mpd fails to index and segfaults
I have a 47.9GB music library that I would like to index with mpd.
After
installing and configuring mpd I tried to index all files using ‘mpc
update’. After that mpd starts indexing all files but after a certain
point it just segfaults. The following shows up in /var/log/messages:
Jul 15 14:42:38 alpine kern.info kernel: [ 5032.356796] mpd[15467]: segfault at 6c7a4019bf48 ip 00006c7a4007501c sp 00006c7a4019bf50 error 6 in ld-musl-x86_64.so.1[6c7a40029000+87000]
Jul 15 14:42:38 alpine kern.alert kernel: [ 5032.356828] grsec: From 192.168.1.150: Segmentation fault occurred at 00006c7a4019bf48 in /usr/bin/mpd[mpd:15467] uid/euid:100/100 gid/egid:18/18, parent /bin/busybox[init:1] uid/euid:0/0 gid/egid:0/0
Jul 15 14:42:38 alpine kern.alert kernel: [ 5032.356904] grsec: From 192.168.1.150: bruteforce prevention initiated due to crash of /usr/bin/mpd against uid 100, banning suid/sgid execs for 15 minutes. Please investigate the crash report for /usr/bin/mpd[mpd:15467] uid
A few files are in fact indexed successfully and the last file indexed
by mpd before it crashes is always the same but If I set my
music_directory to the folder containing the file (presumably)
causing
mpd to crash and thereby excluding all other files than mpd doesn’t
segfault. If I remove that particular file from music_directory than
mpd
is able to index more files but segfaults when indexing other files.
So I installed valgrind and mpd-dbg and ran ‘valgrind /usr/bin/mpd
—no-daemon’. This generated the following output:
==15485== Memcheck, a memory error detector
==15485== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et
al.
==15485== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright
info
==15485== Command: /usr/bin/mpd --no-daemon
==15485==
==15485== Invalid free() / delete / delete[] / realloc()
==15485== at 0x4C90FF0: free (vg_replace_malloc.c:474)
==15485== by 0x401FE60: ??? (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x4e95180 is not stack'd, malloc'd or (recently)
free'd
==15485==
==15485== Thread 2 io:
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== by 0x409C9FF: ???
==15485== by 0x4EF6D4F: ???
==15485== by 0xFFFFFFFE: ???
==15485== by 0x15F04D: Wait (EPollFD.hxx:53)
==15485== by 0x15F04D: ReadEvents (PollGroupEPoll.hxx:67)
==15485== by 0x15F04D: EventLoop::Run() (Loop.cxx:193)
==15485== by 0x15F19E: Thread::ThreadProc(void*) (Thread.cxx:108)
==15485== by 0x4053926: ??? (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485== Thread 1:
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== by 0xFFF000AFF: ???
==15485== by 0x4EF8D1F: ???
==15485== by 0xFFFFFFFE: ???
==15485== by 0x15F04D: Wait (EPollFD.hxx:53)
==15485== by 0x15F04D: ReadEvents (PollGroupEPoll.hxx:67)
==15485== by 0x15F04D: EventLoop::Run() (Loop.cxx:193)
==15485== by 0x11BFEF: mpd_main_after_fork (Main.cxx:657)
==15485== by 0x11BFEF: mpd_main(int, char**) (Main.cxx:533)
==15485== by 0x401D2AD: (below main) (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== by 0x165EE3: ??? (in /usr/bin/mpd)
==15485== by 0x4EF8D1F: ???
==15485== by 0xEA50: ???
==15485== by 0x15F04D: Wait (EPollFD.hxx:53)
==15485== by 0x15F04D: ReadEvents (PollGroupEPoll.hxx:67)
==15485== by 0x15F04D: EventLoop::Run() (Loop.cxx:193)
==15485== by 0x11BFEF: mpd_main_after_fork (Main.cxx:657)
==15485== by 0x11BFEF: mpd_main(int, char**) (Main.cxx:533)
==15485== by 0x401D2AD: (below main) (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== by 0x165EF7: ??? (in /usr/bin/mpd)
==15485== by 0x4EF8D1F: ???
==15485== by 0xFFFFFFFE: ???
==15485== by 0x15F04D: Wait (EPollFD.hxx:53)
==15485== by 0x15F04D: ReadEvents (PollGroupEPoll.hxx:67)
==15485== by 0x15F04D: EventLoop::Run() (Loop.cxx:193)
==15485== by 0x11BFEF: mpd_main_after_fork (Main.cxx:657)
==15485== by 0x11BFEF: mpd_main(int, char**) (Main.cxx:533)
==15485== by 0x401D2AD: (below main) (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485== Syscall param epoll_pwait(sigmask) points to unaddressable
byte(s)
==15485== at 0x402371A: epoll_pwait (in /lib/ld-musl-x86_64.so.1)
==15485== by 0x165EE3: ??? (in /usr/bin/mpd)
==15485== by 0x4EF8D1F: ???
==15485== by 0xEA5F: ???
==15485== by 0x15F04D: Wait (EPollFD.hxx:53)
==15485== by 0x15F04D: ReadEvents (PollGroupEPoll.hxx:67)
==15485== by 0x15F04D: EventLoop::Run() (Loop.cxx:193)
==15485== by 0x11BFEF: mpd_main_after_fork (Main.cxx:657)
==15485== by 0x11BFEF: mpd_main(int, char**) (Main.cxx:533)
==15485== by 0x401D2AD: (below main) (in /lib/ld-musl-x86_64.so.1)
==15485== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15485==
==15485==
==15485== Process terminating with default action of signal 11 (SIGSEGV)
==15485== Bad permissions for mapped region at address 0x40DFF48
==15485== at 0x404C01C: ??? (in /lib/ld-musl-x86_64.so.1)
==15485==
==15485== HEAP SUMMARY:
==15485== in use at exit: 1,444,688 bytes in 10,136 blocks
==15485== total heap usage: 144,044 allocs, 134,025 frees, 470,149,538
bytes allocated
==15485==
==15485== LEAK SUMMARY:
==15485== definitely lost: 0 bytes in 0 blocks
==15485== indirectly lost: 0 bytes in 0 blocks
==15485== possibly lost: 59,469 bytes in 97 blocks
==15485== still reachable: 1,385,219 bytes in 10,039 blocks
==15485== suppressed: 0 bytes in 0 blocks
==15485== Rerun with --leak-check=full to see details of leaked memory
==15485==
==15485== For counts of detected and suppressed errors, rerun with: -v
==15485== ERROR SUMMARY: 212 errors from 7 contexts (suppressed: 0 from
0)
==15485== could not unlink
/tmp/vgdb-pipe-from-vgdb-to-15485-by-root-on-???
==15485== could not unlink
/tmp/vgdb-pipe-to-vgdb-from-15485-by-root-on-???
==15485== could not unlink
/tmp/vgdb-pipe-shared-mem-vgdb-15485-by-root-on-???
Killed
(from redmine: issue id 4448, created on 2015-07-15, closed on 2015-09-28)
- Changesets:
- Revision 0550540e by Natanael Copa on 2015-07-20T15:04:31Z:
main/mpd: set stacksize
fixes #4448
- Revision 0ef7e59c by Natanael Copa on 2015-08-24T06:58:50Z:
main/mpd: set stacksize
fixes #4448
(cherry picked from commit 0550540e2f211c794031142c81c3e752864b8605)
- Uploads:
- stacksize.patch set stack size to 1MB