search

MusicPlayerDaemon / MPD

Music Player Daemon
https://www.musicpd.org/
GNU General Public License v2.0
2.16k stars 346 forks source link

Segfault while writing DB #1041

Closed hiqua closed 3 years ago

hiqua commented 3 years ago

Bug report

Describe the bug

Segfault while writing DB. I think MPD was scanning an NFS directory while that happened, but not 100% sure.

Expected Behavior

No segfault.

Actual Behavior

Segfault

Version

Music Player Daemon 0.23~git (v0.22.3-181-g937da63ba)
Copyright 2003-2007 Warren Dukes <warren.dukes@gmail.com>
Copyright 2008-2018 Max Kellermann <max.kellermann@gmail.com>
This is free software; see the source for copying conditions.  There is NO
warranty; not even MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Database plugins:
 simple proxy upnp

Storage plugins:
 local udisks nfs curl

Neighbor plugins:
 upnp udisks

Decoders plugins:
 [mad] mp3 mp2
 [mpg123] mp3
 [vorbis] ogg oga
 [oggflac] ogg oga
 [flac] flac
 [opus] opus ogg oga
 [sndfile] wav aiff aif au snd paf iff svx sf voc w64 pvf xi htk caf sd2
 [audiofile] wav au aiff aif
 [dsdiff] dff
 [dsf] dsf
 [hybrid_dsd] m4a
 [faad] aac
 [mpcdec] mpc
 [wavpack] wv
 [modplug] 669 amf ams dbm dfm dsm far it med mdl mod mtm mt2 okt s3m stm ult umx xm
 [mikmod] amf dsm far gdm imf it med mod mtm s3m stm stx ult uni xm
 [sidplay] sid mus str prg P00
 [wildmidi] mid
 [fluidsynth] mid
 [adplug] amd d00 hsc laa rad raw sa2
 [ffmpeg] 16sv 3g2 3gp 4xm 8svx aa3 aac ac3 adx afc aif aifc aiff al alaw amr anim apc ape asf atrac au aud avi avm2 avs bap bfi c93 cak cin cmv cpk daud dct divx dts dv dvd dxa eac3 film flac flc fli fll flx flv g726 gsm gxf iss m1v m2v m2t m2ts m4a m4b m4v mad mj2 mjpeg mjpg mka mkv mlp mm mmf mov mp+ mp1 mp2 mp3 mp4 mpc mpeg mpg mpga mpp mpu mve mvi mxf nc nsv nut nuv oga ogm ogv ogx oma ogg omg opus psp pva qcp qt r3d ra ram rl2 rm rmvb roq rpl rvc shn smk snd sol son spx str swf tak tgi tgq tgv thp ts tsp tta xa xvid uv uv2 vb vid vob voc vp6 vmd wav webm wma wmv wsaud wsvga wv wve rtp:// rtsp:// rtsps://
 [gme] ay gbs gym hes kss nsf nsfe sap spc vgm vgz
 [pcm]

Filters:
 libsamplerate soxr

Tag plugins:
 id3tag

Output plugins:
 shout null fifo sndio pipe alsa ao openal pulse jack httpd recorder

Encoder plugins:
 null vorbis opus lame twolame wave flac shine

Archive plugins:
 [bz2] bz2
 [zzip] zip
 [iso] iso

Input plugins:
 file archive alsa tidal qobuz curl ffmpeg nfs mms cdio_paranoia

Playlist plugins:
 extm3u m3u pls xspf asx rss soundcloud flac cue embcue

Protocols:
 file:// alsa:// cdda:// ftp:// ftps:// gopher:// hls+http:// hls+https:// http:// https:// mms:// mmsh:// mmst:// mmsu:// nfs:// qobuz:// rtmp:// rtmps:// rtmpt:// rtmpts:// rtp:// rtsp:// rtsps:// scp:// sftp:// smb:// srtp:// tidal://

Other features:
 avahi dbus udisks epoll icu inotify ipv6 systemd tcp un

Log

Last lines from log:

simple_db: removing empty directories from DB
simple_db: sorting DB
simple_db: writing DB

