Bug #2734
crash at startup
100%
Description
If i start 3.9.2640, 3.9.2640, 3.9.2642 i got this at startup -> crash
tried with repo and self compiled files, same problem
tvheadend1576: START: HTS Tvheadend version 3.9.2642~g27382c2 started, running as PID:1576 UID:104 GID:44, CWD:/ CNF:/home/hts/.hts/tvheadend
tvheadend1576: CRASH: Signal: 11 in PRG: tvheadend (3.9.2642~g27382c2) [a1363a95e49ae02ad418c53fa0ea5be4a54ed680] CWD: /
tvheadend1576: CRASH: Fault address 0x7fd784007d85 (Address not mapped)
tvheadend1576: CRASH: Loaded libraries: /lib/x86_64-linux-gnu/libssl.so.1.0.0 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /lib/x86_64-linux-gnu/libz.so.1 /usr/lib/liburiparser.so.1 /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 /lib/x86_64-linux-gnu/libdbus-1.so.3 /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/libm.so.6 /lib/x86_64-linux-gnu/librt.so.1 /lib/x86_64-linux-gnu/libc.so.6 /lib64/ld-linux-x86-64.so.2 /lib/x86_64-linux-gnu/libnss_compat.so.2 /lib/x86_64-linux-gnu/libnsl.so.1 /lib/x86_64-linux-gnu/libnss_nis.so.2 /lib/x86_64-linux-gnu/libnss_files.so.2
tvheadend1576: CRASH: Register dump [23]: 00007fd77000110000007fd7700008f000007fd77000007800007fd77000007000000000ffffffff00007fd784ff879000007fd784ff886000007fd784ff88880000000000000000000000000000000a000000000000002000007fd77000112000007fd77000004000007fd784007d7d00007fd770000d0000007fd784ff87500000000000415a5c0000000000010246be500000000000330000000000000004000000000000000efffffffe7ffbba1300007fd784007d85
tvheadend1576: CRASH: STACKTRACE
kernel: [ 126.167845] tcp_server_star1654: segfault at 7fd7007d7d98 ip 0000000000415a5c sp 00007fd7857f9750 error 4 in tvheadend[400000+51c000]
kernel: [ 126.181172] init: tvheadend main process (1576) killed by SEGV signal
kernel: [ 126.181208] init: tvheadend main process ended, respawning
History
Updated by
Updated by B C almost 10 years ago
Updated by can you try this with an empty .hts directory, so without any old configuration?
Updated by B C almost 10 years ago
stop, after 12 hours of trouble free running on 2641 it happens to me also as soon as the webif is involved. So I had no problems with crashes till right now, and currently I don't even get the epg overview. So maybe some data which was updated through the night causes these crashes. lets find out....
Updated by B C almost 10 years ago
backtrace here I am:
[New Thread 0x7fff8bfff700 (LWP 10097)]
2015-03-24 11:17:17.716 [ ERROR] iptv: poll() error Unterbrechung während des Betriebssystemaufrufs, sleeping 1 second
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8bfff700 (LWP 10097)]
_strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:106
106 ../sysdeps/x86_64/multiarch/strcmp-sse42.S: Datei oder Verzeichnis nicht gefunden.
