[avahi] Crash in avahi-common
Alex Chen
alex_chen at claris.com
Tue Sep 8 20:44:17 UTC 2020
Hi,
We have experienced several crashes in Avahi, 0.6.31, running CentOS 7.8. The crash dump is in avahi library. This is what I see from gdb.
===============
(gdb) bt
#0 0x00007f5d83300387 in raise () from /lib64/libc.so.6
#1 0x00007f5d83301a78 in abort () from /lib64/libc.so.6
#2 0x00007f5d832f91a6 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007f5d832f9252 in __assert_fail () from /lib64/libc.so.6
#4 0x00007f5d7c54dc0e in avahi_simple_poll_dispatch () from /lib64/libavahi-common.so.3
#5 0x00007f5d7c54debd in avahi_simple_poll_loop () from /lib64/libavahi-common.so.3
#6 0x00007f5d7c54df84 in thread () from /lib64/libavahi-common.so.3
#7 0x00007f5d842c7ea5 in start_thread () from /lib64/libpthread.so.0
#8 0x00007f5d833c88dd in clone () from /lib64/libc.so.6
===============
I downloaded the source code of that version and annotated the stack far,es. There are four asserts in avahi_simple_poll_dispatch(). It is hard to tell which one triggers the accept.
The first one does not seem to be an issue since 'assert(s)' is also called in avahi_simple_poll_loop() in frame #5.
Any help is appreciated.
Thanks
Alex
===========
#0 0x00007f5d83300387 in raise () from /lib64/libc.so.6
#1 0x00007f5d83301a78 in abort () from /lib64/libc.so.6
#2 0x00007f5d832f91a6 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007f5d832f9252 in __assert_fail () from /lib64/libc.so.6
avahi-common/simple-watch.c
int avahi_simple_poll_dispatch(AvahiSimplePoll *s) {
AvahiTimeout *next_timeout;
AvahiWatch *w;
assert(s);
assert(s->state == STATE_RAN);
s->state = STATE_DISPATCHING;
/* We execute only on callback in every iteration */
/* Check whether the wakeup time has been reached now */
if ((next_timeout = find_next_timeout(s))) {
if (next_timeout->expiry.tv_sec == 0 && next_timeout->expiry.tv_usec == 0) {
/* Just a shortcut so that we don't need to call gettimeofday() */
timeout_callback(next_timeout);
goto finish;
}
if (avahi_age(&next_timeout->expiry) >= 0) {
/* Timeout elapsed */
timeout_callback(next_timeout);
goto finish;
}
}
/* Look for some kind of I/O event */
for (w = s->watches; w; w = w->watches_next) {
if (w->dead)
continue;
assert(w->idx >= 0);
assert(w->idx < s->n_pollfds);
if (s->pollfds[w->idx].revents != 0) {
w->callback(w, w->pollfd.fd, s->pollfds[w->idx].revents, w->userdata);
goto finish;
}
}
finish:
s->state = STATE_DISPATCHED;
return 0;
}
#4 0x00007f5d7c54dc0e in avahi_simple_poll_dispatch () from /lib64/libavahi-common.so.3
avahi-common/simple-watch.c
int avahi_simple_poll_loop(AvahiSimplePoll *s) {
int r;
assert(s);
for (;;)
if ((r = avahi_simple_poll_iterate(s, -1)) != 0)
if (r >= 0 || errno != EINTR)
return r;
}
int avahi_simple_poll_iterate(AvahiSimplePoll *s, int timeout) {
int r;
if ((r = avahi_simple_poll_prepare(s, timeout)) != 0)
return r;
if ((r = avahi_simple_poll_run(s)) != 0)
return r;
if ((r = avahi_simple_poll_dispatch(s)) != 0)
return r;
return 0;
}
#5 0x00007f5d7c54debd in avahi_simple_poll_loop () from /lib64/libavahi-common.so.3
avahi-common/thread-watch.c
static void* thread(void *userdata){
AvahiThreadedPoll *p = userdata;
sigset_t mask;
/* Make sure that signals are delivered to the main thread */
sigfillset(&mask);
pthread_sigmask(SIG_BLOCK, &mask, NULL);
pthread_mutex_lock(&p->mutex);
p->retval = avahi_simple_poll_loop(p->simple_poll);
pthread_mutex_unlock(&p->mutex);
return NULL;
}
#6 0x00007f5d7c54df84 in thread () from /lib64/libavahi-common.so.3
#7 0x00007f5d842c7ea5 in start_thread () from /lib64/libpthread.so.0
#8 0x00007f5d833c88dd in clone () from /lib64/libc.so.6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/avahi/attachments/20200908/037abe19/attachment.htm>
More information about the avahi
mailing list