snd_device_name_hint segfaults

snd_device_name_hint segfaults

[Forest Bond]

[-- Attachment #1.1: Type: text/plain, Size: 3566 bytes --]

Hi,

I'm seeing segfaults with VLC similar to those reported here:

  http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html

This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
and the following patches also applied:

* 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
  snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
* 44c1a623dd1fc9e831616b663bebc54ca98df994
  Add snd_lib_error_set_local() to install a thread-local error handler.
* 25dbb102810b31c02358904d70d53c960fb0a10e
  snd_device_name_hint(): do not change the global error handler.
* f49b2dc522a2564315c76d075203b15a39941e8a
  snd_device_name_hint(): do not use global snd_config.
* 7f2b2c8c1650a1883b48abfcdb455138943854f9
  conf: Fix a memory access violation resulting from improper error propogation

So I think there are still issues when calling snd_device_name_hint(-1, ...).

Here is the backtrace:

#0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
#1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
nux-gnu/bits/string3.h:105
#2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
int.c:243
#3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
2
#4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
1
#5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
:721
#6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
#7  Open (obj=0xb6271700) at alsa.c:539
#8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
#9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
    probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
#10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
#11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
#12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
    at audio_output/dec.c:112
#13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
#14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
#15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464
#16 0x0a670891 in DecoderDecodeAudio (p_dec=0xaef02870, p_block=0xaef03000) at input/decoder.c:1291
#17 0x0a6716f5 in DecoderProcessAudio (b_flush=false, p_block=0xaef03000, p_dec=0xaef02870) at input/decoder.c:1936
#18 DecoderProcess (p_dec=0xaef02870, p_block=<optimized out>) at input/decoder.c:2059
#19 0x0a671959 in DecoderThread (p_data=0xaef02870) at input/decoder.c:938
#20 0x001fbd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#21 0x003ddace in clone () from /lib/i386-linux-gnu/libc.so.6

As a work around I will probably patch VLC to not call snd_device_name_hint this
way.  I see this has been done for other applications:

http://code.google.com/p/chromium/issues/detail?id=95797
http://code.mythtv.org/trac/ticket/10809

But I wanted to try diagnosing the issue first.  Thoughts?

Thanks,
Forest
-- 
Forest Bond
http://www.alittletooquiet.net
http://www.rapidrollout.com

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: snd_device_name_hint segfaults

[Takashi Iwai]

At Wed, 26 Jun 2013 14:39:09 -0400,
Forest Bond wrote:
> 
> Hi,
> 
> I'm seeing segfaults with VLC similar to those reported here:
> 
>   http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html
> 
> This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
> and the following patches also applied:
> 
> * 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
>   snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
> * 44c1a623dd1fc9e831616b663bebc54ca98df994
>   Add snd_lib_error_set_local() to install a thread-local error handler.
> * 25dbb102810b31c02358904d70d53c960fb0a10e
>   snd_device_name_hint(): do not change the global error handler.
> * f49b2dc522a2564315c76d075203b15a39941e8a
>   snd_device_name_hint(): do not use global snd_config.
> * 7f2b2c8c1650a1883b48abfcdb455138943854f9
>   conf: Fix a memory access violation resulting from improper error propogation
> 
> So I think there are still issues when calling snd_device_name_hint(-1, ...).
> 
> Here is the backtrace:
> 
> #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
> #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
> nux-gnu/bits/string3.h:105
> #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
> int.c:243
> #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
> 2
> #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
> 1
> #5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
> :721
> #6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
> #7  Open (obj=0xb6271700) at alsa.c:539
> #8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
> #9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
>     probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
> #10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
> #11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
> #12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
>     at audio_output/dec.c:112
> #13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
> #14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
> #15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464
> #16 0x0a670891 in DecoderDecodeAudio (p_dec=0xaef02870, p_block=0xaef03000) at input/decoder.c:1291
> #17 0x0a6716f5 in DecoderProcessAudio (b_flush=false, p_block=0xaef03000, p_dec=0xaef02870) at input/decoder.c:1936
> #18 DecoderProcess (p_dec=0xaef02870, p_block=<optimized out>) at input/decoder.c:2059
> #19 0x0a671959 in DecoderThread (p_data=0xaef02870) at input/decoder.c:938
> #20 0x001fbd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
> #21 0x003ddace in clone () from /lib/i386-linux-gnu/libc.so.6
> 
> As a work around I will probably patch VLC to not call snd_device_name_hint this
> way.  I see this has been done for other applications:
> 
> http://code.google.com/p/chromium/issues/detail?id=95797
> http://code.mythtv.org/trac/ticket/10809
> 
> But I wanted to try diagnosing the issue first.  Thoughts?

