Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Sat, Mar 04, 2017 at 07:37:36PM -0300, Felipe Sateler wrote:
> > Not really familiar with how binaries get created or uploaded in
> > Debian, but is it possible to determine the gcc + binutils
> > versions with which libsbc 1.3-1 and 1.3-1+b2 were created? Just
> > to double check whether the official uploads were indeed created
> > with gcc-4.9 for libsbc 1.3-1 and gcc-5/gcc-6 for 1.3-1+b2?
> 
> The build logs are publicly available, for this build[1] the versions used 
> were:
> 
> binutils_2.25-8
> gcc-4.9_4.9.2-19
> 
> [1] 
> https://buildd.debian.org/status/fetch.php?pkg=sbc&arch=armhf&ver=1.3-1&stamp=1433137735&raw=0

Aiy, ok, thanks a lot, Felipe!

Is there anything else I could do? Was the issue reported to the
gcc folks somewhere yet or should I report it to some bugtracker of
the gcc project?

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

On Sat, Mar 4, 2017 at 6:27 PM, Linus Lüssing  wrote:
>> Are you sure it's definitely related to the gcc version? Did you actually
>> try rebuilding with gcc-4.9 on the target machine?
>>
>> The thing is that assembly code is not interpreted by gcc but by the 
>> assembler
>> which is part of the binutils package. Since binutils is updated
>> in Debian very often, it may be well related to a bug in binutils.
>
> I didn't try from a chroot, but tried 2.28 as you suggested as
> well as a few downgraded versions, which all failed:
>
> binutils 2.28-1 -> not
> binutils 2.27.51.20161220-1
> binutils 2.27-9 -> not working
> binutils 2.26-1 -> not working
> binutils 2.26.1-1 -> not working
> binutils 2.26-12 -> not working
>
> I also tried downgrading gcc-6, which didn't help either:
> gcc 6.0.1-2
>
> What worked then:
> * gcc 4.9.4-2 + binutils 2.26.1-1
> * gcc 4.9.4-2 + binutils 2.28-1
>

Thanks for the extensive testing!

> Not really familiar with how binaries get created or uploaded in
> Debian, but is it possible to determine the gcc + binutils
> versions with which libsbc 1.3-1 and 1.3-1+b2 were created? Just
> to double check whether the official uploads were indeed created
> with gcc-4.9 for libsbc 1.3-1 and gcc-5/gcc-6 for 1.3-1+b2?

The build logs are publicly available, for this build[1] the versions used were:

binutils_2.25-8
gcc-4.9_4.9.2-19

[1] 
https://buildd.debian.org/status/fetch.php?pkg=sbc&arch=armhf&ver=1.3-1&stamp=1433137735&raw=0


-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

> Are you sure it's definitely related to the gcc version? Did you actually
> try rebuilding with gcc-4.9 on the target machine?
>
> The thing is that assembly code is not interpreted by gcc but by the assembler
> which is part of the binutils package. Since binutils is updated
> in Debian very often, it may be well related to a bug in binutils.

I didn't try from a chroot, but tried 2.28 as you suggested as
well as a few downgraded versions, which all failed:

binutils 2.28-1 -> not 
binutils 2.27.51.20161220-1
binutils 2.27-9 -> not working
binutils 2.26-1 -> not working
binutils 2.26.1-1 -> not working
binutils 2.26-12 -> not working

I also tried downgrading gcc-6, which didn't help either:
gcc 6.0.1-2

What worked then:
* gcc 4.9.4-2 + binutils 2.26.1-1
* gcc 4.9.4-2 + binutils 2.28-1


Not really familiar with how binaries get created or uploaded in
Debian, but is it possible to determine the gcc + binutils
versions with which libsbc 1.3-1 and 1.3-1+b2 were created? Just
to double check whether the official uploads were indeed created
with gcc-4.9 for libsbc 1.3-1 and gcc-5/gcc-6 for 1.3-1+b2?

