Bug #4153
crash in mpegts_input_table_dispatch
0%
Description
this happend during scanning NIT on Eutelsat 13E for new transponders using SAT>IP.
GDB output follows
2016-12-31 00:37:27.872 [WARNING] satips: 0/246043E5/1: create mux DVB-S freq 11240000 V sym 27500000 fec AUTO mod QPSK roff 35 is_id -1 pls_mode ROOT pls_code 0
2016-12-31 00:37:27.876 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
2016-12-31 00:37:27.877 [ INFO] subscription: 0135: "SAT>IP" unsubscribing, hostname="192.168.100.17"
[Thread 0x7fff9dfeb700 (LWP 14557) exited]
2016-12-31 00:37:27.881 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
2016-12-31 00:37:27.883 [ INFO] mpegts: 11219H in Hotbird 13°E (0x7fffd802f1e0) - deleting
[Thread 0x7fff9efed700 (LWP 14559) exited]
[New Thread 0x7fff9efed700 (LWP 14592)]
2016-12-31 00:37:27.892 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
2016-12-31 00:37:27.894 [ INFO] mpegts: 11240V in Hotbird 13°E - tuning on Silicon Labs Si2183 : DVB-S #1
2016-12-31 00:37:28.229 [ INFO] epggrab: 11240V in Hotbird 13°E - registering mux for OTA EPG
2016-12-31 00:37:28.233 [ INFO] subscription: 0142: "SAT>IP" subscribing to mux "11240V", weight: 100, adapter: "Silicon Labs Si2183 : DVB-S #1", network: "Hotbird 13°E", service: "Raw PID Subscription", hostname="192.168.100.17"
[New Thread 0x7fff9dfeb700 (LWP 14598)]
2016-12-31 00:37:28.362 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
2016-12-31 00:37:32.572 [WARNING] satips: 0/246043E5/1: create mux DVB-S2 freq 11258000 H sym 27500000 fec AUTO mod PSK/8 roff 35 is_id -1 pls_mode ROOT pls_code 0
2016-12-31 00:37:32.574 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
[Thread 0x7fff9efed700 (LWP 14592) exited]
2016-12-31 00:37:32.575 [ INFO] subscription: 0142: "SAT>IP" unsubscribing, hostname="192.168.100.17"
2016-12-31 00:37:32.578 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
[Thread 0x7fff9dfeb700 (LWP 14598) exited]
2016-12-31 00:37:32.580 [ INFO] mpegts: 11240V in Hotbird 13°E (0x7fffd802d3b0) - deleting
[New Thread 0x7fff9dfeb700 (LWP 14625)]
2016-12-31 00:37:32.588 [ ERROR] tcp: tcp_server_loop: tvhpoll_wait: Interrupted system call
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffad7fa700 (LWP 13497)]
0x0000555555877598 in mpegts_input_table_dispatch (mm=0x7fffd802d3b0, logprefix=0x7fffad7f9890 "11240V in Hotbird 13°E", tsb=0x7fff88003070 "GO\240\037", tsb_len=188)
at src/input/mpegts/mpegts_input.c:1168
1168 if (mt->mt_destroyed || !mt->mt_subscribed || mt->mt_pid != pid)
(gdb) bt
#0 0x0000555555877598 in mpegts_input_table_dispatch (mm=0x7fffd802d3b0, logprefix=0x7fffad7f9890 "11240V in Hotbird 13°E", tsb=0x7fff88003070 "GO\240\037", tsb_len=188)
at src/input/mpegts/mpegts_input.c:1168
#1 0x000055555587875c in mpegts_input_table_thread (aux=0x5555575f0230) at src/input/mpegts/mpegts_input.c:1576
#2 0x0000555555791b05 in thread_wrapper (p=0x7fffa80024e0) at src/wrappers.c:159
#3 0x00007ffff68d6dc5 in start_thread (arg=0x7fffad7fa700) at pthread_create.c:308
#4 0x00007ffff1c6973d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb)
History
Updated by Jaroslav Kysela almost 8 years ago
Updated by Could you analyze this with the clang sanitizer ? https://tvheadend.org/projects/tvheadend/wiki/Debugging#Memory-leaks-or-corruption
The mm_tables list should be protected by the mm_tables_lock - I don't see where it may be corrupted.
Updated by Thomas Göttgens almost 8 years ago
Updated by Sorry, i can't recreate this any more, not under valgrind, gdb or plain binary. Must have been something weird in the NIT data on that transponder and they fixed it by now.