(gdb) info reg
rax 0xfffffffffffffaa8 -1368
rbx 0xe22780 14821248
rcx 0xffffffff 4294967295
rdx 0x74617a69726f6874 8386118574450632820
rsi 0xa1e859 10610777
rdi 0x7fff80000f00 140735340875520
rbp 0xe22810 0xe22810
rsp 0x7fff8bffe7b8 0x7fff8bffe7b8
r8 0x3 3
r9 0x48 72
r10 0x0 0
r11 0x0 0
r12 0x7fff80000f00 140735340875520
r13 0x7fff80000f00 140735340875520
r14 0x7fff8bffe8c0 140735542192320
r15 0x7fff8bffe8e8 140735542192360
rip 0x7ffff6135310 0x7ffff6135310 <_strcasecmp_l_avx>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
Dump of assembler code from 0x7ffff61352f0 to 0x7ffff6135330:
0x00007ffff61352f0 <__strspn_sse42+272>: jmpq 0x7ffff6097000 <__strspn_sse2>
0x00007ffff61352f5: nopw %cs:0x0(%rax,%rax,1)
0x00007ffff61352ff: nop
0x00007ffff6135300 <__strcasecmp_avx+0>: mov 0x280ab9(%rip),%rax # 0x7ffff63b5dc0
0x00007ffff6135307 <__strcasecmp_avx+7>: mov %fs:(%rax),%rdx
0x00007ffff613530b <__strcasecmp_avx+11>: nopl 0x0(%rax,%rax,1)
=> 0x00007ffff6135310 <__strcasecmp_l_avx+0>: mov (%rdx),%rax
0x00007ffff6135313 <__strcasecmp_l_avx+3>: testl $0x1,0x278(%rax)
0x00007ffff613531d <__strcasecmp_l_avx+13>: jne 0x7ffff60ad3e0 <__strcasecmp_l_nonascii>
0x00007ffff6135323 <__strcasecmp_l_avx+19>: mov %esi,%ecx
0x00007ffff6135325 <__strcasecmp_l_avx+21>: mov %edi,%eax
0x00007ffff6135327 <__strcasecmp_l_avx+23>: and $0x3f,%rcx
0x00007ffff613532b <__strcasecmp_l_avx+27>: and $0x3f,%rax
0x00007ffff613532f <__strcasecmp_l_avx+31>: vmovdqa 0x47fc9(%rip),%xmm4 # 0x7ffff617d300
End of assembler dump.
(gdb) bt full
#0 strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:106
No locals.
#1 0x000000000043962c in str2val0 (str=0x7fff80000f00 "GET", tab=0xa1e859, tab@entry=0xe22780 <HTTP_cmdtab>, l=1919903860, l@entry=9)
at src/hts_strtab.h:39
No locals.
#2 0x000000000043afd7 in http_serve_requests (hc=hc@entry=0x7fff8bffe870) at src/http.c:992
spill = {hq_q = {tqh_first = 0x7fff80000ce0, tqh_last = 0x7fff80000ce0}, hq_size = 948, hq_maxsize = 2147483647}
argv = {0x7fff80000f00 "GET", 0x7fff80000f04 "/static/extjs/adapter/ext/ext-base.js", 0x7fff80000f2a "HTTP/1.1"}
c = <optimized out>
cmdline = 0x7fff80000f00 "GET"
hdrline = <optimized out>
n = <optimized out>
r = <optimized out>
#3 0x000000000043b1e9 in http_serve (fd=46, opaque=0x7fffa0001018, peer=0x7fffa0001030, self=0x7fffa00010b0) at src/http.c:1073
hc = {hc_fd = 46, hc_peer = 0x7fffa0001030, hc_peer_ipstr = 0x7fff80000990 "\270\003", hc_self = 0x7fffa00010b0,
hc_representative = 0x7fff800009b0 "0\n", hc_paths = 0xe378c8 <http_paths>, hc_process = 0x43ad80 <http_process_request>,
hc_url = 0x7fff80000ce4 "", hc_url_orig = 0x7fff8bffe6e0 "/extjs.html?", hc_keep_alive = 1, hc_reply = {hq_q = {
tqh_first = 0x0, tqh_last = 0x7fff8bffe8c0}, hq_size = 0, hq_maxsize = 2147483647}, hc_args = {tqh_first = 0x0,
tqh_last = 0x7fff8bffe8d8}, hc_req_args = {tqh_first = 0x0, tqh_last = 0x7fff8bffe8e8}, hc_state = HTTP_CON_WAIT_REQUEST,
hc_cmd = HTTP_CMD_GET, hc_version = HTTP_VERSION_1_1, hc_username = 0x0, hc_password = 0x0, hc_access = 0x0,
hc_user_config = 0x0, hc_no_output = 0, hc_logout_cookie = 0, hc_shutdown = 0, hc_cseq = 0, hc_session = 0x0,
hc_post_data = 0x0, hc_post_len = 0}
