg (slplink=0x2127880, part=0x22fc8c0) at /build/buildd/pidgin-2.9.0/./libpurple/protocols/msn/slplink.c:582
        session_id = 1019305999
        id = 345751391
        slpmsg = 0x235e740
        info = 0x2392110
#7  0x00007fb7f5542c9b in msn_cmdproc_process_msg (cmdproc=0x1eea890, msg=0x237e3f0)
    at /build/buildd/pidgin-2.9.0/./libpurple/protocols/msn/cmdproc.c:265
        message_id = 0x0
#8  0x00007fb7f5565f3f in msg_cmd_post (cmdproc=0x1eea890, cmd=0x1f93a00, 
    payload=0x2310e25 "MIME-Version: 1.0\r\nContent-Type: application/x-msnmsgrp2p\r\nP2P-Dest: dv***@gmail.com\r\n\r\n\017`\301<_\277\233\024\262\004", len=1344) at /build/buildd/pidgin-2.9.0/./libpurple/protocols/msn/switchboard.c:693
        msg = <value optimized out>
#9  0x00007fb7f555e63f in msn_servconn_process_data (servconn=0x2282e00)

I will keep the core dump on file, so let me know if needed.

comment:11 Changed 8 years ago by ReidZB

This happens for me as well. Running Pidgin 2.9.0-2 on Arch Linux.

Backtrace (apologies for no symbols):

Program received signal SIGSEGV, Segmentation fault.
0xb683f4a3 in msn_p2p_info_get_session_id () from /usr/lib/purple-2/libmsn.so
(gdb) bt full
#0  0xb683f4a3 in msn_p2p_info_get_session_id ()
   from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#1  0xb6844e08 in msn_slplink_process_msg () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#2  0xb682c695 in msn_p2p_msg () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#3  0xb6821533 in msn_cmdproc_process_msg () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#4  0xb68485dc in ?? () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#5  0xb682138f in msn_cmdproc_process_payload ()
   from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#6  0xb68409ba in msn_servconn_process_data () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#7  0xb6840b5a in ?? () from /usr/lib/purple-2/libmsn.so
No symbol table info available.
#8  0x080ac956 in ?? ()
No symbol table info available.
#9  0xb762c6ce in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#10 0xb75e6c4f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#11 0xb75e73b0 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0xb75e7aeb in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#13 0xb7a20b2f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#14 0x0806d8c7 in main ()
No symbol table info available.
(gdb) info registers
eax            0x0	0
ecx            0x8cdc4a8	147702952
edx            0x0	0
ebx            0xb686a2a0	-1232690528
esp            0xbfffb230	0xbfffb230
ebp            0x8e2b580	0x8e2b580
esi            0x8e4fad0	149224144
edi            0x6307c47b	1661453435
eip            0xb683f4a3	0xb683f4a3 <msn_p2p_info_get_session_id+19>
eflags         0x10296	[ PF AF SF IF RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
(gdb) x/16i $pc
=> 0xb683f4a3 <msn_p2p_info_get_session_id+19>:	mov    (%edx),%eax
   0xb683f4a5 <msn_p2p_info_get_session_id+21>:	test   %eax,%eax
   0xb683f4a7 <msn_p2p_info_get_session_id+23>:
    jne    0xb683f4b8 <msn_p2p_info_get_session_id+40>
   0xb683f4a9 <msn_p2p_info_get_session_id+25>:	mov    0x4(%edx),%eax
   0xb683f4ac <msn_p2p_info_get_session_id+28>:	add    $0x18,%esp
   0xb683f4af <msn_p2p_info_get_session_id+31>:	pop    %ebx
   0xb683f4b0 <msn_p2p_info_get_session_id+32>:	ret
   0xb683f4b1 <msn_p2p_info_get_session_id+33>:	lea    0x0(%esi,%eiz,1),%esi
   0xb683f4b8 <msn_p2p_info_get_session_id+40>:	cmp    $0x1,%eax
   0xb683f4bb <msn_p2p_info_get_session_id+43>:
    je     0xb683f4e0 <msn_p2p_info_get_session_id+80>
   0xb683f4bd <msn_p2p_info_get_session_id+45>:	mov    %eax,0x8(%esp)
   0xb683f4c1 <msn_p2p_info_get_session_id+49>:	lea    -0xcf6a(%ebx),%eax
   0xb683f4c7 <msn_p2p_info_get_session_id+55>:	mov    %eax,0x4(%esp)
   0xb683f4cb <msn_p2p_info_get_session_id+59>:	lea    -0x113a4(%ebx),%eax
   0xb683f4d1 <msn_p2p_info_get_session_id+65>:	mov    %eax,(%esp)
   0xb683f4d4 <msn_p2p_info_get_session_id+68>:
    call   0xb682039c <purple_debug_error@plt>
(gdb) thread apply all backtrace

