On 05.08.2015 10:13, Takashi Iwai wrote:
On Wed, 05 Aug 2015 08:58:16 +0200, Valentin Corfu wrote:
Hello Takashi,
On 04.08.2015 18:15, Takashi Iwai wrote:
On Tue, 04 Aug 2015 17:02:26 +0200, Valentin Corfu wrote:
On 04.08.2015 17:53, Takashi Iwai wrote:
On Tue, 04 Aug 2015 16:08:30 +0200, Valentin Corfu wrote:
Hello ALSA developers,
I observed one segmentation fault in snd_pcm_rate_hw_free() function, with the following BT:
(gdb) up #1 0xb7554cc1 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) #2 0xb75580ee in abort () at abort.c:92 92 raise (SIGABRT); (gdb) #3 0xb758a7dd in __libc_message (do_abort=2, fmt=0xb766053c "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 189 abort (); (gdb) #4 0xb7594a71 in malloc_printerr (action=<value optimized out>, str=<value optimized out>, ptr=0x969ae98) at malloc.c:6283 6283 __libc_message (action & 2, (gdb) #5 0xb759636b in _int_free (av=<value optimized out>, p=0x969ae90) at malloc.c:4795 4795 malloc_printerr (check_action, errstr, chunk2mem(p)); (gdb) #6 0xb75994bd in __libc_free (mem=0x969ae98) at malloc.c:3738 3738 _int_free(ar_ptr, p); (gdb) #7 0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341 341 free(rate->pareas[0].addr);
Could you check the content of rate->pareas[0] via gdb?
(gdb) frame 7 #7 0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341 341 free(rate->pareas[0].addr); (gdb) print rate->pareas[0] $1 = {addr = 0x969ae98, first = 0, step = 16} (gdb) print rate->pareas[0].addr $2 = (void *) 0x969ae98
And accessing to pareas[0].addr is OK? This is a temporary sample buffer allocated in alsa-lib rate plugin.
Are you referring if the pointer is valid one? How could I check this?
Look into it via gdb.
(gdb) list 336 337 static int snd_pcm_rate_hw_free(snd_pcm_t *pcm) 338 { 339 snd_pcm_rate_t *rate = pcm->private_data; 340 if (rate->pareas) { 341 free(rate->pareas[0].addr); 342 free(rate->pareas); 343 rate->pareas = NULL; 344 rate->sareas = NULL; 345 } (gdb) x rate->pareas[0].addr 0x969ae98: 0x019f0110 (gdb) x 0x019f0110 0x19f0110: Cannot access memory at address 0x19f0110 (gdb) print *(rate->pareas[0].addr) Attempt to dereference a generic pointer. (gdb) p /s *(char *)(rate->pareas[0].addr) $6 = 16 '\020' (gdb) p /s *(char **)(rate->pareas[0].addr) $7 = 0x19f0110 <Address 0x19f0110 out of bounds>
(gdb) #8 0xb76d045b in snd_pcm_hw_free (pcm=0x9685d78) at pcm.c:858 858 err = pcm->ops->hw_free(pcm->op_arg); (gdb) #9 0xb76f826e in snd_pcm_plug_hw_free (pcm=0x96856b0) at pcm_plug.c:1046 1046 int err = snd_pcm_hw_free(slave); (gdb) #10 0xb76d045b in snd_pcm_hw_free (pcm=0x96856b0) at pcm.c:858 858 err = pcm->ops->hw_free(pcm->op_arg); (gdb) #11 0x080492ad in main ()
Could you please give me some hints how to solve this issue?
I can provide you more info or the test application, if needed. I can see the issue every time, and I also checked with latest version of alsa-lib but I got the same results.
I don't know of such an error, so far. It smells like some memory corruption to me.
If a test case is a simple code, tracking the bug would be easy...
I have paste it here: http://pastebin.com/WJDTz6cE
It works fine on my system. How is your PCM setup? Does the same problem occur for "plughw" PCM, too? Also, no external PCM rate plugin is involved?
In my setup it is involved the alsa jack plugin, so I'm using the pcm jack when the segmentation fault is visible. I can not reproduce the issue when I'm using "default" / "plughw" PCM.
That's the biggest missing piece. So, a possible bug in jack plugin that has been rarely tested / debugged.
Takashi
For more info I have pasted the dump() & log at run: http://pastebin.com/jyy7pP9e It is involved here PCM rate conversion at 48000, but not external one.
Takashi
Thank you, Valentin
Best Regards, Valentin