Open GoogleCodeExporter opened 9 years ago
Issue 113 has been merged into this issue.
Original comment by arvid.no...@gmail.com
on 27 Sep 2010 at 1:02
Hydri, note that I get a lot of emails/reports regarding this issue (at least
with the backtrace in #133, in upnp::on_reply). For example:
https://bugs.launchpad.net/qbittorrent/+bug/657745
Original comment by dch...@gmail.com
on 10 Oct 2010 at 3:52
Full backtrace from a qBittorrent user:
(gdb) backtrace
#0 0x00007ffff459ca79 in free () from /lib/libc.so.6
#1 0x00007ffff6e01e16 in deallocate (this=3D0xb75290,
from=3D<value optimized out>, buffer=3D<value optimized out>,
bytes_transferred=3D<value optimized out>)
at /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include/g++-v4/ext/new_alloca=
tor.h:95
#2 _M_deallocate (this=3D0xb75290, from=3D<value optimized out>,
buffer=3D<value optimized out>, bytes_transferred=3D<value optimized ou=
t>)
at /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include/g++-v4/bits/stl_vecto=
r.h:146
#3 ~_Vector_base (this=3D0xb75290, from=3D<value optimized out>,
buffer=3D<value optimized out>, bytes_transferred=3D<value optimized ou=
t>)
at /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include/g++-v4/bits/stl_vecto=
r.h:132
#4 ~vector (this=3D0xb75290, from=3D<value optimized out>,
buffer=3D<value optimized out>, bytes_transferred=3D<value optimized ou=
t>)
at /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include/g++-v4/bits/stl_vecto=
r.h:313
#5 libtorrent::upnp::on_reply (this=3D0xb75290, from=3D<value optimized ou=
t>,
buffer=3D<value optimized out>, bytes_transferred=3D<value optimized ou=
t>)
at upnp.cpp:398
#6 0x00007ffff6c28393 in operator() (this=3D0xb75338, s=3D0xd7bad0,
ec=3D<value optimized out>, bytes_transferred=3D0)
---Type <return> to continue, or q <return> to quit---
at /usr/include/boost/function/function_template.hpp:1013
#7 libtorrent::broadcast_socket::on_receive (this=3D0xb75338, s=3D0xd7bad0=
,
ec=3D<value optimized out>, bytes_transferred=3D0) at broadcast_socket.=
cpp:341
#8 0x00007ffff6c295f4 in operator() (base=3D<value optimized out>)
at /usr/include/boost/bind/mem_fn_template.hpp:393
#9 operator()<boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, const
boost::system::error_code&, long unsigned int>,
boost::_bi::list2<boost::system::error_code&, long unsigned int&> > (
base=3D<value optimized out>) at /usr/include/boost/bind/bind.hpp:457
#10 operator()<boost::system::error_code, long unsigned int> (
base=3D<value optimized out>) at /usr/include/boost/bind/bind_template.=
hpp:61
#11 operator() (base=3D<value optimized out>)
at /usr/include/boost/asio/detail/bind_handler.hpp:96
#12 asio_handler_invoke<boost::asio::detail::binder2<boost::_bi::bind_t<voi=
d,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long> > (base=3D<value optimized out>)
at /usr/include/boost/asio/handler_invoke_hook.hpp:62
#13 invoke<boost::asio::detail::binder2<boost::_bi::bind_t<void,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>, boost::_bi::list4<boost::_b---Type <return> to
continue, or q <return> to quit---
i::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long>, boost::_bi::bind_t<void, boost::_mfi::mf3<void,
libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > > > (base=3D<value optimized out>)
at /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:41
#14 asio_handler_invoke<boost::asio::detail::binder2<boost::_bi::bind_t<voi=
d,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long>, boost::_bi::bind_t<void, boost::_mfi::mf3<void,
libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long> (base=3D<value optimized out>)
at /usr/include/boost/asio/detail/bind_handler.hpp:130
#15 invoke<boost::asio::detail::binder2<boost::_bi::bind_t<void,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>, boost::_bi::list4<boost::_b---Type <return> to
continue, or q <return> to quit---
i::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long>, boost::asio::detail::binder2<boost::_bi::bind_t<void,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long> > (base=3D<value optimized out>)
at /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:41
#16 handler_wrapper<boost::asio::detail::binder2<boost::_bi::bind_t<void,
boost::_mfi::mf3<void, libtorrent::broadcast_socket,
libtorrent::broadcast_socket::socket_entry*, boost::system::error_code
const&, unsigned long>,
