Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

Linus Lüssing linus.luessing at c0d3.blue
Thu Mar 2 01:58:10 UTC 2017 

On Wed, Mar 01, 2017 at 07:34:11PM -0300, Felipe Sateler wrote:
> You need to activate the debug archives:
> 
> https://wiki.debian.org/AutomaticDebugPackages

Aiy, thanks! The following crash was with pulseaudio-dbgsym and
libpulse0-dbgsym installed and the gdb backtrace was created for
all threads ("(gdb) thread apply all bt" - unfortunately still looks
like there is some stack corruption :( ) :

#####
odroid at otheros:/$ sudo coredumpctl gdb
           PID: 11356 (pulseaudio)
           UID: 1001 (odroid)
           GID: 1001 (odroid)
        Signal: 11 (SEGV)
     Timestamp: Thu 2017-03-02 02:24:15 CET (8min ago)
  Command Line: pulseaudio -vvvv
    Executable: /usr/bin/pulseaudio
 Control Group: /system.slice/tigervncserver.service
          Unit: tigervncserver.service
         Slice: system.slice
       Boot ID: d834b6de713f4e04816eb5b83e7100a3
    Machine ID: 5716166b59b3477b83939474094b846e
      Hostname: otheros
       Storage: /var/lib/systemd/coredump/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.11356.1488417855000000000000.lz4
       Message: Process 11356 (pulseaudio) of user 1001 dumped core.
                
                Stack trace of thread 11376:
                #0  0x00000000b0c6f962 n/a (libsbc.so.1)


GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/pulseaudio...Reading symbols from /usr/lib/debug/.build-id/1b/d03b66bbc1da7b639af9914dd3db452a0905f2.debug...done.
done.
[New LWP 11376]
[New LWP 11356]
[New LWP 11360]
[New LWP 11362]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `pulseaudio -vvvv'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb0c6f962 in ?? () from /usr/lib/arm-linux-gnueabihf/libsbc.so.1
[Current thread is 1 (Thread 0xb0c64300 (LWP 11376))]
(gdb) 
(gdb) thread apply all bt

Thread 4 (Thread 0xb16ff300 (LWP 11362)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=0x7f619fb0, nfds=2, timeout=<optimized out>, timeout at entry=0x0, sigmask=sigmask at entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e3f846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5fcad0) at pulsecore/rtpoll.c:314
#4  0xb20672fe in thread_func (userdata=0x7f5f6af8) at modules/alsa/alsa-source.c:1516
#5  0xb6df0970 in internal_thread_func (userdata=0x7f5fbd68) at pulsecore/thread-posix.c:81
#6  0xb6ce25e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6be2472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from /lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0xb2043300 (LWP 11360)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=0x7f6bf290, nfds=3, timeout=<optimized out>, timeout at entry=0x0, sigmask=sigmask at entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e3f846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5e85e8) at pulsecore/rtpoll.c:314
#4  0xb20623c8 in thread_func (userdata=0x7f684ca0) at modules/alsa/alsa-sink.c:1799
#5  0xb6df0970 in internal_thread_func (userdata=0x7f610cf0) at pulsecore/thread-posix.c:81
#6  0xb6ce25e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6be2472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from /lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 2 (Thread 0xb6f31000 (LWP 11356)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=fds at entry=0x7f62f0c0, nfds=nfds at entry=25, timeout=<optimized out>, sigmask=sigmask at entry=0x0)
    at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6d87940 in ppoll (__ss=0x0, __timeout=<optimized out>, __nfds=25, __fds=0x7f62f0c0) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_mainloop_poll (m=m at entry=0x7f58ce58) at pulse/mainloop.c:852
#4  0xb6d87dd8 in pa_mainloop_iterate (m=0x7f58ce58, block=<optimized out>, retval=0xbea1bf44) at pulse/mainloop.c:926
#5  0xb6d87e5c in pa_mainloop_run (m=0x7f58ce58, retval=0xbea1bf44) at pulse/mainloop.c:944
#6  0x7f56f40c in main (argc=<optimized out>, argv=<optimized out>) at daemon/main.c:1140

Thread 1 (Thread 0xb0c64300 (LWP 11376)):
#0  0xb0c6f962 in ?? () from /usr/lib/arm-linux-gnueabihf/libsbc.so.1
#1  0x000c0018 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) 

#####


Cores can be found here again:
https://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.11356.1488417855000000000000.lz4
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-2.core.xz

Also a full "pulseaudio -vvvv" log:
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-2.log

So it stops and crashes at the following line:
1554: "D: [bluetooth] protocol-native.c: Requesting rewind due to end of underrun."

This is the first line right after starting the stream:
1501: "I: [pulseaudio] client.c: Created 4 "Native client (UNIX socket client)""

And this is the first line before connecting the bluetooth headset:
1422: "D: [pulseaudio] module-udev-detect.c: Resuming all sinks and sources of card alsa_card.platform-sound."


Regards, Linus

More information about the pkg-pulseaudio-devel mailing list