Opened 13 years ago

Closed 13 years ago

#1459 closed defect (fixed)

Mythbackend SEGV during EIT scan - svn 9246

Reported by: mythdev@… Owned by: danielk
Priority: minor Milestone: 0.20
Component: mythtv Version: head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

I can't see this logged elsewhere - #1441 (housekeeping SEGV) and #1453 (recording SEGV) may be relevant but this segv occurs during EIT scan with SVN 9246 - it was not present in 8927.

The failure only seems to occur when the EIT scan hits a channel that is either a weak signal or is temporarily 'off air'. (The EIT scan looks at channels that have been marked as not visible so apart from turning off eit scanning there isn't a workaround.)

I've attached a gdb.txt and the tail end of the mythbackend logs

within gdb.txt I've included the gdb p results for *this & *psip - the psip values show that the _pesdata/_fullbuffer are corrupt. (annotated with [jd] )

The SEGV is triggered by the psip->TableID() - which is invoking the StreamID() in pespacket.h

void ATSCStreamData::DeleteCachedTable(PSIPTable *psip) const
{
    if (!psip)
        return;

    QMutexLocker locker(&_cache_lock);
    if (_cached_ref_cnt[psip] > 0)
    {
        _cached_slated_for_deletion[psip] = 1;
        return;
    }
    else if (TableID::MGT == psip->TableID())          [jd] Segfault here

This segfaults because _pesdata is out of bounds:

[jd] p *psip
$1 = {<PESPacket> = {_vptr.PESPacket = 0x409f6410,
    _pesdata = 0x4400a00d <Address 0x4400a00d out of bounds>,
    _fullbuffer = 0x4400a008 <Address 0x4400a008 out of bounds>,
    _psiOffset = 4, _ccLast = 2, _pesdataSize = 188, _allocSize = 3948,
    _badPacket = false}, static PSIP_OFFSET = 8}

I'm just rebuilding with the patch from #1456 - however I won't know if its had any effect for several hours because I have to wait for the scan to hit an off-air channel. I've logged this as medium severity because the backend is failing without user activity and hence will be undetected = missed recordings.

Apologies - there isn't a patch here - I don't understand whats happening yet :)

Attachments (4)

gdb.txt (11.0 KB) - added by mythdev@… 13 years ago.
gdb corefile trace from EIT segfault
mythbackend.log (3.8 KB) - added by mythdev@… 13 years ago.
mythbackend log for session with EIT scanning segfault
pmt19968 (2.6 KB) - added by mythdev@… 13 years ago.
dvbsnoop on the failing PMT
pes_alloc-fix.patch (839 bytes) - added by Janne <janne-mythtv@…> 13 years ago.

Download all attachments as: .zip

Change History (8)

Changed 13 years ago by mythdev@…

Attachment: gdb.txt added

gdb corefile trace from EIT segfault

Changed 13 years ago by mythdev@…

Attachment: mythbackend.log added

mythbackend log for session with EIT scanning segfault

comment:1 Changed 13 years ago by mythdev@…

forgot to say that the two lines in mythbackend.log

2006-03-05 14:58:40.067 ATSCcached a
2006-03-05 14:58:40.068 ATSCcached b

are my output from VERBOSE lines I'd inserted into ATSCStreamData::DeleteCachedTable? to confirm the position of the segfault

Changed 13 years ago by mythdev@…

Attachment: pmt19968 added

dvbsnoop on the failing PMT

comment:2 Changed 13 years ago by Janne <janne-mythtv@…>

I see this error too and Stuart Auchterlonie's backtrace on the dev mailing list from friday shows the same error.

I added some verbose logging in get_4096_block(). The malloc does not fail and I can memset the whole region. I tried setting a watchpoint at mem4096 but without an useful result. (I know the limitations of watchpoints in gdb).

If someone has an idea how to debug this further, Iĺl give it a try.

Changed 13 years ago by Janne <janne-mythtv@…>

Attachment: pes_alloc-fix.patch added

comment:3 Changed 13 years ago by Janne <janne-mythtv@…>

Attached patch fixes the problem.

my pes_alloc optimization patch freed in use memory

comment:4 Changed 13 years ago by danielk

Resolution: fixed
Status: newclosed

(In [9337]) Fixes #1459, puts back check for the alloc list being empty before freeing memory.

Note: See TracTickets for help on using tickets.