boost::_bi::list4<boost::_bi::value<libtorrent::broadcast_socket*>,
boost::_bi::value<libtorrent::broadcast_socket::socket_entry*>,
boost::arg<1>, boost::arg<2> > >, boost::system::error_code, unsigned
long> >::do_call (base=3D<value optimized out>)
at /usr/include/boost/asio/detail/handler_queue.hpp:192
#17 0x00007ffff6c95efe in
boost::asio::detail::task_io_service<boost::asio::detail::epoll_reactor<fal=
se>
>::run(boost::system::error_code&) ()
from /usr/lib/libtorrent-rasterbar.so.6
#18 0x00007ffff6d41d73 in run (this=3D0xd79a60)
at /usr/include/boost/asio/impl/io_service.ipp:75
#19 libtorrent::aux::session_impl::operator() (this=3D0xd79a60)
at session_impl.cpp:2587
---Type <return> to continue, or q <return> to quit---
#20 0x00007ffff2d0fd97 in boost::(anonymous namespace)::thread_proxy (
param=3D<value optimized out>) at libs/thread/src/pthread/thread.cpp:12=
0
#21 0x00007ffff503cc1a in start_thread () from /lib/libpthread.so.0
#22 0x00007ffff45f6a9d in clone () from /lib/libc.so.6
Original comment by dch...@gmail.com
on 17 Oct 2010 at 1:39
I asked a user to recompile after disabling upnp_ignore_non_routers and it
still crashes:
http://pastebin.ca/1967192
Original comment by dch...@gmail.com
on 19 Oct 2010 at 6:25
I'm not sure I trust that the recompiled version of libtorrent was in fact used
in that test-run. Mostly because the gdb backtrace was relatively clear that it
crashed in that if-block, and also because it seems to be a very common
mistake/problem, that an older version of the .so is picked up.
Do you think it would be possible to get a gdb trace from this rebuilt version?
Also, I guessed at what might have been going on and checked in a patch that
might have fixed it (shooting from the hip though). It could potentially be a
string overflow which isn't handled properly. It's not clear why it wouldn't
have been handled properly, but I made some extra checks. Essentially what my
theory was is that the 200 character string, which is allocated on the stack,
is overrun and writes into the vector which is also allocated on the stack
which then crashes when it's being destructed.
I checked this in to trunk and RC_0_15
Original comment by arvid.no...@gmail.com
on 21 Oct 2010 at 12:55
could anyone who experiences this paste their output from the libtorrent
example: enum_net ?
my theory is that if the machine has many interfaces, they won't all fit in the
string of 200 bytes allocated for the message, and will cause it to overflow.
The output from this tool is essentially what is added to this string, and
would hint whether this theory is reasonable or not.
Original comment by arvid.no...@gmail.com
on 21 Oct 2010 at 2:48
> I'm not sure I trust that the recompiled version of libtorrent was in fact
used in that test-run. Mostly because the gdb backtrace was relatively clear
that it crashed in that if-block, and also because it seems to be a very common
mistake/problem, that an older version of the .so is picked up.
Hmmm. :) I sent the user a patch for qBittorrent, not libtorrent. It was easier
for the user. Also, this user does not seem to be a beginner. It is unlikely to
be his problem. I asked for a gdb backtrace to that we can have a look at the
line numbers.
Original comment by dch...@gmail.com
on 21 Oct 2010 at 5:03
ok, great! thanks!
Original comment by arvid.no...@gmail.com
on 21 Oct 2010 at 6:22
actually. A wireshark dump of the conversation with the router would probably
be quite helpful as well!
Original comment by arvid.no...@gmail.com
on 22 Oct 2010 at 8:22
could you please provide the actual command? I have little experience with
wireshark.
Original comment by dch...@gmail.com
on 22 Oct 2010 at 8:34
capture on your main interface (the one connected to the router), and filter
the traffic to only the one directed to and from the router. This requires you
to know the router's IP. Typically it would be something like 10.0.0.1,
10.0.1.1 or 192.168.0.1. In the capture filter, enter: "host <IP>" where<IP> is
your router's IP address.
Original comment by arvid.no...@gmail.com
on 22 Oct 2010 at 9:12
I had crash on start, I did ifconfig and saw a lot of inet6 lines in there,
restarted the network to get rid of them and the crash disappeared,
Original comment by iggyn...@gmail.com
on 5 Dec 2011 at 5:53
Original issue reported on code.google.com by
dch...@gmail.com
on 9 Jul 2010 at 12:44