Opened 13 years ago

Closed 13 years ago

#2483 closed Bug (invalid)

Segfault in myHandshakeDoneCB

Reported by: skotopes Owned by:
Priority: Normal Milestone: None Set
Component: Daemon Version: 1.75
Severity: Normal Keywords:
Cc:

Description

Happens some time, runing under debian. compiled with flags

./configure --enable-daemon --with-inotify --prefix=/usr

Linux router 2.6.26-2-486 #1 Fri Aug 14 01:02:21 UTC 2009 i686 GNU/Linux

#0  myHandshakeDoneCB (handshake=0xbdffad0, io=0xa777c98, isConnected=1 '\001', peer_id=0xa777cb4 "-TR1750-5kuquyycyf0c?<?J0d?\t", vmanager=0x9ac7c60) at peer-mgr.c:1289
1289	        if( atom->myflags & MYFLAG_BANNED )
(gdb) bt
#0  myHandshakeDoneCB (handshake=0xbdffad0, io=0xa777c98, isConnected=1 '\001', peer_id=0xa777cb4 "-TR1750-5kuquyycyf0c?<?J0d?\t", vmanager=0x9ac7c60) at peer-mgr.c:1289
#1  0x080856e5 in tr_handshakeDone (handshake=0xbdffad0, isOK=207 '?') at handshake.c:1103
#2  0x08085977 in readPayloadStream (handshake=0xbdffad0, inbuf=<value optimized out>) at handshake.c:1012
#3  0x080870f6 in canRead (io=0xa777c98, arg=0xbdffad0, piece=0xb78e3178) at handshake.c:1061
#4  0x08071e44 in canReadWrapper (io=0xa777c98) at peer-io.c:135
#5  0x0807227f in tr_peerIoTryRead (io=0xa777c98, howmuch=1024) at peer-io.c:816
#6  0x08072452 in tr_peerIoFlush (io=0xa777c98, dir=TR_PEER_TO_CLIENT, limit=1024) at peer-io.c:868
#7  0x08067cfc in phaseOne (peerArray=<value optimized out>, dir=TR_PEER_TO_CLIENT) at bandwidth.c:216
#8  0x08068802 in tr_bandwidthAllocate (b=0x9ac72b0, dir=TR_PEER_TO_CLIENT, period_msec=500) at bandwidth.c:273
#9  0x08073976 in bandwidthPulse (vmgr=0x9ac7c60) at peer-mgr.c:2635
#10 0x08062ea6 in timerCallback (fd=-1, event=1, vtimer=0x9adbe48) at trevent.c:303
#11 0x080988f0 in event_base_loop (base=0x9ac7588, flags=0) at event.c:392
#12 0x08098a4a in event_loop (flags=0) at event.c:468
#13 0x08098a62 in event_dispatch () at event.c:406
#14 0x08062bfd in libeventThreadFunc (veh=0x9ac6530) at trevent.c:239
#15 0xb7d114c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
#16 0xb7c906de in clone () from /lib/i686/cmov/libc.so.6

Change History (10)

comment:1 Changed 13 years ago by charles

==16527== Invalid read of size 4
==16527==    at 0x4264DC: tr_isBandwidth (bandwidth.h:142)
==16527==    by 0x426A1A: allocateBandwidth (bandwidth.c:162)
==16527==    by 0x426BFF: allocateBandwidth (bandwidth.c:199)
==16527==    by 0x426E14: tr_bandwidthAllocate (bandwidth.c:254)
==16527==    by 0x437C44: bandwidthPulse (peer-mgr.c:2634)
==16527==    by 0x41C8E7: timerCallback (trevent.c:303)
==16527==    by 0x32EE6065F0: event_base_loop (in /usr/lib64/libevent-1.4.so.2.1.0)
==16527==    by 0x41C6B3: libeventThreadFunc (trevent.c:239)
==16527==    by 0x40BE13: ThreadFunc (platform.c:108)
==16527==    by 0x32EB206869: start_thread (in /lib64/libpthread-2.10.1.so)
==16527==    by 0x32EA6DE3BC: clone (in /lib64/libc-2.10.1.so)
==16527==  Address 0xcc51314 is 852 bytes inside a block of size 1,184 free'd
==16527==    at 0x4A0633D: free (vg_replace_malloc.c:323)
==16527==    by 0x42EA17: tr_free (utils.h:295)
==16527==    by 0x42FB2B: io_dtor (peer-io.c:458)
==16527==    by 0x41CB58: tr_runInEventThread (trevent.c:364)
==16527==    by 0x42FBAE: tr_peerIoFree (peer-io.c:470)
==16527==    by 0x42FD20: tr_peerIoUnrefImpl (peer-io.c:494)
==16527==    by 0x44AB02: tr_handshakeFree (handshake.c:1112)
==16527==    by 0x44ABC4: tr_handshakeDone (handshake.c:1130)
==16527==    by 0x44ABFA: tr_handshakeAbort (handshake.c:1138)
==16527==    by 0x44AD96: handshakeTimeout (handshake.c:1179)
==16527==    by 0x32EE6065F0: event_base_loop (in /usr/lib64/libevent-1.4.so.2.1.0)
==16527==    by 0x41C6B3: libeventThreadFunc (trevent.c:239)
==16527==    by 0x40BE13: ThreadFunc (platform.c:108)
==16527==    by 0x32EB206869: start_thread (in /lib64/libpthread-2.10.1.so)
==16527==    by 0x32EA6DE3BC: clone (in /lib64/libc-2.10.1.so)

