Bug #4286

Tvheadend latested git Segmentation fault

Added by Harry Lau 5 months ago. Updated 4 days ago.

Status:NewStart date:2017-03-17
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Found in version:4.1-2409~g4db3eec Affected Versions:

Description

build lastested git for router wrt1200ac LEDE (using musl C library) found Segmentation fault when executed command tvheadend -v

No problem with version 4.0 (https://github.com/tvheadend/tvheadend/tree/release/4.0)
No problem with lastested git for openwrt 15.05.1(using uclibc C library)

[email protected]:~# ldd /tmp/syscfg/bin/tvheadend   (openwrt 15.05.1)
        /lib/ld-uClibc.so.0 (0x7f5ef000)
        libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0xb642c000)
        libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0xb62eb000)
        libz.so.1 => /usr/lib/libz.so.1 (0xb62c9000)
        libdl.so.0 => /lib/ld-uClibc.so.0 (0x7f5ef000)
        libpthread.so.0 => /lib/ld-uClibc.so.0 (0x7f5ef000)
        libm.so.0 => /lib/ld-uClibc.so.0 (0x7f5ef000)
        librt.so.0 => /lib/ld-uClibc.so.0 (0x7f5ef000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb62af000)
        libc.so.0 => /lib/ld-uClibc.so.0 (0x7f5ef000)

[email protected]:~# ldd /tmp/syscfg/bin/tvheadend.lede.new  (latested LEDE)
        /lib/ld-musl-armhf.so.1 (0x7f56a000)
        libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0xb63b0000)
        libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0xb626f000)
        libz.so.1 => /usr/lib/libz.so.1 (0xb624d000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb6233000)
        libc.so => /lib/ld-musl-armhf.so.1 (0x7f56a000)

LEDE forum also reported this problem (https://forum.lede-project.org/t/tvheadend-latested-git-segfault/2268)

[email protected]:~# uname -a
Linux WRT1200AC 4.9.13 #0 SMP Wed Mar 1 02:06:40 2017 armv7l GNU/Linux
[email protected]:~# valgrind --trace-children=yes --track-origins=yes --leak-check=full --show-reachable=yes /tmp/syscfg/bin/tvheadend.lede.new -v
==10970== Memcheck, a memory error detector
==10970== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10970== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==10970== Command: /tmp/syscfg/bin/tvheadend.lede.new -v
==10970==
==10970== Conditional jump or move depends on uninitialised value(s)
==10970==    at 0x404B800: ??? (in /lib/libc.so)
==10970==  Uninitialised value was created by a stack allocation
==10970==    at 0x4056330: ??? (in /lib/libc.so)
==10970==
==10970== Use of uninitialised value of size 4
==10970==    at 0x404B804: ??? (in /lib/libc.so)
==10970==  Uninitialised value was created by a stack allocation
==10970==    at 0x4056330: ??? (in /lib/libc.so)
==10970==
==10970== Conditional jump or move depends on uninitialised value(s)
==10970==    at 0x404B218: ??? (in /lib/libc.so)
==10970==  Uninitialised value was created by a stack allocation
==10970==    at 0x4056330: ??? (in /lib/libc.so)
==10970==
==10970==
==10970== Process terminating with default action of signal 11 (SIGSEGV)
==10970==  Bad permissions for mapped region at address 0x36961C
==10970==    at 0x4055760: ??? (in /lib/libc.so)
==10970==
==10970== HEAP SUMMARY:
==10970==     in use at exit: 0 bytes in 0 blocks
==10970==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==10970==
==10970== All heap blocks were freed -- no leaks are possible
==10970==
==10970== For counts of detected and suppressed errors, rerun with: -v
==10970== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
Segmentation fault

History

#1 Updated by Mark Clarkstone 5 months ago

  • Description updated (diff)

Added <\pre> formatting.

