Project

General

Profile

Bug #3859

Crash while scanning muxes

Added by sharky :-) over 8 years ago. Updated about 8 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
Crashes
Target version:
-
Start date:
2016-06-13
Due date:
% Done:

0%

Estimated time:
Found in version:
4.1-2109~g189dcb6~jessie
Affected Versions:

Description

Got a crash today. Brand new install. Chrash happens while scanning for muxes.

  • Error in `tvheadend': double free or corruption (!prev): 0xb835cd30 ***
    2016-06-13 15:08:08.646 [ ALERT] CRASH: Signal: 6 in PRG: tvheadend (4.1-2109~g189dcb6~jessie) [f05755ce6ef5af7c8132752951aa9f08660545b1] CWD: /home/hts
    2016-06-13 15:08:08.646 [ ALERT] CRASH: Fault address 0x3a0 (N/A)
    2016-06-13 15:08:08.646 [ ALERT] CRASH: Loaded libraries: linux-gate.so.1 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 /lib/i386-linux-gnu/libz.so.1 /usr/lib/liburiparser.so.1 /usr/lib/i386-linux-gnu/libavahi-common.so.3 /usr/lib/i386-linux-gnu/libavahi-client.so.3 /lib/i386-linux-gnu/libdbus-1.so.3 /lib/i386-linux-gnu/i686/cmov/libdl.so.2 /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 /lib/i386-linux-gnu/i686/cmov/libm.so.6 /lib/i386-linux-gnu/i686/cmov/librt.so.1 /usr/lib/i386-linux-gnu/libstdc++.so.6 /lib/i386-linux-gnu/i686/cmov/libc.so.6 /lib/ld-linux.so.2 /lib/i386-linux-gnu/libgcc_s.so.1 /lib/i386-linux-gnu/i686/cmov/libnss_compat.so.2 /lib/i386-linux-gnu/i686/cmov/libnsl.so.1 /lib/i386-linux-gnu/i686/cmov/libnss_nis.so.2 /lib/i386-linux-gnu/i686/cmov/libnss_files.so.2
    2016-06-13 15:08:08.646 [ ALERT] CRASH: Register dump [19]: 0000000d000000330000000dc14700000000000dffff007b0000000d0000007b0000000db61770000000000d0000004c0000000da94e84480000000da94e81840000000d000003a00000000d000000060000000d000003c30000000d000000000000000d000000000000000d000000000000000db65ccd400000000d000000730000000d002002060000000da94e81840000000d0000007b
    2016-06-13 15:08:08.646 [ ALERT] CRASH: STACKTRACE
    2016-06-13 15:08:08.653 [ ALERT] CRASH: 0xb66ea895
    2016-06-13 15:08:08.653 [ ALERT] CRASH: __kernel_rt_sigreturn+0x0 (linux-gate.so.1)
    2016-06-13 15:08:08.653 [ ALERT] CRASH: __kernel_vsyscall+0x10 (linux-gate.so.1)
    2016-06-13 15:08:08.653 [ ALERT] CRASH: gsignal+0x47 (/lib/i386-linux-gnu/i686/cmov/libc.so.6)
    2016-06-13 15:08:08.653 [ ALERT] CRASH: abort+0x143 (/lib/i386-linux-gnu/i686/cmov/libc.so.6)
    2016-06-13 15:08:08.659 [ ALERT] CRASH: 0xb603a778
    2016-06-13 15:08:08.664 [ ALERT] CRASH: 0xb60407ea
    2016-06-13 15:08:08.670 [ ALERT] CRASH: 0xb604143d
    2016-06-13 15:08:08.675 [ ALERT] CRASH: 0xb678fc51
    2016-06-13 15:08:08.680 [ ALERT] CRASH: 0xb6790b77
    2016-06-13 15:08:08.686 [ ALERT] CRASH: 0xb66b12a3
    2016-06-13 15:08:08.691 [ ALERT] CRASH: 0xb62c3efb
    2016-06-13 15:08:08.692 [ ALERT] CRASH: clone+0x5e (/lib/i386-linux-gnu/i686/cmov/libc.so.6)

Files

tvh.log (518 KB) tvh.log debug sharky :-), 2016-06-13 21:00
tvh-4.2117-14062016-21-25.txt (528 KB) tvh-4.2117-14062016-21-25.txt Console output while debug sharky :-), 2016-06-14 21:29
gdb-14062016-21-25.txt (86.6 KB) gdb-14062016-21-25.txt sharky :-), 2016-06-14 21:29
valgrind-1506.log (17.3 MB) valgrind-1506.log 74 errors sharky :-), 2016-06-15 23:26
debug-tvh-19062016 (131 KB) debug-tvh-19062016 sharky :-), 2016-06-19 17:56

History

#1

Updated by Jaroslav Kysela over 8 years ago

Use the debug version of tvh and give the backtrace.