comment:2 Changed 13 years ago by charles

...and of course, I've been running in valgrind ever since and can't reproduce this. :/

comment:3 Changed 13 years ago by skotopes

i can provide core and bin if it will help,

valgrin on my p3-600 makes all atemptes to collect data useless ;-(

comment:4 Changed 13 years ago by charles

  • Priority changed from High to Normal
  • Severity changed from Critical to Normal

Two weeks later, I still haven't seen this occur again.

I don't think there's enough information here to fix the bug, whatever it is.

Is this still happening for you in 1.76?

comment:5 Changed 13 years ago by skotopes

transmission 1.76 is banned on BS and home net traker and i`m unable to check is it already fixed or not.

comment:6 Changed 13 years ago by skotopes

problem still exists.

comment:7 Changed 13 years ago by charles

Could you provide a 1.76 backtrace? I don't yet know how to move forward on this ticket.

comment:8 Changed 13 years ago by skotopes

more it looks like memory corruption:

router:/home/catdog# gdb /usr/bin/transmission-daemon  /var/core/core.transmission-da.25705.11 
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: core file may not match specified executable file.

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/i686/cmov/libnsl.so.1
Reading symbols from /lib/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/i686/cmov/librt.so.1
Reading symbols from /lib/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/i686/cmov/libresolv.so.2
Reading symbols from /usr/lib/libcurl.so.4...done.
Loaded symbols for /usr/lib/libcurl.so.4
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/i686/cmov/libssl.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libssl.so.0.9.8
Reading symbols from /usr/lib/i686/cmov/libcrypto.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libcrypto.so.0.9.8
Reading symbols from /lib/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/i686/cmov/libm.so.6
Reading symbols from /lib/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/i686/cmov/libpthread.so.0
Reading symbols from /lib/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /usr/lib/libssh2.so.1...done.
Loaded symbols for /usr/lib/libssh2.so.1
Reading symbols from /usr/lib/liblber-2.4.so.2...done.
Loaded symbols for /usr/lib/liblber-2.4.so.2
Reading symbols from /usr/lib/libldap_r-2.4.so.2...done.
Loaded symbols for /usr/lib/libldap_r-2.4.so.2
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /lib/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libgcrypt.so.11...done.
Loaded symbols for /usr/lib/libgcrypt.so.11
Reading symbols from /usr/lib/libgpg-error.so.0...done.
Loaded symbols for /usr/lib/libgpg-error.so.0
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /usr/lib/libgnutls.so.26...done.
Loaded symbols for /usr/lib/libgnutls.so.26
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libkeyutils.so.1...done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /usr/lib/libtasn1.so.3...done.
Loaded symbols for /usr/lib/libtasn1.so.3
Reading symbols from /lib/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_files.so.2
Reading symbols from /lib/i686/cmov/libnss_dns.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_dns.so.2
Core was generated by `/usr/bin/transmission-daemon -f -g /media/transmission-daemon'.
Program terminated with signal 11, Segmentation fault.
[New process 25706]
[New process 25705]
#0  tr_netOpenTCP (session=0x9af5430, addr=0xa445e18, port=35414) at net.c:306
306	    s = tr_fdSocketCreate( domains[addr->type], SOCK_STREAM );
(gdb) bt
#0  tr_netOpenTCP (session=0x9af5430, addr=0xa445e18, port=35414) at net.c:306
#1  0x080713fb in tr_peerIoNewOutgoing (session=0x9af5430, parent=0x9af62b0, addr=0xa445e18, port=35414, torrentHash=0x9fa8a8c "5\030\005\215(\237AO?\006UA6???\234?'3518058d289f414fe8b806554136e0e0fe9cad27")
    at peer-io.c:423
#2  0x08076743 in reconnectPulse (vmgr=0x9af6c60) at peer-mgr.c:2406
#3  0x08062ee6 in timerCallback (fd=-1, event=1, vtimer=0x9b17488) at trevent.c:303
#4  0x08098870 in event_base_loop (base=0x9af6588, flags=0) at event.c:385
#5  0x08098a2a in event_loop (flags=0) at event.c:461
#6  0x08098a42 in event_dispatch () at event.c:399
#7  0x08062c3d in libeventThreadFunc (veh=0x9af5530) at trevent.c:239
#8  0xb7cfe4c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
#9  0xb7c7d6de in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0 
#0  tr_netOpenTCP (session=0x9af5430, addr=0xa445e18, port=35414) at net.c:306
306	    s = tr_fdSocketCreate( domains[addr->type], SOCK_STREAM );
(gdb) l
301	    assert( tr_isAddress( addr ) );
302	
303	    if( isMulticastAddress( addr ) || isIPv6LinkLocalAddress( addr ) )
304	        return -EINVAL;
305	
306	    s = tr_fdSocketCreate( domains[addr->type], SOCK_STREAM );
307	    if( s < 0 )
308	        return -1;
309	
310	    if( evutil_make_socket_nonblocking( s ) < 0 ) {

