pulseaudio crashed with SIGSEGV in pa_hashmap_remove()

Bug #951273 reported by André Oliveira
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
pulseaudio (Ubuntu)
Fix Released
Medium
David Henningsson

Bug Description

For some unknown reason, my install suddenly stopped detecting my M-Audio FastTrack Pro. The only way I found for it to rediscover the device was by pulseaudio --kill && pulseaudio. Though now every duplex change I do the devices get messed up. Also, now I can't use my soundcard for input.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: pulseaudio 1:1.1-0ubuntu12
ProcVersionSignature: Ubuntu 3.2.0-18.28-generic 3.2.9
Uname: Linux 3.2.0-18-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 1.94.1-0ubuntu2
Architecture: amd64
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xf0600000 irq 44'
   Mixer name : 'Realtek ALC272X'
   Components : 'HDA:10ec0272,1025033e,00100001 HDA:11c11040,11c10001,00100200'
   Controls : 33
   Simple ctrls : 18
Card1.Amixer.info:
 Card hw:1 'Pro'/'M-Audio FastTrack Pro at usb-0000:00:1a.0-1.2, full speed'
   Mixer name : 'USB Mixer'
   Components : 'USB0763:2012'
   Controls : 0
   Simple ctrls : 0
Card1.Amixer.values:

Card2.Amixer.info:
 Card hw:2 'Generic'/'HD-Audio Generic at 0xcfedc000 irq 46'
   Mixer name : 'ATI R6xx HDMI'
   Components : 'HDA:1002aa01,00aa0100,00100200'
   Controls : 6
   Simple ctrls : 1
Card2.Amixer.values:
 Simple mixer control 'IEC958',0
   Capabilities: pswitch pswitch-joined penum
   Playback channels: Mono
   Mono: Playback [on]
CurrentDmesg:
 [ 42.193364] ACPI: EC: GPE storm detected, transactions will use polling mode
 [ 94.183981] usbcore: deregistering interface driver snd-usb-audio
 [ 94.411089] usb-audio: Fast Track Pro config OK
 [ 94.430319] usbcore: registered new interface driver snd-usb-audio
 [ 138.187545] pulseaudio[7178]: segfault at 0 ip 00007f78510b7210 sp 00007fff7179fd38 error 4 in libpulsecommon-1.1.so[7f7851098000+5c000]
Date: Sat Mar 10 01:19:59 2012
ExecutablePath: /usr/bin/pulseaudio
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120301)
ProcCmdline: pulseaudio
SegvAnalysis:
 Segfault happened at: 0x7f78510b7210 <pa_idxset_string_hash_func>: movzbl (%rdi),%ecx
 PC (0x7f78510b7210) ok
 source "(%rdi)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: pulseaudio
StacktraceTop:
 pa_idxset_string_hash_func () from /usr/lib/x86_64-linux-gnu/libpulsecommon-1.1.so
 pa_hashmap_get () from /usr/lib/x86_64-linux-gnu/libpulsecommon-1.1.so
 pa_sink_set_port () from /usr/lib/libpulsecore-1.1.so
 ?? () from /usr/lib/pulse-1.1/modules/libprotocol-native.so
 pa_pdispatch_run () from /usr/lib/x86_64-linux-gnu/libpulsecommon-1.1.so
Title: pulseaudio crashed with SIGSEGV in pa_idxset_string_hash_func()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
dmi.bios.date: 08/12/2010
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: V1.28
dmi.board.asset.tag: No Asset Tag
dmi.board.name: Aspire 5740
dmi.board.vendor: Acer
dmi.board.version: V1.28
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: Acer
dmi.chassis.version: V1.28
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvrV1.28:bd08/12/2010:svnAcer:pnAspire5740:pvrV1.28:rvnAcer:rnAspire5740:rvrV1.28:cvnAcer:ct10:cvrV1.28:
dmi.product.name: Aspire 5740
dmi.product.version: V1.28
dmi.sys.vendor: Acer

Related branches

Revision history for this message
André Oliveira (oribunokiyuusou) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 pa_idxset_string_hash_func (p=0x0) at pulsecore/idxset.c:67
 pa_hashmap_get (h=0xe6ef40, key=0x0) at pulsecore/hashmap.c:179
 pa_sink_set_port (s=0xe62800, name=0x0, save=true) at pulsecore/sink.c:3092
 command_set_sink_or_source_port (pd=<optimized out>, command=96, tag=54, t=0xe7fb90, userdata=0xe79b00) at pulsecore/protocol-native.c:4680
 pa_pdispatch_run (pd=0xda9150, packet=<optimized out>, creds=0xdfe310, userdata=0xe79b00) at pulsecore/pdispatch.c:336

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in pulseaudio (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
André Oliveira (oribunokiyuusou) wrote : Re: pulseaudio crashed with SIGSEGV in pa_idxset_string_hash_func()

What seems to happen is my output device is also listed as my Input device, and my input device is no where to be seen.

visibility: private → public
Revision history for this message
David Henningsson (diwic) wrote : [PATCH] protocol-native: Protect against clients trying to set a NULL port

For some reason, a badly behaving client was trying to set a NULL
port, which caused PulseAudio to crash. Add safeguards on two levels
just to be protected. (Also remove a redundant check.)

BugLink: https://bugs.launchpad.net/bugs/951273
Signed-off-by: David Henningsson <email address hidden>
---
 src/pulsecore/protocol-native.c | 2 +-
 src/pulsecore/sink.c | 2 +-
 src/pulsecore/source.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index e4e1809..34fff6e 100644
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -4699,7 +4699,7 @@ static void command_set_sink_or_source_port(pa_pdispatch *pd, uint32_t command,
     CHECK_VALIDITY(c->pstream, !name || pa_namereg_is_valid_name_or_wildcard(name, command == PA_COMMAND_SET_SINK_PORT ? PA_NAMEREG_SINK : PA_NAMEREG_SOURCE), tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, idx != PA_INVALID_INDEX || name, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, idx == PA_INVALID_INDEX || !name, tag, PA_ERR_INVALID);
- CHECK_VALIDITY(c->pstream, !name || idx == PA_INVALID_INDEX, tag, PA_ERR_INVALID);
+ CHECK_VALIDITY(c->pstream, port, tag, PA_ERR_INVALID);

     if (command == PA_COMMAND_SET_SINK_PORT) {
         pa_sink *sink;
diff --git a/src/pulsecore/sink.c b/src/pulsecore/sink.c
index aed1f38..2d214cf 100644
--- a/src/pulsecore/sink.c
+++ b/src/pulsecore/sink.c
@@ -3236,7 +3236,7 @@ int pa_sink_set_port(pa_sink *s, const char *name, pa_bool_t save) {
         return -PA_ERR_NOTIMPLEMENTED;
     }

- if (!s->ports)
+ if (!s->ports || !name)
         return -PA_ERR_NOENTITY;

     if (!(port = pa_hashmap_get(s->ports, name)))
diff --git a/src/pulsecore/source.c b/src/pulsecore/source.c
index ab75b21..a5d5af0 100644
--- a/src/pulsecore/source.c
+++ b/src/pulsecore/source.c
@@ -2506,7 +2506,7 @@ int pa_source_set_port(pa_source *s, const char *name, pa_bool_t save) {
         return -PA_ERR_NOTIMPLEMENTED;
     }

- if (!s->ports)
+ if (!s->ports || !name)
         return -PA_ERR_NOENTITY;

     if (!(port = pa_hashmap_get(s->ports, name)))
--
1.7.9.1

Revision history for this message
David Henningsson (diwic) wrote : Re: pulseaudio crashed with SIGSEGV in pa_idxset_string_hash_func()

Thanks for your report. I've sent a patch upstream and will commit it to the 12.04 tree as well.
For reference, were you having some volume control open when pulseaudio crashed? Were you trying to change active output, port, or something like that?

Changed in pulseaudio (Ubuntu):
assignee: nobody → David Henningsson (diwic)
status: New → In Progress
Revision history for this message
André Oliveira (oribunokiyuusou) wrote :

The volume control was open and I was trying to change the ports.

The M-Audio Fasttrack Pro has 2 outputs and one input, Channel A ouput and input and Channel B output. The problem is the system detects them as devices as follows:
Channel A Output: hw:%f,0,0
Channel A Input: hw:%f,1,0
Channel B Output: hw:%f,1,0

which makes absolutely no sense. I had to edit the maudio-fasttrack-pro.conf profile to get this far. The problem is that now the profile Channel A Duplex+Analog Channel B Output profile doesn't work. I made a post on ubuntuforums.org explaining properly what was happened, if you don't mind taking a look: http://ubuntuforums.org/showthread.php?t=1938930

Revision history for this message
David Henningsson (diwic) wrote :

I believe you're referring to bug 569932 for the ,0,0 -> ,1,0 stuff.
For the non-working Duplex + Output profile, can you get it to work if you use the pavucontrol program instead of the gnome sound settings dialog?

Revision history for this message
André Oliveira (oribunokiyuusou) wrote :

Yes, I am referring to bug 569932 for the ,0,0 -> ,1,0 stuff.

For the non-working Duplex + Output profile, i works better through padvucontrol, ouput on Channel A and B work properly, but input stops working. Maybe it's due to the fact that hw:%f,1,0 is now being used as channel B output?

Revision history for this message
David Henningsson (diwic) wrote :

Ok, I've committed a fix for the issue that makes PulseAudio crash. Not sure what gnome-sound-settings will do instead when it gets an error back, but at least it puts the problem where it belongs.

Changed in pulseaudio (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
André Oliveira (oribunokiyuusou) wrote :

OK, thanks for the fix. When it's packaged, I'll bash on the audio settings and see what happens.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 1:1.1-0ubuntu13

---------------
pulseaudio (1:1.1-0ubuntu13) precise; urgency=low

  * 0020-daemon-Initialize-dbus-to-use-thread-safe-mode-by-de.patch:
    Make sure dbus is thread safe to avoid crashes in pa_make_realtime
    (LP: #937933)
  * 0111-protocol-native-Protect-against-clients-trying-to-se.patch:
    Don't crash if clients try to set a NULL port (LP: #951273)
  * 0021-Fix-input-device-for-M-audio-fasttrack-pro.patch:
    Probe two different input devices (LP: #569932)
  * 0112-module-loopback-Never-call-adjust_rates-after-teardo.patch:
    Don't crash on shutdown in module-loopback (LP: #946400)
  * 0619-module-switch-on-port-available-Do-not-switch-profil.patch:
    Prevent switching to HDMI profiles from analog profiles, as a result
    of discussion on the pulseaudio-discuss and ubuntu-audio-dev mailinglist.
 -- David Henningsson <email address hidden> Wed, 21 Mar 2012 10:47:33 +0100

Changed in pulseaudio (Ubuntu):
status: Fix Committed → Fix Released
gad man (gadman)
summary: - pulseaudio crashed with SIGSEGV in pa_idxset_string_hash_func()
+ pulseaudio crashed with SIGSEGV in pa_hashmap_remove()
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.