Opened 14 years ago

Closed 13 years ago

Last modified 13 years ago

#2416 closed Bug (fixed)

crash in libevent's event_queue_insert()

Reported by: exiva Owned by: livings124
Priority: Normal Milestone:
Component: libtransmission Version: 1.76+
Severity: Normal Keywords:
Cc: tom@…

Description

I can't really say for sure what causes this crash, I'm just running the application and after some time it'll just crash. I've attached a crashlog. This is using 1.75+ 9121 on 10.6.1

I've attached a crashlog.

Attachments (12)

Transmission_2009-09-16-031535_Travis-MacBook-Pro.crash (31.8 KB) - added by exiva 14 years ago.
Screen shot 2010-01-09 at 8.47.52 PM.jpg (212.7 KB) - added by exiva 13 years ago.
Screenshot from Xcode Debugger & Console
Screen shot 2010-01-10 at 1.36.02 AM.png (143.6 KB) - added by exiva 13 years ago.
Screen shot 2010-01-10 at 1.36.11 AM.png (129.3 KB) - added by exiva 13 years ago.
Screen shot 2010-01-10 at 1.36.34 AM.png (140.3 KB) - added by exiva 13 years ago.
Screen shot 2010-01-10 at 1.36.40 AM.png (143.7 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 9.22.01 PM.png (166.6 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 9.22.07 PM.png (157.4 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 9.22.10 PM.png (193.1 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 9.22.13 PM.png (174.5 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 10.35.23 PM.png (171.0 KB) - added by exiva 13 years ago.
Screen shot 2010-01-16 at 10.48.53 PM.png (162.0 KB) - added by exiva 13 years ago.

Download all attachments as: .zip

Change History (89)

Changed 14 years ago by exiva

comment:1 Changed 14 years ago by exiva

I've got a plethora of these crashlogs if you need more.

comment:2 Changed 14 years ago by charles

  • Summary changed from Application Crash to crash in event_queue_insert

comment:3 Changed 14 years ago by charles

Ticket #2401 has been marked as a duplicate of this ticket.

comment:4 Changed 14 years ago by charles

This is the first reported instance of it: 

Process:         Transmission [12121]
Path:            /Applications/Transmission.app/Contents/MacOS/Transmission
Identifier:      org.m0k.transmission
Version:         1.74+ (9011)
Code Type:       X86 (Native)
Parent Process:  launchd [517]

Date/Time:       2009-08-29 18:36:19.550 -0400
OS Version:      Mac OS X 10.6 (10A432)
Report Version:  6

Interval Since Last Report:          1335276 sec
Crashes Since Last Report:           5
Per-App Interval Since Last Report:  28 sec
Per-App Crashes Since Last Report:   1
Anonymous UUID:                      0AED0727-A06F-497D-88D5-59F33C84F1E5

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000045345bf3
Crashed Thread:  2

Thread 0:  Dispatch queue: com.apple.main-thread
0   libSystem.B.dylib             	0x922028fa mach_msg_trap + 10
1   libSystem.B.dylib             	0x92203067 mach_msg + 68
2   com.apple.CoreFoundation      	0x98d6ddbf __CFRunLoopRun + 2447
3   com.apple.CoreFoundation      	0x98d6cd34 CFRunLoopRunSpecific + 452
4   com.apple.CoreFoundation      	0x98d6cb61 CFRunLoopRunInMode + 97
5   com.apple.HIToolbox           	0x94b4dfec RunCurrentEventLoopInMode + 392
6   com.apple.HIToolbox           	0x94b4dda3 ReceiveNextEventCommon + 354
7   com.apple.HIToolbox           	0x94b4dc28 BlockUntilNextEventMatchingListInMode + 81
8   com.apple.AppKit              	0x90f47b99 _DPSNextEvent + 847
9   com.apple.AppKit              	0x90f4740e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 156
10  com.apple.AppKit              	0x90f095fb -[NSApplication run] + 821
11  com.apple.AppKit              	0x90f01695 NSApplicationMain + 574
12  org.m0k.transmission          	0x0000255b main + 153 (main.m:38)
13  org.m0k.transmission          	0x00002485 start + 53

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x9222910a kevent + 10
1   libSystem.B.dylib             	0x92229824 _dispatch_mgr_invoke + 215
2   libSystem.B.dylib             	0x92228ce1 _dispatch_queue_invoke + 163
3   libSystem.B.dylib             	0x92228a86 _dispatch_worker_thread2 + 234
4   libSystem.B.dylib             	0x92228511 _pthread_wqthread + 390
5   libSystem.B.dylib             	0x92228356 start_wqthread + 30

Thread 2 Crashed:
0   org.m0k.transmission          	0x000c13f3 event_queue_insert + 240
1   org.m0k.transmission          	0x000c0b2a event_active + 110
2   org.m0k.transmission          	0x000bd3c4 kq_dispatch + 691
3   org.m0k.transmission          	0x000c0157 event_base_loop + 389
4   org.m0k.transmission          	0x000bffcc event_loop + 44
5   org.m0k.transmission          	0x000bfe06 event_dispatch + 24
6   org.m0k.transmission          	0x0008fe01 libeventThreadFunc + 230
7   org.m0k.transmission          	0x0007d978 ThreadFunc + 34
8   libSystem.B.dylib             	0x9222ffe1 _pthread_start + 345
9   libSystem.B.dylib             	0x9222fe66 thread_start + 34

comment:5 Changed 14 years ago by charles

This appears to be a Mac build issue.

The crash first showed up in r9011, which was one commit after r9010's "require 10.6 (and Xcode 3.2) for development" commit.

However I notice two more things: (1) we didn't branch 1.7x until *after* this started happening (r9049), and (2) 1.74 came out I just before the "require 10.6" commit.

So the obvious question is, does this bug occur in 1.74 too? Anyone? Anyone?

comment:6 Changed 14 years ago by charles

  • Component changed from Transmission to Mac Client
  • Owner set to livings124

comment:7 Changed 14 years ago by livings124

charles: Commit r9011 only applies to trunk. 1.7x branch only has trivial changes to the Mac code since 1.74.

comment:8 Changed 14 years ago by charles

According to this post 1.74 works fine, so it's something that came after r8995 but was there by r9011.

Here are the commits in that time period: 

[9011] 	livings124 	on 10.6, use the built-in caution image when there's a torrent error
[9010] 	livings124 	require 10.6 (and Xcode 3.2) for development, and kill some more …
[9009] 	livings124 	yet another depracated method reaped
[9008] 	livings124 	remove yet another 10.6 depracated function
[9007] 	charles 	add KGet to the clients list
[9006] 	charles 	(trunk, gtk ) #2361: Turtle toggle button is not visible using old GTK …
[9005] 	livings124 	eliminate 3 more warnings
[9004] 	livings124 	rid ourself of a couple more compiler warnings
[9003] 	livings124 	remove a couple more deprecated methods and an unneed stringWithFormat:
[9002] 	livings124 	remove a couple of 10.6 deprecated methods
[9001] 	charles 	fix another typo in rpc-spec: "tnumber" should read "number". reported by …
[9000] 	charles 	fix copy-paste error in rpc-spec.txt: errorString is a string, not a …
[8999] 	charles 	add to the qt client a note about building w/o DHT
[8998] 	livings124 	for consistency, "Wiki & Development" -> "Support & Development"
[8997] 	livings124 	update version to 1.74+; adjust NEWS
[8996] 	charles 	fix --disable-dht error in 1.74 reported by DimStar?

comment:9 Changed 14 years ago by livings124

None of those seem capable to cause this. In fact, most of those changes were to trunk, not the 1.7 branch. Are we sure this doesn't exist on 1.74 as opposed to 10.6? Could something have changed in libevent (which is where the crash is occurring)?

comment:10 Changed 14 years ago by charles

None of those seem capable to cause this. In fact, most of those changes were to trunk, not the 1.7 branch.

