Linux-Media Archive on lore.kernel.org
 help / color / Atom feed
* RE: [v4l-utils] Error in `media-ctl': double free or corruption (fasttop)
@ 2020-05-21 14:36 Surachari, Bhuvanesh
  0 siblings, 0 replies; 2+ messages in thread
From: Surachari, Bhuvanesh @ 2020-05-21 14:36 UTC (permalink / raw)
  To: linux-media; +Cc: Surachari, Bhuvanesh

Hello,

         When executing command "media-ctl -d /dev/media0 -p" crash is observed very rarely in media_enum_links() while freeing memory with the below backtrace:

****** EXCEPTION in process PID=1682 (media-ctl) ******* Command line: media-ctl -d /dev/media0 -p exception trigger PROCESS_SIGNAL signal "SIGABRT"
Signal info:
               si_signo:6
               si_errno:0
               si_code:0xfffffffa
====== processor registers:
x0-x9:   0000000000000000 0000ffffcc0c7780 0000000000000000 0000000000000008 0000000000000000 0000ffffcc0c7780 ffffffffffffffff ffffffffffffffff 0000000000000087 ffffffffffffffff
x10-x19: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff 0000000000000000 0000000000000000 0000ffff817b8f70 0000ffff816af8e0 0000ffff81787a70 0000000000000006
x20-x29: 0000ffff817fc010 0000ffff817fb000 0000ffffcc0c79b0 0000000000000002 0000000000000001 0000ffff8175d8b8 0000000000000002 0000ffffcc0c79e0 0000000000000001 0000ffffcc0c7760
x30: 0000ffff8166b038 sp: 0000ffffcc0c7760 pc: 0000ffff8166b0ac pstate: 0000000000000000 orig_x0: 0000000000000002 syscallno: 00000000ffffffff

backtrace:
---
Extracted from stack:
/lib64/libc-2.27.so(raise+0x9c)[0xffff8166b0ac]
/lib64/libc-2.27.so(abort+0x140)[0xffff8166c160]
/lib64/libc-2.27.so(abort+0x9c)[0xffff8166c0bc]
/lib64/libc-2.27.so(__fsetlocking+0x2e8)[0xffff816a4730]
/lib64/ld-2.27.so(_dl_rtld_di_serinfo+0xf70)[0xffff817df428]
/lib64/libc-2.27.so(__fsetlocking+0x2b8)[0xffff816a4700]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(__libc_thread_freeres+0x1bf9a)[0xffff81761c6a]
/lib64/libc-2.27.so(__libc_thread_freeres+0x1bf9a)[0xffff81761c6a]
/lib64/ld-2.27.so(_dl_rtld_di_serinfo+0x4cc4)[0xffff817e317c]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(_IO_str_seekoff+0x4938)[0xffff816aead0]
/lib64/libc-2.27.so(_IO_str_seekoff+0x88c)[0xffff816aaa24]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(_IO_str_seekoff+0x21a0)[0xffff816ac338]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x45c)[0xffff817a74ac]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x360)[0xffff817a73b0]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x45c)[0xffff817a74ac]
/usr/bin/media-ctl(_init+0x3b0)[0x401738]
RA: 0x0000000000000000 BP: 0x0000ffffcc0c7760 SP: 0x0000ffffcc0c9000 Saved registers and local vars (0xffffcc0c8f98 - 0xffffcc0c8ff0):
<0000ffffcc0c8f90>                  5f4452414f420065 4d5f4749464e4f43 6f623d444f485445 636570732d647261 6e79642d63696669 6d6f632d63696d61 0073746e656e6f70         
<0000ffffcc0c8fd0> 622f7273752f3d5f 616964656d2f6e69 73752f006c74632d 656d2f6e69622f72 006c74632d616964

The above crash could be related to commit id 112c52c3495713bad522cdf40f285a8e7b38674b ("libmediactl: Don't free an already freed address if no links")
which was applied. But the commit id 314a19002e7244e4b8d5576f48cb9198ea8294c6 ("Revert "libmediactl: Don't free an already freed address if no links"")
reverts the above patch.

The  commit 112c52c3495713bad522cdf40f285a8e7b38674b ("libmediactl: Don't free an already freed address if no links")
seems to help the crash we're seeing, but it was reverted the same day it was applied. Was that by accident or for some other reason?.

I have resent the message since I didn't mention the commit id details in the last message.

