Bug 104385

Summary: SIGABRT in `snd_mixer_elem_get_callback_private`
Product: PulseAudio Reporter: Paul Menzel <paulepanter>
Component: coreAssignee: pulseaudio-bugs
Status: RESOLVED FIXED QA Contact: pulseaudio-bugs
Severity: normal    
Priority: medium CC: lennart, paulepanter
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: (gdb) t a a bt; t a a bt f; info registers

Description Paul Menzel 2017-12-26 09:37:23 UTC
Created attachment 136388 [details]
(gdb) t a a bt; t a a bt f; info registers

Looking through the core dump files of one system with Debian 9 (Stretch), I noticed some of PulseAudio 10.0, where it terminates with SIGABRT.

```
Thread 3 (Thread 0x7f60175f1700 (LWP 9319)):
#0  0x00007f6028922771 in __GI_ppoll (fds=0x56233965ece0, nfds=4, timeout=<optimized out>, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#1  0x00007f602a098df8 in ppoll (__ss=0x0, __timeout=<optimized out>, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/poll2.h:77
#2  pa_rtpoll_run (p=0x56233978bbe0) at pulsecore/rtpoll.c:314
#3  0x00007f6022189a73 in thread_func (userdata=0x56233978b9c0) at modules/alsa/alsa-source.c:1516
#4  0x00007f6029e302c8 in internal_thread_func (userdata=0x56233964bf50) at pulsecore/thread-posix.c:81
#5  0x00007f6029302494 in start_thread (arg=0x7f60175f1700) at pthread_create.c:333
#6  0x00007f602892baff in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Thread 2 (Thread 0x7f6017df2700 (LWP 9318)):
#0  0x00007f6028922771 in __GI_ppoll (fds=0x5623396d0b80, nfds=5, timeout=<optimized out>, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39
#1  0x00007f602a098df8 in ppoll (__ss=0x0, __timeout=<optimized out>, __nfds=<optimized out>, __fds=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/poll2.h:77
#2  pa_rtpoll_run (p=0x562339750c60) at pulsecore/rtpoll.c:314
#3  0x00007f6022183575 in thread_func (userdata=0x562339750a10) at modules/alsa/alsa-sink.c:1799
#4  0x00007f6029e302c8 in internal_thread_func (userdata=0x562339668390) at pulsecore/thread-posix.c:81
#5  0x00007f6029302494 in start_thread (arg=0x7f6017df2700) at pthread_create.c:333
#6  0x00007f602892baff in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Thread 1 (Thread 0x7f602a4684c0 (LWP 2624)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007f60288773fa in __GI_abort () at abort.c:89
#2  0x00007f602886ee37 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x7f60224748e8 "mixer", file=file@entry=0x7f6022474b79 "mixer.c", line=line@entry=929, function=function@entry=0x7f6022474e00 <__PRETTY_FUNCTION__.9666> "snd_mixer_elem_get_callback_private") at assert.c:92
#3  0x00007f602886eee2 in __GI___assert_fail (assertion=assertion@entry=0x7f60224748e8 "mixer", file=file@entry=0x7f6022474b79 "mixer.c", line=line@entry=929, function=function@entry=0x7f6022474e00 <__PRETTY_FUNCTION__.9666> "snd_mixer_elem_get_callback_private") at assert.c:101
#4  0x00007f60223f503d in snd_mixer_elem_get_callback_private (mixer=mixer@entry=0x0) at mixer.c:929
#5  0x00007f60226be60b in report_jack_state (melem=0x0, mask=mask@entry=0) at modules/alsa/module-alsa-card.c:362
#6  0x00007f60226beb1b in card_suspend_changed (c=<optimized out>, card=<optimized out>, u=0x5623395de220) at modules/alsa/module-alsa-card.c:628
#7  0x00007f602a08d60c in pa_hook_fire (hook=0x562339555948, data=data@entry=0x5623395d0a40) at pulsecore/hook-list.c:104
#8  0x00007f602a089d8a in pa_card_suspend (c=c@entry=0x5623395d0a40, suspend=suspend@entry=false, cause=cause@entry=PA_SUSPEND_SESSION) at pulsecore/card.c:390
#9  0x00007f60228c500c in verify_access (u=u@entry=0x5623395be700, d=0x5623395d30d0) at modules/module-udev-detect.c:362
#10 0x00007f60228c63e5 in inotify_cb (a=0x5623395545e8, e=<optimized out>, fd=14, events=<optimized out>, userdata=0x5623395be700) at modules/module-udev-detect.c:624
#11 0x00007f6029ba774c in dispatch_pollfds (m=0x562339554590) at pulse/mainloop.c:655
#12 pa_mainloop_dispatch (m=m@entry=0x562339554590) at pulse/mainloop.c:898
#13 0x00007f6029ba7b4c in pa_mainloop_iterate (m=0x562339554590, block=<optimized out>, retval=0x7ffc8077f948) at pulse/mainloop.c:929
#14 0x00007f6029ba7bf0 in pa_mainloop_run (m=0x562339554590, retval=0x7ffc8077f948) at pulse/mainloop.c:944
#15 0x000056233875bd8c in main (argc=<optimized out>, argv=<optimized out>) at daemon/main.c:1140
```

Please find the full backtraces attached.
Comment 1 Tanu Kaskinen 2018-05-24 16:51:36 UTC
Sorry, I didn't notice this bug report until now. I think I have a fix for it, I'll submit it shortly.
Comment 2 Tanu Kaskinen 2018-05-24 17:42:00 UTC
Here's the patch: https://patchwork.freedesktop.org/patch/225242/

If this is a reproducible problem and you're able to apply the patch, testing would be appreciated (I'm not sure the bug that I found is really the root cause of the crash).
Comment 3 Tanu Kaskinen 2018-06-04 09:12:59 UTC
The patch is now in master.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.