All of these changes were to trunk; the 1.7x branch didn't exist until r9049.

comment:11 Changed 14 years ago by livings124

Regardless, all the Mac stuff was essentially cosmetic and has nothing to do with libevent.

comment:12 Changed 13 years ago by charles

There's a possible fix for this now in r9159

comment:13 Changed 13 years ago by exiva

Thanks Charles, testing it out now.

comment:14 Changed 13 years ago by exiva

This appears to be fixed.

comment:15 Changed 13 years ago by livings124

  • Resolution set to fixed
  • Status changed from new to closed
  • Version changed from 1.75+ to 1.75

This has been confirmed fixed.

comment:16 Changed 13 years ago by livings124

  • Milestone changed from None Set to 1.80

comment:17 Changed 13 years ago by charles

  • Milestone changed from 1.80 to 1.76

Backported to the 1.7x branch for 1.76 in r9159

comment:18 Changed 13 years ago by charles

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:19 Changed 13 years ago by charles

  • Milestone 1.76 deleted
  • Version changed from 1.75 to 1.76+

1.80 beta 2 uses curl_multi_socket_action() again now on OS X, and John Clay reported this crash again that new version: 

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x000000000a115000
Crashed Thread:  2

Thread 0:  Dispatch queue: com.apple.main-thread
0   libSystem.B.dylib                   0x00007fff82339e3a mach_msg_trap + 10
1   libSystem.B.dylib                   0x00007fff8233a4ad mach_msg + 59
2   com.apple.CoreFoundation            0x00007fff861817a2 __CFRunLoopRun + 1698
3   com.apple.CoreFoundation            0x00007fff86180c2f CFRunLoopRunSpecific + 575
4   com.apple.HIToolbox                 0x00007fff805cea4e RunCurrentEventLoopInMode + 333
5   com.apple.HIToolbox                 0x00007fff805ce853 ReceiveNextEventCommon + 310
6   com.apple.HIToolbox                 0x00007fff805ce70c BlockUntilNextEventMatchingListInMode + 59
7   com.apple.AppKit                    0x00007fff810671f2 _DPSNextEvent + 708
8   com.apple.AppKit                    0x00007fff81066b41 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
9   com.apple.AppKit                    0x00007fff8102c747 -[NSApplication run] + 395
10  com.apple.AppKit                    0x00007fff81025468 NSApplicationMain + 364
11  org.m0k.transmission                0x000000010000168a main + 136 (main.m:38)
12  org.m0k.transmission                0x00000001000015e0 start + 52
 
Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib                   0x00007fff82352bba kevent + 10
1   libSystem.B.dylib                   0x00007fff82354a85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib                   0x00007fff8235475c _dispatch_queue_invoke + 185
3   libSystem.B.dylib                   0x00007fff82354286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib                   0x00007fff82353bb8 _pthread_wqthread + 353
5   libSystem.B.dylib                   0x00007fff82353a55 start_wqthread + 13
 
Thread 2 Crashed:
0   org.m0k.transmission                0x00000001000d5e7b event_queue_insert + 307
1   org.m0k.transmission                0x00000001000d54bb event_active + 116
2   org.m0k.transmission                0x00000001000d172f kq_dispatch + 685
3   org.m0k.transmission                0x00000001000d4aca event_base_loop + 307
4   org.m0k.transmission                0x00000001000d4995 event_loop + 35
5   org.m0k.transmission                0x00000001000d480c event_dispatch + 20
6   org.m0k.transmission                0x000000010009a8ef libeventThreadFunc + 205
7   org.m0k.transmission                0x0000000100089b9b ThreadFunc + 43
8   libSystem.B.dylib                   0x00007fff82372f8e _pthread_start + 33
9   libSystem.B.dylib                   0x00007fff82372e41 thread_start + 13

void
event_queue_insert(struct event_base *base, struct event *ev, int queue)
{
        if (ev->ev_flags & queue) {
                /* Double insertion is possible for active events */
                if (queue & EVLIST_ACTIVE)
                        return;

                event_errx(1, "%s: %p(fd %d) already on queue %x", __func__,
                           ev, ev->ev_fd, queue);
        }

        if (~ev->ev_flags & EVLIST_INTERNAL)
                base->event_count++;

        ev->ev_flags |= queue;
        switch (queue) {
        case EVLIST_INSERTED:
                TAILQ_INSERT_TAIL(&base->eventqueue, ev, ev_next);
                break;
        case EVLIST_ACTIVE:
                base->event_count_active++;
                TAILQ_INSERT_TAIL(base->activequeues[ev->ev_pri],
                    ev,ev_active_next);
                break;
        case EVLIST_TIMEOUT: {
                min_heap_push(&base->timeheap, ev);
                break;
        }
        default:
                event_errx(1, "%s: unknown queue %x", __func__, queue);
        }
}

void
event_active(struct event *ev, int res, short ncalls)
{
        /* We get different kinds of events, add them together */
        if (ev->ev_flags & EVLIST_ACTIVE) {
                ev->ev_res |= res;
                return;
        }

        ev->ev_res = res;
        ev->ev_ncalls = ncalls;
        ev->ev_pncalls = NULL;
        event_queue_insert(ev->ev_base, ev, EVLIST_ACTIVE);
}

static int
kq_dispatch(struct event_base *base, void *arg, struct timeval *tv)
{
        struct kqop *kqop = arg;
        struct kevent *changes = kqop->changes;
        struct kevent *events = kqop->events;
        struct event *ev;
        struct timespec ts, *ts_p = NULL;
        int i, res;

        if (tv != NULL) {
                TIMEVAL_TO_TIMESPEC(tv, &ts);
                ts_p = &ts;
        }

        res = kevent(kqop->kq, changes, kqop->nchanges,
            events, kqop->nevents, ts_p);
        kqop->nchanges = 0;
        if (res == -1) {
                if (errno != EINTR) {
                        event_warn("kevent");
                        return (-1);
                }

                return (0);
        }

        event_debug(("%s: kevent reports %d", __func__, res));

        for (i = 0; i < res; i++) {
                int which = 0;

                if (events[i].flags & EV_ERROR) {
                        /* 
                         * Error messages that can happen, when a delete fails.
                         *   EBADF happens when the file discriptor has been
                         *   closed,
                         *   ENOENT when the file discriptor was closed and
                         *   then reopened.
                         *   EINVAL for some reasons not understood; EINVAL
                         *   should not be returned ever; but FreeBSD does :-\
                         * An error is also indicated when a callback deletes
                         * an event we are still processing.  In that case
                         * the data field is set to ENOENT.
                         */
                        if (events[i].data == EBADF ||
                            events[i].data == EINVAL ||
                            events[i].data == ENOENT)
                                continue;
                        errno = events[i].data;
                        return (-1);
                }

                if (events[i].filter == EVFILT_READ) {
                        which |= EV_READ;
                } else if (events[i].filter == EVFILT_WRITE) {
                        which |= EV_WRITE;
                } else if (events[i].filter == EVFILT_SIGNAL) {
                        which |= EV_SIGNAL;
                }

                if (!which)
                        continue;

                if (events[i].filter == EVFILT_SIGNAL) {
                        struct event_list *head =
                            (struct event_list *)events[i].udata;
                        TAILQ_FOREACH(ev, head, ev_signal_next) {
                                event_active(ev, which, events[i].data);
                        }
                } else {
                        ev = (struct event *)events[i].udata;

                        if (!(ev->ev_events & EV_PERSIST))
                                ev->ev_flags &= ~EVLIST_X_KQINKERNEL;

                        event_active(ev, which, 1);
                }
        }

        return (0);
}

int
event_base_loop(struct event_base *base, int flags)
{
        const struct eventop *evsel = base->evsel;
        void *evbase = base->evbase;
        struct timeval tv;
        struct timeval *tv_p;
        int res, done;

        /* clear time cache */
        base->tv_cache.tv_sec = 0;

        if (base->sig.ev_signal_added)
                evsignal_base = base;
        done = 0;
        while (!done) {
                /* Terminate the loop if we have been asked to */
                if (base->event_gotterm) {
                        base->event_gotterm = 0;
                        break;
                }

                if (base->event_break) {
                        base->event_break = 0;
                        break;
                }

                timeout_correct(base, &tv);

                tv_p = &tv;
                if (!base->event_count_active && !(flags & EVLOOP_NONBLOCK)) {
                        timeout_next(base, &tv_p);
                } else {
                        /* 
                         * if we have active events, we just poll new events
                         * without waiting.
                         */
                        evutil_timerclear(&tv);
                }

                /* If we have no events, we just exit */
                if (!event_haveevents(base)) {
                        event_debug(("%s: no events registered.", __func__));
                        return (1);
                }

                /* update last old time */
                gettime(base, &base->event_tv);