#2

Updated by sharky :-) over 8 years ago

Hello Jaroslav,

I switched to latest git version , to avoid to do things twice. I don't think the debug is helpfull. I think I missed something.

Used tvheadend --trace mpegts,dvb,linuxdvb -l tvh.log

#3

Updated by sharky :-) over 8 years ago

I tried to analyse is within gdb. I'm not sure if it's the same problem....

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xa47efb40 (LWP 5519)]
0x800fe295 in htsmsg_field_destroy (msg=<optimized out>, f=<optimized out>;) at src/htsmsg.c:85
85 TAILQ_REMOVE(&msg->hm_fields, f, hmf_link);
(gdb) info reg
eax 0x0 0
ecx 0x0 0
edx 0x0 0
ebx 0x80f2aa24 -2131580380
esp 0xa47eeaa0 0xa47eeaa0
ebp 0xa47eec48 0xa47eec48
esi 0xad415028 -1388228568
edi 0xad419e00 -1388208640
eip 0x800fe295 0x800fe295 <htsmsg_field_destroy+37>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) disassemble $pc-32,$pc+32
Dump of assembler code from 0x800fe275 to 0x800fe2b5:
0x800fe275 <htsmsg_field_destroy+5>: cld
0x800fe276 <htsmsg_field_destroy+6>: incl -0x1d38523d(%ecx)
0x800fe27c <htsmsg_field_destroy+12>: add %al,0x748b04ec(%ebx)
0x800fe282 <htsmsg_field_destroy+18>: and $0x14,%al
0x800fe284 <htsmsg_field_destroy+20>: mov (%esi),%eax
0x800fe286 <htsmsg_field_destroy+22>: mov 0x4(%esi),%edx
0x800fe289 <htsmsg_field_destroy+25>: test %eax,%eax
0x800fe28b <htsmsg_field_destroy+27>: je 0x800fe2c8 <htsmsg_field_destroy+88>
0x800fe28d <htsmsg_field_destroy+29>: mov %edx,0x4(%eax)
0x800fe290 <htsmsg_field_destroy+32>: mov 0x4(%esi),%eax
0x800fe293 <htsmsg_field_destroy+35>: mov (%esi),%edx
=> 0x800fe295 <htsmsg_field_destroy+37>: mov %edx,(%eax)
0x800fe297 <htsmsg_field_destroy+39>: mov %esi,%eax
0x800fe299 <htsmsg_field_destroy+41>: call 0x800fe2d0 <htsmsg_field_data_destroy>
0x800fe29e <htsmsg_field_destroy+46>: testb $0x8,0xd(%esi)
0x800fe2a2 <htsmsg_field_destroy+50>: je 0x800fe2b2 <htsmsg_field_destroy+66>
0x800fe2a4 <htsmsg_field_destroy+52>: sub $0xc,%esp
0x800fe2a7 <htsmsg_field_destroy+55>: pushl 0x8(%esi)
0x800fe2aa <htsmsg_field_destroy+58>: call 0x8008f610 <free@plt>
0x800fe2af <htsmsg_field_destroy+63>: add $0x10,%esp
0x800fe2b2 <htsmsg_field_destroy+66>: sub $0xc,%esp
End of assembler dump.

#4

Updated by Jaroslav Kysela over 8 years ago

Could you run tvh under valgrind ? 'valgrind --leak-check=full --show-reachable=yes <tvh_cmd>' ?

#5

Updated by sharky :-) over 8 years ago

Jaroslav Kysela wrote:

Could you run tvh under valgrind ? 'valgrind --leak-check=full --show-reachable=yes <tvh_cmd>' ?

I can't believe it . It is not crashing in valgrind :/

#6

Updated by sharky :-) over 8 years ago

Did another run in gdb and there it's still crashing

#7

Updated by sharky :-) over 8 years ago

As I'm not very familiar with valgrind I will upload the log.

#8

Updated by sharky :-) over 8 years ago

Anything else I could try ?

#9

Updated by sharky :-) over 8 years ago

Got a crash while running valgrind .

Does this message indicate an issue or normal behavior ?

2016-06-19 17:35:37.928 [ ERROR] satip: SAT>IP DVB-S Tuner #2 (192.168.10.58:5544) - RTSP error -90 (Die Nachricht ist zu lang) [9874-0]

#10

Updated by Jaroslav Kysela over 8 years ago

Could you try v4.1-2130-g55fec0f ? I tried to fix this issue there...

#11

Updated by sharky :-) over 8 years ago

Hello Jaroslav ,

thanks for digging into this.

It seems that you found the root cause for the crash. TVH is running fine for one hour or so, this was not possible with earlier versions.

But we got one new problem, I can't decrypt HD+ and SKY . I did a trace

tvheadend --trace satip,subcription,pat,pmt,bat,descrambler,cwc,capmt , but I don't want to share it in public. How can I send it to you / team ?

This is only the messages in the webfrontend.