Regards, Linus

PS: All those tests above just with a plain
"$ CC=gcc-{4.9,6} dpkg-buildpackage -us -uc", so with the default
hardening flags.

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[John Paul Adrian Glaubitz]

Hi Felipe!

> Thanks for verifying! The problem would not be PIE then. It appears
> the custom assembler is not compatible with current gcc versions.

Are you sure it's definitely related to the gcc version? Did you actually
try rebuilding with gcc-4.9 on the target machine?

The thing is that assembly code is not interpreted by gcc but by the assembler
which is part of the binutils package. Since binutils is updated in Debian
very often, it may be well related to a bug in binutils.

I would try rebuilding the package in a fresh unstable chroot with binutils
2.28 which was just uploaded a few days ago. Chances are it's a bug rather
in binutils than in gcc.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

Control: retitle -1 libsbc1: compiling with gcc > 4.9 causes stack corruption

On Fri, Mar 3, 2017 at 3:24 PM, Linus Lüssing  wrote:
> On Fri, Mar 03, 2017 at 01:14:56PM -0300, Felipe Sateler wrote:
>> It has been pointed out to me that this may be unrelated to PIE, but
>> just caused by a newer GCC version. Could you check if disabling PIE
>> makes the binary work again? To do so:
>>
>> apt-get source sbc
>> sudo apt-get build-dep sbc
>> cd sbc-1.3
>> DEB_BUILD_OPTIONS=hardening=-pie dpkg-buildpackage -us -uc
>> sudo dpkg -i ../libsbc1_*.deb
>
> Tried it, but still crashes. I also tried:
>
> 0) dpkg-buildpackage -us -uc
> 1) 
> DEB_BUILD_OPTIONS=hardening=-stackprotectorstrong,-stackprotector,-pie,-fortify
>  dpkg-buildpackage -us -uc
> 2) DEB_BUILD_OPTIONS=hardening=-all dpkg-buildpackage -us -uc
> 3) CC=gcc-5 dpkg-buildpackage -us -uc
>
> But the resulting packages/libraries crash, too.
>
> ~~~
> $ gcc --version
> gcc (Debian 6.3.0-8) 6.3.0 20170221
> $ gcc-5 --version
> gcc-5 (Debian 5.4.1-5) 5.4.1 20170205
> ~~~
>
> What seems to work though:
> ~~~
> $ CC=clang dpkg-buildpackage -us -uc
> [...]
> $ sudo dpkg -i ../libsbc1_*.deb
> ~~~

Thanks for verifying! The problem would not be PIE then. It appears
the custom assembler is not compatible with current gcc versions.

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Fri, Mar 03, 2017 at 01:14:56PM -0300, Felipe Sateler wrote:
> It has been pointed out to me that this may be unrelated to PIE, but
> just caused by a newer GCC version. Could you check if disabling PIE
> makes the binary work again? To do so:
> 
> apt-get source sbc
> sudo apt-get build-dep sbc
> cd sbc-1.3
> DEB_BUILD_OPTIONS=hardening=-pie dpkg-buildpackage -us -uc
> sudo dpkg -i ../libsbc1_*.deb

Tried it, but still crashes. I also tried:

0) dpkg-buildpackage -us -uc
1) 
DEB_BUILD_OPTIONS=hardening=-stackprotectorstrong,-stackprotector,-pie,-fortify 
dpkg-buildpackage -us -uc
2) DEB_BUILD_OPTIONS=hardening=-all dpkg-buildpackage -us -uc
3) CC=gcc-5 dpkg-buildpackage -us -uc

But the resulting packages/libraries crash, too.

~~~
$ gcc --version
gcc (Debian 6.3.0-8) 6.3.0 20170221
$ gcc-5 --version
gcc-5 (Debian 5.4.1-5) 5.4.1 20170205
~~~

What seems to work though:
~~~
$ CC=clang dpkg-buildpackage -us -uc
[...]
$ sudo dpkg -i ../libsbc1_*.deb
~~~