                /* clear time cache */
                base->tv_cache.tv_sec = 0;

                res = evsel->dispatch(base, evbase, tv_p);

                if (res == -1)
                        return (-1);
                gettime(base, &base->tv_cache);

                timeout_process(base);

                if (base->event_count_active) {
                        event_process_active(base);
                        if (!base->event_count_active && (flags & EVLOOP_ONCE))
                                done = 1;
                } else if (flags & EVLOOP_NONBLOCK)
                        done = 1;
        }

        /* clear time cache */
        base->tv_cache.tv_sec = 0;

        event_debug(("%s: asked to terminate loop.", __func__));
        return (0);
}

comment:20 Changed 13 years ago by charles

r9717 libtransmission/web.c: (trunk libT) #2416 "crash in event_queue_insert()" -- experimental fix

comment:23 Changed 13 years ago by charles

(trunk libT) #2416 "crash in event_queue_insert" -- possible fix. it looks like the kqueue client is accessing the event after the callback and after event_del() is being called. *If* that's the case I don't know if it's a libevent bug or if libtransmission is making assumptions it shouldn't've... but it's easy enough to keep the memory in a pool and free it later when it's safer to do so.

comment:24 Changed 13 years ago by charles

(trunk libT) #2416 "crash in event_queue_insert" -- another experimental commit. /as an experiment/ let's leak that event struct and see if that makes the crash go away. Obviously leaking those objects is not a long term fix but observing the results of this commi will help point the way towards the real fix.

comment:25 follow-up: Changed 13 years ago by charles

charles * r9826 libtransmission/web.c: (trunk libT) #2416 "crash in event_queue_insert" -- maybe this will finally fix it...

comment:26 in reply to: ↑ 25 Changed 13 years ago by exiva

Replying to charles:

charles * r9826 libtransmission/web.c: (trunk libT) #2416 "crash in event_queue_insert" -- maybe this will finally fix it...

Nope. Still getting crashes. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab5af event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a951d kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000ac921 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x000000010007966c libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:27 follow-up: Changed 13 years ago by charles

hm, give r9837 a try... instead of freeing them or leaking them, we now pool and reuse them.

comment:28 in reply to: ↑ 27 Changed 13 years ago by exiva

Replying to charles:

hm, give r9837 a try... instead of freeing them or leaking them, we now pool and reuse them.

r9837 almost instantly crashes, rather than 10-20 or so minutes in. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab735 event_queue_insert + 173 (event.c:977)
1   org.m0k.transmission          	0x00000001000a9645 kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000aca49 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x0000000100079740 libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:29 Changed 13 years ago by exiva

Still happens on r9839 however not nearly as fast as r9837. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab717 event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a9685 kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000aca89 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x0000000100079810 libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:30 follow-up: Changed 13 years ago by charles

How about in 1.80 beta 4?

comment:31 in reply to: ↑ 30 Changed 13 years ago by exiva

Replying to charles:

How about in 1.80 beta 4?

Just started to test it. Will report back.

comment:32 Changed 13 years ago by exiva

Crashed again. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab54f event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a94bd kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000ac8c1 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x00000001000795e7 libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:33 Changed 13 years ago by charles

Ticket #2737 has been marked as a duplicate of this ticket.

comment:34 Changed 13 years ago by charles

charles * r9895 libtransmission/web.c: (trunk libT) #2416 "crash in event_queue_insert" -- continue throwing the kitchen sink at this ticket.

  1. disable proxies to see if that makes any difference
  2. rearrange the sequencing in sock_cb() to unconditionally delete the active event before doing anything else
  3. use a libevent timer instead of CURLOPT_TIMEOUT to workaround curl bug http://tinyurl.com/ycm5d3e

exiva: you know the drill. ;)

comment:35 Changed 13 years ago by exiva

The sink missed it's target. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab57f event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a94ed kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000ac8f1 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x00000001000796d6 libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:36 Changed 13 years ago by charles

grrr...

comment:37 Changed 13 years ago by charles

exvia: thanks for continuing to test out these builds. I can't remember the last time a crash has been this determined. Can you give r9899 a try?

23:27 < CIA-46> charles * r9899 libtransmission/web.c: (trunk libT) #2416 "crash in event_queue_insert" -- see if we can get the program to crash in a different way.

comment:38 Changed 13 years ago by exiva

Seems to crash the same. 

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab49f event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a940d kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000ac811 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x00000001000795da libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

comment:39 follow-up: Changed 13 years ago by charles

exiva: could you quote the entire crash report?

comment:40 in reply to: ↑ 39 Changed 13 years ago by exiva

Replying to charles:

exiva: could you quote the entire crash report?

Sure. 

Process:         Transmission [70150]
Path:            /Volumes/Transmission-1.76+Z-svn-r9899/Transmission.app/Contents/MacOS/Transmission
Identifier:      org.m0k.transmission
Version:         1.76+ (9899)
Code Type:       X86-64 (Native)
Parent Process:  launchd [129]

Date/Time:       2010-01-09 16:14:00.156 -0500
OS Version:      Mac OS X 10.6.2 (10C540)
Report Version:  6
Sleep/Wake UUID: EE4D4D98-A172-44F5-9956-0C30D09DC472

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010
Crashed Thread:  2

Thread 0:  Dispatch queue: com.apple.main-thread
0   com.apple.CoreFoundation      	0x00007fff859fec06 _CFRelease + 54
1   com.apple.CoreGraphics        	0x00007fff8331387b CGSReleaseRegion + 98
2   com.apple.AppKit              	0x00007fff868da820 -[NSRegion addRect:] + 316
3   com.apple.AppKit              	0x00007fff868da5d9 -[NSWindow _setNeedsDisplayInRect:] + 429
4   com.apple.AppKit              	0x00007fff868d92d9 -[NSView setNeedsDisplayInRect:] + 363
5   com.apple.AppKit              	0x00007fff868d8fe8 -[NSView setNeedsDisplay:] + 74
6   com.apple.AppKit              	0x00007fff868e9a72 -[NSCell setStringValue:] + 126
7   com.apple.AppKit              	0x00007fff869a4c59 -[NSControl setStringValue:] + 115
8   org.m0k.transmission          	0x000000010001674c -[Controller updateUI] + 325 (Controller.m:1641)
9   com.apple.Foundation          	0x00007fff88470a39 __NSFireTimer + 114
10  com.apple.CoreFoundation      	0x00007fff85a40a58 __CFRunLoopRun + 6488
11  com.apple.CoreFoundation      	0x00007fff85a3ec2f CFRunLoopRunSpecific + 575
12  com.apple.HIToolbox           	0x00007fff81a83a4e RunCurrentEventLoopInMode + 333
13  com.apple.HIToolbox           	0x00007fff81a83853 ReceiveNextEventCommon + 310
14  com.apple.HIToolbox           	0x00007fff81a8370c BlockUntilNextEventMatchingListInMode + 59
15  com.apple.AppKit              	0x00007fff868ff1f2 _DPSNextEvent + 708
16  com.apple.AppKit              	0x00007fff868feb41 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
17  com.apple.AppKit              	0x00007fff868c4747 -[NSApplication run] + 395
18  com.apple.AppKit              	0x00007fff868bd468 NSApplicationMain + 364
19  org.m0k.transmission          	0x00000001000014c7 main + 117 (main.m:38)
20  org.m0k.transmission          	0x0000000100001430 start + 52

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   libSystem.B.dylib             	0x00007fff84a0ca85 _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff84a0c75c _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff84a0c286 _dispatch_worker_thread2 + 244
4   libSystem.B.dylib             	0x00007fff84a0bbb8 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff84a0ba55 start_wqthread + 13

Thread 2 Crashed:
0   org.m0k.transmission          	0x00000001000ab49f event_queue_insert + 79 (event.c:968)
1   org.m0k.transmission          	0x00000001000a940d kq_dispatch + 287 (kqueue.c:246)
2   org.m0k.transmission          	0x00000001000ac811 event_base_loop + 765 (event.c:518)
3   org.m0k.transmission          	0x00000001000795da libeventThreadFunc + 162 (trevent.c:227)
4   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

Thread 3:
0   libSystem.B.dylib             	0x00007fff84a0abba kevent + 10
1   org.m0k.transmission          	0x000000010003e9b3 -[UKKQueue watcherThread:] + 132 (UKKQueue.m:351)
2   com.apple.Foundation          	0x00007fff8841ae99 __NSThread__main__ + 1429
3   libSystem.B.dylib             	0x00007fff84a2af8e _pthread_start + 331
4   libSystem.B.dylib             	0x00007fff84a2ae41 thread_start + 13

