Segmentation fault

Hello everyone,

MOC causes a segmentation fault with a variety of files; one example being:


/music/ 1685 · 1750 │ Johann Sebastian Bach/ вмv │ 1072 — 1080 │ кoɴтʀᴀᴘᴜɴктɪscʜᴇ wᴇʀкᴇ /вмv 1080 : » Die Kunst der Fuge «/Juilliard String Quartet/ 1 · Contrapunctus 1.wav

Trying to play the file results in a dump, beginning:


** glibc detected *** mocp: free(): corrupted unsorted chunks: 0x08320c48 ***
======= Backtrace: =========
/lib/libc.so.6(+0x714ae)[0xb70124ae]
/lib/libc.so.6(cfree+0x70)[0xb7016050]
/lib/libc.so.6(+0x5fb48)[0xb7000b48]
/lib/libc.so.6(fopen+0x2c)[0xb7000b7c]
mocp(get_lyrics_text+0xaf)[0x807e97f]
mocp(iface_load_lyrics+0x2e)[0x806cfae]
mocp[0x805e9a0]
mocp(interface_loop+0xa26)[0x8062ae6]
mocp(main+0xab0)[0x8056ba0]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb6fb7db6]
mocp[0x8051381]

I've saved two of these; I was surprised that both have the same memory address at the top. (Why? (I know this is not a hardware problem; I've run memtest and that checked out; I've also reproduced the segmentation fault with the same file on another machine.))

I've run MOC -D; both the client logs


Oct 26 14:39:38.945004: interface.c:1097 server_event(): EVENT: 0x11
Oct 26 14:39:38.945016: interface.c:644 ev_file_tags(): Received tags for /music/ 1685 · 1750 │ Johann Sebastian Bach/ вмv │ 1072 — 1080 │ кoɴтʀᴀᴘᴜɴктɪscʜᴇ wᴇʀкᴇ /вмv 1080 : » Die Kunst der Fuge «/Juilliard String Quartet/20 · Contrapunctus 14.wav
Oct 26 14:39:38.949138: interface.c:3542 dequeue_events(): done
Oct 26 14:39:39.347935: interface.c:3535 dequeue_events(): Dequeuing events...
Oct 26 14:39:39.347983: interface.c:3542 dequeue_events(): done
Oct 26 14:39:39.535003: interface.c:3535 dequeue_events(): Dequeuing events...
Oct 26 14:39:39.535035: interface.c:3542 dequeue_events(): done
Oct 26 14:39:40.536351: interface.c:3535 dequeue_events(): Dequeuing events...
Oct 26 14:39:40.536388: interface.c:3542 dequeue_events(): done
Oct 26 14:39:41.537717: interface.c:3535 dequeue_events(): Dequeuing events...
Oct 26 14:39:41.537754: interface.c:3542 dequeue_events(): done
Oct 26 14:39:41.851437: interface.c:1759 play_it(): The server has different playlist

as well as the server logs


Oct 26 14:39:41.853903: server.c:1337 handle_command(): Failed to get command from the client
Oct 26 14:39:41.853948: tags_cache.c:739 tags_cache_clear_queue(): Cleared requests queue for client 0
Oct 26 14:41:24.777543: server.c:129 sig_exit(): Got signal 15
Oct 26 14:41:24.777947: server.c:129 sig_exit(): Got signal 15
Oct 26 14:41:24.777984: server.c:1683 server_loop(): Exiting...
Oct 26 14:41:24.778021: server.c:603 server_shutdown(): Server exiting...
Oct 26 14:41:24.778070: out_buf.c:128 read_thread(): exit
Oct 26 14:41:24.778093: out_buf.c:175 read_thread(): exiting
Oct 26 14:41:24.780913: out_buf.c:238 out_buf_destroy(): buffer destroyed
Oct 26 14:41:24.780970: player.c:335 precache_wait(): Precache thread is not running
Oct 26 14:41:24.781172: softmixer.c:273 softmixer_write_config(): Softmixer configuration written
Oct 26 14:41:24.781197: softmixer.c:73 softmixer_shutdown(): Softmixer stopped
Oct 26 14:41:24.781461: equalizer.c:413 equalizer_write_config(): Equalizer configuration written
Oct 26 14:41:24.781486: equalizer.c:454 equalizer_shutdown(): Equalizer stopped
Oct 26 14:41:24.781522: tags_cache.c:595 reader_thread(): exiting tags reader thread
Oct 26 14:41:24.802218: server.c:611 server_shutdown(): Server exited

end identically.

I've already tried running other versions of MOC; 2.5.0-alpha3 and the svn. These silently corrupt the memory, that is, they play the problematic files without a segmentation fault, but this only leads to an eventual kernel panic within twenty-four hours.

So tonight I played the file without the client from the command line. The server played it without a problem (unless it silently corrupted the memory and the machine just hasn't had a chance to crash yet).


uname -a
Linux $HOSTNAME 2.6.37.6-smp #2 SMP Sat Apr 9 23:39:07 CDT 2011 i686 Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz GenuineIntel GNU/Linux

I'm running Slackware 13.37 (on both machines that have revealed the problem). I have no idea if this related to "Bug#547678: memory corruption on long filename" or not (http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg695912.html), but...thought I would throw that out there.

Has anybody got any idea what might be causing this?

Okay, so it turns out that I had two totally unrelated bugs that were leading me to believe that the above behavior was due to MOC alone (which I could reproduce, moreover, on two entirely different machines). I finally managed to isolate the cause of the kernel panics to a buggy network driver (that ran on both machines, obviously).

The cause of the segfault in MOC, moreover, has already been addressed in the svn code (r2202), and, as I said above, all other versions apart from alpha4 run without a crash. Finally, with the offending driver removed, everything's been running fine.