Thread 2 (Thread 0xad445b70 (LWP 14584)):
#0  0xb7fde424 in __kernel_vsyscall ()
#1  0xb73bfd4e in poll () from /lib/libc.so.6
#2  0xb75f5e6b in g_poll () from /usr/lib/libglib-2.0.so.0
#3  0xb75e72b6 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0xb75e7aeb in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#5  0xb7114ae1 in ?? () from /usr/lib/libgio-2.0.so.0
#6  0xb760e2e4 in ?? () from /usr/lib/libglib-2.0.so.0
#7  0xb7466c77 in start_thread () from /lib/libpthread.so.0
#8  0xb73ca43e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb6cf0820 (LWP 12610)):
#0  0xb683f4a3 in msn_p2p_info_get_session_id ()
   from /usr/lib/purple-2/libmsn.so
#1  0xb6844e08 in msn_slplink_process_msg () from /usr/lib/purple-2/libmsn.so
#2  0xb682c695 in msn_p2p_msg () from /usr/lib/purple-2/libmsn.so
#3  0xb6821533 in msn_cmdproc_process_msg () from /usr/lib/purple-2/libmsn.so
#4  0xb68485dc in ?? () from /usr/lib/purple-2/libmsn.so
#5  0xb682138f in msn_cmdproc_process_payload ()
   from /usr/lib/purple-2/libmsn.so
#6  0xb68409ba in msn_servconn_process_data () from /usr/lib/purple-2/libmsn.so
#7  0xb6840b5a in ?? () from /usr/lib/purple-2/libmsn.so
#8  0x080ac956 in ?? ()
#9  0xb762c6ce in ?? () from /usr/lib/libglib-2.0.so.0
#10 0xb75e6c4f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#11 0xb75e73b0 in ?? () from /usr/lib/libglib-2.0.so.0
#12 0xb75e7aeb in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#13 0xb7a20b2f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#14 0x0806d8c7 in main ()

It is very random. I waited 44 hours for this particular segfault to occur. My MSN list is quite lengthy, so I can't be sure if it's one particular person causing the issue or not.

comment:12 Changed 8 years ago by QuLogic

Ticket #14378 has been marked as a duplicate of this ticket.

comment:13 Changed 8 years ago by qulogic@…

  • Milestone set to 2.9.1
  • Resolution set to fixed
  • Status changed from new to closed

(In 0c632f590d463f7d1615272d2651095b77504a8a):
Remove duplicate calls to msn_slpmsg_set_slplink. This function is already called when a slpmsg is created, and calling it again will place the slpmsg on the slplink list an extra time. If the slpmsg is freed, then the first entry is removed, but the second remains, and can cause crashes due to invalid memory accesses.

Fixes #14307.

comment:14 Changed 8 years ago by darkrain42

Ticket #14435 has been marked as a duplicate of this ticket.

comment:15 Changed 8 years ago by QuLogic

Ticket #14488 has been marked as a duplicate of this ticket.

comment:16 Changed 8 years ago by QuLogic

Ticket #14508 has been marked as a duplicate of this ticket.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!