This isn't necessarily a bug due to the race like the previous case,
but rather more simple one.  For example, try the patch below.

If this fixes, the question is how to trigger.  Do you have any your
own ~/.asoundrc or /etc/asound.conf?  If yes, removing it changes the
behavior?


Takashi

---
diff --git a/src/control/namehint.c b/src/control/namehint.c
index 8d5e925..486e348 100644
--- a/src/control/namehint.c
+++ b/src/control/namehint.c
@@ -430,7 +430,7 @@ static int add_card(snd_config_t *config, struct hint_list *list, int card)
 		goto __error;
 	snd_config_for_each(i, next, conf) {
 		n = snd_config_iterator_entry(i);
-		if (snd_config_get_id(n, &str) < 0)
+		if (snd_config_get_id(n, &str) < 0 || !str)
 			continue;
 		
 		if (next_devices[list->iface] != NULL) {
@@ -505,7 +505,7 @@ static int add_software_devices(snd_config_t *config, struct hint_list *list)
 		return err;
 	snd_config_for_each(i, next, conf) {
 		n = snd_config_iterator_entry(i);
-		if (snd_config_get_id(n, &str) < 0)
+		if (snd_config_get_id(n, &str) < 0 || !str)
 			continue;
 		list->card = -1;
 		list->device = -1;

Re: snd_device_name_hint segfaults

[Forest Bond]

[-- Attachment #1.1: Type: text/plain, Size: 5463 bytes --]

Hi Takashi,

Thanks for the reply.

On Thu, Jun 27, 2013 at 08:23:54AM +0200, Takashi Iwai wrote:
> At Wed, 26 Jun 2013 14:39:09 -0400, Forest Bond wrote:
> > I'm seeing segfaults with VLC similar to those reported here:
> > 
> >   http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html
> > 
> > This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
> > and the following patches also applied:
> > 
> > * 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
> >   snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
> > * 44c1a623dd1fc9e831616b663bebc54ca98df994
> >   Add snd_lib_error_set_local() to install a thread-local error handler.
> > * 25dbb102810b31c02358904d70d53c960fb0a10e
> >   snd_device_name_hint(): do not change the global error handler.
> > * f49b2dc522a2564315c76d075203b15a39941e8a
> >   snd_device_name_hint(): do not use global snd_config.
> > * 7f2b2c8c1650a1883b48abfcdb455138943854f9
> >   conf: Fix a memory access violation resulting from improper error propogation
> > 
> > So I think there are still issues when calling snd_device_name_hint(-1, ...).
> > 
> > Here is the backtrace:
> > 
> > #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
> > #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
> > nux-gnu/bits/string3.h:105
> > #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
> > int.c:243
> > #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
> > 2
> > #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
> > 1
> > #5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
> > :721
> > #6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
> > #7  Open (obj=0xb6271700) at alsa.c:539
> > #8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
> > #9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
> >     probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
> > #10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
> > #11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
> > #12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
> >     at audio_output/dec.c:112
> > #13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
> > #14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
> > #15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464
> > #16 0x0a670891 in DecoderDecodeAudio (p_dec=0xaef02870, p_block=0xaef03000) at input/decoder.c:1291
> > #17 0x0a6716f5 in DecoderProcessAudio (b_flush=false, p_block=0xaef03000, p_dec=0xaef02870) at input/decoder.c:1936
> > #18 DecoderProcess (p_dec=0xaef02870, p_block=<optimized out>) at input/decoder.c:2059
> > #19 0x0a671959 in DecoderThread (p_data=0xaef02870) at input/decoder.c:938
> > #20 0x001fbd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
> > #21 0x003ddace in clone () from /lib/i386-linux-gnu/libc.so.6
> > 
> > As a work around I will probably patch VLC to not call snd_device_name_hint this
> > way.  I see this has been done for other applications:
> > 
> > http://code.google.com/p/chromium/issues/detail?id=95797
> > http://code.mythtv.org/trac/ticket/10809
> > 
> > But I wanted to try diagnosing the issue first.  Thoughts?
> 
> This isn't necessarily a bug due to the race like the previous case,
> but rather more simple one.  For example, try the patch below.
> 
> If this fixes, the question is how to trigger.  Do you have any your
> own ~/.asoundrc or /etc/asound.conf?  If yes, removing it changes the
> behavior?

