Opened 9 years ago

Closed 8 years ago

#4883 closed Bug (incomplete)

[gtk] SIGABRT when unselecting all files in 'Torrent options' dialog'

Reported by: partygirl91 Owned by: jordan
Priority: Normal Milestone: None Set
Component: GTK+ Client Version: 2.51
Severity: Normal Keywords:
Cc:

Description

(I have seen the below problem for a while with released versions, but now checked it with the nightly tarball, and ran transmission-gtk under gdb.

Steps:

  • open some multi-file torrent, see the 'Torrent options' dialog popup
  • click the top-level 'Download' checkbox to unselect all
  • now, the whole list disappears

On the terminal, I see:

mv: cannot stat `/home/user/downloads/SomeTorrent': No such file or directory localhost:9091/transmission/rpc/ responded: "success"

Now, I click 'Open' -- receive a SIGABRT with the following stack trace:

[Thread 0x7fffd7fff700 (LWP 14601) exited] transmission-gtk: torrent.c:2273: tr_torrentSetPriority: Assertion `tr_isTorrent( tor )' failed.

Program received signal SIGABRT, Aborted. 0x00007ffff418a475 in *GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff418a475 in *GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff418d6f0 in *GI_abort () at abort.c:92 #2 0x00007ffff4183621 in *GI_assert_fail (assertion=0x4ce259 "tr_isTorrent( tor )", file=<optimized out>, line=2273, function=0x4ced80 "tr_torrentSetPriority") at assert.c:81 #3 0x0000000000472ebe in tr_torrentSetPriority (tor=0x7fffe40d94c0, priority=0 '\000') at torrent.c:2273 #4 0x000000000043b7b8 in addResponseCB (dialog=0x9e41b0, response=-3, gdata=0xc645a0) at open-dialog.c:129 #5 0x00007ffff5f974f2 in g_closure_invoke (closure=0xc827d0, return_value=0x0, n_param_values=2, param_values=0x7fffffffcd50, invocation_hint=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gclosure.c:777 #6 0x00007ffff5fa85c1 in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=<optimized out>, emission_return=0x0, instance_and_params=0x7fffffffcd50) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3547 #7 0x00007ffff5fb08e9 in g_signal_emit_valist (instance=0x9e41b0, signal_id=<optimized out>, detail=0, var_args=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3296 #8 0x00007ffff5fb0a92 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3352 #9 0x00007ffff5f9771a in _g_closure_invoke_va (closure=0xc66790, return_value=0x0, instance=0xa2d920, args=0x7fffffffd308, n_params=0, param_types=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gclosure.c:840 #10 0x00007ffff5faff91 in g_signal_emit_valist (instance=0xa2d920, signal_id=<optimized out>, detail=0, var_args=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3207 #11 0x00007ffff5fb0a92 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3352 #12 0x00007ffff760b508 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #13 0x00007ffff5f974f2 in g_closure_invoke (closure=0x833730, return_value=0x0, n_param_values=1, param_values=0x7fffffffd5f0, invocation_hint=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gclosure.c:777 #14 0x00007ffff5fa89c9 in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=<optimized out>, emission_return=0x0, instance_and_params=0x7fffffffd5f0) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3477 #15 0x00007ffff5fb08e9 in g_signal_emit_valist (instance=0xa2d920, signal_id=<optimized out>, detail=0, var_args=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3296 #16 0x00007ffff5fb0a92 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3352 #17 0x00007ffff7609c47 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #18 0x00007ffff76ca8e1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #19 0x00007ffff5f9771a in _g_closure_invoke_va (closure=0x716f90, return_value=0x7fffffffdb70, instance=0xa2d920, args=0x7fffffffdc18, n_params=1, param_types=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gclosure.c:840 #20 0x00007ffff5faff91 in g_signal_emit_valist (instance=0xa2d920, signal_id=<optimized out>, detail=0, var_args=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3207 #21 0x00007ffff5fb0a92 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./gobject/gsignal.c:3352 #22 0x00007ffff77f4c29 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #23 0x00007ffff76c879b in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #24 0x00007ffff76ca4a1 in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #25 0x00007ffff7312dd2 in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 #26 0x00007ffff56cb79a in g_main_dispatch (context=0x7259b0) at /tmp/buildd/glib2.0-2.32.0/./glib/gmain.c:2515 #27 g_main_context_dispatch (context=0x7259b0) at /tmp/buildd/glib2.0-2.32.0/./glib/gmain.c:3052 #28 0x00007ffff56cbb60 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x7259b0, self=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./glib/gmain.c:3123 #29 g_main_context_iterate (context=0x7259b0, block=<optimized out>, dispatch=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.32.0/./glib/gmain.c:3060 #30 0x00007ffff56cbc24 in g_main_context_iteration (context=0x7259b0, may_block=1) at /tmp/buildd/glib2.0-2.32.0/./glib/gmain.c:3184 #31 0x00007ffff6271164 in g_application_run (application=0x845430, argc=<optimized out>, argv=0x7fffffffe278) at /tmp/buildd/glib2.0-2.32.0/./gio/gapplication.c:1496 ---Type <return> to continue, or q <return> to quit--- #32 0x00000000004351cf in main (argc=1, argv=0x7fffffffe278) at main.c:657

