pulseaudio crashed with SIGSEGV in strcmp()

Bug #437293 reported by Thomas Karl Pietrowski on 2009-09-26
50
This bug affects 8 people
Affects Status Importance Assigned to Milestone
pulseaudio (Ubuntu)
Medium
Daniel T Chen

Bug Description

Binary package hint: pulseaudio

Happend when switching a stream between one Bluetooth headset to a analog output and then back to another bluetooth headset.

No problems at all just this crash :/

ProblemType: Crash
.etc.asound.conf:
 pcm.604 {
    type bluetooth
    device 00:0D:3C:B0:67:51
 }
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/dsp', '/dev/dsp1', '/dev/snd/controlC0', '/dev/snd/pcmC0D3p', '/dev/snd/pcmC0D2c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D1c', '/dev/snd/pcmC0D1p', '/dev/snd/by-path', '/dev/snd/by-id', '/dev/snd/controlC1', '/dev/snd/pcmC1D0c', '/dev/snd/seq', '/dev/snd/timer', '/dev/sequencer2', '/dev/sequencer'] failed with exit code 1:
Card0.Amixer.info:
 Card hw:0 'NVidia'/'HDA NVidia at 0xfaf78000 irq 21'
   Mixer name : 'Nvidia MCP78 HDMI'
   Components : 'HDA:10ec0888,104382fe,00100101 HDA:10de0002,10de0101,00100000'
   Controls : 44
   Simple ctrls : 23
Card1.Amixer.info:
 Card hw:1 'camera'/'USB camera at usb-0000:00:04.0-2, full speed'
   Mixer name : 'USB Mixer'
   Components : 'USB0c45:60b0'
   Controls : 0
   Simple ctrls : 0
Card1.Amixer.values:

Date: Sat Sep 26 19:31:25 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/pulseaudio
NonfreeKernelModules: nvidia
Package: pulseaudio 1:0.9.18-0ubuntu3
ProcCmdline: /usr/bin/pulseaudio --start --log-target=syslog
ProcEnviron:
 LANG=de_DE.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/false
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
SegvAnalysis:
 Segfault happened at: 0x7f57e3245e20 <strcmp>: mov (%rdi),%al
 PC (0x7f57e3245e20) ok
 source "(%rdi)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%al" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: pulseaudio
StacktraceTop:
 strcmp () from /lib/libc.so.6
 module_bluetooth_device_LTX_pa__init ()
 pa_module_load ()
 ?? ()
 pa_hook_fire () from /usr/lib/libpulsecore-0.9.18.so
Title: pulseaudio crashed with SIGSEGV in strcmp()
Uname: Linux 2.6.31-11-generic x86_64
UserGroups:

mtime.conffile..etc.pulse.default.pa: 2009-09-26T17:08:57.840512

Related branches

StacktraceTop:strcmp () at ../sysdeps/x86_64/strcmp.S:29
module_bluetooth_device_LTX_pa__init (m=0x1746bf0)
pa_module_load (c=0x170d550,
load_module_for_device (y=<value optimized out>,
pa_hook_fire (hook=0x1736d28, data=0x1727160)

Changed in pulseaudio (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Daniel T Chen (crimsun) on 2009-09-29
Changed in pulseaudio (Ubuntu):
status: New → Fix Committed
visibility: private → public
Steven Walter (stevenrwalter) wrote :

Crash is no longer present in ubuntu-audio-dev PPA

Trooper (webmaster-trooper) wrote :

It happened when I switched on my cell phone's (Sony Ericsson K770i) bluetooth. I didn't do anything more. As a result, it looked like my cell phone tried to connect to my notebook to use it as a headset. I was asked for the usual PIN code pairing, first entering it into my cell phone and then into the popup dialog on the PC, and then the crash happened.

Trooper, can you reproduce the crash using the ubuntu-audio-dev PPA?

On Oct 9, 2009 10:20 AM, "Trooper" <email address hidden> wrote:

It happened when I switched on my cell phone's (Sony Ericsson K770i)
bluetooth. I didn't do anything more. As a result, it looked like my
cell phone tried to connect to my notebook to use it as a headset. I was
asked for the usual PIN code pairing, first entering it into my cell
phone and then into the popup dialog on the PC, and then the crash
happened.