Hm.  I haven't tried your patch yet although I suspect that it would in fact fix
the crash.  But I don't think the problem is that simple.  I don't have a
.asoundrc or /etc/asound.conf configuration file.  And the crashes don't happen
consistently on every run.  In fact it usually takes a few hours of VLC starts
and stops to see the problem at all.

But I have a new theory.  VLC should be using PulseAudio anyway, so I started
probing to figure out why it's initializing ALSA in the first place.  Turns out
it will only do this when the PulseAudio module fails to initialize.  One case
in which this happens is if PA is terminating at the same time VLC is starting.
I can manually trigger this by doing "pulseaudio -k && vlc ...".

You are probably aware that PA will automatically exit after being idle for some
time.  I think we are playing media files on a schedule that happens to trigger
this scenario.  So VLC starts up just as PA is quitting, and then the ALSA
module tries to enumerate available devices.  What if some of the available
devices disappear during enumeration i.e. the PulseAudio ALSA plugin is
destroying its ALSA devices?  Could that lead to this segfault?

Thanks,
Forest
-- 
Forest Bond
http://www.alittletooquiet.net
http://www.rapidrollout.com

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: snd_device_name_hint segfaults

[Forest Bond]

[-- Attachment #1.1: Type: text/plain, Size: 3554 bytes --]

Hi Takashi,

On Thu, Jun 27, 2013 at 05:05:42PM +0200, Takashi Iwai wrote:
> At Thu, 27 Jun 2013 10:30:50 -0400,
> Forest Bond wrote:
> > On Thu, Jun 27, 2013 at 08:23:54AM +0200, Takashi Iwai wrote:
> > > At Wed, 26 Jun 2013 14:39:09 -0400, Forest Bond wrote:
> > > > I'm seeing segfaults with VLC similar to those reported here:
> > > > 
> > > >   http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html
> > > > 
> > > > This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
> > > > and the following patches also applied:
> > > > 
> > > > * 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
> > > >   snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
> > > > * 44c1a623dd1fc9e831616b663bebc54ca98df994
> > > >   Add snd_lib_error_set_local() to install a thread-local error handler.
> > > > * 25dbb102810b31c02358904d70d53c960fb0a10e
> > > >   snd_device_name_hint(): do not change the global error handler.
> > > > * f49b2dc522a2564315c76d075203b15a39941e8a
> > > >   snd_device_name_hint(): do not use global snd_config.
> > > > * 7f2b2c8c1650a1883b48abfcdb455138943854f9
> > > >   conf: Fix a memory access violation resulting from improper error propogation
> > > > 
> > > > So I think there are still issues when calling snd_device_name_hint(-1, ...).
> > > > 
> > > > Here is the backtrace:
> > > > 
> > > > #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
> > > > #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
> > > > nux-gnu/bits/string3.h:105
> > > > #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
> > > > int.c:243
> > > > #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
> > > > 2
> > > > #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
> > > > 1
> > > > #5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
> > > > :721
> > > > #6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
> > > > #7  Open (obj=0xb6271700) at alsa.c:539
> > > > #8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
> > > > #9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
> > > >     probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
> > > > #10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
> > > > #11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
> > > > #12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
> > > >     at audio_output/dec.c:112
> > > > #13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
> > > > #14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
> > > > #15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464

I have a core dump, so if you can provide some guidance on how to retrieve the
information you need from gdb I'd be happy to provide it.  I did walk through
the configuration nodes a bit myself, but I didn't understand the structure well
enough to do much with it.