Change History (9)

comment:1 Changed 9 years ago by livings124

  • Component changed from Transmission to GTK+ Client
  • Owner set to jordan

comment:2 Changed 8 years ago by jordan

I'm not able to reproduce this crash in 2.75. Is this still an issue for you partygirl91?

comment:3 Changed 8 years ago by partygirl91

I just tried 2.75, and sadly, it is not fixed yet; the backtrace is different though:

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffeafa9700 (LWP 21206)] _int_malloc (av=0x7fffd8000020, bytes=<optimized out>) at malloc.c:4478 4478 malloc.c: No such file or directory. (gdb) bt #0 _int_malloc (av=0x7fffd8000020, bytes=<optimized out>) at malloc.c:4478 #1 0x00007ffff41d3b90 in *GI_libc_malloc (bytes=4096) at malloc.c:3660 #2 0x00007ffff56d0f31 in g_malloc (n_bytes=n_bytes@entry=4096) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmem.c:159 #3 0x00007ffff620da7c in g_buffered_input_stream_set_buffer_size (stream=0x822710, size=4096) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gbufferedinputstream.c:235 #4 0x00007ffff5f9d96c in object_set_property (nqueue=0x7fffe4001e70, value=0x7fffd80016c0, pspec=0x823460, object=0x822710) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gobject/gobject.c:1352 #5 g_object_constructor (type=<optimized out>, n_construct_properties=<optimized out>, construct_params=<optimized out>) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gobject/gobject.c:1863 #6 0x00007ffff5f9ede1 in g_object_newv (object_type=object_type@entry=8540560, n_parameters=n_parameters@entry=1, parameters=parameters@entry=0x7fffd8071800)

at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gobject/gobject.c:1713

#7 0x00007ffff5f9f5d0 in g_object_new_valist (object_type=object_type@entry=8540560, first_property_name=first_property_name@entry=0x7ffff62ceb99 "base-stream", var_args=var_args@entry=0x7fffeafa8928)

at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gobject/gobject.c:1830

#8 0x00007ffff5f9f904 in g_object_new (object_type=8540560, first_property_name=first_property_name@entry=0x7ffff62ceb99 "base-stream") at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gobject/gobject.c:1545 #9 0x00007ffff6214cbc in g_data_input_stream_new (base_stream=base_stream@entry=0xb606a0) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gdatainputstream.c:195 #10 0x00007ffff629c368 in g_dbus_message_new_from_blob (blob=<optimized out>, blob_len=<optimized out>, capabilities=<optimized out>, error=error@entry=0x7fffeafa8b28)

at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gdbusmessage.c:1681

#11 0x00007ffff62a6c35 in _g_dbus_worker_do_read_cb (input_stream=<optimized out>, res=<optimized out>, user_data=0x828690) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gdbusprivate.c:753 #12 0x00007ffff6248537 in g_simple_async_result_complete (simple=0x7fffe4001960) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gsimpleasyncresult.c:767 #13 0x00007ffff6248639 in complete_in_idle_cb (data=<optimized out>) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gsimpleasyncresult.c:779 #14 0x00007ffff56cb355 in g_main_dispatch (context=0x8261e0) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:2539 #15 g_main_context_dispatch (context=context@entry=0x8261e0) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3075 #16 0x00007ffff56cb688 in g_main_context_iterate (context=0x8261e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) ---Type <return> to continue, or q <return> to quit---

at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3146

#17 0x00007ffff56cba82 in g_main_loop_run (loop=0x8245a0) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3340 #18 0x00007ffff62a4a86 in gdbus_shared_thread_func (user_data=0x8261b0) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./gio/gdbusprivate.c:277 #19 0x00007ffff56edf45 in g_thread_proxy (data=0x820f70) at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gthread.c:801 #20 0x00007ffff44e8b50 in start_thread (arg=<optimized out>) at pthread_create.c:304 #21 0x00007ffff4232a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 #22 0x0000000000000000 in ?? ()

