Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

Linus Lüssing linus.luessing at c0d3.blue
Thu Mar 2 23:01:41 UTC 2017 

On Thu, Mar 02, 2017 at 06:29:12PM -0300, Felipe Sateler wrote:
> Could you install the debug symbols for libsbc and see if we can get a
> reasonable function name for that call?

Now with sbc-dbg installed:
https://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.3259.1488493325000000000000.lz4
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-3.log
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-3.core.xz


And here is the gdb backtrace for all threads again, now with a
little more information :) :

#####
odroid at otheros:/$ sudo coredumpctl gdb
           PID: 3259 (pulseaudio)
           UID: 1001 (odroid)
           GID: 1001 (odroid)
        Signal: 11 (SEGV)
     Timestamp: Thu 2017-03-02 23:22:05 CET (2min 51s ago)
  Command Line: pulseaudio -vvvv
    Executable: /usr/bin/pulseaudio
 Control Group: /system.slice/tigervncserver.service
          Unit: tigervncserver.service
         Slice: system.slice
       Boot ID: d834b6de713f4e04816eb5b83e7100a3
    Machine ID: 5716166b59b3477b83939474094b846e
      Hostname: otheros
       Storage: /var/lib/systemd/coredump/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.3259.1488493325000000000000.lz4
       Message: Process 3259 (pulseaudio) of user 1001 dumped core.
                
                Stack trace of thread 3283:
                #0  0x00000000a0c84962 sbc_analyze_eight_armv6 (libsbc.so.1)
                #1  0x00000000000c0018 n/a (n/a)

GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/pulseaudio...Reading symbols from /usr/lib/debug/.build-id/1b/d03b66bbc1da7b639af9914dd3db452a0905f2.debug...done.
done.
[New LWP 3283]
[New LWP 3259]
[New LWP 3263]
[New LWP 3262]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `pulseaudio -vvvv'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xa0c84962 in sbc_analyze_eight_armv6 () at sbc/sbc_primitives_armv6.c:115
115	sbc/sbc_primitives_armv6.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0xa0c79300 (LWP 3283))]
(gdb) thread apply all bt

Thread 4 (Thread 0xb204b300 (LWP 3262)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6be4506 in __GI_ppoll (fds=0x7f6b6ad0, nfds=3, timeout=<optimized out>, timeout at entry=0x0, sigmask=sigmask at entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e47846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5f8388) at pulsecore/rtpoll.c:314
#4  0xb206a3c8 in thread_func (userdata=0x7f695c58) at modules/alsa/alsa-sink.c:1799
#5  0xb6df8970 in internal_thread_func (userdata=0x7f62a738) at pulsecore/thread-posix.c:81
#6  0xb6cea5e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6bea472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from /lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0xb16ff300 (LWP 3263)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6be4506 in __GI_ppoll (fds=0x7f62a5d0, nfds=2, timeout=<optimized out>, timeout at entry=0x0, sigmask=sigmask at entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e47846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5f04d8) at pulsecore/rtpoll.c:314
#4  0xb206f2fe in thread_func (userdata=0x7f60aec0) at modules/alsa/alsa-source.c:1516
#5  0xb6df8970 in internal_thread_func (userdata=0x7f6246d0) at pulsecore/thread-posix.c:81
#6  0xb6cea5e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6bea472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from /lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 2 (Thread 0xb6f39000 (LWP 3259)):
#0  0xb6cf1420 in write () at ../sysdeps/unix/syscall-template.S:84
#1  0xb6dd611e in pa_write (fd=43, buf=buf at entry=0xbebff1e8, count=count at entry=8, type=type at entry=0x7f66c13c) at pulsecore/core-util.c:477
#2  0xb6ddb0a8 in pa_fdsem_post (f=0x7f66c130) at pulsecore/fdsem.c:196
#3  0xb6e30ce0 in push (l=0x7f664b40, p=0xb17058f0, wait_op=<optimized out>) at pulsecore/asyncq.c:160
#4  0xb6e30f7e in pa_asyncq_post (l=0x7f664b40, p=p at entry=0xb17058f0) at pulsecore/asyncq.c:202
#5  0xb6e30240 in pa_asyncmsgq_post (a=a at entry=0x7f6156d8, object=<optimized out>, code=code at entry=7, userdata=0x0, offset=offset at entry=0, 
    chunk=chunk at entry=0xbebff324, free_cb=0x0) at pulsecore/asyncmsgq.c:140
#6  0xb221f7e0 in pstream_memblock_callback (p=<optimized out>, channel=<optimized out>, offset=<optimized out>, seek=PA_SEEK_RELATIVE, chunk=0xbebff324, 
    userdata=0x7f5f9588) at pulsecore/protocol-native.c:4986
#7  0xb6deab10 in do_read (p=p at entry=0x7f6154b8, re=re at entry=0x7f61562c) at pulsecore/pstream.c:1058
#8  0xb6dec974 in do_pstream_read_write (p=0x7f6154b8) at pulsecore/pstream.c:248
#9  0xb6decc30 in srb_callback (srb=<optimized out>, userdata=0x7f6154b8) at pulsecore/pstream.c:287
#10 0xb6ded286 in srbchannel_rwloop (sr=0x7f609bf0) at pulsecore/srbchannel.c:190
#11 0xb6d8fad8 in dispatch_pollfds (m=0x7f59d3f8) at pulse/mainloop.c:655
#12 pa_mainloop_dispatch (m=m at entry=0x7f59d3f8) at pulse/mainloop.c:898
#13 0xb6d8fde2 in pa_mainloop_iterate (m=0x7f59d3f8, block=<optimized out>, retval=0xbebff4b4) at pulse/mainloop.c:929
#14 0xb6d8fe5c in pa_mainloop_run (m=0x7f59d3f8, retval=0xbebff4b4) at pulse/mainloop.c:944
#15 0x7f58040c in main (argc=<optimized out>, argv=<optimized out>) at daemon/main.c:1140

Thread 1 (Thread 0xa0c79300 (LWP 3283)):
#0  0xa0c84962 in sbc_analyze_eight_armv6 () at sbc/sbc_primitives_armv6.c:115
#1  0x000c0018 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) quit
#####


Hm, not sure it's relevant, but the "v6" in sbc_analyze_eight_armv6 /
sbc_primitives_armv6.c looks weird. The Odroid U3 sports a Samsung
Exynos 4412 which is ARMv7, not v6. (but not sure, maybe armv6 code
was supposed to run under ARMv7, but not the other way round?)

Otherwise sbc_primitives_armv6.c:115 looks like fun with Assembly
:-).

Regards, Linus

More information about the pkg-pulseaudio-devel mailing list