Thread 2 crashed with X86 Thread State (64-bit):
  rax: 0x0000000100f9a420  rbx: 0x0000000000000008  rcx: 0x00007fff84a0abba  rdx: 0x0000000000000008
  rdi: 0x0000000000000000  rsi: 0x0000000100f9a420  rbp: 0x000000010af36df0  rsp: 0x000000010af36dd0
   r8: 0x0000000000000080   r9: 0x000000010af36e00  r10: 0x0000000101330000  r11: 0x0000000000000206
  r12: 0x0000000100f9a420  r13: 0x0000000000000000  r14: 0x0000000000000004  r15: 0x000000010190f610
  rip: 0x00000001000ab49f  rfl: 0x0000000000010246  cr2: 0x0000000000000010

Binary Images:
       0x100000000 -        0x1000f1fef +org.m0k.transmission 1.76+ (9899) <A0C1AF18-1130-230B-2D23-857D3507D464> /Volumes/Transmission-1.76+Z-svn-r9899/Transmission.app/Contents/MacOS/Transmission
       0x10049d000 -        0x100583fe7  libcrypto.0.9.7.dylib ??? (???) <A60E5A1D-EA38-DB7E-39C1-D29938E46691> /usr/lib/libcrypto.0.9.7.dylib
       0x1005db000 -        0x1005f2fff +org.andymatuschak.Sparkle 1.5 Beta (bzr) (337) <8BE62C95-BF56-8320-646F-385AC5F1D513> /Volumes/Transmission-1.76+Z-svn-r9899/Transmission.app/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle
       0x10060c000 -        0x100618ff7 +com.growl.growlframework 1.2 (1.2) <C7DC68D7-1F3C-70D8-4569-D9FB9465C595> /Volumes/Transmission-1.76+Z-svn-r9899/Transmission.app/Contents/Frameworks/Growl.framework/Versions/A/Growl
       0x10aa00000 -        0x10acf0ff3  com.apple.RawCamera.bundle 2.3.0 (505) <E65CF964-5AFF-805A-E24C-4A9E2E3D4759> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
    0x7fff5fc00000 -     0x7fff5fc3bdef  dyld 132.1 (???) <B633F790-4DDB-53CD-7ACF-2A3682BCEA9F> /usr/lib/dyld
    0x7fff80068000 -     0x7fff800e5fef  libstdc++.6.dylib ??? (???) <35ECA411-2C08-FD7D-11B1-1B7A04921A5C> /usr/lib/libstdc++.6.dylib
    0x7fff80169000 -     0x7fff80174ff7  com.apple.speech.recognition.framework 3.11.1 (3.11.1) <F0DDF27E-DB55-07CE-E548-C62095BE8167> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
    0x7fff801c5000 -     0x7fff80274fff  edu.mit.Kerberos 6.5.9 (6.5.9) <42364D54-C647-14DE-2B1C-D94DAA03F092> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
    0x7fff80275000 -     0x7fff802aeff7  com.apple.MeshKit 1.0 (49.0) <7587A7F2-DF5D-B8B2-A6A8-1389CF28BC51> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/MeshKit
    0x7fff802af000 -     0x7fff802b5fff  libCGXCoreImage.A.dylib ??? (???) <B6A66067-68D9-7644-B4AF-EEA3B2AACA8D> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib
    0x7fff802b6000 -     0x7fff80390ff7  com.apple.vImage 4.0 (4.0) <354F34BF-B221-A3C9-2CA7-9BE5E14AD5AD> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
    0x7fff80391000 -     0x7fff803a7fef  libbsm.0.dylib ??? (???) <42D3023A-A1F7-4121-6417-FCC6B51B3E90> /usr/lib/libbsm.0.dylib
    0x7fff803a8000 -     0x7fff803efff7  com.apple.coreui 2 (113) <60D2FE5C-8470-A0F4-379B-1E90FBD4FE7D> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
    0x7fff803f0000 -     0x7fff80445fef  com.apple.framework.familycontrols 2.0 (2.0) <8DD78DC7-4C73-EDE6-86A4-BC35B335ED5F> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls
    0x7fff80446000 -     0x7fff8044aff7  libmathCommon.A.dylib ??? (???) <95718673-FEEE-B6ED-B127-BCDBDB60D4E5> /usr/lib/system/libmathCommon.A.dylib
    0x7fff806e2000 -     0x7fff8074eff7  com.apple.CorePDF 1.1 (1.1) <3D51A551-50C5-DDD5-9A79-9679DA2806B0> /System/Library/PrivateFrameworks/CorePDF.framework/Versions/A/CorePDF
    0x7fff8074f000 -     0x7fff80796fef  com.apple.QuickLookFramework 2.1 (327.3) <6B3D79C5-E19B-97E1-673F-74731A0B188B> /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
    0x7fff80797000 -     0x7fff807d4fff  com.apple.LDAPFramework 2.0 (120.1) <05A853F5-76B9-AF27-6548-A2450AE86451> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
    0x7fff807d5000 -     0x7fff8083cfef  com.apple.AppleVAFramework 4.7.5 (4.7.5) <68D4E82B-7D55-A963-FF0B-80F276C1F2DE> /System/Library/PrivateFrameworks/AppleVA.framework/Versions/A/AppleVA
    0x7fff8083d000 -     0x7fff8089afef  com.apple.framework.IOKit 2.0 (???) <EBBEED67-D5BE-5F7F-96F4-9023BBA1B913> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
    0x7fff8089b000 -     0x7fff8089bff7  com.apple.Carbon 150 (152) <8D8CF535-90BE-691C-EC1B-63FBE2162C9B> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
    0x7fff8089e000 -     0x7fff8089eff7  com.apple.ApplicationServices 38 (38) <10A0B9E9-4988-03D4-FC56-DDE231A02C63> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
    0x7fff8089f000 -     0x7fff80983fff  com.apple.DesktopServices 1.5.3 (1.5.3) <F443ED58-3761-116F-A8B2-C6DC29B7D119> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
    0x7fff80984000 -     0x7fff80ac2fff  com.apple.CoreData 102.1 (250) <8DDA49A1-F78C-DE30-8B58-EBC49E4E7ABF> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
    0x7fff80ac3000 -     0x7fff80ae4fff  libresolv.9.dylib ??? (???) <01C7C750-7F6A-89B3-C586-5C50A839019E> /usr/lib/libresolv.9.dylib
    0x7fff80b9a000 -     0x7fff80bd5ff7  com.apple.CoreMediaIOServices 124.0 (850) <B71C361C-105E-EDD2-5AEE-10E640445561> /System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/CoreMediaIOServices
    0x7fff80bd6000 -     0x7fff80c13fef  libFontRegistry.dylib ??? (???) <8712832A-A980-3AAF-0D88-50164898F38E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib
    0x7fff80c14000 -     0x7fff80e7dfff  com.apple.QuartzComposer 4.1 (156.10) <F5569DC9-15E9-0815-3032-7E1257F36A3E> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
    0x7fff8105f000 -     0x7fff81169ff7  com.apple.MeshKitIO 1.0 (49.0) <66600E25-66F9-D31A-EA47-E81518FF6DDA> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitIO.framework/Versions/A/MeshKitIO
    0x7fff8116a000 -     0x7fff81226ff7  libFontParser.dylib ??? (???) <99DEA723-9D02-2361-E3C7-034E25C5B829> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib
    0x7fff8126b000 -     0x7fff81324fff  libsqlite3.dylib ??? (???) <5A15E12A-AE8F-1A36-BBC7-564E7D7AD0FB> /usr/lib/libsqlite3.dylib
    0x7fff8148e000 -     0x7fff814f6ff7  com.apple.MeshKitRuntime 1.0 (49.0) <580F1945-540B-1E68-0341-A6ADAD78397E> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitRuntime.framework/Versions/A/MeshKitRuntime
    0x7fff814f7000 -     0x7fff814f8fff  com.apple.MonitorPanelFramework 1.3.0 (1.3.0) <5062DACE-FCE7-8E41-F5F6-58821778629C> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel
    0x7fff814f9000 -     0x7fff816b7fff  libicucore.A.dylib ??? (???) <5BD16988-545F-6A8C-9A6F-FB18ACDCAEC2> /usr/lib/libicucore.A.dylib
    0x7fff816c8000 -     0x7fff81784ff7  com.apple.CoreServices.OSServices 352 (352) <CD933BBD-B260-552F-E64E-291D6ED3091A> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
    0x7fff81785000 -     0x7fff81788ff7  com.apple.securityhi 4.0 (36638) <77F40B57-2D97-7AE5-1331-8945C71DFB57> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
    0x7fff817d4000 -     0x7fff81815ff7  com.apple.SystemConfiguration 1.10.1 (1.10.1) <FFCA91A7-ADDB-E3D0-234A-47609BC37556> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
    0x7fff81a51000 -     0x7fff81a54ff7  libCoreVMClient.dylib ??? (???) <1C6D04BA-5F78-CC4D-26CB-7904919042B9> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib
    0x7fff81a55000 -     0x7fff81d53fe7  com.apple.HIToolbox 1.6.2 (???) <D463A388-244E-047A-E49A-4DA6C15BD1BA> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
    0x7fff81d66000 -     0x7fff81febff7  com.apple.security 6.0 (36910) <67DF686D-B991-D0D6-20B6-9EA668018466> /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x7fff81fec000 -     0x7fff8242ffef  libLAPACK.dylib ??? (???) <0CC61C98-FF51-67B3-F3D8-C5E430C201A9> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
    0x7fff82430000 -     0x7fff8243ffff  com.apple.NetFS 3.2.1 (3.2.1) <FF21DB1E-F425-1005-FB70-BC19CAF4006E> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS
