Bug #4103
Segfault when tuning service
Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
Crashes
Target version:
-
Start date:
2016-11-28
Due date:
% Done:
100%
Estimated time:
Found in version:
4.1-2345~g04ff649
Affected Versions:
Description
When tuning to a service, TVH crashes and exits with a segfault signal
GDB Output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffacfe1700 (LWP 5199)]
0x00005555556f1f38 in access_update (a=a@entry=0x7fff9c0022f0, ae=ae@entry=0x555556ae93b0) at src/access.c:564
564 if(pro && pro->pro_name[0] != '\0') {
Missing separate debuginfos, use: debuginfo-install avahi-libs-0.6.31-15.el7_2.1.x86_64 dbus-libs-1.6.12-14.el7_2.x86_64 glibc-2.17-106.el7_2.8.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-12.el7_2.x86_64 libcom_err-1.42.9-7.el7.x86_64 libgcc-4.8.5-4.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64 pcre-8.32-15.el7_2.1.x86_64 uriparser-0.7.5-9.el7.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
Register dump:
rax 0x0 0 rbx 0x555556e48e50 93825018400336 rcx 0xffffffff 4294967295 rdx 0x4 4 rsi 0x555556ae93b0 93825014862768 rdi 0x555556aa1070 93825014567024 rbp 0x7fff9c0022f0 0x7fff9c0022f0 rsp 0x7fffacfe0690 0x7fffacfe0690 r8 0x2 2 r9 0x0 0 r10 0x7fffacfe064c 140736095716940 r11 0x7ffff5561fb0 140737309450160 r12 0x555556ae93b0 93825014862768 r13 0x7fffacfe06a0 140736095717024 r14 0x7fffd0000900 140736683051264 r15 0x555556b21760 93825015093088 rip 0x5555556f1f38 0x5555556f1f38 <access_update+152> eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0
Code dissasembly
Dump of assembler code from 0x5555556f1f18 to 0x5555556f1f58:
0x00005555556f1f18 <access_update+120>: lea 0x10(%rsp),%ebp
0x00005555556f1f1c <access_update+124>: test %rbx,%rbx
0x00005555556f1f1f <access_update+127>: je 0x5555556f1f64 <access_update+196>
0x00005555556f1f21 <access_update+129>: nopl 0x0(%rax)
0x00005555556f1f28 <access_update+136>: mov 0x28(%rbx),%rdi
0x00005555556f1f2c <access_update+140>: test %rdi,%rdi
0x00005555556f1f2f <access_update+143>: je 0x5555556f1f5c <access_update+188>
0x00005555556f1f31 <access_update+145>: mov 0xc0(%rdi),%rax
=> 0x00005555556f1f38 <access_update+152>: cmpb $0x0,(%rax)
0x00005555556f1f3b <access_update+155>: je 0x5555556f1f5c <access_update+188>
0x00005555556f1f3d <access_update+157>: cmpq $0x0,0x28(%rbp)
0x00005555556f1f42 <access_update+162>: je 0x5555556f21d8 <access_update+824>
0x00005555556f1f48 <access_update+168>: mov %r13,%rsi
0x00005555556f1f4b <access_update+171>: callq 0x5555556e92d0 <idnode_uuid_as_str>
0x00005555556f1f50 <access_update+176>: mov 0x28(%rbp),%rdi
0x00005555556f1f54 <access_update+180>: mov %rax,%rsi
0x00005555556f1f57 <access_update+183>: callq 0x555555720ac0 <htsmsg_add_str_exclusive>
End of assembler dump.
