[Pkg-utopia-maintainers] Bug#1060785: libspa-audioconvert: Crash sometimes due to misaligned load to YMM register.
Kyuma Ohta
whatisthis.sowhat at gmail.com
Sun Jan 14 09:20:16 GMT 2024
Package: libspa-0.2-modules
Version: 1.0.1-1
Severity: important
Dear Maintainer,
Sometimes ...mostly be load growth a lot..., pipe-wire daemon or
pipewire-pulse daemon crashes with below message [1].
This happens misalign of loading to YMM register [2][3].
This crash seems to happen at "vlddqu -0x20(%rcx),%ymm2" [2],
this need align at 256bit (but, Older Ryzen may be need only align of
128bit).
But, RCX register didn't align of 256bits [3].
Value is 0x5650f98e99c4 .
So, software related libspa-audioconvert crashes sometime and randomly.
I think.
Best regards,
Ohta.
[1]
--- begin ---
systemd-coredump[389337]: Process 9706 (pipewire-pulse) of user 1002 dumped core.
Module libzstd.so.1 from deb libzstd-1.5.5+dfsg2-2.amd64
Module libsystemd.so.0 from deb systemd-255.2-4.amd64
Stack trace of thread 9723:
#0 0x00007f4830237f4c inner_product_avx (libspa-audioconvert.so + 0x56f4c)
#1 0x00007f4830221aca impl_native_process (libspa-audioconvert.so + 0x40aca)
#2 0x00007f4830218af5 impl_node_process (libspa-audioconvert.so + 0x37af5)
#3 0x00007f48301f2f1c impl_node_process (libspa-audioconvert.so + 0x11f1c)
#4 0x00007f4831b69619 process_node (libpipewire-0.3.so.0 + 0x77619)
#5 0x00007f4831c31dd6 loop_iterate (libspa-support.so + 0x9dd6)
#6 0x00007f4831b3d030 do_loop (libpipewire-0.3.so.0 + 0x4b030)
#7 0x00007f48319983ec start_thread (libc.so.6 + 0x883ec)
#8 0x00007f4831a18980 __clone (libc.so.6 + 0x108980)
Stack trace of thread 9706:
#0 0x00007f4831a18e66 epoll_wait (libc.so.6 + 0x108e66)
#1 0x00007f4831c40938 impl_pollfd_wait (libspa-support.so + 0x18938)
#2 0x00007f4831c31d1d loop_iterate (libspa-support.so + 0x9d1d)
#3 0x00007f4831b61d38 pw_main_loop_run (libpipewire-0.3.so.0 + 0x6fd38)
#4 0x00005650f3e4146c main (pipewire + 0x146c)
#5 0x00007f48319376ca __libc_start_call_main (libc.so.6 + 0x276ca)
#6 0x00007f4831937785 __libc_start_main_impl (libc.so.6 + 0x27785)
#7 0x00005650f3e41611 _start (pipewire + 0x1611)
Stack trace of thread 9714:
#0 0x00007f4831a18e66 epoll_wait (libc.so.6 + 0x108e66)
#1 0x00007f4831c40938 impl_pollfd_wait (libspa-support.so + 0x18938)
#2 0x00007f4831c31d1d loop_iterate (libspa-support.so + 0x9d1d)
#3 0x00007f4831b9f7d5 do_loop (libpipewire-0.3.so.0 + 0xad7d5)
#4 0x00007f48319983ec start_thread (libc.so.6 + 0x883ec)
#5 0x00007f4831a18980 __clone (libc.so.6 + 0x108980)
ELF object binary architecture: AMD x86-64
░░ Subject: Process 9706 (pipewire-pulse) dumped core
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ Documentation: man:core(5)
░░
░░ Process 9706 (pipewire-pulse) crashed and dumped core.
░░
░░ This usually indicates a programming error in the crashing program and
░░ should be reported to its vendor as a bug.
--- end ---
[2]
I disassemble libspa-audioconvert.so with gdb.
Around crashes are below:
--- begin ---
0x00007f4830237f36 <+278>:vmovaps %ymm1,%ymm0
0x00007f4830237f3a <+282>:nopw 0x0(%rax,%rax,1)
0x00007f4830237f40 <+288>:add $0x10,%eax
0x00007f4830237f43 <+291>:vlddqu -0x20(%rcx),%ymm2
0x00007f4830237f48 <+296>:add $0x40,%rdx
=> 0x00007f4830237f4c <+300>:add $0x40,%rcx
0x00007f4830237f50 <+304>:vfmadd231ps -0x60(%rdx),%ymm2,%ymm0
0x00007f4830237f56 <+310>:vlddqu -0x40(%rcx),%ymm2
0x00007f4830237f5b <+315>:vfmadd231ps -0x40(%rdx),%ymm2,%ymm1
0x00007f4830237f61 <+321>:cmp %r9d,%eax
0x00007f4830237f64 <+324>:jb 0x7f4830237f40
<do_resample_full_avx+288>
0x00007f4830237f66 <+326>:vaddps %ymm1,%ymm0,%ymm0
0x00007f4830237f6a <+330>:vextractf128 $0x1,%ymm0,%xmm1
0x00007f4830237f70 <+336>:cmp %r8d,%eax
--- end ---
[3]
On crash point, registers are below:
--- begin ---
(gdb) info registers
rax 0x100 256
rbx 0x7f483072770c 139948027180812
rcx 0x5650f98e99c4 94905784244676
rdx 0x5650f98c7260 94905784103520
rsi 0x5650f98c6e40 94905784102464
rdi 0x5650f98e95e4 94905784243684
rbp 0x7f482bfcef40 0x7f482bfcef40
rsp 0x7f482bfcef00 0x7f482bfcef00
r8 0x108 264
r9 0x100 256
r10 0x1 1
r11 0xd9 217
r12 0x1b3 435
r13 0x2 2
r14 0x5650f98a4dc0 94905783963072
r15 0x5650f98e9280 94905784242816
rip 0x7f4830237f4c 0x7f4830237f4c
<do_resample_full_avx+300>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
--- end ---
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 'oldstable-security'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.6.9-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libspa-0.2-modules depends on:
ii libasound2 1.2.10-3
ii libc6 2.37-13
ii libdbus-1-3 1.14.10-4
ii libgcc-s1 13.2.0-9
ii libstdc++6 13.2.0-9
ii libsystemd0 255.2-4
ii libudev1 255.2-4
ii libwebrtc-audio-processing1 0.3-1+b1
libspa-0.2-modules recommends no packages.
libspa-0.2-modules suggests no packages.
-- no debconf information
-- Additional information
% cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 23
model : 8
model name : AMD Ryzen 5 2600 Six-Core Processor
stepping : 2
microcode : 0x800820d
cpu MHz : 1550.000
cache size : 512 KB
physical id : 0
siblings : 12
core id : 0
cpu cores : 6
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate ssbd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca sev sev_es
bugs : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed smt_rsb srso div0
bogomips : 6787.02
TLB size : 2560 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]
(snip after lines)
More information about the Pkg-utopia-maintainers
mailing list