Regards, Linus

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

On Fri, Mar 3, 2017 at 11:06 AM, Felipe Sateler  wrote:
> Control: tags -1 - help
> Control: reassign -1 libsbc1 1.3-1+b2
> Control: retitle -1 libsbc1: build with PIE causes stack corruption
> Control: affects -1 pulseaudio
> Control: severity -1 serious
>
>
> On Fri, Mar 3, 2017 at 10:52 AM, Linus Lüssing  
> wrote:
>> On Thu, Mar 02, 2017 at 08:36:29PM -0300, Felipe Sateler wrote:
>>> Indeed. However, from what I can see the most likely (only?) way to
>>> get there is via a sbc_encode that is called in module-bluez5-device.
>>> However, that part of the code does not look changed since 9.0. Have
>>> you confirmed downgrading to 9.0 fixes the issue?
>>
>> Oh, sorry, good point. I think we are narrowing it down now:
>>
>> It's actually not the pulsaudio upgrade from 9.0 to 10 but the
>> update of libsbc1 from 1.3-1 to 1.3-1+b2, which I did during the
>> same "apt-get dist-upgrade".
>>
>> Downgrading libsbc1 to 1.3-1 is enough to make the crash vanish!
>
> OK. That rebuild was done to enable PIE. So it looks like PIE
> conflicts with the hand-written asm code, at least for armhf. It seems
> to me PIE will have to be disabled there.

It has been pointed out to me that this may be unrelated to PIE, but
just caused by a newer GCC version. Could you check if disabling PIE
makes the binary work again? To do so:

apt-get source sbc
sudo apt-get build-dep sbc
cd sbc-1.3
DEB_BUILD_OPTIONS=hardening=-pie dpkg-buildpackage -us -uc
sudo dpkg -i ../libsbc1_*.deb


Fortunately the library is small so it shouldn't take that long to build.

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

Control: tags -1 - help
Control: reassign -1 libsbc1 1.3-1+b2
Control: retitle -1 libsbc1: build with PIE causes stack corruption
Control: affects -1 pulseaudio
Control: severity -1 serious


On Fri, Mar 3, 2017 at 10:52 AM, Linus Lüssing  wrote:
> On Thu, Mar 02, 2017 at 08:36:29PM -0300, Felipe Sateler wrote:
>> Indeed. However, from what I can see the most likely (only?) way to
>> get there is via a sbc_encode that is called in module-bluez5-device.
>> However, that part of the code does not look changed since 9.0. Have
>> you confirmed downgrading to 9.0 fixes the issue?
>
> Oh, sorry, good point. I think we are narrowing it down now:
>
> It's actually not the pulsaudio upgrade from 9.0 to 10 but the
> update of libsbc1 from 1.3-1 to 1.3-1+b2, which I did during the
> same "apt-get dist-upgrade".
>
> Downgrading libsbc1 to 1.3-1 is enough to make the crash vanish!

OK. That rebuild was done to enable PIE. So it looks like PIE
conflicts with the hand-written asm code, at least for armhf. It seems
to me PIE will have to be disabled there.

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Thu, Mar 02, 2017 at 08:36:29PM -0300, Felipe Sateler wrote:
> Indeed. However, from what I can see the most likely (only?) way to
> get there is via a sbc_encode that is called in module-bluez5-device.
> However, that part of the code does not look changed since 9.0. Have
> you confirmed downgrading to 9.0 fixes the issue?

Oh, sorry, good point. I think we are narrowing it down now:

It's actually not the pulsaudio upgrade from 9.0 to 10 but the
update of libsbc1 from 1.3-1 to 1.3-1+b2, which I did during the
same "apt-get dist-upgrade".

Downgrading libsbc1 to 1.3-1 is enough to make the crash vanish!