#2 Updated by Harry Lau 5 months ago

strings /tmp/syscfg/bin/tvheadend.lede.new

...
...
...
Configure arguments:
--target=arm-openwrt-linux --host=arm-openwrt-linux --build=i686-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls --disable-cwc --disable-v4l --disable-avahi --disable-dvbcsa --disable-tvhcsa --disable-dbus_1 --disable-capmt --disable-constcw --disable-iptv --disable-satip_server --disable-satip_client --disable-imagecache --disable-uriparser --disable-libx264_static --disable-libmfx_static --disable-libx265_static --disable-hdhomerun_static --release --enable-bundle --enable-trace --enable-dvbconv --disable-libav --disable-libffmpeg_static --disable-ffmpeg --disable-ffmpeg_static
Compiler:
Using C compiler: ccache arm-openwrt-linux-muslgnueabi-gcc
Using C flags: -Os -pipe -mcpu=cortex-a9 -mfpu=vfpv3-d16 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -iremap/hd1/lede/source/build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/tvheadend-master:tvheadend-master -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro
Using LD flags: -L/hd1/lede/source/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/usr/lib -L/hd1/lede/source/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/lib -L/hd1/lede/source/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-5.4.0_musl_eabi/usr/lib -L/hd1/lede/source/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-5.4.0_musl_eabi/lib -znow -zrelro
Build for arch: arm
Binaries:
Using PYTHON: python
Using GZIP: gzip
Using BZIP2: bzip2
Options:
pie yes
ccdebug no
cwc no
capmt no
constcw no
linuxdvb yes
satip_server no
satip_client no
hdhomerun_client no
hdhomerun_static no
iptv no
tsfile yes
dvbscan yes
timeshift yes
trace yes
imagecache no
avahi no
zlib yes
libav no
ffmpeg_static no
libx264 yes
libx264_static no
libx265 yes
libx265_static no
libvpx yes
libvpx_static yes
libtheora yes
libtheora_static yes
libvorbis yes
libvorbis_static yes
libfdkaac yes
libfdkaac_static yes
nvenc no
qsv no
libmfx_static no
inotify yes
epoll yes
uriparser no
ccache yes
tvhcsa no
bundle yes
dvbcsa no
dvben50221 no
kqueue no
dbus_1 no
android no
tsdebug no
gtimer_check no
slow_memoryinfo no
libsystemd_daemon no
bintray_cache yes
W_unused_result yes
getloadavg yes
atomic64 yes
atomic_time_t yes
bitops64 yes
stime yes
gmtoff yes
recvmmsg yes
sendmmsg yes
ifnames yes
py_gzip yes
bin_pkg_config yes
bin_xgettext yes
bin_msgmerge yes
bin_gzip yes
bin_bzip2 yes
ssl yes
linuxdvbapi yes
inotify_h yes
mpegts yes
mpegts_dvb yes
Packages:
openssl 1.0.2k
zlib 1.2.11
Installation paths:
Prefix: /usr
Binaries: /usr/bin
Libraries: ${prefix}/lib
Data files: /usr/share
Man pages: /usr/man
2017-03-14T08:44:56+0000

#3 Updated by Mark Clarkstone 4 months ago

  • Status changed from New to Invalid

Please upgrade your version, this has more than likely been fixed in the latest 4.2 release.

If not, please reply & I'll reopen.

#4 Updated by Harry Lau 4 months ago

Mark Clarkstone wrote:

Please upgrade your version, this has more than likely been fixed in the latest 4.2 release.

If not, please reply & I'll reopen.

problem still persists,both arch mipsel or arm with same error " Segmentation fault"

dmesg showed
[ 795.805882] do_page_fault(): sending SIGSEGV to tvheadend for invalid write access to 55a983f8
[ 795.814768] epc = 77723d1c in libc.so[776a2000+92000]
[ 795.819972] ra = 777249f0 in libc.so[776a2000+92000]
[ 926.825163] do_page_fault(): sending SIGSEGV to tvheadend for invalid write access to 55c3e3f8
[ 926.834074] epc = 77f39d1c in libc.so[77eb8000+92000]
[ 926.839303] ra = 77f3a9f0 in libc.so[77eb8000+92000]

tvheadend version
Checking connectivity... done.
Checking out files: 100% (5163/5163), done.
Note: checking out '658ddd6c3b490437b5f62c26eb34f9ee745d0107'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

git checkout -b &lt;new-branch-name&gt;

HEAD is now at 658ddd6... bintray.py: show the backtrace when the filename is not parsed correctly, fix component version
Packing checkout...
....