    0x7fff82440000 -     0x7fff824f6fff  libobjc.A.dylib ??? (???) <F206BE6D-8777-AE6C-B367-7BEA76C14241> /usr/lib/libobjc.A.dylib
    0x7fff825e6000 -     0x7fff82627fef  com.apple.QD 3.33 (???) <3F528878-21F5-B2B5-8A9B-DF067BF91922> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
    0x7fff82641000 -     0x7fff82653fe7  libsasl2.2.dylib ??? (???) <76B83C8D-8EFE-4467-0F75-275648AFED97> /usr/lib/libsasl2.2.dylib
    0x7fff82654000 -     0x7fff82659fff  libGIF.dylib ??? (???) <9DB87A71-27B7-A909-461B-F886DB2BD622> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
    0x7fff82675000 -     0x7fff82676ff7  com.apple.TrustEvaluationAgent 1.1 (1) <51867586-1C71-AE37-EAAD-535A58DD3550> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
    0x7fff826be000 -     0x7fff830fbfe7  com.apple.WebCore 6531.21 (6531.21.8) <0DD00A3A-81DE-8CEE-67B8-65C06E8C6B1A> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore
    0x7fff83309000 -     0x7fff839fd537  com.apple.CoreGraphics 1.536.12 (???) <0DCA088B-0C6B-146F-0341-9E0212B5CA50> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
    0x7fff83b34000 -     0x7fff83b47fff  libGL.dylib ??? (???) <5F9DAF5F-C25C-B6C2-C9BC-3D91D723FD85> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
    0x7fff83b64000 -     0x7fff83b67fff  com.apple.help 1.3.1 (41) <54B79BA2-B71B-268E-8752-5C8EE00E49E4> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
    0x7fff83ba7000 -     0x7fff83cb6ff7  libcrypto.0.9.8.dylib ??? (???) <A2DA70D0-02AE-89FA-1CDA-B3CA986CAE6D> /usr/lib/libcrypto.0.9.8.dylib
    0x7fff83ccb000 -     0x7fff83cf1fe7  libJPEG.dylib ??? (???) <89DFAA03-2801-BB31-1F4D-1AE0804E08BF> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
    0x7fff83cf2000 -     0x7fff83d92fff  com.apple.LaunchServices 362 (362) <CCBFC037-7162-E392-B11F-90098891AE20> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
    0x7fff83d93000 -     0x7fff83e15fe7  com.apple.QuickLookUIFramework 2.1 (327.3) <A35335F3-BC7B-1341-D934-45ACC19FFEC3> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/QuickLookUI
    0x7fff83f83000 -     0x7fff83f88fff  libGFXShared.dylib ??? (???) <05345B3E-5705-3C2A-464E-052B1DDA45B7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib
    0x7fff83f95000 -     0x7fff83f96ff7  com.apple.audio.units.AudioUnit 1.6.1 (1.6.1) <AE4C41BE-6CF3-CC3B-EBA7-A8E9D6A6047F> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
    0x7fff83f97000 -     0x7fff84062fe7  ColorSyncDeprecated.dylib ??? (???) <1D97E664-75D3-E483-FDD3-35BD7733DF13> /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ColorSync.framework/Versions/A/Resources/ColorSyncDeprecated.dylib
    0x7fff84063000 -     0x7fff8455bff7  com.apple.VideoToolbox 0.420.18 (420.18) <428CE263-C02B-421D-7772-FC73EFF180A3> /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/VideoToolbox
    0x7fff8455c000 -     0x7fff845ebfff  com.apple.PDFKit 2.5 (2.5) <7849E675-4289-6FEA-E314-063E91A4B07F> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
    0x7fff8473b000 -     0x7fff84776fe7  com.apple.CoreMedia 0.420.18 (420.18) <30166EED-C905-A818-9C3C-32E4EEA20995> /System/Library/PrivateFrameworks/CoreMedia.framework/Versions/A/CoreMedia
    0x7fff8478d000 -     0x7fff847e9fff  libGLU.dylib ??? (???) <6A6612BC-1AF9-08EC-80B2-B697238EED47> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
    0x7fff849ce000 -     0x7fff849f0ff7  com.apple.opencl 12 (12) <533D6753-D6E4-EC34-E93B-8F6498B50FBA> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL
    0x7fff849f1000 -     0x7fff84bafff7  libSystem.B.dylib ??? (???) <526DD3E5-2A8B-4512-ED97-01B832369959> /usr/lib/libSystem.B.dylib
    0x7fff84bb0000 -     0x7fff84bb0ff7  com.apple.Accelerate.vecLib 3.5 (vecLib 3.5) <BA861575-B0DE-50F5-A799-BDF188A3D4EF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
    0x7fff84bb1000 -     0x7fff84bc2fff  com.apple.DSObjCWrappers.Framework 10.6 (134) <3C08225D-517E-2822-6152-F6EB13A4ADF9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
    0x7fff84c05000 -     0x7fff84c6ffe7  libvMisc.dylib ??? (???) <524DC30F-6A54-CCED-56D9-F57033B06E99> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
    0x7fff84c70000 -     0x7fff84d79fff  com.apple.MediaToolbox 0.420.18 (420.18) <0A2444E8-DA72-7DC8-084F-D78D28E5C74F> /System/Library/PrivateFrameworks/MediaToolbox.framework/Versions/A/MediaToolbox
    0x7fff84d7a000 -     0x7fff84fb4ff7  com.apple.imageKit 2.0.1 (1.0) <5E32976B-5CEB-6316-2B5C-2ABFEF588E4F> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit
    0x7fff84fb5000 -     0x7fff84ff0fff  libcurl.4.dylib ??? (???) <383AC19D-AEED-9F53-DEA3-FF118BDD3735> /usr/lib/libcurl.4.dylib
    0x7fff84ff1000 -     0x7fff8506efe7  com.apple.CoreText 3.1.0 (???) <B4BFF82D-CA77-9A8E-2C7E-66367E807C7C> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
    0x7fff8506f000 -     0x7fff851dbff7  com.apple.QTKit 7.6.3 (1591.3) <2AD2AC43-F6A8-F2CE-CCFE-9E8E38E47BB0> /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
    0x7fff851dc000 -     0x7fff8531aff7  com.apple.WebKit 6531.21 (6531.21.8) <851A6DBB-9C6E-1C07-5C2B-48E832BD694F> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
    0x7fff8531b000 -     0x7fff8539afff  com.apple.audio.CoreAudio 3.2.2 (3.2.2) <2633DFAC-F6A6-489D-8DF0-F12639CCD8C4> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
    0x7fff853cb000 -     0x7fff8541aff7  com.apple.DirectoryService.PasswordServerFramework 6.0 (6.0) <14FD0978-4BE0-336B-A19E-F388694583EB> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer
    0x7fff8541b000 -     0x7fff854d0fe7  com.apple.ink.framework 1.3.1 (105) <5AA00FE5-B251-44AF-5108-44AA927C053C> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
    0x7fff85810000 -     0x7fff85838fff  com.apple.DictionaryServices 1.1.1 (1.1.1) <9FD709FC-23F0-F270-EAC1-C590CD516A36> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
    0x7fff8589a000 -     0x7fff8589cfff  com.apple.print.framework.Print 6.0 (237) <70DA9755-5DC1-716B-77E2-E42C5DAB85A2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
    0x7fff8589d000 -     0x7fff858d2ff7  libcups.2.dylib ??? (???) <0D020D80-F9D5-55DE-9CCE-9B80CDF08FC4> /usr/lib/libcups.2.dylib
    0x7fff859f4000 -     0x7fff85b67ff7  com.apple.CoreFoundation 6.6.1 (550.13) <1E952BD9-37C6-16BE-B2F0-CD92A6283D37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x7fff85b68000 -     0x7fff85b81fff  com.apple.CFOpenDirectory 10.6 (10.6) <0F46E102-8B8E-0995-BA85-3D9608F0A30C> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory
    0x7fff85b82000 -     0x7fff85b98fff  com.apple.ImageCapture 6.0 (6.0) <5B5AF8FB-C12A-B51F-94FC-3EC4698E818E> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
    0x7fff85b99000 -     0x7fff85bc8ff7  com.apple.quartzfilters 1.6.0 (1.6.0) <9CECB4FC-1CCF-B8A2-B935-5888B21CBEEF> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters
    0x7fff85bc9000 -     0x7fff85efbfef  com.apple.CoreServices.CarbonCore 861.2 (861.2) <39F3B259-AC2A-792B-ECFE-4F3E72F2D1A5> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
    0x7fff85efc000 -     0x7fff85f31fff  libGLImage.dylib ??? (???) <8AB3A26A-4CC4-4E6D-95CC-530FD7204599> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
    0x7fff85f80000 -     0x7fff85f82fff  libRadiance.dylib ??? (???) <376EAE92-8F25-9202-CC35-8EED5BD471FC> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
    0x7fff85f83000 -     0x7fff85f83ff7  com.apple.Cocoa 6.6 (???) <68B0BE46-6E24-C96F-B341-054CF9E8F3B6> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
    0x7fff85f84000 -     0x7fff85fafff7  libxslt.1.dylib ??? (???) <87A0B228-B24A-C426-C3FB-B40D7258DD49> /usr/lib/libxslt.1.dylib
    0x7fff85ff0000 -     0x7fff867fafe7  libBLAS.dylib ??? (???) <FC941ECB-71D0-FAE3-DCBF-C5A619E594B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
