Bug 239647

Summary: Segfault writing to mmap'd /dev/dsp0 (uaudio) in PulseAudio on aarch64
Product: Base System Reporter: Val Packett <val>
Component: kernAssignee: freebsd-arm (Nobody) <freebsd-arm>
Status: New ---    
Severity: Affects Only Me CC: emaste
Priority: ---    
Version: CURRENT   
Hardware: arm64   
OS: Any   

Description Val Packett 2019-08-04 17:14:37 UTC 
On aarch64, with the following USB soundcard:

uaudio0: <GeneralPlus USB Audio Device, class 0/0, rev 1.10/1.00, addr 11> on usbus2

PulseAudio segfaults trying to memset the mmapped dsp device. This does not happen on amd64.

Log:

I: [(null)] module-oss.c: Device opened in O_RDWR mode.
D: [(null)] oss-util.c: Asking for 4 fragments of size 4096 (requested 4408)
I: [(null)] module-oss.c: Input -- 4 fragments of size 4096.
I: [(null)] module-oss.c: Output -- 4 fragments of size 4096.
D: [(null)] module-oss.c: Successfully mmap()ed input buffer.
D: [(null)] module-device-restore.c: Database contains no data for key: source:oss_input.dsp0
D: [(null)] module-device-restore.c: Database contains no (or invalid) data for key: source:oss_input.dsp0:null
I: [(null)] source.c: Created source 0 "oss_input.dsp0" with sample spec s16le 2ch 44100Hz and channel map front-left,front-right
I: [(null)] source.c:     device.string = "/dev/dsp0"
I: [(null)] source.c:     device.api = "oss"
I: [(null)] source.c:     device.description = "/dev/dsp0"
I: [(null)] source.c:     device.access_mode = "mmap"
I: [(null)] source.c:     device.buffering.buffer_size = "16384"
I: [(null)] source.c:     device.buffering.fragment_size = "4096"
I: [(null)] source.c:     device.icon_name = "audio-input-microphone"
D: [(null)] module-oss.c: Successfully mmap()ed output buffer.
Failed to handle SIGBUS.
zsh: abort      pulseaudio --log-level=debug

Backtrace:

* thread #1, name = 'pulseaudio', stop reason = signal SIGSEGV: address access protected (fault address: 0x41be0000)
  * frame #0: 0x000000004083bf0c libc.so.7`memset + 140
    frame #1: 0x0000000045c116f4 module-oss.so`module_oss_LTX_pa__init + 1632
    frame #2: 0x0000000040327968 libpulsecore-12.2.so`pa_module_load + 484
    frame #3: 0x0000000041bbb2b0 module-detect.so`module_detect_LTX_pa__init + 540
    frame #4: 0x0000000040327968 libpulsecore-12.2.so`pa_module_load + 484

Syscalls:

openat(AT_FDCWD,"/dev/dsp0",O_RDWR|O_NONBLOCK|O_NOCTTY|O_CLOEXEC,00) = 9 (0x9)
fcntl(9,F_GETFD,)                                = 1 (0x1)
ioctl(9,SNDCTL_DSP_SETDUPLEX,0x0)                = 0 (0x0)
ioctl(9,SNDCTL_DSP_GETCAPS,0xffffffffd310)       = 0 (0x0)
readlink("/dev/dsp0",0x412c44d0,99)              ERR#22 'Invalid argument'
open("/dev/sndstat",O_RDONLY|O_CLOEXEC,0666)     = 10 (0xa)
fcntl(10,F_GETFD,)                               = 1 (0x1)
fstat(10,{ mode=crw-r--r-- ,inode=7,size=0,blksize=4096 }) = 0 (0x0)
ioctl(10,TIOCGETA,0xffffffffcfe8)                ERR#19 'Operation not supported by device'
read(10,"Installed devices:\npcm0: <USB a"...,4096) = 93 (0x5d)
read(10,0x4028f000,4096)                         = 0 (0x0)
close(10)                                        = 0 (0x0)
ioctl(9,SNDCTL_DSP_SETFRAGMENT,0xffffffffd2b4)   = 0 (0x0)
ioctl(9,SNDCTL_DSP_SETFMT,0xffffffffd294)        = 0 (0x0)
ioctl(9,SOUND_PCM_WRITE_CHANNELS,0xffffffffd290) = 0 (0x0)
ioctl(9,SNDCTL_DSP_SPEED,0xffffffffd28c)         = 0 (0x0)
ioctl(9,SNDCTL_DSP_GETBLKSIZE,0xffffffffd318)    = 0 (0x0)
pipe2(0x413078c0,O_CLOEXEC)                      = 0 (0x0)
fcntl(10,F_GETFD,)                               = 1 (0x1)
fcntl(11,F_GETFD,)                               = 1 (0x1)
pipe2(0x413075f0,O_CLOEXEC)                      = 0 (0x0)
fcntl(12,F_GETFD,)                               = 1 (0x1)
fcntl(13,F_GETFD,)                               = 1 (0x1)
pipe2(0x41307920,O_CLOEXEC)                      = 0 (0x0)
fcntl(14,F_GETFD,)                               = 1 (0x1)
fcntl(15,F_GETFD,)                               = 1 (0x1)
pipe2(0x41307950,O_CLOEXEC)                      = 0 (0x0)
fcntl(16,F_GETFD,)                               = 1 (0x1)
fcntl(17,F_GETFD,)                               = 1 (0x1)
write(4,"W",1)                                   = 1 (0x1)
write(4,"W",1)                                   = 1 (0x1)
ioctl(9,SNDCTL_DSP_GETISPACE,0xffffffffd320)     = 0 (0x0)
ioctl(9,SNDCTL_DSP_GETOSPACE,0xffffffffd320)     = 0 (0x0)
mmap(0x0,16384,PROT_READ,MAP_SHARED,9,0x0)       = 1102954496 (0x41bdc000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1102548992 (0x41b79000)
mmap(0x0,16384,PROT_WRITE,MAP_SHARED,9,0x0)      = 1102970880 (0x41be0000)
SIGNAL 11 (SIGSEGV) code=SEGV_ACCERR trapno=0 addr=0x41be0000
sigprocmask(SIG_SETMASK,{ SIGSEGV },0x0)         = 0 (0x0)
Failed to handle SIGBUS. 

Memory mappings:

  PID              START                END PRT  RES PRES REF SHD FLAG  TP PATH
88061         0x41bdc000         0x41be0000 r--    0    0   2   0 ----- dv
88061         0x41be0000         0x41be4000 -w-    0    0   2   0 ----- dv
88061         0x41c00000         0x45c01000 rw-   17   17   2   0 ----- df