Use after free during discovery
Happened after removing a device during the discovery, but I haven't managed to reproduce it so it's very likely to be an edge case somewhere in VLC's background worker
=================================================================
==13400==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000005214 at pc 0x7f13df28d410 bp 0x7f13d9b087f0 sp 0x7f13d9b087e8
READ of size 4 at 0x60e000005214 thread T4
#0 0x7f13df28d40f in vlc_mutex_trylock ../../src/misc/threads.c:188
#1 0x7f13df28cf54 in vlc_mutex_lock ../../src/misc/threads.c:168
#2 0x7f13dfb5f874 in send_parsed_changed ../../lib/media.c:273
#3 0x7f13dfb5ff2b in input_item_preparse_ended ../../lib/media.c:342
#4 0x7f13defff0d3 in PreparserCloseInput ../../src/preparser/preparser.c:220
#5 0x7f13df257f93 in Thread ../../src/misc/background_worker.c:254
#6 0x7f13dfddefa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
#7 0x7f13dfd0f4ce in clone (/usr/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
0x60e000005214 is located 116 bytes inside of 152-byte region [0x60e0000051a0,0x60e000005238)
freed by thread T2 here:
#0 0x7f13e6878fb0 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0)
#1 0x7f13dfb61486 in libvlc_media_release ../../lib/media.c:570
#2 0x7f13e3b91ae2 in std::_Sp_counted_deleter<libvlc_media_t*, void (*)(libvlc_media_t*), std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/8/bits/shared_ptr_base.h:471
#3 0x7f13e317a287 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/8/bits/shared_ptr_base.h:155
#4 0x7f13e316e75e in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/8/bits/shared_ptr_base.h:728
#5 0x7f13e3b778e2 in std::__shared_ptr<libvlc_media_t, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/8/bits/shared_ptr_base.h:1167
#6 0x7f13e3b7796f in std::shared_ptr<libvlc_media_t>::~shared_ptr() /usr/include/c++/8/bits/shared_ptr.h:103
#7 0x7f13e3b779fd in VLC::Internal<libvlc_media_t, void (*)(libvlc_media_t*)>::~Internal() /home/chouquette/dev/prefix/include/vlcpp/Internal.hpp:40
#8 0x7f13e3b781bc in VLC::Media::~Media() /home/chouquette/dev/prefix/include/vlcpp/Media.hpp:39
#9 0x7f13e3bed3b0 in medialibrary::fs::NetworkDirectory::read() const ../src/filesystem/network/Directory.cpp:63
#10 0x7f13e3813177 in medialibrary::fs::CommonDirectory::files() const ../src/filesystem/common/CommonDirectory.cpp:47
#11 0x7f13e3550ccb in medialibrary::prober::CrawlerProbe::hasDotNoMediaFile(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:97
#12 0x7f13e35501b2 in medialibrary::prober::CrawlerProbe::isHidden(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:53
#13 0x7f13e3778506 in medialibrary::FsDiscoverer::checkFolder(std::shared_ptr<medialibrary::fs::IDirectory>, std::shared_ptr<medialibrary::Folder>, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&, bool) const ../src/discoverer/FsDiscoverer.cpp:308
#14 0x7f13e37853b1 in medialibrary::FsDiscoverer::addFolder(std::shared_ptr<medialibrary::fs::IDirectory>, medialibrary::Folder*, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&) const ../src/discoverer/FsDiscoverer.cpp:495
#15 0x7f13e37786b7 in medialibrary::FsDiscoverer::checkFolder(std::shared_ptr<medialibrary::fs::IDirectory>, std::shared_ptr<medialibrary::Folder>, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&, bool) const ../src/discoverer/FsDiscoverer.cpp:310
#16 0x7f13e37853b1 in medialibrary::FsDiscoverer::addFolder(std::shared_ptr<medialibrary::fs::IDirectory>, medialibrary::Folder*, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&) const ../src/discoverer/FsDiscoverer.cpp:495
#17 0x7f13e376d574 in medialibrary::FsDiscoverer::discover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, medialibrary::IInterruptProbe const&) ../src/discoverer/FsDiscoverer.cpp:95
#18 0x7f13e373e761 in medialibrary::DiscovererWorker::runDiscover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../src/discoverer/DiscovererWorker.cpp:559
#19 0x7f13e37370cb in medialibrary::DiscovererWorker::run() ../src/discoverer/DiscovererWorker.cpp:390
#20 0x7f13e37467cb in void std::__invoke_impl<void, void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(std::__invoke_memfun_deref, void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:73
