Segmentation Fault in libpinggy.so During Keepalive / Reconnect (protocol::Session::sendMsg)

[Lcstyle]

Summary

crashes with a segmentation fault inside libpinggy.so when the tunnel is reconnecting and a keepalive message is being sent.
The crash occurs before any Python exception is raised, indicating the issue is entirely in the native Pinggy SDK.

Core evidence points to a null pointer or race condition inside protocol::Session::sendMsg.

---

Environment

(Full details attached in pinggy-env.txt)

• OS: Fedora 42
• Python: 3.13.9
• Pinggy Client/SDK Version: v0.0.19
• Execution Context: Running a custom pinggy-manager python service under systemd
• Architecture: x86_64

---

What Happens

During a reconnect event (likely triggered by a temporary network disturbance), pinggy-manager crashes when the native SDK attempts to send a keepalive.

The top of the crashing stack:

#0  protocol::Session::sendMsg(std::shared_ptr<protocol::ProtoMsg>, bool)
#1  protocol::Session::SendKeepAlive()
#2  sdk::Sdk::sendKeepAlive()
#3  common::PollController::ExecuteCurrentTasks()
#4  common::PollControllerLinux::PollOnce(int)
#5  sdk::Sdk::ResumeTunnel(int)
#6  pinggy_tunnel_resume_timeout (via ctypes)

This strongly suggests a null pointer dereference or concurrency bug in the Pinggy C++ library.

---

Expected Behavior

Tunnel reconnection should complete normally without crashing.

---

Actual Behavior

The process terminates with SIGSEGV inside native code.
Python is not involved in the crash beyond initiating the ctypes call.

---

Steps to Reproduce

Although intermittent, the crash consistently appears under these conditions:

1. A Pinggy tunnel is connected and active.
2. The network link momentarily drops, or the tunnel enters reconnect mode.
3. Pinggy attempts to resume the tunnel.
4. A keepalive send occurs during resume.
5. Crash in libpinggy.so.

---

Attachments

These files contain the full diagnostic information:

• pinggy-core-info.txt – output of coredumpctl info
• pinggy-manager.core – exported core dump
• pinggy-gdb-backtrace.txt – full thread apply all bt full
• pinggy-manager-logs.txt – journal logs around crash window
• pinggy-env.txt – OS, kernel, Python, and Pinggy version info

(If GitHub upload is too large, I can provide them via a link.)

---

Assessment

Based on the backtrace and thread state:

• Only one thread faults; others are idle (epoll_wait, SimpleQueue.get, etc.).
• Crash always occurs inside protocol::Session::sendMsg.
• This aligns with a race condition or stale pointer in the keepalive/reconnect logic.

The crash is not Python-related.

---

Request

Please review the reconnection/keepalive handling code paths in:

• protocol::Session::sendMsg
• protocol::Session::SendKeepAlive
• sdk::Sdk::ResumeTunnel
• common::PollControllerLinux::PollOnce

If you need:

• sanitized core file,
• valgrind/ASan traces,

pinggy-crash-stacktrace.txt

pinggy-gdb-backtrace.txt

• or a minimal reproducer environment,

I’m happy to provide them.

---

If you'd like, I can also generate:

• A compact version
• A more formal version
• A version including inline backtraces

Just say the word.

[abhimp]

@Lcstyle thank you for sharing this. We will check this fix this as soon as possible.

[abhimp]

@Lcstyle The bug is very difficult to reproduce. However, based on your debug documents, I found a potential cause and I have fixed the same. Kindly try it now.