Regards, Linus

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

Control: tags -1 = help

On Thu, Mar 2, 2017 at 8:01 PM, Linus Lüssing  wrote:
> On Thu, Mar 02, 2017 at 06:29:12PM -0300, Felipe Sateler wrote:
>> Could you install the debug symbols for libsbc and see if we can get a
>> reasonable function name for that call?
>


> Thread 1 (Thread 0xa0c79300 (LWP 3283)):
> #0  0xa0c84962 in sbc_analyze_eight_armv6 () at sbc/sbc_primitives_armv6.c:115
> #1  0x000c0018 in ?? ()
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> (gdb) quit
> #
>
>
> Hm, not sure it's relevant, but the "v6" in sbc_analyze_eight_armv6 /
> sbc_primitives_armv6.c looks weird. The Odroid U3 sports a Samsung
> Exynos 4412 which is ARMv7, not v6. (but not sure, maybe armv6 code
> was supposed to run under ARMv7, but not the other way round?)
>
> Otherwise sbc_primitives_armv6.c:115 looks like fun with Assembly
> :-).

Indeed. However, from what I can see the most likely (only?) way to
get there is via a sbc_encode that is called in module-bluez5-device.
However, that part of the code does not look changed since 9.0. Have
you confirmed downgrading to 9.0 fixes the issue?

I'm CCing the bluetooth maintainers in case they have some idea of how
to debug this. I have no idea what could have caused this, and sbc has
very little documentation.

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Thu, Mar 02, 2017 at 06:29:12PM -0300, Felipe Sateler wrote:
> Could you install the debug symbols for libsbc and see if we can get a
> reasonable function name for that call?

Now with sbc-dbg installed:
https://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.3259.1488493325.lz4
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-3.log
https://metameute.de/~tux/bugreport/pulseaudio/pulseaudio-3.core.xz


And here is the gdb backtrace for all threads again, now with a
little more information :) :

#
odroid@otheros:/$ sudo coredumpctl gdb
   PID: 3259 (pulseaudio)
   UID: 1001 (odroid)
   GID: 1001 (odroid)
Signal: 11 (SEGV)
 Timestamp: Thu 2017-03-02 23:22:05 CET (2min 51s ago)
  Command Line: pulseaudio -
Executable: /usr/bin/pulseaudio
 Control Group: /system.slice/tigervncserver.service
  Unit: tigervncserver.service
 Slice: system.slice
   Boot ID: d834b6de713f4e04816eb5b83e7100a3
Machine ID: 5716166b59b3477b83939474094b846e
  Hostname: otheros
   Storage: 
/var/lib/systemd/coredump/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.3259.1488493325.lz4
   Message: Process 3259 (pulseaudio) of user 1001 dumped core.

Stack trace of thread 3283:
#0  0xa0c84962 sbc_analyze_eight_armv6 (libsbc.so.1)
#1  0x000c0018 n/a (n/a)

GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/pulseaudio...Reading symbols from 
/usr/lib/debug/.build-id/1b/d03b66bbc1da7b639af9914dd3db452a0905f2.debug...done.
done.
[New LWP 3283]
[New LWP 3259]
[New LWP 3263]
[New LWP 3262]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `pulseaudio -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xa0c84962 in sbc_analyze_eight_armv6 () at sbc/sbc_primitives_armv6.c:115
115 sbc/sbc_primitives_armv6.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0xa0c79300 (LWP 3283))]
(gdb) thread apply all bt

Thread 4 (Thread 0xb204b300 (LWP 3262)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6be4506 in __GI_ppoll (fds=0x7f6b6ad0, nfds=3, timeout=, 
timeout@entry=0x0, sigmask=sigmask@entry=0x0) at 
../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e47846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, 
__fds=) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5f8388) at pulsecore/rtpoll.c:314
#4  0xb206a3c8 in thread_func (userdata=0x7f695c58) at 
modules/alsa/alsa-sink.c:1799
#5  0xb6df8970 in internal_thread_func (userdata=0x7f62a738) at 
pulsecore/thread-posix.c:81
#6  0xb6cea5e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6bea472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from 
/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0xb16ff300 (LWP 3263)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6be4506 in __GI_ppoll (fds=0x7f62a5d0, nfds=2, timeout=, 
timeout@entry=0x0, sigmask=sigmask@entry=0x0) at 
../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e47846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, 
__fds=) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5f04d8) at pulsecore/rtpoll.c:314
#4  0xb206f2fe in thread_func (userdata=0x7f60aec0) at 
modules/alsa/alsa-source.c:1516
#5  0xb6df8970 in internal_thread_func (userdata=0x7f6246d0) at 
pulsecore/thread-posix.c:81
#6  0xb6cea5e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6bea472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from 
/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 2 (Thread 0xb6f39000 (LWP 3259)):
#0  0xb6cf1420 in write () at ../sysdeps/unix/syscall-template.S:84
#1  0xb6dd611e in pa_write (fd=43, buf=buf@entry=0xbebff1e8, 
count=count@entry=8, type=type@entry=0x7f66c13c) at pulsecore/core-util.c:477
#2  0xb6ddb0a8 in pa_fdsem_post (f=0x7f66c130) at pulsecore/fdsem.c:196
#3  0xb6e30