strings tvheadend

Using C compiler:                        ccache mipsel-openwrt-linux-musl-gcc
Using C flags: -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -iremap/hd1/lede/source/build_dir/target-mipsel_24kc_musl/tvheadend-master:tvheadend-master -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro
Using LD flags: -L/hd1/lede/source/staging_dir/target-mipsel_24kc_musl/usr/lib -L/hd1/lede/source/staging_dir/target-mipsel_24kc_musl/lib -L/hd1/lede/source/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl/usr/lib -L/hd1/lede/source/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl/lib -znow -zrelro
Build for arch: mipsel
Binaries:
Using PYTHON: python
Using GZIP: gzip
Using BZIP2: bzip2
Options:
pie yes
ccdebug no
cwc no
capmt no
constcw no
linuxdvb yes
satip_server no
satip_client no
hdhomerun_client no
hdhomerun_static no
iptv no
tsfile yes
dvbscan yes
timeshift yes
trace yes
imagecache no
avahi no
zlib yes
libav no
ffmpeg_static no
libx264 yes
libx264_static no
libx265 yes
libx265_static no
libvpx yes
libvpx_static yes
libtheora yes
libtheora_static yes
libvorbis yes
libvorbis_static yes
libfdkaac yes
libfdkaac_static yes
nvenc no
qsv no
libmfx_static no
inotify yes
epoll yes
uriparser no
ccache yes
tvhcsa no
bundle yes
pngquant no
dvbcsa no
dvben50221 no
kqueue no
dbus_1 no
android no
tsdebug no
gtimer_check no
slow_memoryinfo no
libsystemd_daemon no
bintray_cache yes
W_unused_result yes
getloadavg yes
atomic_time_t yes
bitops64 yes
stime yes
gmtoff yes
recvmmsg yes
sendmmsg yes
ifnames yes
llabs yes
py_gzip yes
bin_pkg_config yes
bin_xgettext yes
bin_msgmerge yes
bin_gzip yes
bin_bzip2 yes
ssl yes
linuxdvbapi yes
inotify_h yes
inotify_init1 yes
epoll_create1 yes
mpegts yes
mpegts_dvb yes
Packages:
openssl 1.0.2k
zlib 1.2.11
Installation paths:
Prefix: /usr
Binaries: /usr/bin
Libraries: ${prefix}/lib
Data files: /usr/share
Man pages: /usr/man
2017-04-23T05:09:34+00:00

#5 Updated by Harry Lau 4 months ago

Configure arguments:
--target=mipsel-openwrt-linux --host=mipsel-openwrt-linux --build=i686-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls --disable-cwc --disable-v4l --disable-avahi --disable-dvbcsa --disable-tvhcsa --disable-dbus_1 --disable-capmt --disable-constcw --disable-iptv --disable-satip_server --disable-satip_client --disable-imagecache --disable-uriparser --disable-libx264_static --disable-libmfx_static --disable-libx265_static --disable-hdhomerun_static --release --enable-bundle --enable-dvbconv --disable-libav --disable-libffmpeg_static --disable-ffmpeg --disable-ffmpeg_static

#6 Updated by Mark Clarkstone 4 months ago

Hmm, seems I can't reopen this. I'll ask perexg to open it!

Interesting that you say it's segfaulting on arm, it's running fine on both my RPi & NSA310 (armv5te).

Either way, we now know it's still a problem with latest git.

#7 Updated by Harry Lau 4 months ago

Mark Clarkstone wrote:

Hmm, seems I can't reopen this. I'll ask perexg to open it!

Interesting that you say it's segfaulting on arm, it's running fine on both my RPi & NSA310 (armv5te).

Either way, we now know it's still a problem with latest git.

I think tvheadend only crash when using musl libc,RPI and NSA310 may using glibc.

#8 Updated by Jaroslav Kysela 4 months ago

  • Status changed from Invalid to New

#9 Updated by Oleg Voropaev 29 days ago

Confirmed on mpc8540 (PowerPC) architecture with musl.
Both 4.3 and 4.2.3 are segfaulted, while 4.0.9 and 4.0.10 are running without any problems

#10 Updated by Jaroslav Kysela 21 days ago

I cannot help if I don't see where tvh crashes: https://tvheadend.org/projects/tvheadend/wiki/Debugging

#11 Updated by Harry Lau 6 days ago

Jaroslav Kysela wrote:

I cannot help if I don't see where tvh crashes: https://tvheadend.org/projects/tvheadend/wiki/Debugging

got this

@ubuntu:/hd1/lede/source$ ./scripts/remote-gdb 192.168.0.1:3000 staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend
Choose target:
1) mipsel_24kc (musl)
2) arm_cortex-a9+vfpv3 (musl_eabi)
Target? > 2
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-openwrt-linux-muslgnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/&gt;.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/&gt;.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend...done.
0xb6fde218 in fchown (fd=0, uid=0, gid=0) at src/unistd/fchown.c:9
9 src/unistd/fchown.c: No such file or directory.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /hd1/lede/source/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend
^Cy
^CInterrupted while waiting for the program.
Give up waiting? (y or n) y
Quit

