Ubuntu
vorbis-tools package

ogg123 crashes after playing sound file

Bug #1334204 reported by James Hunt
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
vorbis-tools (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

$ gdb --args `which ogg123` redalert.ogg
GNU gdb (Ubuntu 7.7.1-0ubuntu3) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/ogg123...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/ogg123 redalert.ogg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Audio Device: Advanced Linux Sound Architecture (ALSA) output

[New Thread 0x7fffecd4d700 (LWP 10744)]
Playing: redalert.ogg
Ogg Vorbis stream: 1 channel, 22050 Hz
[New Thread 0x7fffe3ffe700 (LWP 10745)]
[Thread 0x7fffecd4d700 (LWP 10744) exited]3.0 kbps) Output Buffer 0.0% (EOS)

Program received signal SIGSEGV, Segmentation fault.
__lll_unlock_elision (lock=0x613c40, private=0) at ../nptl/sysdeps/unix/sysv/linux/x86/elision-unlock.c:29
29 ../nptl/sysdeps/unix/sysv/linux/x86/elision-unlock.c: No such file or directory.
(gdb) bt full
#0 __lll_unlock_elision (lock=0x613c40, private=0) at ../nptl/sysdeps/unix/sysv/linux/x86/elision-unlock.c:29
No locals.
#1 0x000000000040895a in ?? ()
No symbol table info available.
#2 0x0000000000403bda in ?? ()
No symbol table info available.
#3 0x00007ffff661fec5 in __libc_start_main (main=0x403860, argc=2, argv=0x7fffffffda28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffda18) at libc-start.c:287
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 4502378785248176378, 4209892, 140737488345632, 0, 0, -4502378786266224390, -4502397425389737734}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x40dd40,
              0x7fffffffda28}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4250944}}}
        not_first_call = <optimized out>
#4 0x0000000000403d0d in ?? ()
No symbol table info available.
#5 0x00007fffffffda18 in ?? ()
No symbol table info available.
#6 0x000000000000001c in ?? ()
No symbol table info available.
#7 0x0000000000000002 in ?? ()
No symbol table info available.
#8 0x00007fffffffdece in ?? ()
No symbol table info available.
#9 0x00007fffffffdede in ?? ()
No symbol table info available.
#10 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)

Every file I tried experiences the same crash.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: vorbis-tools 1.4.0-1ubuntu3
ProcVersionSignature: Ubuntu 3.15.0-6.11-generic 3.15.0
Uname: Linux 3.15.0-6-generic x86_64
ApportVersion: 2.14.3-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jun 25 11:07:13 2014
InstallationDate: Installed on 2014-04-11 (74 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: vorbis-tools
UpgradeStatus: Upgraded to utopic on 2014-05-08 (47 days ago)

Revision history for this message
James Hunt (jamesodhunt) wrote :
Revision history for this message
Daniel Letzeisen (dtl131) wrote :

If you use pulseaudio directly, does crash still occur?
ogg123 -d pulse file.ogg

Changed in vorbis-tools (Ubuntu):
status: New → Incomplete
Revision history for this message
James Hunt (jamesodhunt) wrote :

Yes.

Changed in vorbis-tools (Ubuntu):
status: Incomplete → New
Revision history for this message
Eric Seppanen (eds-reric) wrote :

I ran into the same issue.

Here's what appears to be happening:
1. ogg123 has a latent bug in how it handles a pthread mutex-- it always tries to unlock that mutex before exiting, even if the mutex is unlocked already. glibc on older CPUs tolerates this, which is why nobody has noticed until now.
2. glibc has implemented lock elision for CPUs that have working TSX (transactional memory) instructions. When pthreads uses this lock elision code, unlocking an unlocked mutex segfaults.
3. If you have a new enough CPU that TSX instructions are usable (some CPUs have them disabled due to hardware bugs), ogg123 will segfault after it's done playing the file. The segfault will always happen in __lll_unlock_elision().

The vorbis-tools code hasn't changed in ages, so it's likely that this happens on every distro shipping a modern glibc with lock elision enabled.

I have some sample code here to demonstrate the glibc behavior on different CPUs: https://codeandbitters.com/2016/04/18/fun-with-lock-elision/

If you want a workaround for ogg123, this change seems to work for me:

--- a/ogg123/status.c
+++ b/ogg123/status.c
@@ -339,6 +339,7 @@ void status_deinit ()

 void status_reset_output_lock ()
 {
+ pthread_mutex_trylock(&output_lock);
   pthread_mutex_unlock(&output_lock);
 }

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vorbis-tools (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.