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

On Thu, Mar 2, 2017 at 5:15 PM, Linus Lüssing  wrote:
> On Thu, Mar 02, 2017 at 03:27:25AM +0100, Linus Lüssing wrote:
>> Two more notes to maybe eliminate some potential causes:
>>
>> * Removing the ~/.config/pulse/default.pa mentioned earlier did not help.
>> * Using a different bluetooth stick did not help (Some Logilink
>>   one now which worked with pulseaudio v9, too, listed as:
>>   "0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)" )
>
> And two more tests:
>
> * Using another bluetooth headset crashes, too (Medion 43316).
> * Selecting HSP/HFP instead of A2DP in pavucontrol makes playback
>   work! The crash only happens when A2DP is selected.

OK, so it looks like pulseaudio is passing bogus parameters somewhere
to libsbc, which is a library used in AD2P mode:

Thread 1 (Thread 0xb0c64300 (LWP 11376)):
#0  0xb0c6f962 in ?? () from /usr/lib/arm-linux-gnueabihf/libsbc.so.1
#1  0x000c0018 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Could you install the debug symbols for libsbc and see if we can get a
reasonable function name for that call?

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Thu, Mar 02, 2017 at 03:27:25AM +0100, Linus Lüssing wrote:
> Two more notes to maybe eliminate some potential causes:
> 
> * Removing the ~/.config/pulse/default.pa mentioned earlier did not help.
> * Using a different bluetooth stick did not help (Some Logilink
>   one now which worked with pulseaudio v9, too, listed as:
>   "0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)" )

And two more tests:

* Using another bluetooth headset crashes, too (Medion 43316).
* Selecting HSP/HFP instead of A2DP in pavucontrol makes playback
  work! The crash only happens when A2DP is selected.

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

Two more notes to maybe eliminate some potential causes:

* Removing the ~/.config/pulse/default.pa mentioned earlier did not help.
* Using a different bluetooth stick did not help (Some Logilink
  one now which worked with pulseaudio v9, too, listed as:
  "0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)" )

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

On Wed, Mar 01, 2017 at 07:34:11PM -0300, Felipe Sateler wrote:
> You need to activate the debug archives:
> 
> https://wiki.debian.org/AutomaticDebugPackages

Aiy, thanks! The following crash was with pulseaudio-dbgsym and
libpulse0-dbgsym installed and the gdb backtrace was created for
all threads ("(gdb) thread apply all bt" - unfortunately still looks
like there is some stack corruption :( ) :

#
odroid@otheros:/$ sudo coredumpctl gdb
   PID: 11356 (pulseaudio)
   UID: 1001 (odroid)
   GID: 1001 (odroid)
Signal: 11 (SEGV)
 Timestamp: Thu 2017-03-02 02:24:15 CET (8min ago)
  Command Line: pulseaudio -
Executable: /usr/bin/pulseaudio
 Control Group: /system.slice/tigervncserver.service
  Unit: tigervncserver.service
 Slice: system.slice
   Boot ID: d834b6de713f4e04816eb5b83e7100a3
Machine ID: 5716166b59b3477b83939474094b846e
  Hostname: otheros
   Storage: 
/var/lib/systemd/coredump/core.pulseaudio.1001.d834b6de713f4e04816eb5b83e7100a3.11356.1488417855.lz4
   Message: Process 11356 (pulseaudio) of user 1001 dumped core.

