Uploaded image for project: ' AGL Development'
  1. AGL Development
  2. SPEC-1188

pulseaudio segfaults in bluez5-util during daemon idle shutdown

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • Eel
    • None
    • Audio Manager
    • On m3ulcb using master with either the USB BT dongle or using m3ulcb+kf on master with the Wilink8 BT device.

      pulseaudio segfaults when shutting down on idle. The log is as follows:

       

      m3ulcb:~# [ 205.021336] pulseaudio[4229]: unhandled level 0 translation fault (11) at 0x00000090, esr 0x92000004
[ 205.031038] pgd = ffff8005ef511000
[ 205.034472] [00000090] *pgd=0000000000000000[ 205.038586] 
[ 205.040073] 
[ 205.041562] CPU: 1 PID: 4229 Comm: pulseaudio Tainted: G B O 4.9.0-yocto-standard #6
[ 205.050270] Hardware name: Renesas M3ULCB Kingfisher board based on r8a7796 (DT)
[ 205.057684] task: ffff8005f0f90000 task.stack: ffff8005ef464000
[ 205.063611] PC is at 0xffffb037d9bc
[ 205.067104] LR is at 0xffffb037d9b0
[ 205.070630] pc : [<0000ffffb037d9bc>] lr : [<0000ffffb037d9b0>] pstate: 60000000
[ 205.078048] sp : 0000ffffc3a55460
[ 205.081356] x29: 0000ffffc3a55470 x28: 00000000ffffffff 
[ 205.086691] x27: 0000aaaac1dbe000 x26: 0000000000000001 
[ 205.092019] x25: 0000aaaaf8ec1530 x24: 0000000000000015 
[ 205.097349] x23: 0000aaaaf8ec1584 x22: 0000aaaaf8e2b9e0 
[ 205.102682] x21: 0000ffffb0387000 x20: 0000aaaaf8dc7bf0 
[ 205.108008] x19: 0000aaaaf8ec2810 x18: 0000000000000000 
[ 205.113335] x17: 0000ffffb037d628 x16: 0000ffffb039ad28 
[ 205.118669] x15: 00003ea5686c0f69 x14: 001c106f72244170 
[ 205.124010] x13: 000000005a1dca05 x12: 0000000000000018 
[ 205.129811] x11: 00000000012916ab x10: 00000000000000cd 
[ 205.135160] x9 : 0000aaaaf8dc6800 x8 : 0000aaaaf8dc7ba0 
[ 205.140489] x7 : 0000000000000000 x6 : 0000000000000000 
[ 205.145821] x5 : 0000ffffb51b09b0 x4 : 00000000ffffffff 
[ 205.151154] x3 : 0000aaaaf8dc7ba0 x2 : 0000ffffc3a55488 
[ 205.156481] x1 : 0000aaaaf8de4270 x0 : 0000000000000000 
[ 205.161809] 
[ 205.163349] audit_printk_skb: 41 callbacks suppressed
[ 205.168411] audit: type=1701 audit(1511901701.614:4): auid=0 uid=0 gid=0 ses=2 subj=System pid=4229 comm="pulseaudio" exe="/usr/bin/pulseaudio" sig=11

      A backtrace from the core file is as follows:

      Core was generated by `/usr/bin/pulseaudio --daemonize=no'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000ffff809389bc in pa_bluetooth_transport_unlink (t=0xaaaad6723960)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/bluez5-util.c:312
312	    pa_hashmap_remove(t->device->discovery->transports, t->path);
[Current thread is 1 (Thread 0xffff88bc2040 (LWP 4735))]
(gdb) bt
#0  0x0000ffff809389bc in pa_bluetooth_transport_unlink (t=0xaaaad6723960)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/bluez5-util.c:312
#1  0x0000ffff80938a5c in pa_bluetooth_transport_free (t=0xaaaad6723960)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/bluez5-util.c:321
#2  0x0000ffff8093c594 in hf_audio_card_free (card=0xaaaad66bd480)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/backend-ofono.c:115
#3  0x0000ffff88a366f8 in pa_hashmap_remove_all (h=0xaaaad66bdce0) at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/pulsecore/hashmap.c:230
#4  0x0000ffff8093c238 in ofono_bus_id_destroy (backend=backend@entry=0xaaaad66bcad0)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/backend-ofono.c:338
#5  0x0000ffff8093df28 in hf_audio_agent_unregister (backend=0xaaaad66bcad0)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/backend-ofono.c:406
#6  pa_bluetooth_ofono_backend_free (backend=0xaaaad66bcad0) at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/backend-ofono.c:645
#7  0x0000ffff8093be58 in pa_bluetooth_discovery_unref (y=0xaaaad67aafc0)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/bluez5-util.c:1788
#8  0x0000ffff809584e4 in module_bluez5_discover_LTX_pa__done (m=<optimized out>)
    at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/modules/bluetooth/module-bluez5-discover.c:158
#9  0x0000ffff88b33220 in pa_module_free (m=0xaaaad66d5db0) at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/pulsecore/module.c:250
#10 0x0000ffff88b340cc in pa_module_unload_all (c=0xaaaad66a9af0) at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/pulsecore/module.c:324
#11 0x0000aaaaab043b74 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/pulseaudio/10.0-r0/pulseaudio-10.0/src/daemon/main.c:1169

      A verbose pulseaudio log combined with the above backtrace shows that this occurs when pulseaudio idle timeouts and does a shutdown, unloading the bluez5-discover module and then segfaulting during the cleanup routines.

      This issue is also known to happen on Ubuntu releases with pulseaudio 10.0 and so clearly is a generic issue. See https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1690037 which contains a matching backtrace of the issue.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            ohporter Matt Porter
            ohporter Matt Porter
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: