search

christf / snapcastc

C implementation of snapcast focussing on audio quality and ease of maintenance.
GNU General Public License v3.0
43 stars 6 forks source link

Stability issues / SIGSEV #44

Closed markusj closed 4 years ago

markusj commented 4 years ago

Currently running on branch mixer. Clients and server run on Debian Buster, the stream is provided by Mopidy.

snapcastc crashes for me for pretty much every configuration of buffer_ms and --buffer except for 120/500 respectively. I originally tried to increase --buffer to cope with bad WiFi conditions, but well, it did not work as expected. This is one valgrind trace I got while trying to figure out what happens:

==3645== Memcheck, a memory error detector
==3645== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3645== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==3645== Command: ./snapcast-server -b 1000 -s pipe:///tmp/snapfifo?buffer_ms=200&codec=opus&name=default&sampleformat=48000:16:2&timeout_ms=2500
==3645==
Either this is the first chunk we read for the first client on an inputstream or We are horribly late when reading from the pipes. Using current timestamp to play back current chunk. If this occurs during playback in contrast to the very beginning, consider adjusting timeout_ms for this stream.
encode failed: invalid argument
==3645== Invalid read of size 8
==3645== at 0x484D308: __GI_memcpy (in /usr/lib/aarch64-linux-gnu/valgrind/vgpreload_memcheck-arm64-linux.so)
==3645== by 0x1132EF: memcpy (string_fortified.h:34)
==3645== by 0x1132EF: encode_opus_handle (opuscodec.c:65)
==3645== by 0x10C81B: loop (server.c:119)
==3645== by 0x10C1FB: main (server.c:251)
==3645== Address 0x1fff001000 is not stack'd, malloc'd or (recently) free'd

Sometimes (e.g. with --buffer 1000), the server did not crash (immediately) but produced strange echo or beat artefacts.

maxmitti commented 4 years ago

I also tracked this down and found out that the buffer_ms related crashes are based on a limitation of opus.

The passed frame_size must an opus frame size for the encoder's sampling rate. For example, at 48kHz the permitted values are 120, 240, 480, or 960. Passing in a duration of less than 10ms (480 samples at 48kHz) will prevent the encoder from using the LPC or hybrid modes.

https://www.opus-codec.org/docs/html_api/group__opusencoder.html#ga88621a963b809ebfc27887f13518c966

The value passed to opus_encode as frame_size is calculated as int frames = chunk->size / chunk->frame_size / chunk->channels; where chunk->size = ctx->samples * ctx->channels * ctx->samplesize * ctx->read_ms / 1000 ctx->samples = samplerate from the sampleformat specification ctx->samplesize =number of bytes per sample, i.e. bits per sample / 8 also from the sampleformat ctx->read_ms =buffer_ms chunk->frame_size is same as ctx->samplesize chunk->channels and ctx->channels are the number of channels from the sampleformat specification

Ultimately, this leads to frames = samplerate * buffer_ms / 1000 which must be one of opus's accepted values. With 48000:16:2 this would lead to frames = 48000 * buffer_ms / 1000 = 48 * buffer_ms. Which results in 5760 for 120ms buffer_ms. However this frame_size is not supported by opus either, according to the documentation. So, either I messed up somewhere or the documentation is outdated, but at least it is a multiple of a supported frame_size.

Anyhow, the working values for buffer_ms are indirectly highly limited by what opus supports as frame_size. I did not even come to the point of realising that changing --buffer (I assume you mean -b) can also cause crashes.

christf commented 4 years ago

opus supports frames of 120/60/30/15 ms. It could be worthwhile white-listing working bufferms values to avoid this situation. Any other ideas?

christf commented 4 years ago

the echo/beat artifacts are audible here as well. I cannot quite put my finger on it but I think this is a bug in the retransmit code as described in #48

markusj commented 4 years ago

opus supports frames of 120/60/30/15 ms. It could be worthwhile white-listing working bufferms values to avoid this situation. Any other ideas?

Would be OK, maybe some documentation on the pipe parameters would also have prevented me from trying different values at all.

christf commented 4 years ago

hm. even after the patches from the last days valgrind is still complaining:

received signal was: Resource temporarily unavailable ==26806== Invalid read of size 4 ==26806== at 0x115767: chunk_copy_meta (pcmchunk.c:105) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac0a is 10 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 4 ==26806== at 0x115773: chunk_copy_meta (pcmchunk.c:106) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac0e is 14 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 4 ==26806== at 0x115781: chunk_copy_meta (pcmchunk.c:107) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac12 is 18 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 1 ==26806== at 0x11578F: chunk_copy_meta (pcmchunk.c:108) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac16 is 22 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 1 ==26806== at 0x11579E: chunk_copy_meta (pcmchunk.c:109) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac17 is 23 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 2 ==26806== at 0x1157AD: chunk_copy_meta (pcmchunk.c:110) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac18 is 24 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 1 ==26806== at 0x1157BD: chunk_copy_meta (pcmchunk.c:111) ==26806== by 0x10DC6D: remove_old_audiodata_task (intercom_srv.c:56) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac1a is 26 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid free() / delete / delete[] / realloc() ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x67aac00 is 0 bytes inside a block of size 1,439 free'd ==26806== at 0x48369AB: free (vg_replace_malloc.c:530) ==26806== by 0x10DCBA: remove_old_audiodata_task (intercom_srv.c:64) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Block was alloc'd at ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x10DAC8: snap_alloc (alloc.h:42) ==26806== by 0x10E0FC: intercom_send_audio (intercom_srv.c:130) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 8 ==26806== at 0x483C937: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece20 is 0 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 8 ==26806== at 0x483C93F: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece28 is 8 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 8 ==26806== at 0x483C924: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece30 is 16 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid write of size 8 ==26806== at 0x483C92B: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece20 is 0 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid read of size 8 ==26806== at 0x483C92F: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece38 is 24 bytes after a block of size 8,192 in arena "client" ==26806== ==26806== Invalid write of size 8 ==26806== at 0x483C933: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece28 is 8 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid write of size 8 ==26806== at 0x483C93B: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece30 is 16 bytes after a block of size 8,192 alloc'd ==26806== at 0x4837D7B: realloc (vg_replace_malloc.c:826) ==26806== by 0x11477C: snap_realloc (alloc.h:89) ==26806== by 0x114836: _snap_vector_resize (vector.c:62) ==26806== by 0x114885: _snap_vector_insert (vector.c:72) ==26806== by 0x10E177: intercom_send_audio (intercom_srv.c:134) ==26806== by 0x10CF10: loop (server.c:120) ==26806== by 0x10D840: main (server.c:251) ==26806== ==26806== Invalid write of size 8 ==26806== at 0x483C943: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) ==26806== Address 0x59ece38 is 24 bytes after a block of size 8,192 in arena "client" ==26806== ==26806== ==26806== Process terminating with default action of signal 11 (SIGSEGV) ==26806== Bad permissions for mapped region at address 0x5D47000 ==26806== at 0x483C92B: memmove (vg_replace_strmem.c:1270) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) --26806-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --26806-- si_code=128; Faulting address: 0x0; sp: 0x1002fbbd70

valgrind: the 'impossible' happened: Killed by fatal signal

host stacktrace: ==26806== at 0x5805077A: get_prev_b (m_mallocfree.c:428) ==26806== by 0x5805077A: swizzle (m_mallocfree.c:1201) ==26806== by 0x5805077A: unlinkBlock (m_mallocfree.c:1698) ==26806== by 0x58052804: vgPlain_arena_malloc (m_mallocfree.c:1886) ==26806== by 0x58005AD2: vgMemCheck_new_block (mc_malloc_wrappers.c:372) ==26806== by 0x58005AD2: vgMemCheck_malloc (mc_malloc_wrappers.c:407) ==26806== by 0x580A7883: do_client_request (scheduler.c:1925) ==26806== by 0x580A7883: vgPlain_scheduler (scheduler.c:1488) ==26806== by 0x580BA2E5: final_tidyup (m_main.c:2393) ==26806== by 0x580BA472: shutdown_actions_NORETURN (m_main.c:2107) ==26806== by 0x580F5EC3: run_a_thread_NORETURN (syswrap-linux.c:203)

sched status: running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 26806) ==26806== at 0x483577F: malloc (vg_replace_malloc.c:299) ==26806== by 0x40141BD: _dl_close_worker (dl-close.c:396) ==26806== by 0x40141BD: _dl_close_worker (dl-close.c:111) ==26806== by 0x401486D: _dl_close (dl-close.c:842) ==26806== by 0x5141B2E: _dl_catch_exception (dl-error-skeleton.c:196) ==26806== by 0x5141BBE: _dl_catch_error (dl-error-skeleton.c:215) ==26806== by 0x5141146: dlerror_run (dl-libc.c:46) ==26806== by 0x5175EA6: free_mem (in /lib/x86_64-linux-gnu/libc-2.28.so) ==26806== by 0x5175B59: __libc_freeres (in /lib/x86_64-linux-gnu/libc-2.28.so) ==26806== by 0x482B19E: _vgnU_freeres (vg_preloaded.c:77) ==26806== by 0x11C58E: ??? (in /home/christof/Programmierung/snapcastc/build/src/snapcast-server) ==26806== by 0x11494C: _snap_vector_delete (vector.c:88) ==26806== by 0x10DCE6: remove_old_audiodata_task (intercom_srv.c:65) ==26806== by 0x113CB6: taskqueue_run (taskqueue.c:132) ==26806== by 0x10CD46: loop (server.c:108) ==26806== by 0x10D840: main (server.c:251) client stack range: [0x1FFEFE6000 0x1FFF000FFF] client SP: 0x1FFEFFF370 valgrind stack range: [0x1002EBC000 0x1002FBBFFF] top usage: 18568 of 1048576

Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks.

markusj commented 4 years ago

There is still some other memory corruption hidden, I just had a SIGBUS twice (not most recent build, but including all of my patches). This appears to happen when the stack is messed up such that the return pointer becomes invalid (for ARM64: not aligned to word size). Valgrind also bailed out because of such a corruption in the past, but I was not able to pinpoint the issue.

I have to rebuild the most recent checkout and see if ASAN trips over something while using snapcastc.

christf commented 4 years ago

55 contains more fixes that are relevant here.

maxmitti commented 4 years ago

It fixed crashing the server, once I adjusted CHUNK_HEADER_SIZE to 27 (value determined using gdb). But I can't tell yet if it is working correctly.

christf commented 4 years ago

@maxmitti as discussed on IRc CHUNK_HEADER_SIZE currently must be set to 17 as it is in the code. With a lot of fixes already merged I think we can close this and open a new issue once corruption is detected again.

I noticed asan would trip in the client when initializing the hint structure for getaddrinfo with AF_UNSPEC - hence #59

maxmitti commented 4 years ago

Yes, CHUNK_HEADER_SIZE was a misunderstanding from my side. 17 is correct.

christf commented 4 years ago

closing this one because the issues in here have been addrssed.