#21 0x7f13e3741b49 in std::__invoke_result<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>::type std::__invoke<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:95
#22 0x7f13e376b721 in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/thread:244
#23 0x7f13e376b573 in std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::operator()() /usr/include/c++/8/thread:253
#24 0x7f13e376b4b2 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> > >::_M_run() /usr/include/c++/8/thread:196
#25 0x7f13e0b74b2e (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbbb2e)
previously allocated by thread T2 here:
#0 0x7f13e6879518 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9518)
#1 0x7f13dfb602fc in libvlc_media_new_from_input_item ../../lib/media.c:395
#2 0x7f13dfb607cc in libvlc_media_new_location ../../lib/media.c:441
#3 0x7f13e3b77d8a in VLC::Media::Media(VLC::Instance&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, VLC::Media::FromType) /home/chouquette/dev/prefix/include/vlcpp/Media.hpp:151
#4 0x7f13e3bec052 in medialibrary::fs::NetworkDirectory::read() const ../src/filesystem/network/Directory.cpp:63
#5 0x7f13e3813177 in medialibrary::fs::CommonDirectory::files() const ../src/filesystem/common/CommonDirectory.cpp:47
#6 0x7f13e3550ccb in medialibrary::prober::CrawlerProbe::hasDotNoMediaFile(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:97
#7 0x7f13e35501b2 in medialibrary::prober::CrawlerProbe::isHidden(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:53
#8 0x7f13e3778506 in medialibrary::FsDiscoverer::checkFolder(std::shared_ptr<medialibrary::fs::IDirectory>, std::shared_ptr<medialibrary::Folder>, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&, bool) const ../src/discoverer/FsDiscoverer.cpp:308
#9 0x7f13e37853b1 in medialibrary::FsDiscoverer::addFolder(std::shared_ptr<medialibrary::fs::IDirectory>, medialibrary::Folder*, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&) const ../src/discoverer/FsDiscoverer.cpp:495
#10 0x7f13e37786b7 in medialibrary::FsDiscoverer::checkFolder(std::shared_ptr<medialibrary::fs::IDirectory>, std::shared_ptr<medialibrary::Folder>, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&, bool) const ../src/discoverer/FsDiscoverer.cpp:310
#11 0x7f13e37853b1 in medialibrary::FsDiscoverer::addFolder(std::shared_ptr<medialibrary::fs::IDirectory>, medialibrary::Folder*, medialibrary::IInterruptProbe const&, medialibrary::fs::IFileSystemFactory&) const ../src/discoverer/FsDiscoverer.cpp:495
#12 0x7f13e376d574 in medialibrary::FsDiscoverer::discover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, medialibrary::IInterruptProbe const&) ../src/discoverer/FsDiscoverer.cpp:95
#13 0x7f13e373e761 in medialibrary::DiscovererWorker::runDiscover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../src/discoverer/DiscovererWorker.cpp:559
#14 0x7f13e37370cb in medialibrary::DiscovererWorker::run() ../src/discoverer/DiscovererWorker.cpp:390
#15 0x7f13e37467cb in void std::__invoke_impl<void, void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(std::__invoke_memfun_deref, void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:73
#16 0x7f13e3741b49 in std::__invoke_result<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>::type std::__invoke<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:95
#17 0x7f13e376b721 in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/thread:244
#18 0x7f13e376b573 in std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::operator()() /usr/include/c++/8/thread:253
#19 0x7f13e376b4b2 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> > >::_M_run() /usr/include/c++/8/thread:196
#20 0x7f13e0b74b2e (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbbb2e)
Thread T4 created by T2 here:
#0 0x7f13e67e0db0 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
#1 0x7f13df2ee369 in vlc_clone_attr ../../src/posix/thread.c:208
#2 0x7f13df2ee827 in vlc_clone_detach ../../src/posix/thread.c:271
#3 0x7f13df258102 in SpawnThread ../../src/misc/background_worker.c:274
