Re: [pulseaudio-discuss] 回复: How to fix pulseaudio crash when playing music

Thu, 11 Jun 2020 11:45:11 -0700 

On 09.06.20 16:13, Chengyi Zhao wrote:

Hi Georg,

Thanks for your reply!

Hi all,
I try to apply the following patch to fix this issue, please help review, thanks! 



Thanks for the patch. Because all patches have to go though Gitlab,

can you please open a merge request on Gitlab?

https://gitlab.freedesktop.org/pulseaudio/pulseaudio/


Two small comment below.



Date:   Tue Jun 9 22:09:36 2020 +0800

    srb: ignore srb when reading/writing srb generated an exception

    When the function do_read() returns -1, the program continues
    reading the same srb, maybe it will occur the crash.

diff --git a/src/pulsecore/pstream.c b/src/pulsecore/pstream.c
index 3b94a3adf..4fcec51c6 100644
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@@ -235,7 +235,7 @@ void pa_cmsg_ancil_data_close_fds(struct pa_cmsg_ancil_data *ancil) { 
 static int do_write(pa_pstream *p);
 static int do_read(pa_pstream *p, struct pstream_read *re);

-static void do_pstream_read_write(pa_pstream *p) {
+static int do_pstream_read_write(pa_pstream *p) {
     pa_assert(p);
     pa_assert(PA_REFCNT_VALUE(p) > 0);

@@ -244,8 +244,15 @@ static void do_pstream_read_write(pa_pstream *p) {
     p->mainloop->defer_enable(p->defer_event, 0);

     if (!p->dead && p->srb) {


r should be defined here.



-         do_write(p);
-         while (!p->dead && do_read(p, &p->readsrb) == 0);
+        if(do_write(p) < 0)
+            goto ignore;
+
+        int r = 0;
+        while (!p->dead && r == 0) {
+            r = do_read(p, &p->readsrb);
+            if (r < 0)
+            goto ignore;
+        }
     }

     if (!p->dead && pa_iochannel_is_readable(p->io)) {
@@ -263,7 +270,12 @@ static void do_pstream_read_write(pa_pstream *p) {
     }

     pa_pstream_unref(p);
-    return;
+    return 0;
+
+ignore:
+
+    pa_pstream_unref(p);
+    return -1;

 fail:

@@ -272,9 +284,11 @@ fail:

     pa_pstream_unlink(p);
     pa_pstream_unref(p);
+    return -1;
 }

 static bool srb_callback(pa_srbchannel *srb, void *userdata) {
+    int r;
     bool b;
     pa_pstream *p = userdata;
@@ -284,11 +298,11 @@ static bool srb_callback(pa_srbchannel *srb, void *userdata) { 

     pa_pstream_ref(p);

-    do_pstream_read_write(p);
+    r = do_pstream_read_write(p);

     /* If either pstream or the srb is going away, return false.
        We need to check this before p is destroyed. */


Please correct the comment, we now also fail if the read_write failed.



-    b = (PA_REFCNT_VALUE(p) > 1) && (p->srb == srb);
+    b = (r == 0) && (PA_REFCNT_VALUE(p) > 1) && (p->srb == srb);
     pa_pstream_unref(p);

     return b;

Best Regards,
Chengyi
------------------------------------------------------------------------
*From:* Georg Chini <[email protected]>
*Sent:* Tuesday, June 9, 2020 2:01
*To:* General PulseAudio Discussion <[email protected]>; Zhao Chengyi <[email protected]> *Subject:* Re: [pulseaudio-discuss] 回复: How to fix pulseaudio crash when playing music 
On 09.06.20 10:39, Zhao Chengyi wrote:

Please ignore the gdb bt information above because of error dbgsyms,
and please refer to the following logs when occurring crash.
5月 26 03:14:24 test-PC pulseaudio[2841]: W: [pulseaudio] pstream.c: Received SHM memblock frame with invalid frame length. 5月 26 03:14:24 test-PC pulseaudio[2841]: E: [pulseaudio] pstream.c: Assertion 're->data || re->memblock' failed at pulsecore/pstream.c:862, function do_read(). Aborting. 5月 26 03:14:24 test-PC systemd[1]: Created slice system-systemd\x2dcoredump.slice. 5月 26 03:14:24 test-PC systemd[1]: Started Process Core Dump (PID 10183/UID 0). 5月 26 03:14:25 test-PC bluetoothd[1700]: Endpoint unregistered: sender=:1.60 path=/MediaEndpoint/A2DPSource 5月 26 03:14:25 test-PC bluetoothd[1700]: Endpoint unregistered: sender=:1.60 path=/MediaEndpoint/A2DPSink 5月 26 03:14:25 test-PC daemon/audio[2874]: audio_events.go:65: pulseaudio context state failed 5月 26 03:14:25 test-PC systemd[2674]: pulseaudio.service: Main process exited, code=dumped, status=6/ABRT 5月 26 03:14:25 test-PC systemd[2674]: pulseaudio.service: Failed with result 'core-dump'. 5月 26 03:14:25 test-PC systemd-coredump[10184]: Process 2841 (pulseaudio) of user 1000 dumped core. 