Thanks,
Forest

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: snd_device_name_hint segfaults

[Takashi Iwai]

At Thu, 27 Jun 2013 10:30:50 -0400,
Forest Bond wrote:
> 
> Hi Takashi,
> 
> Thanks for the reply.
> 
> On Thu, Jun 27, 2013 at 08:23:54AM +0200, Takashi Iwai wrote:
> > At Wed, 26 Jun 2013 14:39:09 -0400, Forest Bond wrote:
> > > I'm seeing segfaults with VLC similar to those reported here:
> > > 
> > >   http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html
> > > 
> > > This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
> > > and the following patches also applied:
> > > 
> > > * 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
> > >   snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
> > > * 44c1a623dd1fc9e831616b663bebc54ca98df994
> > >   Add snd_lib_error_set_local() to install a thread-local error handler.
> > > * 25dbb102810b31c02358904d70d53c960fb0a10e
> > >   snd_device_name_hint(): do not change the global error handler.
> > > * f49b2dc522a2564315c76d075203b15a39941e8a
> > >   snd_device_name_hint(): do not use global snd_config.
> > > * 7f2b2c8c1650a1883b48abfcdb455138943854f9
> > >   conf: Fix a memory access violation resulting from improper error propogation
> > > 
> > > So I think there are still issues when calling snd_device_name_hint(-1, ...).
> > > 
> > > Here is the backtrace:
> > > 
> > > #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
> > > #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
> > > nux-gnu/bits/string3.h:105
> > > #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
> > > int.c:243
> > > #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
> > > 2
> > > #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
> > > 1
> > > #5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
> > > :721
> > > #6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
> > > #7  Open (obj=0xb6271700) at alsa.c:539
> > > #8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
> > > #9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
> > >     probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
> > > #10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
> > > #11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
> > > #12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
> > >     at audio_output/dec.c:112
> > > #13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
> > > #14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
> > > #15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464
> > > #16 0x0a670891 in DecoderDecodeAudio (p_dec=0xaef02870, p_block=0xaef03000) at input/decoder.c:1291
> > > #17 0x0a6716f5 in DecoderProcessAudio (b_flush=false, p_block=0xaef03000, p_dec=0xaef02870) at input/decoder.c:1936
> > > #18 DecoderProcess (p_dec=0xaef02870, p_block=<optimized out>) at input/decoder.c:2059
> > > #19 0x0a671959 in DecoderThread (p_data=0xaef02870) at input/decoder.c:938
> > > #20 0x001fbd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
> > > #21 0x003ddace in clone () from /lib/i386-linux-gnu/libc.so.6
> > > 
> > > As a work around I will probably patch VLC to not call snd_device_name_hint this
> > > way.  I see this has been done for other applications:
> > > 
> > > http://code.google.com/p/chromium/issues/detail?id=95797
> > > http://code.mythtv.org/trac/ticket/10809
> > > 
> > > But I wanted to try diagnosing the issue first.  Thoughts?
> > 
> > This isn't necessarily a bug due to the race like the previous case,
> > but rather more simple one.  For example, try the patch below.
> > 
> > If this fixes, the question is how to trigger.  Do you have any your
> > own ~/.asoundrc or /etc/asound.conf?  If yes, removing it changes the
> > behavior?
> 
> Hm.  I haven't tried your patch yet although I suspect that it would in fact fix
> the crash.  But I don't think the problem is that simple.  I don't have a
> .asoundrc or /etc/asound.conf configuration file.  And the crashes don't happen
> consistently on every run.  In fact it usually takes a few hours of VLC starts
> and stops to see the problem at all.

Ah, OK, this information was missing.
In anyway, it'd be good if you can see how the whole config tree in
memory looks when the segfault occurs.  The NULL pointer alone doesn't
mean a memory corruption like the previous case.  We need a bit more
overview.

> But I have a new theory.  VLC should be using PulseAudio anyway, so I started
> probing to figure out why it's initializing ALSA in the first place.  Turns out
> it will only do this when the PulseAudio module fails to initialize.  One case
> in which this happens is if PA is terminating at the same time VLC is starting.
> I can manually trigger this by doing "pulseaudio -k && vlc ...".
> 
> You are probably aware that PA will automatically exit after being idle for some
> time.  I think we are playing media files on a schedule that happens to trigger
> this scenario.  So VLC starts up just as PA is quitting, and then the ALSA
> module tries to enumerate available devices.  What if some of the available
> devices disappear during enumeration i.e. the PulseAudio ALSA plugin is
> destroying its ALSA devices?  Could that lead to this segfault?

In general, the configuration space itself should be static,
determined at the loading time.