016-06-20 20:10:01.447 capmt: dvbapi: Starting CAPMT server for service "Sky Nostalgie" on adapter 0
2016-06-20 20:10:01.447 subscription: 0004: "192.168.10.79 [ odroid | Kodi Media Center ]" subscribing on channel "Sky Nostalgie", weight: 150, adapter: "SAT>IP DVB-S Tuner #1 (192.168.10.58:5544)", network: "DVB-S Network", mux: "12031.5H", provider: "SKY", service: "Sky Nostalgie", profile="htsp", hostname="192.168.10.79", username="odroid", client="Kodi Media Center"
2016-06-20 20:10:02.395 mpegts: 11347V in DVB-S Network - tuning on SAT>IP DVB-S Tuner #2 (192.168.10.58:5544)
2016-06-20 20:10:02.395 subscription: 0005: "epggrab" subscribing to mux "11347V", weight: 4, adapter: "SAT>IP DVB-S Tuner #2 (192.168.10.58:5544)", network: "DVB-S Network", service: "Raw PID Subscription"
2016-06-20 20:10:09.436 TS: DVB-S Network/12031.5H/Sky Nostalgie: TELETEXT #32 Continuity counter error (total 1)
2016-06-20 20:10:09.766 TS: DVB-S Network/12031.5H/Sky Nostalgie: H264 #767: Invalid start code ff:67:bb
2016-06-20 20:10:09.767 TS: DVB-S Network/12031.5H/Sky Nostalgie: MPEG2AUDIO #768: Invalid start code 9a:85:df
2016-06-20 20:10:17.723 subscription: 0005: "epggrab" unsubscribing
2016-06-20 20:10:19.784 TS: DVB-S Network/12031.5H/Sky Nostalgie: H264 #767: Invalid start code 7e:89:7b
2016-06-20 20:10:19.858 TS: DVB-S Network/12031.5H/Sky Nostalgie: MPEG2AUDIO #768: Invalid start code 66:5f:e1
2016-06-20 20:10:29.765 TS: DVB-S Network/12031.5H/Sky Nostalgie: H264 #767: Invalid start code e0:47:2e
2016-06-20 20:10:29.944 TS: DVB-S Network/12031.5H/Sky Nostalgie: MPEG2AUDIO #768: Invalid start code d6:7c:99
2016-06-20 20:10:39.840 TS: DVB-S Network/12031.5H/Sky Nostalgie: H264 #767: Invalid start code aa:6e:f5
2016-06-20 20:10:39.996 TS: DVB-S Network/12031.5H/Sky Nostalgie: MPEG2AUDIO #768: Invalid start code db:39:b7
2016-06-20 20:10:49.892 TS: DVB-S Network/12031.5H/Sky Nostalgie: H264 #767: Invalid start code cf:28:7e
2016-06-20 20:10:50.081 TS: DVB-S Network/12031.5H/Sky Nostalgie: MPEG2AUDIO @ #768: Invalid start code fc:4b:7e

2016-06-20 20:08:26.565 subscription: 0001: "192.168.10.79 [ odroid | Kodi Media Center ]" subscribing on channel "Sky Krimi", weight: 150, adapter: "SAT>IP DVB-S Tuner #1 (192.168.10.58:5544)", network: "DVB-S Network", mux: "12031.5H", provider: "SKY", service: "Sky Krimi", profile="htsp", hostname="192.168.10.79", username="odroid", client="Kodi Media Center"
2016-06-20 20:08:26.837 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code 79:e6:99
2016-06-20 20:08:26.937 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code 59:56:d0
2016-06-20 20:08:36.922 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code c8:25:36
2016-06-20 20:08:37.121 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code e8:61:b4
2016-06-20 20:08:47.065 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code 26:f1:66
2016-06-20 20:08:47.222 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code 6e:97:20
2016-06-20 20:08:57.180 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code ec:bb:6d
2016-06-20 20:08:57.271 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code 9a:a3:6d
2016-06-20 20:09:07.234 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code e8:1c:63
2016-06-20 20:09:07.328 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code c0:03:35
2016-06-20 20:09:17.319 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code 94:c6:e5
2016-06-20 20:09:17.388 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code f6:78:ee
2016-06-20 20:09:27.322 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code 54:9c:96
2016-06-20 20:09:27.542 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code da:35:42
2016-06-20 20:09:37.360 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code db:2f:1c
2016-06-20 20:09:37.596 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code 9f:bc:b0
2016-06-20 20:09:47.401 TS: DVB-S Network/12031.5H/Sky Krimi: H264 #1535: Invalid start code c1:1f:05
2016-06-20 20:09:47.565 TS: DVB-S Network/12031.5H/Sky Krimi: MPEG2AUDIO #1536: Invalid start code af:7a:36

#12

Updated by sharky :-) over 8 years ago

Seems to be oscam was the problem here, after restarting decrypting works fine.

#13

Updated by Jaroslav Kysela about 8 years ago

  • Status changed from New to Fixed

Also available in: Atom PDF