-- pulseaudio crashed with SIGSEGV in strcmp()
https://bugs.launchpad.net/bugs/437293 You received...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 1:0.9.19-0ubuntu1

---------------
pulseaudio (1:0.9.19-0ubuntu1) karmic; urgency=low

  * New upstream bugfix release
  * debian/:
    . {libpulse0,pulseaudio}.shlibs:
    . shlibs{,_pulseaudio}.local:
    . rules: Update for new release
  * debian
    + pulseaudio.dirs:
    . patches/0006-a11y-special-case-disable.patch:
    . pulse-session: Use a system-wide flag to assist in fixing
      alsactl store race.
  * debian/patches/:
    - 0060-backport-c194d.patch: Drop, subsumed by new release
    + 0053-fix-sigsegv-module-bluetooth-device.patch: Don't strcmp
      uninitialized memory (LP: #437293)
    + 0055-backport-alsa-bt-position-fixes-b3592a1.patch: Apply the
      following changesets from origin/master HEAD for fixes:
      40c1ca76c48147c7648e1f1a72cc2c747f3d0c9b,
      7b682c969025845f75cbc74a9f830ad2dec8a415,
      c96d2d1117a7e59b351358c8cdd79ef465ddbd49,
      b3592a160f0d2a28605048a81c0261bf7c45acbb
    + 0091-dont-load-cork-music-on-phone.patch: Disable for Karmic;
      it's confusing users (LP: #437638)
  * Previous uploads resolved Launchpad bug reports:
    - LP: #434003 (crashed with SIGILL in pa_smoother_translate() )
    - LP: #437638 (cpulimit.c: Received request to terminate)

 -- Daniel T Chen <email address hidden> Tue, 06 Oct 2009 18:40:38 -0400

Changed in pulseaudio (Ubuntu):
status: Fix Committed → Fix Released
Daniel T Chen (crimsun) wrote :

Sorry for the crackful "fix" the first go-round. A saner check has been submitted, and once it is signed off, it will appear in some fashion in a pulseaudio update.

Changed in pulseaudio (Ubuntu):
status: Fix Released → Triaged
assignee: nobody → Daniel T Chen (crimsun)
Daniel T Chen (crimsun) wrote :

06:00 < dtchen> pitti: ok. firstly, it does the wrong thing with
                pa_sprintf_malloc(), including using the wrong parameter:
                address instead of d->address
06:01 < pitti> ah, so it even causes crashes/corruption?
06:01 < dtchen> pitti: secondly, in the case that d->address is bad (in this
                case it is; see the original report), even if we had
                _malloc()ed d->address, it'd still do the wrong thing
06:02 < dtchen> pitti: right, potentially it'd do even worse things
06:02 < pitti> dtchen: would you mind posting that to the original bug report,
               or adding a new one? to have a papertrail of the change?
06:02 < pitti> then it looks fine to me
06:03 < dtchen> pitti: so Lennart and I are discussing how to verify that the
                BT audio device is fully set up; it probably won't land for
                Karmic but hopefully for -updates
06:03 < dtchen> pitti: yes, I'll update the original bug report

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 1:0.9.20-0ubuntu1

---------------
pulseaudio (1:0.9.20-0ubuntu1) lucid; urgency=low

  * New upstream bugfix release
    + Fix BT validation (LP: #437293)
  * debian/control:
    + pulseaudio Provides pulseaudio-module-hal, pulseaudio-module-udev,
      and pulseaudio-module-rygel-media-server for upgrades (really
      fixes LP #477382)
  * debian/patches/:
    - 0002-work-around-suspend-on-idle-source-sink-race.patch:
    - 0052-revert-sse2-optimize.patch:
    - 0055-backport-alsa-bt-position-fixes-b3592a1.patch:
      Remove; applied upstream
    + 0054-mute-iec958-optical-raw-for-audigyX.patch: Refresh
    + 0055-handle-Master-Front.patch: For new VIA-based HDA, handle
      this mixer control until we've fixed it in linux (LP: #478868)
  * Bump for 0.9.20:
    + debian/libpulse0.shlibs
    + debian/pulseaudio.shlibs
    + debian/rules
 -- Daniel T Chen <email address hidden> Thu, 12 Nov 2009 19:19:21 -0500

Changed in pulseaudio (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.