Stack trace of thread 11376:
#0  0xb0c6f962 n/a (libsbc.so.1)


GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/pulseaudio...Reading symbols from 
/usr/lib/debug/.build-id/1b/d03b66bbc1da7b639af9914dd3db452a0905f2.debug...done.
done.
[New LWP 11376]
[New LWP 11356]
[New LWP 11360]
[New LWP 11362]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `pulseaudio -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb0c6f962 in ?? () from /usr/lib/arm-linux-gnueabihf/libsbc.so.1
[Current thread is 1 (Thread 0xb0c64300 (LWP 11376))]
(gdb) 
(gdb) thread apply all bt

Thread 4 (Thread 0xb16ff300 (LWP 11362)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=0x7f619fb0, nfds=2, timeout=, 
timeout@entry=0x0, sigmask=sigmask@entry=0x0) at 
../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e3f846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, 
__fds=) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5fcad0) at pulsecore/rtpoll.c:314
#4  0xb20672fe in thread_func (userdata=0x7f5f6af8) at 
modules/alsa/alsa-source.c:1516
#5  0xb6df0970 in internal_thread_func (userdata=0x7f5fbd68) at 
pulsecore/thread-posix.c:81
#6  0xb6ce25e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6be2472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from 
/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0xb2043300 (LWP 11360)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=0x7f6bf290, nfds=3, timeout=, 
timeout@entry=0x0, sigmask=sigmask@entry=0x0) at 
../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6e3f846 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, 
__fds=) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_rtpoll_run (p=0x7f5e85e8) at pulsecore/rtpoll.c:314
#4  0xb20623c8 in thread_func (userdata=0x7f684ca0) at 
modules/alsa/alsa-sink.c:1799
#5  0xb6df0970 in internal_thread_func (userdata=0x7f610cf0) at 
pulsecore/thread-posix.c:81
#6  0xb6ce25e4 in start_thread (arg=0x0) at pthread_create.c:335
#7  0xb6be2472 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:86 from 
/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 2 (Thread 0xb6f31000 (LWP 11356)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1  0xb6bdc506 in __GI_ppoll (fds=fds@entry=0x7f62f0c0, nfds=nfds@entry=25, 
timeout=, sigmask=sigmask@entry=0x0)
at ../sysdeps/unix/sysv/linux/ppoll.c:39
#2  0xb6d87940 in ppoll (__ss=0x0, __timeout=, __nfds=25, 
__fds=0x7f62f0c0) at /usr/include/arm-linux-gnueabihf/bits/poll2.h:77
#3  pa_mainloop_poll (m=m@entry=0x7f58ce58) at pulse/mainloop.c:852
#4  0xb6d87dd8 in pa_mainloop_iterate (m=0x7f58ce58, block=, 
retval=0xbea1bf44) at pulse/mainloop.c:926
#5  0xb6d87e5c in pa_mainloop_run (m=0x7f58ce58, retva

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

On Wed, Mar 1, 2017 at 6:29 PM, Linus Lüssing  wrote:
> Hi Felipe,
>
> Thanks a lot for your quick reply! :)
>
> On Wed, Mar 01, 2017 at 03:12:58PM -0300, Felipe Sateler wrote:
>> Did you have the pulseaudio debug packages installed? Please install
>> pulseaudio-dbgsym and libpulse-dbgsym.
>
> Nope, I didn't. But looks like there is none available for armhf
> (yet)? Is there another way to obtain/install debug packages?
> (or should I just try to recompile pulseaudio myself?)