    0x7fff868bb000 -     0x7fff872affff  com.apple.AppKit 6.6.3 (1038.25) <2F7A5AC8-29E7-9B5F-D3F1-4C7F5821BB80> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    0x7fff872b0000 -     0x7fff873d4fe7  com.apple.audio.toolbox.AudioToolbox 1.6.1 (1.6.1) <F2AFF250-5F39-C3AD-0238-B10AF8A1ECFE> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
    0x7fff873d5000 -     0x7fff87419fef  com.apple.ImageCaptureCore 1.0 (1.0) <29A6CF83-B5C2-9730-D71D-825AEC8657F5> /System/Library/Frameworks/ImageCaptureCore.framework/Versions/A/ImageCaptureCore
    0x7fff8741a000 -     0x7fff87430ff7  com.apple.MultitouchSupport.framework 204.9 (204.9) <2BBD800A-0456-D90D-3205-8CE61F3A8F05> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport
    0x7fff87431000 -     0x7fff874b5fe7  com.apple.print.framework.PrintCore 6.1 (312.3) <33C0EADA-243E-1897-335D-17C5DC6A14A9> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
    0x7fff874b6000 -     0x7fff874c4ff7  libkxld.dylib ??? (???) <568C35E7-B101-3F1E-0361-3E1E9F15C90B> /usr/lib/system/libkxld.dylib
    0x7fff874c5000 -     0x7fff8785dfff  com.apple.QuartzCore 1.6.1 (227.8) <E296B174-F7CB-F021-D103-091CCB33BBEB> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
    0x7fff8785e000 -     0x7fff87863ff7  com.apple.CommonPanels 1.2.4 (91) <4D84803B-BD06-D80E-15AE-EFBE43F93605> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
    0x7fff87869000 -     0x7fff87876fe7  libCSync.A.dylib ??? (???) <F4066C8C-2A3E-4F2F-9F4D-03DB56F7C5CB> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
    0x7fff87877000 -     0x7fff87897ff7  com.apple.DirectoryService.Framework 3.6 (621.1) <FC0C2E15-84E2-B4A8-18EE-3AE620111627> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
    0x7fff8790d000 -     0x7fff87922ff7  com.apple.LangAnalysis 1.6.6 (1.6.6) <E83DAF4F-F284-BE0B-3D9D-D573023098B4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
    0x7fff87923000 -     0x7fff87934fef  libz.1.dylib ??? (???) <3A7A4C48-A4C8-A78A-8B87-C0DDF6601AC8> /usr/lib/libz.1.dylib
    0x7fff87964000 -     0x7fff87ae9fef  com.apple.JavaScriptCore 6531.21 (6531.21.9) <B35E43EB-824A-48ED-5A1B-08AC048AA226> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
    0x7fff87af6000 -     0x7fff87af7fff  liblangid.dylib ??? (???) <EA4D1607-2BD5-2EE2-2A3B-632EEE5A444D> /usr/lib/liblangid.dylib
    0x7fff87af8000 -     0x7fff87b44fff  libauto.dylib ??? (???) <072804DF-36AD-2DBE-7EF8-639CFB79077F> /usr/lib/libauto.dylib
    0x7fff87d15000 -     0x7fff87dc9ff7  com.apple.ColorSync 4.6.2 (4.6.2) <78A86D96-7758-6BFE-7231-A0C70F185FDD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
    0x7fff87dca000 -     0x7fff87dd0ff7  IOSurface ??? (???) <8E0EE904-59D1-9AA0-CE55-B1777F4BAEC1> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface
    0x7fff87e2c000 -     0x7fff87f43fef  libxml2.2.dylib ??? (???) <EE067D7E-15B3-F043-6FBD-10BA31FE76C7> /usr/lib/libxml2.2.dylib
    0x7fff87f44000 -     0x7fff87f8afe7  libvDSP.dylib ??? (???) <2DAA1591-8AE8-B411-7D01-68DE99C63CEE> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
    0x7fff87f8b000 -     0x7fff88025fff  com.apple.ApplicationServices.ATS 4.1 (???) <E2A107C5-0230-265A-E40D-CFE0219C99E1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
    0x7fff88070000 -     0x7fff880fcfef  SecurityFoundation ??? (???) <B69E2FF9-A698-4923-BC8B-180224B6EF75> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
    0x7fff880fd000 -     0x7fff88118ff7  com.apple.openscripting 1.3.1 (???) <FD46A0FE-AC79-3EF7-AB4F-396D376DDE71> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
    0x7fff88119000 -     0x7fff8814afef  libTrueTypeScaler.dylib ??? (???) <8291D9BB-97B2-AD06-D565-58A14A20D617> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib
    0x7fff8814b000 -     0x7fff88186ff7  com.apple.AE 496.1 (496.1) <27D2D2E9-B309-7E65-8C3F-7FF01148F0DE> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
    0x7fff88187000 -     0x7fff8828cfe7  libGLProgrammability.dylib ??? (???) <50498DA4-A2D6-260E-5C6E-994AF9BBDB98> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
    0x7fff8828d000 -     0x7fff882dcfef  libTIFF.dylib ??? (???) <796A1E6E-09B0-64F4-35F7-2ACEE9C2B429> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
    0x7fff882e6000 -     0x7fff882e6ff7  com.apple.quartzframework 1.5 (1.5) <B182B579-BCCE-81BF-8DA2-9E0B7BDF8516> /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
    0x7fff882e7000 -     0x7fff882edff7  com.apple.DiskArbitration 2.3 (2.3) <857F6E43-1EF4-7D53-351B-10DE0A8F992A> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
    0x7fff882ee000 -     0x7fff88325ff7  libssl.0.9.8.dylib ??? (???) <2D7FAEF9-A3CD-9F80-7CDE-852D3C93AEDB> /usr/lib/libssl.0.9.8.dylib
    0x7fff88342000 -     0x7fff88360fff  libPng.dylib ??? (???) <7635B74B-5415-9767-A881-E0B017F62376> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
    0x7fff88361000 -     0x7fff88368fff  com.apple.OpenDirectory 10.6 (10.6) <72A65D76-7831-D31E-F1B3-9E48BF26A98B> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
    0x7fff88369000 -     0x7fff88369ff7  com.apple.Accelerate 1.5 (Accelerate 1.5) <E517A811-E0E6-89D0-F397-66122C7A25A4> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
    0x7fff8836a000 -     0x7fff8836aff7  com.apple.vecLib 3.5 (vecLib 3.5) <5B072584-9579-F54F-180E-5D425B37E85C> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
    0x7fff8836b000 -     0x7fff883b5ff7  com.apple.Metadata 10.6.2 (507.4) <A28A5E0C-DCDC-A5CE-4EB7-39752E63956A> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
    0x7fff883b6000 -     0x7fff883f9ff7  libRIP.A.dylib ??? (???) <9CA0768E-C2DF-61FD-F475-DB48F4219B49> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
    0x7fff8840a000 -     0x7fff8868bfe7  com.apple.Foundation 6.6.1 (751.14) <767349DB-C486-70E8-7970-F13DB4CDAF37> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
    0x7fff8868c000 -     0x7fff886a0ff7  com.apple.speech.synthesis.framework 3.10.35 (3.10.35) <621B7415-A0B9-07A7-F313-36BEEDD7B132> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
    0x7fff886a1000 -     0x7fff886a9fff  com.apple.DisplayServicesFW 2.2 (2.2) <2C497E53-F471-5930-D15D-C033C438F39C> /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices
    0x7fff886da000 -     0x7fff88894fef  com.apple.ImageIO.framework 3.0.1 (3.0.1) <10202E28-34DD-71CA-BE5D-1BE5C8DE2198> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
    0x7fff88895000 -     0x7fff888b9ff7  com.apple.CoreVideo 1.6.0 (43.1) <FF310442-03F4-648D-4CD2-D7AC459901D5> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
    0x7fff888fc000 -     0x7fff88900ff7  libCGXType.A.dylib ??? (???) <E11B4D25-2251-4646-118C-87BD4C57A194> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib
    0x7fff88901000 -     0x7fff88991fff  com.apple.SearchKit 1.3.0 (1.3.0) <4175DC31-1506-228A-08FD-C704AC9DF642> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
    0x7fff88a05000 -     0x7fff88a56fe7  com.apple.HIServices 1.8.0 (???) <113EEB8A-8EC6-9F86-EF46-4BA5C2CBF77C> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
    0x7fff88a57000 -     0x7fff88a66fef  com.apple.opengl 1.6.5 (1.6.5) <30D6B03B-4B4C-1F78-1FDB-0403E7FE8707> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
    0x7fff88a67000 -     0x7fff88a67ff7  com.apple.CoreServices 44 (44) <210A4C56-BECB-E3E4-B6EE-7EC53E02265D> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
    0x7fff88a68000 -     0x7fff88b34fff  com.apple.CFNetwork 454.5 (454.5) <319C7138-2839-DA5E-413A-618248BD4A32> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
    0x7fff88b35000 -     0x7fff88b97fe7  com.apple.datadetectorscore 2.0 (80.7) <F9D2332D-0890-2ED2-1AC8-F85CB89D8BD4> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore
    0x7fffffe00000 -     0x7fffffe01fff  libSystem.B.dylib ??? (???) <526DD3E5-2A8B-4512-ED97-01B832369959> /usr/lib/libSystem.B.dylib

