Re: [alsa-devel] Segmentation Fault in snd_pcm_rate_hw_free()

4 Aug 2015


      On Tue, 04 Aug 2015 17:02:26 +0200,
Valentin Corfu wrote:
...
On 04.08.2015 17:53, Takashi Iwai wrote:
...
On Tue, 04 Aug 2015 16:08:30 +0200,
Valentin Corfu wrote:
...
Hello ALSA developers,
I observed one segmentation fault in snd_pcm_rate_hw_free() function,
with the following BT:
(gdb) up
#1  0xb7554cc1 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb)
#2  0xb75580ee in abort () at abort.c:92
92            raise (SIGABRT);
(gdb)
#3  0xb758a7dd in __libc_message (do_abort=2,
      fmt=0xb766053c "*** glibc detected *** %s: %s: 0x%s ***\n")
      at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
189           abort ();
(gdb)
#4  0xb7594a71 in malloc_printerr (action=<value optimized out>,
      str=<value optimized out>, ptr=0x969ae98) at malloc.c:6283
6283          __libc_message (action & 2,
(gdb)
#5  0xb759636b in _int_free (av=<value optimized out>, p=0x969ae90)
      at malloc.c:4795
4795          malloc_printerr (check_action, errstr, chunk2mem(p));
(gdb)
#6  0xb75994bd in __libc_free (mem=0x969ae98) at malloc.c:3738
3738      _int_free(ar_ptr, p);
(gdb)
#7  0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341
341                     free(rate->pareas[0].addr);
Could you check the content of rate->pareas[0] via gdb?
(gdb) frame 7
#7  0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341
341                     free(rate->pareas[0].addr);
(gdb) print rate->pareas[0]
$1 = {addr = 0x969ae98, first = 0, step = 16}
(gdb) print rate->pareas[0].addr
$2 = (void *) 0x969ae98
And accessing to pareas[0].addr is OK?  This is a temporary sample
buffer allocated in alsa-lib rate plugin.
...
...
...
(gdb)
#8  0xb76d045b in snd_pcm_hw_free (pcm=0x9685d78) at pcm.c:858
858             err = pcm->ops->hw_free(pcm->op_arg);
(gdb)
#9  0xb76f826e in snd_pcm_plug_hw_free (pcm=0x96856b0) at pcm_plug.c:1046
1046            int err = snd_pcm_hw_free(slave);
(gdb)
#10 0xb76d045b in snd_pcm_hw_free (pcm=0x96856b0) at pcm.c:858
858             err = pcm->ops->hw_free(pcm->op_arg);
(gdb)
#11 0x080492ad in main ()
Could you please give me some hints how to solve this issue?
I can provide you more info or the test application, if needed.
I can see the issue every time, and I also checked with latest version
of alsa-lib but I got the same results.
I don't know of such an error, so far.
It smells like some memory corruption to me.
If a test case is a simple code, tracking the bug would be easy...
I have paste it here:
http://pastebin.com/WJDTz6cE
It works fine on my system.  How is your PCM setup?  Does the same
problem occur for "plughw" PCM, too?  Also, no external PCM rate
plugin is involved?
Takashi