Package: transmission-daemon Version: 3.00-1 Severity: normal X-Debbugs-Cc: t...@debian.org
Today I noticed transmission-daemon being down after a reboot, and saw it is crashing with a malloc error. After some debugging, I found out that this only happens if I am using the `--portmap` option *and* a local minissdpd is running. $ /usr/bin/transmission-daemon -f --log-debug --portmap malloc(): invalid next size (unsorted) Aborted A GDB backtrace does not show anything interesting: Starting program: /usr/bin/transmission-daemon -f --log-debug --portmap [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1". [New Thread 0xb60fa1d0 (LWP 3885)] [New Thread 0xb58f91d0 (LWP 3886)] [New Thread 0xb4eff1d0 (LWP 3887)] malloc(): invalid next size (unsorted) Thread 3 "transmission-da" received signal SIGABRT, Aborted. [Switching to Thread 0xb58f91d0 (LWP 3886)] 0xb6b047e6 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 (gdb) bt #0 0xb6b047e6 in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 #1 0xb6b13a20 in raise () from /lib/arm-linux-gnueabihf/libc.so.6 #2 0xb6b04322 in abort () from /lib/arm-linux-gnueabihf/libc.so.6 #3 0xb6b3c8ae in ?? () from /lib/arm-linux-gnueabihf/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) OTOH, Valgrind shows a possible culprit being libminiupnpc, even though that package has not been updated at all (and the program does not crash when run with Valgrind): ==4082== Thread 3: ==4082== Invalid write of size 2 ==4082== at 0x4846474: memcpy (in /usr/lib/arm-linux-gnueabihf/valgrind/vgpreload_memcheck-arm-linux.so) ==4082== Address 0x57d016c is 0 bytes after a block of size 204 alloc'd ==4082== at 0x484063C: malloc (in /usr/lib/arm-linux-gnueabihf/valgrind/vgpreload_memcheck-arm-linux.so) ==4082== ==4082== Invalid write of size 1 ==4082== at 0x4862092: receiveDevicesFromMiniSSDPD (in /usr/lib/arm-linux-gnueabihf/libminiupnpc.so.17) ==4082== Address 0x57d016e is 2 bytes after a block of size 204 alloc'd ==4082== at 0x484063C: malloc (in /usr/lib/arm-linux-gnueabihf/valgrind/vgpreload_memcheck-arm-linux.so) ==4082== ==4082== Invalid write of size 1 ==4082== at 0x48464A8: memcpy (in /usr/lib/arm-linux-gnueabihf/valgrind/vgpreload_memcheck-arm-linux.so) ==4082== Address 0x57d0328 is 0 bytes after a block of size 200 alloc'd ==4082== at 0x484063C: malloc (in /usr/lib/arm-linux-gnueabihf/valgrind/vgpreload_memcheck-arm-linux.so) ==4082== -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), (99, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: armhf (armv7l) Kernel: Linux 5.10.0-20-armmp (SMP w/4 CPU threads) Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages transmission-daemon depends on: ii adduser 3.118 ii libc6 2.31-13+deb11u5 ii libcurl4 7.74.0-1.3+deb11u3 ii libevent-2.1-7 2.1.12-stable-1 ii libminiupnpc17 2.2.1-1 ii libnatpmp1 20150609-7.1 ii libssl1.1 1.1.1n-0+deb11u3 ii libsystemd0 247.3-7+deb11u1 ii lsb-base 11.1.0 ii transmission-common 3.00-1 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages transmission-daemon recommends: pn transmission-cli <none> transmission-daemon suggests no packages. -- Configuration Files: /etc/transmission-daemon/settings.json [Errno 13] Permission denied: '/etc/transmission-daemon/settings.json' -- no debconf information