Stack trace of thread 2841:
                                                  #0  0x0000ffff8702a714 raise (libc.so.6)                                                   #1  0x0000ffff870188e8 abort (libc.so.6)                                                   #2  0x0000ffff873b5728 n/a (libpulsecommon-12.2.so)                                                   #3  0x0000ffff873b7fd8 n/a (libpulsecommon-12.2.so)                                                   #4  0x0000ffff873b8368 n/a (libpulsecommon-12.2.so)                                                   #5  0x0000ffff873b8bec n/a (libpulsecommon-12.2.so)                                                   #6  0x0000ffff87339c70 pa_mainloop_dispatch (libpulse.so.0)                                                   #7  0x0000ffff8733a01c pa_mainloop_iterate (libpulse.so.0)                                                   #8  0x0000ffff8733a0d8 pa_mainloop_run (libpulse.so.0)                                                   #9  0x0000000000406894 main (pulseaudio)                                                   #10 0x0000ffff87018d24 __libc_start_main (libc.so.6)                                                   #11 0x00000000004076c4 _start (pulseaudio)                                                   #12 0x00000000004076c4 _start (pulseaudio) 5月 26 03:14:25 test-PC systemd[2674]: pulseaudio.service: Service RestartSec=100ms expired, scheduling restart. 5月 26 03:14:25 test-PC systemd[2674]: pulseaudio.service: Scheduled restart job, restart counter is at 1. 
5月 26 03:14:25 test-PC systemd[2674]: Stopped Sound Service.
5月 26 03:14:25 test-PC systemd[2674]: Starting Sound Service...
5月 26 03:14:25 test-PC pulseaudio[10197]: W: [pulseaudio] pid.c: Stale PID file, overwriting. 

Best Regards,
Chengyi
------------------------------------------------------------------------
*发件人:* Zhao Chengyi
*发送时间:* 2020年6月9日 0:30
*收件人:* [email protected] <mailto:[email protected]> <[email protected]> <mailto:[email protected]> 
*主题:* How to fix pulseaudio crash when playing music
Hi,
I found pulseaudio crash when playing music, please help fix this issue, thanks a lot! 

please refer to the following gdb information when occurring crash:

[Current thread is 1 (Thread 0xffff86823010 (LWP 2841))]
(gdb) bt
#0  0x0000ffff8702a714 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 
#1  0x0000ffff870188e8 in __GI_abort () at abort.c:79
#2  0x0000ffff873b5728 in do_read (p=p@entry=0x3673a170, re=re@entry=0x3673a338) at pulsecore/pstream.c:856 #3  0x0000ffff873b7fd8 in do_pstream_read_write (p=0x3673a170) at pulsecore/pstream.c:248 #4  0x0000ffff873b8368 in srb_callback (srb=<optimized out>, userdata=0x3673a170) at pulsecore/pstream.c:287 #5  0x0000ffff873b8bec in srbchannel_rwloop (sr=0x36766ae0) at pulsecore/srbchannel.c:190 #6  0x0000ffff87339c70 in dispatch_pollfds (m=0x36670db0) at pulse/mainloop.c:655 #7  0x0000ffff87339c70 in pa_mainloop_dispatch (m=m@entry=0x36670db0) at pulse/mainloop.c:898 #8  0x0000ffff8733a01c in pa_mainloop_iterate (m=0x36670db0, block=<optimized out>, retval=0xffffd9683030) at pulse/mainloop.c:929 #9  0x0000ffff8733a0d8 in pa_mainloop_run (m=m@entry=0x36670db0, retval=retval@entry=0xffffd9683030) at pulse/mainloop.c:945 #10 0x0000000000406894 in main (argc=<optimized out>, argv=<optimized out>) at daemon/main.c:1144 

Best Regards,
Chengyi


Hi,


there is a bug report on Gitlab which describes exactly the same problem:

https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/859


Unfortunately we did not yet have the time to investigate further.


Regards

             Georg




_______________________________________________
pulseaudio-discuss mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss

Reply via email to