Thank you,
Regards,
Bhuvanesh

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [v4l-utils] Error in `media-ctl': double free or corruption (fasttop)
@ 2020-05-20 16:55 Surachari, Bhuvanesh
  0 siblings, 0 replies; 2+ messages in thread
From: Surachari, Bhuvanesh @ 2020-05-20 16:55 UTC (permalink / raw)
  To: linux-media

Hello,

         When executing command "media-ctl -d /dev/media0 -p" crash is observed
very rarely in media_enum_links() while freeing memory with the below backtrace:

****** EXCEPTION in process PID=1682 (media-ctl) *******
Command line: media-ctl -d /dev/media0 -p 
exception trigger PROCESS_SIGNAL
signal "SIGABRT"
Signal info:
               si_signo:6
               si_errno:0
               si_code:0xfffffffa
====== processor registers:
x0-x9:   0000000000000000 0000ffffcc0c7780 0000000000000000 0000000000000008 0000000000000000 0000ffffcc0c7780 ffffffffffffffff ffffffffffffffff 0000000000000087 ffffffffffffffff
x10-x19: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff 0000000000000000 0000000000000000 0000ffff817b8f70 0000ffff816af8e0 0000ffff81787a70 0000000000000006
x20-x29: 0000ffff817fc010 0000ffff817fb000 0000ffffcc0c79b0 0000000000000002 0000000000000001 0000ffff8175d8b8 0000000000000002 0000ffffcc0c79e0 0000000000000001 0000ffffcc0c7760
x30: 0000ffff8166b038 sp: 0000ffffcc0c7760 pc: 0000ffff8166b0ac pstate: 0000000000000000 orig_x0: 0000000000000002 syscallno: 00000000ffffffff

backtrace:
---
Extracted from stack:
/lib64/libc-2.27.so(raise+0x9c)[0xffff8166b0ac]
/lib64/libc-2.27.so(abort+0x140)[0xffff8166c160]
/lib64/libc-2.27.so(abort+0x9c)[0xffff8166c0bc]
/lib64/libc-2.27.so(__fsetlocking+0x2e8)[0xffff816a4730]
/lib64/ld-2.27.so(_dl_rtld_di_serinfo+0xf70)[0xffff817df428]
/lib64/libc-2.27.so(__fsetlocking+0x2b8)[0xffff816a4700]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(__libc_thread_freeres+0x1bf9a)[0xffff81761c6a]
/lib64/libc-2.27.so(__libc_thread_freeres+0x1bf9a)[0xffff81761c6a]
/lib64/ld-2.27.so(_dl_rtld_di_serinfo+0x4cc4)[0xffff817e317c]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(_IO_str_seekoff+0x4938)[0xffff816aead0]
/lib64/libc-2.27.so(_IO_str_seekoff+0x88c)[0xffff816aaa24]
/lib64/libc-2.27.so(__libc_thread_freeres+0x17be8)[0xffff8175d8b8]
/lib64/libc-2.27.so(_IO_str_seekoff+0x21a0)[0xffff816ac338]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x45c)[0xffff817a74ac]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x360)[0xffff817a73b0]
/usr/lib64/libmediactl.so.0.0.0(media_device_enumerate+0x45c)[0xffff817a74ac]
/usr/bin/media-ctl(_init+0x3b0)[0x401738]
RA: 0x0000000000000000 BP: 0x0000ffffcc0c7760 SP: 0x0000ffffcc0c9000
Saved registers and local vars (0xffffcc0c8f98 - 0xffffcc0c8ff0):
<0000ffffcc0c8f90>                  5f4452414f420065 4d5f4749464e4f43 6f623d444f485445 636570732d647261 6e79642d63696669 6d6f632d63696d61 0073746e656e6f70         
<0000ffffcc0c8fd0> 622f7273752f3d5f 616964656d2f6e69 73752f006c74632d 656d2f6e69622f72 006c74632d616964

Could the above crash related to commit "libmediactl: Don't free an already freed address if no links".
The commit "Revert "libmediactl: Don't free an already freed address if no links"" reverts the above patch.
Could you please provide more details for reverting the patch.

Thank you,
Regards,
Bhuvanesh

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-21 14:36 [v4l-utils] Error in `media-ctl': double free or corruption (fasttop) Surachari, Bhuvanesh
  -- strict thread matches above, loose matches on Subject: below --
2020-05-20 16:55 Surachari, Bhuvanesh

Linux-Media Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-media/0 linux-media/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-media linux-media/ https://lore.kernel.org/linux-media \
		linux-media@vger.kernel.org
	public-inbox-index linux-media

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-media


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git