Full backtrace
#0 0x00005555556f1f38 in access_update (a=a@entry=0x7fff9c0022f0, ae=ae@entry=0x555556ae93b0) at src/access.c:564
pro = 0x555556aa1070
ilm = 0x555556e48e50
s = <optimized out>
ubuf = "\240\a\376\254\377\177\000\000\000\t\000\320\377\177\000\000`\027\262VUU\000\000l\022F\365\377\177\000\000\240"
#1 0x00005555556f4314 in access_get (src=0x7fffd0000900, username=username@entry=0x7fff9c0020a1 "room", verify=verify@entry=0x555555717900 <htsp_verify_callback>, aux=aux@entry=0x7fffacfe07a0) at src/access.c:688
a = 0x7fff9c0022f0
ae = 0x555556ae93b0
nouser = 0
#2 0x000055555571b814 in htsp_authenticate (m=0x7fff9c0263a0, htsp=0x7fffacfe07f0) at src/htsp_server.c:2975
username = 0x7fff9c0020a1 "room"
digest = 0x7fff9c00241c
digestlen = 20
privgain = 0
vs = {digest = 0x7fff9c00241c "\360\326@\207\221\347\316\017\331\360\001iL榮\226\245\fX\003\b",
challenge = 0x7fffacfe09c0 "\r\370pM\275\352`,|\027;ԁx\200\222̀\227%\334Z\254\r\354_\235~\025\257\363d\377\377\377\377\377\377\377\377\300\b"}
rights = <optimized out>
#3 htsp_read_loop (htsp=0x7fffacfe07f0) at src/htsp_server.c:3119
m = 0x7fff9c0263a0
i = <optimized out>
reply = 0x0
r = <optimized out>
method = <optimized out>
tcp_id = 0x7fffd00008c0
#4 htsp_serve (fd=63, opaque=0x7fffd00008e8, source=<optimized out>, self=<optimized out>) at src/htsp_server.c:3291
htsp = {htsp_link = {le_next = 0x0, le_prev = 0x555556819ce8 <htsp_connections>}, htsp_fd = 63, htsp_peer = 0x7fffd0000900, htsp_version = 23, htsp_logname = 0x7fff9c003410 "172.16.2.110 [ room | android-tvheadend (epg) ]",
htsp_peername = 0x7fff9c001ea0 "172.16.2.110", htsp_username = 0x7fff9c0025f0 "room", htsp_clientname = 0x7fff9c002980 "android-tvheadend (epg)", htsp_language = 0x0, htsp_epg_window = 0, htsp_epg_lastupdate = 0,
htsp_epg_timer = {mti_link = {le_next = 0x0, le_prev = 0x0}, mti_callback = 0x0, mti_opaque = 0x0, mti_expire = 0}, htsp_async_mode = 0, htsp_async_link = {le_next = 0x0, le_prev = 0x0}, htsp_writer_thread = 140736120899328,
htsp_writer_run = 1, htsp_active_output_queues = {tqh_first = 0x0, tqh_last = 0x7fffacfe08a0}, htsp_out_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 12 times>, "\001", '\000' <repeats 26 times>, __align = 0}, htsp_out_cond = {cond = {__data = {__lock = 0, __futex = 3, __total_seq = 2, __wakeup_seq = 1, __woken_seq = 1,
__mutex = 0x7fffacfe08b0, __nwaiters = 2, __broadcast_seq = 0},
__size = "\000\000\000\000\003\000\000\000\002\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\260\b\376\254\377\177\000\000\002\000\000\000\000\000\000",
__align = 12884901888}}, htsp_hmq_ctrl = {hmq_q = {tqh_first = 0x0, tqh_last = 0x7fffacfe0908}, hmq_link = {tqe_next = 0x0, tqe_prev = 0x7fffacfe08a0}, hmq_strict_prio = 0, hmq_length = 0, hmq_payload = 0, hmq_dead = 0},
htsp_hmq_epg = {hmq_q = {tqh_first = 0x0, tqh_last = 0x7fffacfe0938}, hmq_link = {tqe_next = 0x0, tqe_prev = 0x0}, hmq_strict_prio = 0, hmq_length = 0, hmq_payload = 0, hmq_dead = 0}, htsp_hmq_qstatus = {hmq_q = {
tqh_first = 0x0, tqh_last = 0x7fffacfe0968}, hmq_link = {tqe_next = 0x0, tqe_prev = 0x0}, hmq_strict_prio = 1, hmq_length = 0, hmq_payload = 0, hmq_dead = 0}, htsp_subscriptions = {lh_first = 0x0},
htsp_dead_subscriptions = {lh_first = 0x0}, htsp_files = {lh_first = 0x0}, htsp_file_id = 0, htsp_granted_access = 0x7fff9c0020b0,
htsp_challenge = "\r\370pM\275\352`,|\027;ԁx\200\222̀\227%\334Z\254\r\354_\235~\025\257\363d"}
buf = "172.16.2.110\000\377\377\377p\023oUUU\000\000\000\000\000\024\000\000\000\000pfA\365\377\177\000\000\004\000\000\000\000\000\000\000\000"
s = <optimized out>
hmq = <optimized out>
hf = <optimized out>
#5 0x00005555556f5670 in tcp_server_start (aux=0x7fffd00008c0) at src/tcp.c:645
tsl = 0x7fffd00008c0
to = {tv_sec = 30, tv_usec = 0}
val = 1
c = 74 'J'
#6 0x00005555556f1452 in thread_wrapper (p=0x7fffd00014b0) at src/wrappers.c:159
ts = 0x7fffd00014b0
set = {__val = {16388, 0 <repeats 15 times>}}
r = <optimized out>
#7 0x00007ffff62a1dc5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#8 0x00007ffff54d7ced in clone () from /lib64/libc.so.6
No symbol table info available.
History
Updated by Jaroslav Kysela almost 8 years ago
Updated by - Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset commit:tvheadend|c09f7041b104a13b3146d6103cc02df7b97299a9.