[mythtv-commits] Ticket #11940: Segfault mythbackend (misrefcounting MythSocket)
MythTV
noreply at mythtv.org
Fri Nov 8 06:55:58 UTC 2013
#11940: Segfault mythbackend (misrefcounting MythSocket)
--------------------------------------+------------------------
Reporter: abudovski@… | Owner:
Type: Bug Report - General | Status: new
Priority: major | Milestone:
Component: MythTV - General | Version: 0.27-fixes
Severity: high | Keywords:
Ticket locked: 0 |
--------------------------------------+------------------------
I get a segfault/AV after a few mins of no activity, reproes consistenly.
AV stack:
{{{
void MainServer::customEvent(QEvent *e)
{
...
while (!decrRefSocketList.empty())
{
(*decrRefSocketList.begin())->DecrRef(); // here
*decrRefSocketList.begin() points to a deallocated MythSocket.
Stack:
#0 0x000000000045f477 in MainServer::customEvent (this=0x8b2830,
e=0x7fff3c0012a0) at mainserver.cpp:900
#1 0x00007ffff3fd4e5d in QObject::event(QEvent*) () from /usr/lib/x86_64
-linux-gnu/libQtCore.so.4
#2 0x00007ffff3fbc8bd in QCoreApplication::notifyInternal(QObject*,
QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007ffff3fbfe1f in
QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4 0x00007ffff3fea073 in ?? () from /usr/lib/x86_64-linux-
gnu/libQtCore.so.4
#5 0x00007fffec62d3a6 in g_main_context_dispatch () from /lib/x86_64
-linux-gnu/libglib-2.0.so.0
#6 0x00007fffec62d6f8 in ?? () from /lib/x86_64-linux-
gnu/libglib-2.0.so.0
#7 0x00007fffec62d79c in g_main_context_iteration () from /lib/x86_64
-linux-gnu/libglib-2.0.so.0
#8 0x00007ffff3fe9a55 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#9 0x00007ffff3fbb5ef in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
#10 0x00007ffff3fbb8e5 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
#11 0x00007ffff3fc0e5b in QCoreApplication::exec() () from /usr/lib/x86_64
-linux-gnu/libQtCore.so.4
#12 0x0000000000522cae in run_backend (cmdline=...) at
main_helpers.cpp:696
#13 0x00000000004584f6 in main (argc=3, argv=0x7fffffffdf88) at
main.cpp:135
Some traces of the socket: (socket ptr is 8b6870)
2649 2013-11-08 16:46:37.036703 E MythSocket(8b6870:25): ReadStringList:
Error, timed out after 30000 ms.
2727 2013-11-08 16:46:37.036966 I (0x8b6880)::IncrRef() -> 2 // pushed
to decrRefSocketList list
2767 2013-11-08 16:46:37.923067 I (0x8b6880)::DecrRef() -> 1 // see [1]
2787 2013-11-08 16:46:37.923168 E MythSocket(8b6870:-1): No response.
2807 2013-11-08 16:46:38.154256 I (0x8b6880)::DecrRef() -> 0 // see [2]
Now the object is destroyed, but still on the decrRefSocketList list,
which means MainServer::customEvent will blow up!
[1] ref dropping to 1 (I think this is wrong. PlaybackSock never took a
ref)
2653 #0 ReferenceCounter::DecrRef (this=0x8b6880) at
referencecounter.cpp:128 // 1
2654 #1 0x00000000004a8697 in PlaybackSock::~PlaybackSock
(this=0x7fff3000c7f0, __in_chrg=<optimised out>) at playbacksock.cpp:44
2655 #2 0x00000000004a8776 in PlaybackSock::~PlaybackSock
(this=0x7fff3000c7f0, __in_chrg=<optimised out>) at playbacksock.cpp:46
2656 #3 0x00007ffff6a93572 in ReferenceCounter::DecrRef
(this=0x7fff3000c7f0) at referencecounter.cpp:158
2657 #4 0x0000000000490b43 in MainServer::connectionClosed
(this=0x8b2830, socket=0x8b6870) at mainserver.cpp:5888
2658 #5 0x00007ffff69dda8f in MythSocket::DisconnectHandler
(this=0x8b6870) at mythsocket.cpp:259
2659 #6 0x00007ffff6aec497 in MythSocket::qt_static_metacall
(_o=0x8b6870, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0x7fff46ffbbf0)
at moc_mythsocket.cpp
[2] dropping ref to 0 and freeing object:
88 Breakpoint 2, ReferenceCounter::DecrRef (this=0x8b6880) at
referencecounter.cpp:128
2689 128 in referencecounter.cpp
2690 #0 ReferenceCounter::DecrRef (this=0x8b6880) at
referencecounter.cpp:128
2691 #1 0x0000000000493cae in MainServer::reconnectTimeout
(this=0x8b2830) at mainserver.cpp:6253
2692 #2 0x0000000000564e0f in MainServer::qt_static_metacall
(_o=0x8b2830, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fffffffd520)
at moc_mainserver.cpp :54
2693 #3 0x00007ffff3fd0a58 in QMetaObject::activate(QObject*, QMetaObject
const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
2694 #4 0x00007ffff3fd4be1 in QObject::event(QEvent*) () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
2695 #5 0x00007ffff3fbc8bd in QCoreApplication::notifyInternal(QObject*,
QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
2696 #6 0x00007ffff3fec403 in ?? () from /usr/lib/x86_64-linux-
gnu/libQtCore.so.4
2697 #7 0x00007ffff3fe97a1 in ?? () from /usr/lib/x86_64-linux-
gnu/libQtCore.so.4
2698 #8 0x00007fffec62d3a6 in g_main_context_dispatch () from /lib/x86_64
-linux-gnu/libglib-2.0.so.0
2699 #9 0x00007fffec62d6f8 in ?? () from /lib/x86_64-linux-
gnu/libglib-2.0.so.0
2700 #10 0x00007fffec62d79c in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
2701 #11 0x00007ffff3fe9a55 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
2702 #12 0x00007ffff3fbb5ef in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
2703 #13 0x00007ffff3fbb8e5 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
2704 #14 0x00007ffff3fc0e5b in QCoreApplication::exec() () from
/usr/lib/x86_64-linux-gnu/libQtCore.so.4
2705 #15 0x0000000000522cae in run_backend (cmdline=...) at
main_helpers.cpp:696
}}}
I think this is because PlaybackSock doesn't take a ref in the ctor, but
unconditionally releases one in its dtor. If it didn't do that, we'd still
have a valid object in MainServer::decrRefSocketList.
--
Ticket URL: <http://code.mythtv.org/trac/ticket/11940>
MythTV <http://www.mythtv.org>
MythTV Media Center
More information about the mythtv-commits
mailing list