Takashi

Re: snd_device_name_hint segfaults

[Forest Bond]

[-- Attachment #1.1: Type: text/plain, Size: 6539 bytes --]

Hi Takashi,

On Thu, Jun 27, 2013 at 05:05:42PM +0200, Takashi Iwai wrote:
> At Thu, 27 Jun 2013 10:30:50 -0400,
> Forest Bond wrote:
> > 
> > Hi Takashi,
> > 
> > Thanks for the reply.
> > 
> > On Thu, Jun 27, 2013 at 08:23:54AM +0200, Takashi Iwai wrote:
> > > At Wed, 26 Jun 2013 14:39:09 -0400, Forest Bond wrote:
> > > > I'm seeing segfaults with VLC similar to those reported here:
> > > > 
> > > >   http://mailman.alsa-project.org/pipermail/alsa-devel/2013-January/059168.html
> > > > 
> > > > This is on Ubuntu 12.04 with the latest alsa-lib package (1.0.25-1ubuntu10.2)
> > > > and the following patches also applied:
> > > > 
> > > > * 2cfc8b9b44a8e493c41b3d63d5a00b306a18a5ed
> > > >   snd_pcm_direct_parse_open_conf(): use thread-safe getgrnam_r()
> > > > * 44c1a623dd1fc9e831616b663bebc54ca98df994
> > > >   Add snd_lib_error_set_local() to install a thread-local error handler.
> > > > * 25dbb102810b31c02358904d70d53c960fb0a10e
> > > >   snd_device_name_hint(): do not change the global error handler.
> > > > * f49b2dc522a2564315c76d075203b15a39941e8a
> > > >   snd_device_name_hint(): do not use global snd_config.
> > > > * 7f2b2c8c1650a1883b48abfcdb455138943854f9
> > > >   conf: Fix a memory access violation resulting from improper error propogation
> > > > 
> > > > So I think there are still issues when calling snd_device_name_hint(-1, ...).
> > > > 
> > > > Here is the backtrace:
> > > > 
> > > > #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
> > > > #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
> > > > nux-gnu/bits/string3.h:105
> > > > #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
> > > > int.c:243
> > > > #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
> > > > 2
> > > > #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59
> > > > 1
> > > > #5  0x0323c9bb in GetDevices (obj=0xb6271700, item=0x0, prefs_dev=<optimized out>) at alsa.c
> > > > :721
> > > > #6  0x0323d4c0 in Probe (dev=0xb6011df8 "default", obj=0xb6271700) at alsa.c:161
> > > > #7  Open (obj=0xb6271700) at alsa.c:539
> > > > #8  0x0a6c73d0 in generic_start (func=0x323cd10, ap=0xb52fed98 "\273") at modules/modules.c:422
> > > > #9  0x0a6c7a3a in vlc_module_load (p_this=0xb6271700, psz_capability=0xa70b959 "audio output", psz_name=<optimized out>, b_strict=false,
> > > >     probe=0xa6c73c0 <generic_start>) at modules/modules.c:347
> > > > #10 0x0a6c8002 in module_need (obj=0xb6271700, cap=0xa70b959 "audio output", name=0xa70d2bd "$aout", strict=false) at modules/modules.c:437
> > > > #11 0x0a6b1242 in aout_OutputNew (p_aout=0xb6271700, p_format=0xb52feeac) at audio_output/output.c:59
> > > > #12 0x0a6ad77f in aout_DecNew (p_aout=0xb6271700, p_format=0xb52feeac, p_replay_gain=0xaef02a14, p_request_vout=0xb52feed0)
> > > >     at audio_output/dec.c:112
> > > > #13 0x0a67066e in aout_new_buffer (p_dec=0xaef02870, i_samples=1024) at input/decoder.c:2286
> > > > #14 0x0a672690 in decoder_NewAudioBuffer (p_decoder=0xaef02870, i_size=1024) at input/decoder.c:213
> > > > #15 0x04032f8c in DecodeBlock (p_dec=0xaef02870, pp_block=0xb52ff05c) at faad.c:464
> > > > #16 0x0a670891 in DecoderDecodeAudio (p_dec=0xaef02870, p_block=0xaef03000) at input/decoder.c:1291
> > > > #17 0x0a6716f5 in DecoderProcessAudio (b_flush=false, p_block=0xaef03000, p_dec=0xaef02870) at input/decoder.c:1936
> > > > #18 DecoderProcess (p_dec=0xaef02870, p_block=<optimized out>) at input/decoder.c:2059
> > > > #19 0x0a671959 in DecoderThread (p_data=0xaef02870) at input/decoder.c:938
> > > > #20 0x001fbd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
> > > > #21 0x003ddace in clone () from /lib/i386-linux-gnu/libc.so.6
> > > > 
> > > > As a work around I will probably patch VLC to not call snd_device_name_hint this
> > > > way.  I see this has been done for other applications:
> > > > 
> > > > http://code.google.com/p/chromium/issues/detail?id=95797
> > > > http://code.mythtv.org/trac/ticket/10809
> > > > 
> > > > But I wanted to try diagnosing the issue first.  Thoughts?
> > > 
> > > This isn't necessarily a bug due to the race like the previous case,
> > > but rather more simple one.  For example, try the patch below.
> > > 
> > > If this fixes, the question is how to trigger.  Do you have any your
> > > own ~/.asoundrc or /etc/asound.conf?  If yes, removing it changes the
> > > behavior?
> > 
> > Hm.  I haven't tried your patch yet although I suspect that it would in fact fix
> > the crash.  But I don't think the problem is that simple.  I don't have a
> > .asoundrc or /etc/asound.conf configuration file.  And the crashes don't happen
> > consistently on every run.  In fact it usually takes a few hours of VLC starts
> > and stops to see the problem at all.
> 
> Ah, OK, this information was missing.
> In anyway, it'd be good if you can see how the whole config tree in
> memory looks when the segfault occurs.  The NULL pointer alone doesn't
> mean a memory corruption like the previous case.  We need a bit more
> overview.
> 
> > But I have a new theory.  VLC should be using PulseAudio anyway, so I started
> > probing to figure out why it's initializing ALSA in the first place.  Turns out
> > it will only do this when the PulseAudio module fails to initialize.  One case
> > in which this happens is if PA is terminating at the same time VLC is starting.
> > I can manually trigger this by doing "pulseaudio -k && vlc ...".
> > 
> > You are probably aware that PA will automatically exit after being idle for some
> > time.  I think we are playing media files on a schedule that happens to trigger
> > this scenario.  So VLC starts up just as PA is quitting, and then the ALSA
> > module tries to enumerate available devices.  What if some of the available
> > devices disappear during enumeration i.e. the PulseAudio ALSA plugin is
> > destroying its ALSA devices?  Could that lead to this segfault?
> 
> In general, the configuration space itself should be static,
> determined at the loading time.

