Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#1542 closed Bug (fixed)

SIGSEGV in tr_publisherPublish

Reported by: wereHamster Owned by: charles
Priority: Normal Milestone:
Component: libtransmission Version: 1.41
Severity: Normal Keywords: crash, backtrace
Cc: tom@…

Description

I get this backtrace a few minutes after I start the daemon, this is with the latest version from svn.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x425c6950 (LWP 8807)]
tr_publisherPublish (p=0xffffffffffffffff, source=0xffffffffffffffff, event=0x425c5fb0) at publish.c:74
74	    for( walk = p->list; walk != NULL; )
(gdb) bt
#0  tr_publisherPublish (p=0xffffffffffffffff, source=0xffffffffffffffff, event=0x425c5fb0) at publish.c:74
#1  0x000000000043731c in canRead (iobuf=<value optimized out>, vmsgs=0x7df0b0, piece=0x7aa0e0) at peer-msgs.c:433
#2  0x000000000042acc9 in canReadWrapper (iobuf=0x7ddeb0, bytes_transferred=<value optimized out>, vio=<value optimized out>) at peer-io.c:170
#3  0x0000000000427308 in tr_iobuf_readcb (fd=44, event=<value optimized out>, arg=0x7ddeb0) at iobuf.c:162
#4  0x000000000044d618 in event_base_loop (base=0x77b4e0, flags=<value optimized out>) at event.c:387
#5  0x0000000000419eb4 in libeventThreadFunc (veh=0x77b420) at trevent.c:249
#6  0x00007fbee7fe9017 in start_thread () from /lib/libpthread.so.0
#7  0x00007fbee7d5cfad in clone () from /lib/libc.so.6
#8  0x0000000000000000 in ?? ()
(gdb) q

Change History (8)

comment:1 Changed 12 years ago by livings124

Please, what svn number? "latest version" is not very informative.

comment:2 Changed 12 years ago by wereHamster

sorry, r7211

comment:3 Changed 12 years ago by wereHamster

A quick git bisect concluded that the offending changeset is [7125]. I think that sounds quite plausible since it touches the peer IO code.

comment:4 Changed 12 years ago by charles

  • Component changed from Daemon to libtransmission
  • Milestone None Set deleted
  • Status changed from new to assigned
  • Version set to 1.40
==21179== Invalid read of size 8
==21179==    at 0x45A1D3: publish (peer-msgs.c:433)
==21179==    by 0x45A36E: fireClientGotData (peer-msgs.c:489)
==21179==    by 0x45CBB7: canRead (peer-msgs.c:1511)
==21179==    by 0x453AAD: canReadWrapper (peer-io.c:170)
==21179==    by 0x451837: tr_iobuf_readcb (iobuf.c:162)
==21179==    by 0x46B6A5: event_base_loop (event.c:387)
==21179==    by 0x448C39: libeventThreadFunc (trevent.c:249)
==21179==    by 0x43E5EE: ThreadFunc (platform.c:123)
==21179==    by 0x3AC2A073D9: start_thread (in /lib64/libpthread-2.9.so)
==21179==    by 0x3AC1EE627C: clone (in /lib64/libc-2.9.so)
==21179==  Address 0xcf8f520 is 48 bytes inside a block of size 200 free'd
==21179==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==21179==    by 0x44A683: tr_free (utils.c:705)
==21179==    by 0x45DE81: tr_peerMsgsFree (peer-msgs.c:1934)
==21179==    by 0x455208: peerDestructor (peer-mgr.c:351)
==21179==    by 0x43F183: tr_ptrArrayForeach (ptrarray.c:65)
==21179==    by 0x457B6F: stopTorrent (peer-mgr.c:1479)
==21179==    by 0x457BD9: tr_peerMgrStopTorrent (peer-mgr.c:1494)
==21179==    by 0x444CFC: stopTorrent (torrent.c:1184)
==21179==    by 0x449075: tr_runInEventThread (trevent.c:380)
==21179==    by 0x444DDD: tr_torrentStop (torrent.c:1206)
==21179==    by 0x456D7E: peerCallbackFunc (peer-mgr.c:1091)
==21179==    by 0x45E5FE: tr_publisherPublish (publish.c:79)
==21179==    by 0x45A1DF: publish (peer-msgs.c:433)
==21179==    by 0x45A229: fireError (peer-msgs.c:444)
==21179==    by 0x45BF8A: readBtPiece (peer-msgs.c:1218)
==21179==    by 0x45CAFA: canRead (peer-msgs.c:1492)
==21179==    by 0x453AAD: canReadWrapper (peer-io.c:170)
==21179==    by 0x451837: tr_iobuf_readcb (iobuf.c:162)
==21179==    by 0x46B6A5: event_base_loop (event.c:387)
==21179==    by 0x448C39: libeventThreadFunc (trevent.c:249)
==21179==    by 0x43E5EE: ThreadFunc (platform.c:123)
==21179==    by 0x3AC2A073D9: start_thread (in /lib64/libpthread-2.9.so)
==21179==    by 0x3AC1EE627C: clone (in /lib64/libc-2.9.so)

comment:5 Changed 12 years ago by charles

does r7213 fix the problem?

comment:6 Changed 12 years ago by charles

  • Version changed from 1.40 to 1.40+

comment:7 Changed 12 years ago by charles

  • Resolution set to fixed
  • Status changed from assigned to closed

13:08 < wereHamster> charles_: no crash so far. Sorry, I don't usually run the daemon on my laptop, I only did it because I tested #1538


13:10 <@charles_> wereHamster: I don't know hwo frequently that bug was being triggered before. are you saying it's safe to mark it as closed?


13:11 < wereHamster> yes, I would say so. Usually it crashed in the first few two/three minutes. Now the daemon has been running for some time without issues

comment:8 Changed 12 years ago by charles

1.4x: r7220

Note: See TracTickets for help on using tickets.