#4 0x000000000043669d in tcp_server_start (aux=0x7fffa0000ff0) at src/tcp.c:542
tsl = 0x7fffa0000ff0
to = {tv_sec = 30, tv_usec = 0}
val = 1
c = 74 'J'
#5 0x0000000000433478 in thread_wrapper (p=0x7fffa0001170) at src/wrappers.c:145
ts = 0x7fffa0001170
set = {__val = {16388, 0 <repeats 15 times>}}
r = <optimized out>
#6 0x00007ffff68cd0a4 in start_thread (arg=0x7fff8bfff700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7fff8bfff700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140735542195968, 1656917674535265949, 1, 140737354125408, 4294967295,
140735542195968, -1656873693713946979, -1656936805776775523}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION = "start_thread"
#7 0x00007ffff60f904d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Updated by B C almost 10 years ago
I did try some more things. Old backup of data folder --> same troubles, so it's not data related. Next I tried a different browser --> everything fine, so it seems cookie related or what ever, currently do not want to clear my cache globally
Updated by C K almost 10 years ago
Updated by It's still there
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x91ddfb70 (LWP 5166)]
0xb7750b21 in vsnprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) bt full
#0 0xb7750b21 in vsnprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#1 0xb7734bf2 in snprintf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#2 0x080c63fa in dump_request (hc=hc@entry=0x91dded3c) at src/http.c:543
buf = "{{Host=tvhserver.local:9981,User-Agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0,Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,Accept-Langua"...
ra = 0x91dde270
first = <optimized out>
ptr = 7464
#3 0x080c7c3c in http_cmd_get (hc=hc@entry=0x91dded3c) at src/http.c:568
hp = <optimized out>
remain = <optimized out>
args = <optimized out>
#4 0x080c7cb4 in http_process_request (hc=<optimized out>, spill=<optimized out>) at src/http.c:659
No locals.
#5 http_process_request (hc=0x91dded3c, spill=0x91ddecf0) at src/http.c:649
No locals.
#6 0x080c7777 in process_request (hc=hc@entry=0x91dded3c, spill=spill@entry=0x91ddecf0) at src/http.c:747
v = <optimized out>
argv = {0x91ddecf0 "",
0xb784d410 "h.K\t8\206M\tH\034U\t\370\334Y\t\b\300^\t@\212[\t\210W\313\n\310\001\\\th\027J\t\360\307M\tP\354E\t\360\316e\t@\342\313\n0\334\313\n =l\tX\235k\t\320\036U\tȏZ\t\320\367d\t\370\322O\t\350\061T\t\350\177U\t`5f\t\230\327d\t\350\207V\t\250@J\t\330\341G\t\330\037U\t\200sJ\t\350'O\t\200Ԅ\267\200Ԅ\267\210Ԅ\267\210Ԅ\267\300\354\313\n"}
n = <optimized out>
rval = -1
authbuf = "192.168.178.50\000ӄ\267\360\354ݑ(\354ݑ=\006v\267)\000\000\000\067\222\202\267\300ӄ\267\364\277\204\267\300ӄ\267\360\354ݑH\354ݑ=\006v\267\360ӄ\267\364\277\204\267\000\000\000\000\001\000\000\000*\002\000\000N\253\016\b\210\034U\t\210\034U\t\001\000\000\000\364\277\204\267\300ӄ\267\360\354ݑ\b\376\362\t\001\000\000\000p\361\362\t'qM\t!\000\000\000\000\000\000\000\b\376\362\t\360\354ݑ\344\354ݑ\352\065\f\b"
#7 0x080c8009 in http_serve_requests (hc=hc@entry=0x91dded3c) at src/http.c:1025
spill = {hq_q = {tqh_first = 0x0, tqh_last = 0x91ddecf0}, hq_size = 0, hq_maxsize = 2147483647}