comment:41 follow-up: Changed 13 years ago by dak180

As a neutral observer, (I am not experiencing this crash) might I suggest that exiva download the source (xcode may also need to be installed for this to work) and when it crashes look in the Console log; it may give you a better idea of what is happening (as in a file and line where the crash happens).

If you have already tried this then I do not know what else to tell you.

Changed 13 years ago by exiva

Screenshot from Xcode Debugger & Console

comment:42 in reply to: ↑ 41 Changed 13 years ago by exiva

Replying to dak180 :

As a neutral observer, (I am not experiencing this crash) might I suggest that exiva download the source (xcode may also need to be installed for this to work) and when it crashes look in the Console log; it may give you a better idea of what is happening (as in a file and line where the crash happens).

If you have already tried this then I do not know what else to tell you.

Screenshot attached from debugger & console above.

comment:43 follow-ups: Changed 13 years ago by charles

dak180: that was, in fact, very helpful. I don't have access to xcode and didn't know that this was free, and easy to use... as for the bug report, I had been interpreting the text as reading that the `base' pointer was null, but it seems that it's non-null and ev is null. If nothing else, this will avoid more false theories I've had...

exiva: could you make a few more screenshots up the call chain as well? It looks like if you click on "1 event active" in the upper-left that the upper-right will show the stack variables from that function, then repeat for "2 kqueue_dispatch" and "3 event_base_loop".

comment:44 in reply to: ↑ 43 Changed 13 years ago by dak180

Replying to charles:

dak180: that was, in fact, very helpful. I don't have access to xcode and didn't know that this was free, and easy to use...

Yeah all of apple's basic dev apps (xcode, the sdks and such) are free, you just need a free apple developer account to download the latest version (xcode comes as an optional install on the dvd you get with the computer); the download is however rather large: around 2 or 3 GB.

Changed 13 years ago by exiva

Changed 13 years ago by exiva

Changed 13 years ago by exiva

Changed 13 years ago by exiva

comment:45 in reply to: ↑ 43 Changed 13 years ago by exiva

Replying to charles: could you make a few more screenshots up the call chain as well? It looks like if you click on "1 event active" in the upper-left that the upper-right will show the stack variables from that function, then repeat for "2 kqueue_dispatch" and "3 event_base_loop".

I've added new screenshots, when I re-ran the Application it crashed in a new location. Hopefully this provides some insight.

comment:46 follow-up: Changed 13 years ago by charles

Actually those screenshots seem to be lying to us, at least some of the time. The pointers aren't consistent, and in the fourth one we seem to be successfully dereferencing a NULL pointer...

does r9905 improve things any?

comment:47 in reply to: ↑ 46 Changed 13 years ago by exiva

Replying to charles:

Actually those screenshots seem to be lying to us, at least some of the time. The pointers aren't consistent, and in the fourth one we seem to be successfully dereferencing a NULL pointer...

does r9905 improve things any?

Causes a new crash. I figured I'd make a new bug report. for it. see #2742

comment:48 follow-up: Changed 13 years ago by charles

Yes, sorry about that.

How about r9910... ;)

comment:49 Changed 13 years ago by wereHamster

  • Cc tom@… added

You can add (Open)Solaris to the platform where T crashes in event_queue_insert (this is with r9899). But it took quite long for it to crash. I don't know when it did but it took longer than a few hours. I've had T core dump almost as long as I remember, but only now decided to actually investigate it.

Core was generated by `./daemon/transmission-daemon -f'. Program terminated with signal 11, Segmentation fault. [New process 135638 ] [New process 70102 ] #0 event_queue_insert (base=0x573718fa, ev=0x898bb20, queue=8) at event.c:987 987 base->event_count++; (gdb) bt #0 event_queue_insert (base=0x573718fa, ev=0x898bb20, queue=8) at event.c:987 #1 0x080c2062 in evport_dispatch (base=0x80e8660, arg=0x80e7990, tv=0x898bb20) at evport.c:380 #2 0x080bcdd8 in event_base_loop (base=0x80e8660, flags=0) at event.c:535 #3 0x080bd0cc in event_loop (flags=0) at event.c:468 #4 0x080bd0e1 in event_dispatch () at event.c:406 #5 0x0807fde9 in libeventThreadFunc (veh=0x80e7920) at trevent.c:228 #6 0x0806dbb6 in ThreadFunc? (_t=0x80e4d08) at platform.c:108 #7 0xfebafa23 in _thrp_setup () from /lib/libc.so.1 #8 0xfebafcb0 in ?? () from /lib/libc.so.1 #9 0xfe2b0200 in ?? () #10 0x00000000 in ?? () (gdb)

comment:50 in reply to: ↑ 48 Changed 13 years ago by exiva

Replying to charles:

Yes, sorry about that.