You need to activate the debug archives:

https://wiki.debian.org/AutomaticDebugPackages

>
>> > Storage part can be found here:
>> > http://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4
>>
>> This returns 403 forbidden.
>
> Urgh, permissions - fixed, thanks :).

gdb-multiarch doesn't appear to be able to parse this either :(

(gdb) bt
#0  0xb0e0b962 in ?? ()
#1  0x000c0018 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)


-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Linus Lüssing]

Hi Felipe,

Thanks a lot for your quick reply! :)

On Wed, Mar 01, 2017 at 03:12:58PM -0300, Felipe Sateler wrote:
> Did you have the pulseaudio debug packages installed? Please install
> pulseaudio-dbgsym and libpulse-dbgsym.

Nope, I didn't. But looks like there is none available for armhf
(yet)? Is there another way to obtain/install debug packages?
(or should I just try to recompile pulseaudio myself?)

> > Storage part can be found here:
> > http://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4
> 
> This returns 403 forbidden.

Urgh, permissions - fixed, thanks :).

Regards, Linus

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[Felipe Sateler]

Control: tags -1 moreinfo


On Wed, Mar 1, 2017 at 11:45 AM,   wrote:
> Package: pulseaudio
> Version: 10.0-1
> Severity: important
>
> Hi,
>
> I updated pulseaudio from 9.0-5 to 10.0-1 two days ago and since then
> I'm having segfaults for it when using bluetooth.
>
> Using the local sound card works fine, also connecting the headset with
> the bluetooth stick still works.
>
> However once I actually start streaming audio to the headset, pulseaudio
> crashes immediately, always.
>
> Devices involved:
> * Machine: Odroid U3 (an ARMv7 device)
> * Headset: Plantronics Backbeat Pro
> * Stick: Sena Parani-UD100-G03 Bluetooth Adapter
>
> The coredump seems to contain a broken stack, unfortunately :( :

Did you have the pulseaudio debug packages installed? Please install
pulseaudio-dbgsym and libpulse-dbgsym.

The core appears unusable to me :(

>
> #
> sudo coredumpctl dump --output /tmp/core
>PID: 15991 (pulseaudio)
>UID: 1001 (odroid)
>GID: 1001 (odroid)
> Signal: 11 (SEGV)
>  Timestamp: Wed 2017-03-01 08:00:18 CET (7h ago)
>   Command Line: pulseaudio -D
> Executable: /usr/bin/pulseaudio
>  Control Group: /system.slice/tigervncserver.service
>   Unit: tigervncserver.service
>  Slice: system.slice
>Boot ID: ac412473aa4a4c6bb9a7784048ee138c
> Machine ID: 5716166b59b3477b83939474094b846e
>   Hostname: otheros
>Storage: 
> /var/lib/systemd/coredump/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4
>Message: Process 15991 (pulseaudio) of user 1001 dumped core.
>
> Stack trace of thread 17605:
> #0  0xb0e0b962 n/a (libsbc.so.1)
> More than one entry matches, ignoring rest.
> #
>
> Storage part can be found here:
> http://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4

This returns 403 forbidden.

-- 

Saludos,
Felipe Sateler

Bug#856487: pulseaudio: SIGSEGV upon streaming to bluetooth headset

[linus . luessing]

Package: pulseaudio
Version: 10.0-1
Severity: important

Hi,

I updated pulseaudio from 9.0-5 to 10.0-1 two days ago and since then
I'm having segfaults for it when using bluetooth.

Using the local sound card works fine, also connecting the headset with
the bluetooth stick still works.

However once I actually start streaming audio to the headset, pulseaudio
crashes immediately, always.

Devices involved:
* Machine: Odroid U3 (an ARMv7 device)
* Headset: Plantronics Backbeat Pro
* Stick: Sena Parani-UD100-G03 Bluetooth Adapter

The coredump seems to contain a broken stack, unfortunately :( :

#
sudo coredumpctl dump --output /tmp/core
   PID: 15991 (pulseaudio)
   UID: 1001 (odroid)
   GID: 1001 (odroid)
Signal: 11 (SEGV)
 Timestamp: Wed 2017-03-01 08:00:18 CET (7h ago)
  Command Line: pulseaudio -D
Executable: /usr/bin/pulseaudio
 Control Group: /system.slice/tigervncserver.service
  Unit: tigervncserver.service
 Slice: system.slice
   Boot ID: ac412473aa4a4c6bb9a7784048ee138c
Machine ID: 5716166b59b3477b83939474094b846e
  Hostname: otheros
   Storage: 
/var/lib/systemd/coredump/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4
   Message: Process 15991 (pulseaudio) of user 1001 dumped core.

