Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-99151

tst_QSctpSocket::clientSendDataOnDelayedDisconnect() crash on Ubuntu 20.40

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 6.3.0 Feature Freeze
    • Fix Version/s: None
    • Component/s: Network: Sockets
    • Labels:
      None
    • Platform/s:
      Linux/X11

      Description

      This is off qtbase/799660d679e5cc1638d403a19871534627e17dc6 with {{config.opt}:

      -opensource
      -confirm-license
      -debug
      -force-debug-info
      -separate-debug-info
      -c++std
      c++2a
      -developer-build
      -sctp
      -pch
      -headersclean
      

      and a self-compiled GCC 11.2. Here's the trace when enabling sctp debug:

      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocket::QSctpSocket()
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocket::writeDatagram(0x8131e30, 7000, "", -1)
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocketPrivate::writeToSocket()
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocketPrivate::writeToSocket() sent datagram of size 7000 to channel 0
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocket::QSctpSocket()
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocket::setMaximumChannelCount(0)
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocketPrivate::canReadNotification()
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocketPrivate::canReadNotification() about to read 7000 bytes
      QDEBUG : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() QSctpSocketPrivate::canReadNotification() got datagram from channel -1, size = 7000
      QFATAL : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() ASSERT: "header.streamNumber >= 0" in file /home/marc/Qt/qtbase/src/network/socket/qsctpsocket.cpp, line 222
      FAIL!  : tst_QSctpSocket::clientSendDataOnDelayedDisconnect() Received a fatal error.
         Loc: [/home/marc/Qt/qtbase/src/network/socket/qsctpsocket.cpp(222)]
      Totals: 29 passed, 1 failed, 0 skipped, 0 blacklisted, 1844ms
      ********* Finished testing of tst_QSctpSocket *********
      ==2166687== 
      ==2166687== Process terminating with default action of signal 6 (SIGABRT)
      ==2166687==    at 0x586D18B: raise (raise.c:51)
      ==2166687==    by 0x584C858: abort (abort.c:79)
      ==2166687==    by 0x4CA33CC: qAbort() (in /home/marc/Qt/qtbase-build/lib/libQt6Core.so.6.3.0)
      ==2166687==    by 0x4CB2B70: qt_message_fatal(QtMsgType, QMessageLogContext const&, QString const&) (in /home/marc/Qt/qtbase-build/lib/libQt6Core.so.6.3.0)
      ==2166687==    by 0x4CAECE5: QMessageLogger::fatal(char const*, ...) const (in /home/marc/Qt/qtbase-build/lib/libQt6Core.so.6.3.0)
      ==2166687==    by 0x4CA3255: qt_assert(char const*, char const*, int) (in /home/marc/Qt/qtbase-build/lib/libQt6Core.so.6.3.0)
      ==2166687==    by 0x4AB0783: QSctpSocketPrivate::canReadNotification() (in /home/marc/Qt/qtbase-build/lib/libQt6Network.so.6.3.0)
      ==2166687==    by 0x49F34FC: QAbstractSocket::waitForReadyRead(int) (in /home/marc/Qt/qtbase-build/lib/libQt6Network.so.6.3.0)
      ==2166687==    by 0x409A9A: tst_QSctpSocket::clientSendDataOnDelayedDisconnect() (in /home/marc/Qt/qtbase-build/tests/auto/network/socket/qsctpsocket/tst_qsctpsocket)
      
      

      This is with an assertion header.streamNumber >= 0 added after the similar check for < size(). As far as I could make out, the QIpDatagramHeader's streamNumber is never touched in readDatagram(), despite us passing WantAll, so it comes out as -1. But I have no idea how this stuff works, so I'm Jira'ing it.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            manordheim MÃ¥rten Nordheim
            Reporter:
            mmutz Marc Mutz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes