[alsa-devel] Assertion failure in alsa-lib crashing applications (snd_pcm_area_copy: Assertion `dst < src || dst >= src + bytes' failed)

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun Jun 26 20:28:32 CEST 2016 

Is there anything else I can provide to help getting this issue fixed?

The main issue is that snd_pcm_area_copy() gets called with overlapping
source and destination buffers, which triggers this assertion before a
memcpy:

  http://git.alsa-project.org/?p=alsa-lib.git;a=blob;f=src/pcm/pcm.c;h=0d0d093deb49f2db7d207b29b728df372cce84bc;hb=HEAD#l2762

This happens when the system is really loaded (CPU-wise).

Do you think the problem is likely to come from an incorrect API usage
from the application?  Knowing this would significantly narrow down the
search, because the problem could also come from within alsa itself.

The callling code from the application is quite complex, see here:

  https://github.com/savoirfairelinux/ring-daemon/blob/master/src/media/audio/alsa/alsalayer.cpp

In particular, the assertion is triggered by the call to
snd_pcm_avail_update() at line 694 (see the stack trace below).

Thanks,
Baptiste

On Wed, Jun 15, 2016 at 12:39:39AM +0200, Baptiste Jonglez wrote:
> On Tue, Jun 14, 2016 at 11:02:21PM +0200, Baptiste Jonglez wrote:
> > Hi,
> > 
> > On Tue, Jun 07, 2016 at 07:29:35PM +0200, Baptiste Jonglez wrote:
> > > When using Ring [1], an audio-video application, it sometimes crashes
> > > because of an assertion in libasound.so:
> > > 
> > >     pcm.c:2758: snd_pcm_area_copy: Assertion `dst < src || dst >= src + bytes' failed.
> > > 
> > > The complete upstream bug report is at [2].  The (not-so-useful) stack
> > > trace is the following:
> > > 
> > > <snip>
> > > 
> > > The next time it crashes, I will have debug symbols in dring.  I can also
> > > recompile alsa-lib with debug symbols, what is the best way to do that?
> > 
> > As promised, here is a new stack trace with debug symbols:
> >
> > <snip>
> 
> Sorry, this stack trace still had some arguments optimised out.  Here is
> the stack trace without optimisation:
> 
> #0  0x00007f42a8696295 in raise () from /usr/lib/libc.so.6
> #1  0x00007f42a86976da in abort () from /usr/lib/libc.so.6
> #2  0x00007f42a868f297 in __assert_fail_base () from /usr/lib/libc.so.6
> #3  0x00007f42a868f342 in __assert_fail () from /usr/lib/libc.so.6
> #4  0x00007f42ad7463da in snd_pcm_area_copy (dst_area=0x7f4290ced250, dst_offset=144, src_area=0x7f4290ced260, src_offset=0, samples=0, format=SND_PCM_FORMAT_S32_LE)
>     at pcm.c:2758
> #5  0x00007f42ad746918 in snd_pcm_areas_copy (dst_areas=0x7f427c000e90, dst_offset=72, src_areas=0x7f427c000e90, src_offset=0, channels=2, frames=1904, 
>     format=SND_PCM_FORMAT_S32_LE) at pcm.c:2904
> #6  0x00007f42ad79cb66 in softvol_convert_stereo_vol (svol=0x7f427c02f500, dst_areas=0x7f427c000e70, dst_offset=72, src_areas=0x7f427c000e70, src_offset=0, 
>     channels=2, frames=1904) at pcm_softvol.c:291
> #7  0x00007f42ad79e081 in snd_pcm_softvol_read_areas (pcm=0x7f427c031080, areas=0x7f427c000e70, offset=72, size=1904, slave_areas=0x7f427c000e70, slave_offset=0, 
>     slave_sizep=0x7f4290ced408) at pcm_softvol.c:630
> #8  0x00007f42ad75e367 in snd_pcm_plugin_avail_update (pcm=0x7f427c031080) at pcm_plugin.c:490
> #9  0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c031080) at pcm.c:2508
> #10 0x00007f42ad75e214 in snd_pcm_plugin_avail_update (pcm=0x7f427c02fc70) at pcm_plugin.c:460
> #11 0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c02faa0) at pcm.c:2508
> #12 0x00000000005486d4 in ring::AlsaLayer::capture (this=0x1978220) at alsalayer.cpp:694
> #13 0x0000000000545de4 in ring::AlsaThread::run (this=0x19706f0) at alsalayer.cpp:137
> 
> Attached is a full stack trace with local variables.  I can provide the
> core dump privately.
> 
> Also note that this happens when the application is under high CPU
> pressure (for instance other programs with higher priority are using all
> available CPU cores).
> 
> The calling code into the lib is here, when capturing from a device:
> 
>   https://github.com/savoirfairelinux/ring-daemon/blob/master/src/media/audio/alsa/alsalayer.cpp#L694
> 
> Baptiste
> 
> > Is there anything in there that could explain the assertion failure?
> > Perhaps a wrong API usage?
> > 
> > Thanks,
> > Baptiste
> > 
> > > 
> > > Looking around, it seems other projects have run into the same issue:
> > > 
> > >     https://aur.archlinux.org/packages/ultrastardx-git/?comments=all#comment-435458
> > >     https://aur.archlinux.org/packages/zoom/#comment-544696
> > >     http://ubuntuforums.org/showthread.php?t=2248373
> > >     https://github.com/js-platform/node-webrtc/issues/110
> > >     https://fedorahosted.org/fldigi/ticket/70
> > > 
> > > The output of the alsa-info.sh script on my system is at [3].
> > > What else can I provide to debug this issue further?
> > > 
> > > Thanks,
> > > Baptiste
> > > 
> > > [1] https://ring.cx
> > > [2] https://tuleap.ring.cx/plugins/tracker/?aid=502
> > > [3] http://www.alsa-project.org/db/?f=0dd2ba1021b3d535f30f07c55dc18e2ef60db26d
> > 
> > 
> > 
> > > _______________________________________________
> > > Alsa-devel mailing list
> > > Alsa-devel at alsa-project.org
> > > http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
> > 
> 
> 
> 
> > _______________________________________________
> > Alsa-devel mailing list
> > Alsa-devel at alsa-project.org
> > http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
> 

> d7463da in snd_pcm_area_copy (dst_area=0x7f4290ced250, dst_offset=144, src_area=0x7f4290ced260, src_offset=0, samples=0, format=SND_PCM_FORMAT_S32_LE)
>     at pcm.c:2758
>         bytes = 15232
>         src = 0x7f427c0316b0 ""
>         dst = 0x7f427c0318f0 ""
>         width = 32
>         src_step = 32578
>         dst_step = -1865493936
>         __PRETTY_FUNCTION__ = "snd_pcm_area_copy"
>         __FUNCTION__ = "snd_pcm_area_copy"
> #5  0x00007f42ad746918 in snd_pcm_areas_copy (dst_areas=0x7f427c000e90, dst_offset=72, src_areas=0x7f427c000e90, src_offset=0, channels=2, frames=1904, 
>     format=SND_PCM_FORMAT_S32_LE) at pcm.c:2904
>         s = {addr = 0x7f427c0316b0, first = 0, step = 32}
>         d = {addr = 0x7f427c0316b0, first = 0, step = 32}
>         step = 64
>         src_addr = 0x7f427c0316b0
>         src_start = 0x7f427c000e70
>         channels1 = 0
>         chns = 2
>         dst_addr = 0x7f427c0316b0
>         dst_start = 0x7f427c000e70
>         width = 32
>         __PRETTY_FUNCTION__ = "snd_pcm_areas_copy"
>         __FUNCTION__ = "snd_pcm_areas_copy"
> #6  0x00007f42ad79cb66 in softvol_convert_stereo_vol (svol=0x7f427c02f500, dst_areas=0x7f427c000e70, dst_offset=72, src_areas=0x7f427c000e70, src_offset=0, 
>     channels=2, frames=1904) at pcm_softvol.c:291
>         dst_area = 0x7f427c02f560
>         src_area = 0x7f427c031380
>         src_step = 32578
>         dst_step = 2909997239
>         vol_scale = 32578
>         vol = {2429473552, 1}
>         vol_c = 2080568576
> #7  0x00007f42ad79e081 in snd_pcm_softvol_read_areas (pcm=0x7f427c031080, areas=0x7f427c000e70, offset=72, size=1904, slave_areas=0x7f427c000e70, slave_offset=0, 
>     slave_sizep=0x7f4290ced408) at pcm_softvol.c:630
>         svol = 0x7f427c02f500
> #8  0x00007f42ad75e367 in snd_pcm_plugin_avail_update (pcm=0x7f427c031080) at pcm_plugin.c:490
>         frames = 1904
>         cont = 1976
>         slave_frames = 2048
>         err = 0
>         slave_areas = 0x7f427c000e70
>         slave_offset = 0
>         result = 72
>         areas = 0x7f427c000e70
>         xfer = 144
>         hw_offset = 72
>         size = 1904
>         plugin = 0x7f427c02f500
>         slave = 0x7f427c030640
>         slave_size = 2472
> #9  0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c031080) at pcm.c:2508
> No locals.
> #10 0x00007f42ad75e214 in snd_pcm_plugin_avail_update (pcm=0x7f427c02fc70) at pcm_plugin.c:460
>         plugin = 0x7f427c031310
>         slave = 0x7f427c031080
>         slave_size = 9255600
> #11 0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c02faa0) at pcm.c:2508
> No locals.
> #12 0x00000000005486d4 in ring::AlsaLayer::capture (this=0x1978220) at alsalayer.cpp:694
>         mainBufferFormat = {sample_rate = 48000, nb_channels = 2, static DEFAULT_SAMPLE_RATE = 48000}
>         toGetFrames = 32578
>         framesPerBufferAlsa = 5540553
> #13 0x0000000000545de4 in ring::AlsaThread::run (this=0x19706f0) at alsalayer.cpp:137
> No locals.
> d7463da in snd_pcm_area_copy (dst_area=0x7f4290ced250, dst_offset=144, src_area=0x7f4290ced260, src_offset=0, samples=0, format=SND_PCM_FORMAT_S32_LE)