@ubuntu:/hd1/lede/source$ ls./scripts/remote-gdb 192.168.0.1:3000 staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend
-bash: ls./scripts/remote-gdb: No such file or directory
[email protected]:/hd1/lede/source$ ./scripts/remote-gdb 192.168.0.1:3000 staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend
Choose target:
1) mipsel_24kc (musl)
2) arm_cortex-a9+vfpv3 (musl_eabi)
Target? > 2
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-openwrt-linux-muslgnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/&gt;.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/&gt;.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend...done.
(gdb) r
Starting program: /hd1/lede/source/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/usr/bin/tvheadend

Program received signal SIGSEGV, Segmentation fault.
0xb6fdef88 in sysv_hash (s0=<optimized out>;) at ldso/dynlink.c:194
194 ldso/dynlink.c: No such file or directory.

#12 Updated by Harry Lau 5 days ago

mipsel:

Reading symbols from staging_dir/target-mipsel_24kc_musl/root-ramips/usr/bin/tvheadend...done.
r(gdb) r
Starting program: /hd1/lede/source/staging_dir/target-mipsel_24kc_musl/root-ramips/usr/bin/tvheadend

Program received signal SIGSEGV, Segmentation fault.
do_relocs (dso=0x77ffe460 <app>, rel=0x55568e58, rel_size=517000, stride=2)
at ldso/dynlink.c:411
411 ldso/dynlink.c: No such file or directory.
(gdb) where
#0 do_relocs (dso=0x77ffe460 <app>, rel=0x55568e58, rel_size=517000, stride=2)
at ldso/dynlink.c:411
#1 0x77fdd9f0 in reloc_all (p=0x77ffe460 <app>;) at ldso/dynlink.c:1153
#2 0x77fdf840 in __dls3 (sp=<optimized out>;) at ldso/dynlink.c:1598
#3 0x77fdeeb0 in __dls2 (base=<optimized out>, sp=0x7fffedd0)
at ldso/dynlink.c:1384
#4 0x77f6a110 in _dlstart ()
from /hd1/lede/source/scripts/../staging_dir/target-mipsel_24kc_musl/root-ramips/lib/ld-musl-mipsel-sf.so.1
Backtrace stopped: frame did not save the PC

#13 Updated by Jaroslav Kysela 4 days ago

These traces are for code in the musl library.

#14 Updated by Harry Lau 4 days ago

Jaroslav Kysela wrote:

These traces are for code in the musl library.

@ubuntu:/hd1/lede/source$ ./scripts/remote-gdb 192.168.0.106:3000 staging_dir/target-mipsel_24kc_musl/root-ramips/usr/bin/tvheadend
Using target mipsel_24kc (musl)
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=mipsel-openwrt-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/&gt;.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/&gt;.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from staging_dir/target-mipsel_24kc_musl/root-ramips/usr/bin/tvheadend...done.
(gdb) info source
No current source file.
(gdb) list
712 }
713
714 /* Wait /
715 pthread_cond_timedwait(&gtimer_cond, &global_lock, &ts);
716 pthread_mutex_unlock(&global_lock);
717 }
718 }
719
720
721 /
*
(gdb) r
Starting program: /hd1/lede/source/staging_dir/target-mipsel_24kc_musl/root-ramips/usr/bin/tvheadend

Program received signal SIGSEGV, Segmentation fault.
0x77fdc778 in pwrite (warning: GDB can't find the start of the function at 0x77ffe517.

GDB is unable to find the start of the function at 0x77ffe517
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
This problem is most likely caused by an invalid program counter or
stack pointer.
However, if you think GDB should simply search farther back
from 0x77ffe517 for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
fd=&lt;optimized out&gt;, buf=&lt;optimized out&gt;, size=&lt;optimized out&gt;, ofs=8646278277104582656) at src/unistd/pwrite.c:7
7 src/unistd/pwrite.c: No such file or directory.
(gdb) list
2 in src/unistd/pwrite.c
(gdb) b main
Breakpoint 1 at 0x92a40: file src/main.c, line 726.
(gdb)

Also available in: Atom PDF