Trace from gdb:

Thread 67 "update" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffbf7fe700 (LWP 2752225)]
warning: Can't read data for section '.eh_frame' in file '/lib/x86_64-linux-gnu/libmpg123.so.0'
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
65      ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x00007ffff3f07f16 in __vfprintf_internal (s=s@entry=0x7fffbf7fcdb0, format=format@entry=0x55555566604f "%s: %s\n", ap=ap@entry=0x7fffbf7fcf48, mode_flags=mode_flags@entry=0) at vfprintf-internal.c:1688
#2  0x00007ffff3f19966 in __vsnprintf_internal (string=0x7fffa45a3447 "", maxlen=<optimized out>,
    maxlen@entry=30041, format=format@entry=0x55555566604f "%s: %s\n", args=args@entry=0x7fffbf7fcf48, mode_flags=mode_flags@entry=0) at vsnprintf.c:114
#3  0x00007ffff3f199c8 in ___vsnprintf (string=<optimized out>, maxlen=maxlen@entry=30041, format=format@entry=0x55555566604f "%s: %s\n", args=args@entry=0x7fffbf7fcf48) at vsnprintf.c:124
#4  0x00005555555cc559 in BufferedOutputStream::Format(char const*, ...) (this=this@entry=0x7fffbf7fd150, fmt=fmt@entry=0x55555566604f "%s: %s\n") at ../../src/fs/io/BufferedOutputStream.cxx:91
#5  0x00005555555bb31f in tag_save(BufferedOutputStream&, Tag const&) (os=..., tag=...) at ../../src/TagSave.cxx:36
#6  0x00005555555ba3f9 in song_save(BufferedOutputStream&, Song const&) (os=..., song=...) at ../../src/SongSave.cxx:61
#7  0x0000555555646a2b in directory_save(BufferedOutputStream&, Directory const&) (os=..., directory=...) at ../../src/db/plugins/simple/DirectorySave.cxx:99
#8  0x0000555555646ac3 in directory_save(BufferedOutputStream&, Directory const&) (os=..., directory=...) at ../../src/db/plugins/simple/DirectorySave.cxx:95
#9  0x0000555555646ac3 in directory_save(BufferedOutputStream&, Directory const&) (os=..., directory=...) at ../../src/db/plugins/simple/DirectorySave.cxx:95
#10 0x0000555555646707 in db_save_internal(BufferedOutputStream&, Directory const&) (os=..., music_root=<optimized out>) at ../../src/db/plugins/simple/DatabaseSave.cxx:63
#11 0x0000555555633f9a in SimpleDatabase::Save() (this=0x55555572cca0) at ../../src/db/plugins/simple/SimpleDatabasePlugin.cxx:375
#12 0x0000555555628add in UpdateService::Task() (this=0x55555572e290) at ../../src/db/update/Service.cxx:128
#13 BindMethodDetail::BindMethodWrapperGenerator2<UpdateService, true, void (UpdateService::*)() noexcept, &UpdateService::Task, void>::Invoke(void*) (_instance=0x55555572e290)
    at ../../src/util/BindMethod.hxx:189
#14 0x00005555555d1ebd in BoundMethod<void () noexcept>::operator()() const (this=<optimized out>) at ../../src/util/BindMethod.hxx:91
#15 Thread::Run() (this=<optimized out>) at ../../src/thread/Thread.cxx:63
#16 Thread::ThreadProc(void*) (ctx=<optimized out>) at ../../src/thread/Thread.cxx:92
#17 0x00007ffff4069ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#18 0x00007ffff3f99d8f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
MaxKellermann commented 3 years ago

Can you reproduce this with valgrind? Maybe valgrind can find what went wrong earlier. The crash location is not where the bug happened.

hiqua commented 3 years ago

@MaxKellermann hey just to tell you that I haven't forgotten about this, I just can't seem to reproduce it (I always run mpd with valgrind and no luck so far). Same with the other issue I've opened. Feel free to close these issues if you prefer.

MaxKellermann commented 3 years ago

Closing until we have the data required to analyze this problem.