#4 0x7f13df258640 in background_worker_Push ../../src/misc/background_worker.c:302
#5 0x7f13deffff87 in input_preparser_Push ../../src/preparser/preparser.c:293
#6 0x7f13def5e32f in vlc_MetadataRequest ../../src/libvlc.c:464
#7 0x7f13def5e5ef in libvlc_MetadataRequest ../../src/libvlc.c:491
#8 0x7f13dfb63857 in media_parse ../../lib/media.c:769
#9 0x7f13dfb63af3 in libvlc_media_parse_with_options ../../lib/media.c:808
#10 0x7f13e3ba15b1 in VLC::Media::parseWithOptions(VLC::Media::ParseFlags, int) /home/chouquette/dev/prefix/include/vlcpp/Media.hpp:609
#11 0x7f13e3bec2ea in medialibrary::fs::NetworkDirectory::read() const ../src/filesystem/network/Directory.cpp:78
#12 0x7f13e3813177 in medialibrary::fs::CommonDirectory::files() const ../src/filesystem/common/CommonDirectory.cpp:47
#13 0x7f13e3550ccb in medialibrary::prober::CrawlerProbe::hasDotNoMediaFile(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:97
#14 0x7f13e35501b2 in medialibrary::prober::CrawlerProbe::isHidden(medialibrary::fs::IDirectory const&) ../src/discoverer/probe/CrawlerProbe.h:53
#15 0x7f13e376d051 in medialibrary::FsDiscoverer::discover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, medialibrary::IInterruptProbe const&) ../src/discoverer/FsDiscoverer.cpp:91
#16 0x7f13e373e761 in medialibrary::DiscovererWorker::runDiscover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../src/discoverer/DiscovererWorker.cpp:559
#17 0x7f13e37370cb in medialibrary::DiscovererWorker::run() ../src/discoverer/DiscovererWorker.cpp:390
#18 0x7f13e37467cb in void std::__invoke_impl<void, void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(std::__invoke_memfun_deref, void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:73
#19 0x7f13e3741b49 in std::__invoke_result<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>::type std::__invoke<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*>(void (medialibrary::DiscovererWorker::*&&)(), medialibrary::DiscovererWorker*&&) /usr/include/c++/8/bits/invoke.h:95
#20 0x7f13e376b721 in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/thread:244
#21 0x7f13e376b573 in std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> >::operator()() /usr/include/c++/8/thread:253
#22 0x7f13e376b4b2 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (medialibrary::DiscovererWorker::*)(), medialibrary::DiscovererWorker*> > >::_M_run() /usr/include/c++/8/thread:196
#23 0x7f13e0b74b2e (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbbb2e)
Thread T2 created by T0 here:
#0 0x7f13e67e0db0 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
#1 0x7f13e0b74db4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbbdb4)
#2 0x7f13e372ec9d in medialibrary::DiscovererWorker::DiscovererWorker(medialibrary::MediaLibrary*, std::unique_ptr<medialibrary::IDiscoverer, std::default_delete<medialibrary::IDiscoverer> >) ../src/discoverer/DiscovererWorker.cpp:52
#3 0x7f13e34dcc21 in medialibrary::MediaLibrary::startDiscoverer() ../src/MediaLibrary.cpp:1055
#4 0x7f13e353a2d8 in medialibrary::MediaLibrary::discover(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../src/MediaLibrary.cpp:2264
#5 0x5604fd8ca000 in main ../test/discoverer/main.cpp:125
#6 0x7f13dfc3a09a in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free ../../src/misc/threads.c:188 in vlc_mutex_trylock
Shadow bytes around the buggy address:
0x0c1c7fff89f0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
0x0c1c7fff8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1c7fff8a10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1c7fff8a20: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c1c7fff8a30: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c1c7fff8a40: fd fd[fd]fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1c7fff8a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1c7fff8a60: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
0x0c1c7fff8a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1c7fff8a80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1c7fff8a90: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13400==ABORTING
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information