argv = {0x94d7118 "", 0x94d7127 "max-age=0", 0x946e879 "HTTP/1.1"}
c = <optimized out>
cmdline = 0x946e868 "GET"
hdrline = 0x9f2fe08 ""
n = <optimized out>
r = <optimized out>
#8 0x080c8108 in http_serve (fd=37, opaque=0xaca69c8, peer=0xaca69d4, self=0xaca6a54) at src/http.c:1068
hc = {hc_fd = 37, hc_peer = 0xaca69d4, hc_peer_ipstr = 0x91ddeba0 "192.168.178.50", hc_self = 0xaca6a54, hc_representative = 0x91ddeba0 "192.168.178.50", hc_paths = 0x8ddda58,
hc_process = 0x80c7c90 <http_process_request>, hc_url = 0x946e86c "/extjs.html?", hc_url_orig = 0x91ddebc0 "/extjs.html?", hc_keep_alive = 1, hc_reply = {hq_q = {tqh_first = 0x0,
tqh_last = 0x91dded64}, hq_size = 0, hq_maxsize = 2147483647}, hc_args = {tqh_first = 0x9550a00, tqh_last = 0x9551d48}, hc_req_args = {tqh_first = 0x0, tqh_last = 0x91dded7c},
hc_state = HTTP_CON_WAIT_REQUEST, hc_cmd = HTTP_CMD_GET, hc_version = HTTP_VERSION_1_1, hc_username = 0x0, hc_password = 0x0, hc_access = 0x0, hc_user_config = 0x0, hc_no_output = 0,
hc_logout_cookie = 0, hc_shutdown = 0, hc_cseq = 0, hc_session = 0x0, hc_post_data = 0x0, hc_post_len = 0}
#9 0x080c2f65 in tcp_server_start (aux=0xaca69b0) at src/tcp.c:542
tsl = 0xaca69b0
to = {tv_sec = 30, tv_usec = 0}
val = 1
c = 74 'J'
#10 0x080bfb45 in thread_wrapper (p=0x94c3fd0) at src/wrappers.c:145
ts = 0x94c3fd0
set = {__val = {16388, 0 <repeats 31 times>}}
r = <optimized out>
#11 0xb7badc39 in start_thread () from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
No symbol table info available.
#12 0xb77c29fe in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
Updated by Jaroslav Kysela almost 10 years ago
It looks like a stack overflow. Could you try this change to determine the exact function?
diff --git a/Makefile b/Makefile index ff598ad..dd28cf8 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ PROG := $(BUILDDIR)/tvheadend # Common compiler flags # -CFLAGS += -g -O2 -Wunused-result +CFLAGS += -g -O0 -fstack-protector-all -Wunused-result CFLAGS += -Wall -Werror -Wwrite-strings -Wno-deprecated-declarations CFLAGS += -Wmissing-prototypes CFLAGS += -fms-extensions -funsigned-char -fno-strict-aliasing
Recompile the whole tree after this change (make clean ; make).
Updated by C vH almost 10 years ago
Updated by still crash (works as long you did not try to enter the webif)
Updated by Jaroslav Kysela almost 10 years ago
Christian Christian wrote:
still crash (works as long you did not try to enter the webif)
The backtrace is for thread which is OK.
Updated by Mirko Di Paolo almost 10 years ago
Updated by Jaroslav Kysela wrote:
It looks like a stack overflow. Could you try this change to determine the exact function?
[...]
Recompile the whole tree after this change (make clean ; make).
Bug introduced with commit 3f4002d9845705ae2543790a99aa772f8d4ac008
Updated by Jaroslav Kysela almost 10 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset commit:tvheadend|75cad931c48f09452a25bbe23d472bbdd68dfd59.
Updated by Jaroslav Kysela almost 10 years ago
You are right. The return value of snprintf() can exceed the output string buffer size, so all the 'pos += snprintf()' is broken. I fixed it now using new macro.