>     at pcm.c:2758
>         bytes = 15232
>         src = 0x7f427c0316b0 ""
>         dst = 0x7f427c0318f0 ""
>         width = 32
>         src_step = 32578
>         dst_step = -1865493936
>         __PRETTY_FUNCTION__ = "snd_pcm_area_copy"
>         __FUNCTION__ = "snd_pcm_area_copy"
> #5  0x00007f42ad746918 in snd_pcm_areas_copy (dst_areas=0x7f427c000e90, dst_offset=72, src_areas=0x7f427c000e90, src_offset=0, channels=2, frames=1904, 
>     format=SND_PCM_FORMAT_S32_LE) at pcm.c:2904
>         s = {addr = 0x7f427c0316b0, first = 0, step = 32}
>         d = {addr = 0x7f427c0316b0, first = 0, step = 32}
>         step = 64
>         src_addr = 0x7f427c0316b0
>         src_start = 0x7f427c000e70
>         channels1 = 0
>         chns = 2
>         dst_addr = 0x7f427c0316b0
>         dst_start = 0x7f427c000e70
>         width = 32
>         __PRETTY_FUNCTION__ = "snd_pcm_areas_copy"
>         __FUNCTION__ = "snd_pcm_areas_copy"
> #6  0x00007f42ad79cb66 in softvol_convert_stereo_vol (svol=0x7f427c02f500, dst_areas=0x7f427c000e70, dst_offset=72, src_areas=0x7f427c000e70, src_offset=0, 
>     channels=2, frames=1904) at pcm_softvol.c:291
>         dst_area = 0x7f427c02f560
>         src_area = 0x7f427c031380
>         src_step = 32578
>         dst_step = 2909997239
>         vol_scale = 32578
>         vol = {2429473552, 1}
>         vol_c = 2080568576
> #7  0x00007f42ad79e081 in snd_pcm_softvol_read_areas (pcm=0x7f427c031080, areas=0x7f427c000e70, offset=72, size=1904, slave_areas=0x7f427c000e70, slave_offset=0, 
>     slave_sizep=0x7f4290ced408) at pcm_softvol.c:630
>         svol = 0x7f427c02f500
> #8  0x00007f42ad75e367 in snd_pcm_plugin_avail_update (pcm=0x7f427c031080) at pcm_plugin.c:490
>         frames = 1904
>         cont = 1976
>         slave_frames = 2048
>         err = 0
>         slave_areas = 0x7f427c000e70
>         slave_offset = 0
>         result = 72
>         areas = 0x7f427c000e70
>         xfer = 144
>         hw_offset = 72
>         size = 1904
>         plugin = 0x7f427c02f500
>         slave = 0x7f427c030640
>         slave_size = 2472
> #9  0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c031080) at pcm.c:2508
> No locals.
> #10 0x00007f42ad75e214 in snd_pcm_plugin_avail_update (pcm=0x7f427c02fc70) at pcm_plugin.c:460
>         plugin = 0x7f427c031310
>         slave = 0x7f427c031080
>         slave_size = 9255600
> #11 0x00007f42ad745c3e in snd_pcm_avail_update (pcm=0x7f427c02faa0) at pcm.c:2508
> No locals.
> #12 0x00000000005486d4 in ring::AlsaLayer::capture (this=0x1978220) at alsalayer.cpp:694
>         mainBufferFormat = {sample_rate = 48000, nb_channels = 2, static DEFAULT_SAMPLE_RATE = 48000}
>         toGetFrames = 32578
>         framesPerBufferAlsa = 5540553
> #13 0x0000000000545de4 in ring::AlsaThread::run (this=0x19706f0) at alsalayer.cpp:137
> No locals.
> 




> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel at alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20160626/b2bfda27/attachment-0001.sig>

More information about the Alsa-devel mailing list