i`m keeping cores, so if you need detailed information please ask

comment:9 Changed 13 years ago by skotopes

and one more:

router:/home/catdog# gdb /usr/bin/transmission-daemon  /var/core/core.transmission-da.26079.11 
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: core file may not match specified executable file.

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/i686/cmov/libnsl.so.1
Reading symbols from /lib/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/i686/cmov/librt.so.1
Reading symbols from /lib/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/i686/cmov/libresolv.so.2
Reading symbols from /usr/lib/libcurl.so.4...done.
Loaded symbols for /usr/lib/libcurl.so.4
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/i686/cmov/libssl.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libssl.so.0.9.8
Reading symbols from /usr/lib/i686/cmov/libcrypto.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libcrypto.so.0.9.8
Reading symbols from /lib/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/i686/cmov/libm.so.6
Reading symbols from /lib/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/i686/cmov/libpthread.so.0
Reading symbols from /lib/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /usr/lib/libssh2.so.1...done.
Loaded symbols for /usr/lib/libssh2.so.1
Reading symbols from /usr/lib/liblber-2.4.so.2...done.
Loaded symbols for /usr/lib/liblber-2.4.so.2
Reading symbols from /usr/lib/libldap_r-2.4.so.2...done.
Loaded symbols for /usr/lib/libldap_r-2.4.so.2
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /lib/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libgcrypt.so.11...done.
Loaded symbols for /usr/lib/libgcrypt.so.11
Reading symbols from /usr/lib/libgpg-error.so.0...done.
Loaded symbols for /usr/lib/libgpg-error.so.0
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /usr/lib/libgnutls.so.26...done.
Loaded symbols for /usr/lib/libgnutls.so.26
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libkeyutils.so.1...done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /usr/lib/libtasn1.so.3...done.
Loaded symbols for /usr/lib/libtasn1.so.3
Reading symbols from /lib/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_files.so.2
Reading symbols from /lib/i686/cmov/libnss_dns.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_dns.so.2
Core was generated by `/usr/bin/transmission-daemon -f -g /media/transmission-daemon'.
Program terminated with signal 11, Segmentation fault.
[New process 26080]
[New process 26079]
#0  0x0809dcbb in epoll_dispatch (base=0x82af588, arg=0x82ae668, tv=0xb785e340) at epoll.c:208
208		} else if (base->sig.evsignal_caught) {
(gdb) bt
#0  0x0809dcbb in epoll_dispatch (base=0x82af588, arg=0x82ae668, tv=0xb785e340) at epoll.c:208
#1  0x0809867b in event_base_loop (base=0x82af588, flags=0) at event.c:516
#2  0x08098a2a in event_loop (flags=0) at event.c:461
#3  0x08098a42 in event_dispatch () at event.c:399
#4  0x08062c3d in libeventThreadFunc (veh=0x82ae530) at trevent.c:239
#5  0xb7c8c4c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
#6  0xb7c0b6de in clone () from /lib/i686/cmov/libc.so.6

comment:10 Changed 13 years ago by skotopes

  • Resolution set to invalid
  • Status changed from new to closed

sorry it looks like i`m stupid brainfucker, i got corrupted memory on my pc.

Note: See TracTickets for help on using tickets.