Stack trace of thread 17605:
#0  0xb0e0b962 n/a (libsbc.so.1)
More than one entry matches, ignoring rest.
#

Storage part can be found here:
http://metameute.de/~tux/bugreport/pulseaudio/core.pulseaudio.1001.ac412473aa4a4c6bb9a7784048ee138c.15991.1488351618.lz4

Or the coredump created via the "coredumpctl dump --output" above:
http://metameute.de/~tux/bugreport/pulseaudio/pulseaudio.core.xz

Regards, Linus

#
odroid(1001)$ cat ~/.config/pulse/default.pa
.include /etc/pulse/default.pa

load-module module-native-protocol-unix socket=/tmp/my-pulse-socket-name
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 auth-anonymous=1
#


-- Package-specific info:
File '/etc/default/pulseaudio' does not exist


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: armhf (armv7l)

Kernel: Linux 4.2.3-00234-g11acd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pulseaudio depends on:
ii  adduser  3.115
ii  libasound2   1.1.3-5
ii  libasound2-plugins   1.1.1-1
ii  libc62.24-9
ii  libcap2  1:2.25-1
ii  libdbus-1-3  1.10.16-1
ii  libgcc1  1:6.3.0-8
ii  libice6  2:1.0.9-2
ii  libltdl7 2.4.6-2
ii  liborc-0.4-0 1:0.4.26-2
ii  libpulse010.0-1
ii  libsm6   2:1.2.2-1+b1
ii  libsndfile1  1.0.27-1+b1
ii  libsoxr0 0.1.2-2
ii  libspeexdsp1 1.2~rc1.2-1+b2
ii  libstdc++6   6.3.0-8
ii  libsystemd0  232-18
ii  libtdb1  1.3.11-2
ii  libudev1 232-18
ii  libwebrtc-audio-processing1  0.3-1
ii  libx11-6 2:1.6.4-3
ii  libx11-xcb1  2:1.6.4-3
ii  libxcb1  1.12-1
ii  libxtst6 2:1.2.3-1
ii  lsb-base 9.20161125
ii  pulseaudio-utils 10.0-1

Versions of packages pulseaudio recommends:
ii  rtkit  0.11-4

Versions of packages pulseaudio suggests:
pn  paman
pn  paprefs  
ii  pavucontrol  3.0-3+b2
pn  pavumeter
ii  udev 232-18

-- Configuration Files:
/etc/pulse/default.pa changed:
.fail
load-module module-device-restore
load-module module-stream-restore
load-module module-card-restore
load-module module-augment-properties
load-module module-switch-on-port-available
.ifexists module-udev-detect.so
load-module module-udev-detect
.else
load-module module-detect
.endif
.ifexists module-jackdbus-detect.so
.nofail
load-module module-jackdbus-detect channels=2
.fail
.endif
.ifexists module-bluetooth-policy.so
load-module module-bluetooth-policy
.endif
.ifexists module-bluetooth-discover.so
load-module module-bluetooth-discover
.endif
.ifexists module-esound-protocol-unix.so
load-module module-esound-protocol-unix
.endif
load-module module-native-protocol-unix
load-module module-native-protocol-tcp auth-anonymous=true
.ifexists module-gconf.so
.nofail
load-module module-gconf
.fail
.endif
load-module module-default-device-restore
load-module module-rescue-streams
load-module module-always-sink
load-module module-intended-roles
load-module module-suspend-on-idle
.ifexists module-console-kit.so
load-module module-console-kit
.endif
.ifexists module-systemd-login.so
load-module module-systemd-login
.endif