How about r9910... ;)

I've been running r9910 for about a half hour now without an issue... Still testing though.

comment:51 Changed 13 years ago by exiva

I think there might be some success with r9911. I've been running it overnight with no crashing. Going to continue testing.

comment:52 follow-up: Changed 13 years ago by charles

exiva: thanks for the feedback. Looking forward to further reports... :)

comment:53 in reply to: ↑ 52 Changed 13 years ago by exiva

Replying to charles:

exiva: thanks for the feedback. Looking forward to further reports... :)

Still going good. Perhaps this is the one. :D

comment:54 Changed 13 years ago by exiva

About 24 hours now without a crash...

comment:55 Changed 13 years ago by charles

From email conversation with libevent developer Nick:

Mac users report that the crash goes away if kqueue is disabled in libevent, so I think it's a bug in the kqueue code. After looking at more crash reports I have a /theory/ about what's happening: I suspect libcurl is making two callbacks in a row: (1) monitor a socket for read/write, and (2) stop monitoring. I think these two calls are made back-to-back so that libevent doesn't get a chance to dispatch between (1) and (2). So the kqueue backend batches both (1) and (2) into the same changelist call to kqueue(), and the resulting eventlist has an kevent for (1), except its libevent event (stored in kevent.udata) has already been event_del()ed in the second libcurl callback.

Exciting! Thanks for diagnosing this. Is it okay with you if I post our correspondence on this to the bugtracker (at levent.sourceforge.net) so that Niels can have a look at it too, and we don't forget to fix it?

I've tried adding a call to event_loop(EVLOOP_ONCE) to force a dispatch between (1) and (2), but as you'd expect, that blows the stack as libevent and libcurl build callbacks on top of one another.

One fix might be for kq_del() to walk through kqop.changes for kevents where ((kev.ident==ev->ev_fd) && (kev.udata==ev)) and remove them. Does this sound correct to you?

Hm! That sounds like a start, but an inefficient one; we don't want to change adding N events into an O(N2) operation.

We're going to need different solutions here for Libevent 1.4 and Libevent 2.0. In 1.4, since every kqueue add/delete corresponds to a single event, we can probably get away with storing an "add pending/delete pending" flag in the struct event, so that when you go to delete an event whose add is pending, instead of adding a "delete" to the changes list, you just remove the add from "changes." When we're about to call kevent, we should go through all the events in changes and clear the pending flags in their corresponding events.

In 2.0, however, since multiple events can share the same fd, we've made the changes in kqueue correspond to fds, tracking the fdinfo struct. (See evmap.c for the full detail.) We'd need to stick the pending flag in fdinfo here, I believe, unless we try to do this by keeping changed fdinfos in a list and only filling in 'changes' when we're about to call kevent.

This will probably need a little more thought than I've given it; I'd like to see what Niels thinks if you're okay with me sharing this on sourceforge.

comment:56 Changed 13 years ago by charles

  • Priority changed from High to Normal
  • Severity changed from Major to Normal
  • Summary changed from crash in event_queue_insert to once libevent's kqueue bug is solved, use kqueue instead of poll on OS X

I think that this is no longer a blocker for Transmission 1.80... using poll instead of kqueue seems to be a tolerable workaround on OS X.

Instead, this ticket should be left open as a reminder for Transmission to switch back to kqueue once the root problem is solved in libevent. This can be done by reverting the trunk/third-party/ changes in r9910.

Updating the title, priority, and severity to reflect this.

comment:57 Changed 13 years ago by charles

  • Milestone set to 1.80
  • Summary changed from once libevent's kqueue bug is solved, use kqueue instead of poll on OS X to using libevent as a backend for libcurl is buggy on OS X

It looks like poll() has its own issues, namely that the poll() backend is -- as one would expect -- using a lot more CPU than libevent's kqueue backend does.

Nick has a test patch available for 1.4x, so we're going to stick this in the nightly builds and try it for awhile, and hold off on 1.80 until we see what happens here.

comment:58 follow-up: Changed 13 years ago by charles

This upstream experimental fix is now in trunk and the nightly builds starting with r9946. Every Mac user cc'ed on this is strongly encouraged to update, test, and report back, whether it's good news or bad news.

comment:59 Changed 13 years ago by charles

er, did I say r9946? I meant r9947 :(

comment:60 in reply to: ↑ 58 Changed 13 years ago by exiva

Replying to charles:

This upstream experimental fix is now in trunk and the nightly builds starting with r9946. Every Mac user cc'ed on this is strongly encouraged to update, test, and report back, whether it's good news or bad news.

Crashed.

Screenshots from Xcode incoming.

Changed 13 years ago by exiva

Changed 13 years ago by exiva

Changed 13 years ago by exiva

Changed 13 years ago by exiva

comment:61 follow-ups: Changed 13 years ago by charles

exiva: I'm sure you'll get tired of me saying this after awhile, but... could you repeat this in revision >= 9949? Also, we for the time being the first screenshot is enough.

comment:62 Changed 13 years ago by charles

(also... I wish I knew how you're able to make it crash so quickly. Thanks very much for helping to test out all these crazy changes...)

comment:63 in reply to: ↑ 61 Changed 13 years ago by exiva

Replying to charles:

exiva: I'm sure you'll get tired of me saying this after awhile, but... could you repeat this in revision >= 9949? Also, we for the time being the first screenshot is enough.

Testing it out now.

hahah, I wish I knew how I make it crash so quickly.

comment:64 in reply to: ↑ 61 Changed 13 years ago by exiva

Replying to charles:

exiva: I'm sure you'll get tired of me saying this after awhile, but... could you repeat this in revision >= 9949? Also, we for the time being the first screenshot is enough.

Using r9950 still crashes. Screenshot to follow.

Changed 13 years ago by exiva

comment:65 follow-up: Changed 13 years ago by charles

Good deal, keep it up... how about r9951. :)

Changed 13 years ago by exiva

comment:66 in reply to: ↑ 65 Changed 13 years ago by exiva

Replying to charles:

Good deal, keep it up... how about r9951. :)

Pretty much instacrash. Xcode screenshot above.

comment:67 Changed 13 years ago by mortennorby

Some while ago, the Xcode project included and linked to libcurl from OS X 10.5, even when compiling for 10.6. I removed it and linked to the built-in libcurl in the 10.6 SDK. At the time I was trying to remove a (perceived?) problem with leaking resources, but I have never seen any of the behaviour mentioned in this bug in the last couple of weeks, so are you sure that you are compiling/running against the right libcurl version?

comment:68 Changed 13 years ago by livings124

mortennorby: We compile against the 10.5 libcurl intentionally, so that we can run on 10.5.

comment:69 Changed 13 years ago by mortennorby

Sorry if I wasn't clear, my comment was not meant to question the intentions of the build configuration.

What it was meant to do was to contribute a small data point, namely

  • On my machine (10.6.2), I don't experience the problem
  • I compile against the SDK for 10.6, with the libcurl that goes with it

So I guess that the question that I am just floating to you guys is, if the people experiencing the problem under 10.6 also see it if run a version linked to libcurl from 10.6?

comment:70 Changed 13 years ago by livings124

I'm pretty sure they're unrelated, but just in case can you see if you experience the crash with the prebuilt nightly using the 10.5 libcurl?

comment:71 Changed 13 years ago by charles

  • Summary changed from using libevent as a backend for libcurl is buggy on OS X to crash in libevent's event_queue_insert()

comment:72 Changed 13 years ago by mortennorby

OK, I have been running r9945 from the nightlies for a couple of hours now, at it doesn't seem to crash. It is running with 6 torrents.

comment:73 follow-up: Changed 13 years ago by charles

exiva: no overnight crashlog for you either?

also r9959 has an updated file (libtransmission/peer-io.c) that I'd like you to test out too. If that still crashes, please mail me *that* crash log too. :)

comment:74 in reply to: ↑ 73 Changed 13 years ago by exiva

Replying to charles:

exiva: no overnight crashlog for you either?

also r9959 has an updated file (libtransmission/peer-io.c) that I'd like you to test out too. If that still crashes, please mail me *that* crash log too. :)

Yeah, I had a crash overnight. Coming to IRC now.

comment:75 Changed 13 years ago by charles

according to exiva in irc, this bug is fixed now as of r9959

comment:76 Changed 13 years ago by charles

  • Milestone 1.80 deleted
  • Resolution set to fixed
  • Status changed from reopened to closed

comment:77 Changed 13 years ago by charles

  • Component changed from Mac Client to libtransmission

tl;dr: don't call event_del() twice in a row on the same struct event.

Note: See TracTickets for help on using tickets.