So, a crash in malloc, which suggests memory corruption (which might be the same issue that I saw before). So, I tried with valgrind; there's a bunch of errors there, and ultimately there's a crash:

==21521== Process terminating with default action of signal 11 (SIGSEGV) ==21521== Access not within mapped region at address 0x197 ==21521== at 0x457970: tr_sessionLock (session.c:1047) ==21521== by 0x45D3BB: tr_torrentStat (torrent.h:305) ==21521== by 0x43AFFE: gtr_core_add_torrent (tr-core.c:1036) ==21521== by 0x435B17: addResponseCB (open-dialog.c:134) ==21521== by 0x6A476DF: g_closure_invoke (gclosure.c:777) ==21521== by 0x6A5874F: signal_emit_unlocked_R (gsignal.c:3551) ==21521== by 0x6A606BB: g_signal_emit_valist (gsignal.c:3300) ==21521== by 0x6A60851: g_signal_emit (gsignal.c:3356) ==21521== by 0x6A479A6: _g_closure_invoke_va (gclosure.c:840) ==21521== by 0x6A60005: g_signal_emit_valist (gsignal.c:3211) ==21521== by 0x6A60851: g_signal_emit (gsignal.c:3356) ==21521== by 0x50FC417: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.400.2) ==21521== by 0x6A476DF: g_closure_invoke (gclosure.c:777) ==21521== by 0x6A58072: signal_emit_unlocked_R (gsignal.c:3481) ==21521== by 0x6A606BB: g_signal_emit_valist (gsignal.c:3300) ==21521== by 0x6A60851: g_signal_emit (gsignal.c:3356) ==21521== by 0x50FA732: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.400.2) ==21521== by 0x51BB3AE: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.400.2) ==21521== by 0x6A479A6: _g_closure_invoke_va (gclosure.c:840) ==21521== by 0x6A60005: g_signal_emit_valist (gsignal.c:3211) ==21521== If you believe this happened as a result of a stack ==21521== overflow in your program's main thread (unlikely but ==21521== possible), you can try to increase the size of the ==21521== main thread stack using the --main-stacksize= flag. ==21521== The main thread stack size used in this run was 8388608. ==21521==

comment:4 Changed 8 years ago by jordan

It looks like the crash is coming when libtransmission tries to dereference a NULL pointer in tor->session... this could be possible if a NULL session got passed into the torrent constructor object, but I'm not seeing the path to this behavior in the transmission-gtk code. :/

Could you walk me through the exact steps of how to reproduce this error, especially on the steps you use to get to the Torrent Options dialog in the first place (ie, is the torrent added from the command line, or from a watchdir, or from the "open" button, etc)?

Also, as you're using gdb and valgrind and appear to have some level of comfort with the code... would it be possible for you to repeat this test from trunk, either directly from Transmission's svn repo or from the automatic tarballs at build.transmissionbt.com?

comment:5 Changed 8 years ago by partygirl91

Sure... transmission-svn does not build for me though:

makemeta-ui.o: In function `setFilename': /home/partygirl/Sources/transmission-svn/gtk/makemeta-ui.c:329: undefined reference to `g_clear_pointer'

Anyway, the steps are easy (for me at least): open a torrent (e.g., just drag & drop a .torrent file to the transmission window) with some files, select all of them (C-a or whatever), then click one of them so all will be unselected.

Then (or closely after), the window freezes and I get the crash. The crash does not always happen /immediately/, so mem corruption might indeed be the case.

comment:6 Changed 8 years ago by jordan

I've resolved the g_clear_pointer() issue in r13765.

Even after following your steps I'm not seeing a freeze or a crash. My next step here will be to give it a try in valgrind tonight.

comment:7 Changed 8 years ago by jordan

still not seeing it on this end, in or out of valgrind.

Any news on a trunk build post-r13765?

comment:8 Changed 8 years ago by jordan

partygirl91: ping

comment:9 Changed 8 years ago by jordan

  • Resolution set to incomplete
  • Status changed from new to closed

Please reopen this ticket when more information is available. Thanks.

Note: See TracTickets for help on using tickets.