I've been meaning to follow up on this issue for a while.  Sorry for the delayed
report.  We disabled PulseAudio idle exit and the problem went away, so it does
appear to be related somehow.

Thanks,
Forest
-- 
Forest Bond
http://www.forestbond.com
http://www.rapidrollout.com

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: snd_device_name_hint segfaults

[David Henningsson]

On 10/03/2013 08:36 PM, Forest Bond wrote:
>>>>> Here is the backtrace:
>>>>>
>>>>> #0  0x003f0e78 in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
>>>>> #1  0x0625084b in strcpy (__src=0x0, __dest=0xb6025e80 "pcm.(null)") at /usr/include/i386-li
>>>>> nux-gnu/bits/string3.h:105
>>>>> #2  try_config (config=0xaf1c4df0, list=0xb52fe804, base=0x323e962 "pcm", name=0x0) at nameh
>>>>> int.c:243
>>>>> #3  0x06251bc5 in add_software_devices (list=0xb52fe804, config=0xaf1c4df0) at namehint.c:51
>>>>> 2
>>>>> #4  snd_device_name_hint (card=-1, iface=<optimized out>, hints=0xb52fe90c) at namehint.c:59

>> In general, the configuration space itself should be static,
>> determined at the loading time.
> 
> I've been meaning to follow up on this issue for a while.  Sorry for the delayed
> report.  We disabled PulseAudio idle exit and the problem went away, so it does
> appear to be related somehow.

Hi, a few weeks ago I came up with a related patch (based on an Ubuntu
bug report). This might be what you're looking for:

http://git.alsa-project.org/?p=alsa-lib.git;a=commit;h=23bf1dce9438c0cf74357928289aa8f06957c283

When I fixed it, I thought it was just an edge case, but if this avoids
access violations in standard scenarios for you, VLC, mythtv, chromium,
and others - maybe we should try to make an update, even for stable
Ubuntu releases (such as Ubuntu 12.04)?

-- 
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic