Opened 7 years ago

Last modified 5 years ago

#5580 reopened Bug

Segfault in tr_webThreadFunc when downloading from webseeds

Reported by: jaseg Owned by: jordan
Priority: Normal Milestone: None Set
Component: libtransmission Version: 2.82
Severity: Normal Keywords:
Cc: zorun@…

Description

Transmission segfaults in curl_easy_pause called from tr_webThreadFunc (web.c:451) when downloading a torrent from multiple webseeds at once. I'm using a pretty recent, freshly built Transmission on a up-to-date ArchLinux? x86_64 system. I will attach the torrents causing this behavior.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffeda72700 (LWP 19083)]
0x00007ffff5e4f5dd in ?? () from /usr/lib/libcurl.so.4
(gdb) bt
#0  0x00007ffff5e4f5dd in ?? () from /usr/lib/libcurl.so.4
#1  0x00007ffff5e690a9 in curl_easy_pause () from /usr/lib/libcurl.so.4
#2  0x000000000046051a in tr_webThreadFunc (vsession=0x72d870) at web.c:451
#3  0x00000000004440fa in ThreadFunc (_t=0x7fffe02ac9d0) at platform.c:108
#4  0x00007ffff53050a2 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007ffff50383dd in clone () from /usr/lib/libc.so.6
(gdb) frame 2
#2  0x000000000046051a in tr_webThreadFunc (vsession=0x72d870) at web.c:451
451                 curl_easy_pause (handle, CURLPAUSE_CONT);
(gdb) l -10
431
432               dbgmsg ("adding task to curl: [%s]", task->url);
433               curl_multi_add_handle (multi, createEasy (session, web, task));
434               /*fprintf (stderr, "adding a task.. taskCount is now %d\n", taskCount);*/
435               ++taskCount;
436             }
437           tr_lockUnlock (web->taskLock);
438
439           /* unpause any paused curl handles */
440           if (paused_easy_handles != NULL)
(gdb) 
441             {
442               CURL * handle;
443               tr_list * tmp;
444
445               /* swap paused_easy_handles to prevent oscillation
446                  between writeFunc this while loop */
447               tmp = paused_easy_handles;
448               paused_easy_handles = NULL;
449
450               while ((handle = tr_list_pop_front (&tmp)))
(gdb) 
451                 curl_easy_pause (handle, CURLPAUSE_CONT);
452             }
453
454           /* maybe wait a little while before calling curl_multi_perform () */
455           msec = 0;
456           curl_multi_timeout (multi, &msec);
457           if (msec < 0)
458             msec = THREADFUNC_MAX_SLEEP_MSEC;
459           if (session->isClosed)
460             msec = 100; /* on shutdown, call perform () more frequently */
(gdb)
[...]transmission-gtk/src/transmission-2.82 <3 uname -a
Linux XXXXXX 3.12.3-1-ARCH #1 SMP PREEMPT Wed Dec 4 21:45:42 CET 2013 x86_64 GNU/Linux

Change History (15)

comment:1 Changed 7 years ago by mike.dld

See #5437, #5493, #5550.

Does "pretty recent" means it's more recent than latest release (2.82, r14160)? If not, could you try a more recent one to see if the issue is still there?

comment:2 Changed 7 years ago by jaseg

In this case, "pretty recent" means I took it from the 2.82 tarball. I am now testing it with the latest SVN revision though I have the slight problem that I can't get the GTK frontend to build. I will updated this Ticket as soon as I have results.

comment:3 Changed 7 years ago by zorun

  • Cc zorun@… added

I've repetedly experienced the same issue with 2.82, on Archlinux i686 with curl 7.34.0.

On one occasion, I even got a full backtrace due to a faulty free():

http://paste.aliens-lyon.fr/fc0

Using r14219, the issue does not seem to show up.

comment:4 Changed 7 years ago by livings124

  • Resolution set to worksforme
  • Status changed from new to closed

comment:5 Changed 7 years ago by x190

jaseg, if you are still getting this crash with the latest build, please re-open this ticket.

comment:6 Changed 7 years ago by jaseg

Since I was unable to reproduce this bug with a recent build, I am assuming it was fixed. Thanks!

comment:7 follow-up: Changed 5 years ago by doherty

  • Resolution worksforme deleted
  • Status changed from closed to reopened

There is a bug report in Ubuntu's launchpad tracker that looks like this issue, and this bug is listed as the upstream bug: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1225326. If that's correct, this appears to be a problem as of transmission-gtk 2.84 (14307)

comment:8 in reply to: ↑ 7 Changed 5 years ago by x190

Replying to doherty:

There is a bug report in Ubuntu's launchpad tracker that looks like this issue, and this bug is listed as the upstream bug: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1225326. If that's correct, this appears to be a problem as of transmission-gtk 2.84 (14307)

Please post your backtrace.

comment:9 follow-up: Changed 5 years ago by doherty

There appears to be plenty of diagnostic information on launchpad. See comments 1, 8, 9, 12, 13.

From my original input on this bug from 2014:

$ transmission-gtk --version
transmission-gtk 2.82 (14160)

$ gdb transmission-gtk
...
Reading symbols from /usr/bin/transmission-gtk...Reading symbols from /usr/lib/debug/usr/bin/transmission-gtk...done.
(gdb) run
Starting program: /usr/bin/transmission-gtk
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffea4db700 (LWP 15075)]
[New Thread 0x7fffe9cda700 (LWP 15076)]
[New Thread 0x7fffe3bc9700 (LWP 15077)]
[New Thread 0x7fffe33c8700 (LWP 15078)]
...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffc73fe700 (LWP 15086)]
0x00007ffff5a9ac7d in ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
(gdb) bt
#0 0x00007ffff5a9ac7d in ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
#1 0x00007ffff5ab06a9 in curl_easy_pause () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
#2 0x00005555555b9ce2 in tr_webThreadFunc (vsession=0x55555599c400) at web.c:451
#3 0x000055555559cdba in ThreadFunc (_t=0x555555d5bc70) at platform.c:108
#4 0x00007ffff4f79f6e in start_thread (arg=0x7fffc73fe700) at pthread_create.c:311
#5 0x00007ffff4ca49cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

I can redo this later with the latest version if you need me to.

comment:10 in reply to: ↑ 9 Changed 5 years ago by mike.dld

Replying to doherty:

I can redo this later with the latest version if you need me to.

Yes, please, and see if you could test using the latest code, i.e. building from source (https://build.transmissionbt.com/job/trunk-linux/lastSuccessfulBuild/).

Note: See TracTickets for help on using tickets.