[Bug report] Music player stops playing music from sd after some time

[Entropy512]

ok, I attached both sdcard daemons (internal and external) to gdb and ran the file copy test again.
When the copy hung, breaking to gdb and doing info threads shows:

(gdb) info threads
Id Target Id Frame
3 Thread 4478 read () at bionic/libc/arch-arm/syscalls/read.S:9
2 Thread 4477 read () at bionic/libc/arch-arm/syscalls/read.S:9
* 1 Thread 4467 read () at bionic/libc/arch-arm/syscalls/read.S:10

(gdb) info threads
Id Target Id Frame
3 Thread 4475 read () at bionic/libc/arch-arm/syscalls/read.S:9
2 Thread 4474 read () at bionic/libc/arch-arm/syscalls/read.S:9
* 1 Thread 4468 read () at bionic/libc/arch-arm/syscalls/read.S:10

If I'm reading this correctly, it means that the worker threads are waiting for fuse request in line 1545
ssize_t len = read(fuse->fd, handler->request_buffer, sizeof(handler->request_buffer));

and the inotify thread is also waiting for inotify event in read()

If the hang was caused by read from sdcard, it should be pread64 syscall instead, right?

Thanks for the info.

This is getting really weird, because it implies that the sdcard daemon is itself not hanging. All of the threads are blocking either:
1) Waiting for an inotify event (the inotify thread)
2) Waiting for a FUSE request to come from the FUSE event queue (/dev/fuse)

this is weird... Looks like the daemon is just sitting there waiting for a request and it's not getting one.

Question - when things start going badly, is it just that file affected, or do all file accesses to the sdcard get hosed?

Also, when it's broken - are you able to access the control filesystem described in https://android.googlesource.com/ke...ndroid-3.8/Documentation/filesystems/fuse.txt ?

Specifically, are there any "waiting" requests in /sys/fs/fuse/connections when it's hung?

 

[cgx]

Thanks for the info.

This is getting really weird, because it implies that the sdcard daemon is itself not hanging. All of the threads are blocking either:
1) Waiting for an inotify event (the inotify thread)
2) Waiting for a FUSE request to come from the FUSE event queue (/dev/fuse)

this is weird... Looks like the daemon is just sitting there waiting for a request and it's not getting one.

Question - when things start going badly, is it just that file affected, or do all file accesses to the sdcard get hosed?

See also my previous post http://forum.xda-developers.com/showpost.php?p=51082621&postcount=239
It shows the actual cause... sdcard has problems talking to fuse, so the writev() back to fuse code in kernel is failing for some reason...

And yes, it's only the single file failing. The daemon is quite happy to continue next operation after this.

update: /sys/fs/fuse/connections/ shows two connections:
20 and 21
fs/fuse/connections/20/waiting <
0

/fs/fuse/connections/21/waiting <
1


btw: I'm on irc also, if it might be easier to do live debugging

 

[Entropy512]

See also my previous post http://forum.xda-developers.com/showpost.php?p=51082621&postcount=239
It shows the actual cause... sdcard has problems talking to fuse, so the writev() back to fuse code in kernel is failing for some reason...

And yes, it's only the single file failing. The daemon is quite happy to continue next operation after this.

update: /sys/fs/fuse/connections/ shows two connections:
20 and 21
fs/fuse/connections/20/waiting <
0

/fs/fuse/connections/21/waiting <
1


btw: I'm on irc also, if it might be easier to do live debugging

Weird. Somehow I missed that previous post.

Timezone issues seem to be a bit of a headache here with catching each other on IRC. (I was kind of exhausted Sunday so I didn't do much at all... I've been pretty burned out for a variety of non-Android-related reasons lately.)

Seems like something isn't properly recovering from an error on the read... I'll need to do some grepping tonight.

errno 23 is:
"23 ENFILE +Too many open files in system"

So time to figure out why this only occurs on our device... Either stuff is getting "stuck open" or some limit somewhere is way too low. It would explain why the kernel gets hung - it seems like Fuse is trying to issue a response to the kernel, it fails, the kernel never gets a response, and gets stuck.

Note: Sometimes errnos can be confusing because someone didn't use the correct errno on return. But at least looking through what would cause a 23 now hints as to where to look.

Hmm, what does dmesg say when this happens? By any chance, something like "VFS: file-max limit reached" (looking at http://stackoverflow.com/questions/3991223/how-does-linux-file-descriptor-limits-work )

 

[cgx]

Seems like something isn't properly recovering from an error on the read... I'll need to do some grepping tonight.

errno 23 is:
"23 ENFILE +Too many open files in system"

I have also been mostly offline for the weekend...

Anyway, the errno is actually 2 (ENOENT). 23 is the return value of the write of the error message(23 chars) to stderr. (Sorry about my confusing log format, used strace for quick capture. Don't know how to catch the fuse trace messages properly)

I think ENOENT here is even more weird as it does not seem to be a regular errno value from any write operations.

Dmesg is not helpful here. Nothing is consistently printed when the error happens

 

[Entropy512]

I have also been mostly offline for the weekend...

Anyway, the errno is actually 2 (ENOENT). 23 is the return value of the write of the error message(23 chars) to stderr. (Sorry about my confusing log format, used strace for quick capture. Don't know how to catch the fuse trace messages properly)

I think ENOENT here is even more weird as it does not seem to be a regular errno value from any write operations.

Dmesg is not helpful here. Nothing is consistently printed when the error happens

Whoops. Thanks for the clarification.

Sounds like this evening (if I have time, need to drive out to run an errand...) will be spent figuring out what could cause an ENOENT on write.

It kind of explains though how the sdcard daemon seems to go into la-la land. It's failing to write a reply back to the kernel FUSE daemon - so the kernel just sits there waiting for the operation to complete and never gets a response because the attempt to respond to it failed.

I wonder if libfuse normally uses some sort of retry mechanism here...

 

[cgx]

Whoops. Thanks for the clarification.

Sounds like this evening (if I have time, need to drive out to run an errand...) will be spent figuring out what could cause an ENOENT on write.

It kind of explains though how the sdcard daemon seems to go into la-la land. It's failing to write a reply back to the kernel FUSE daemon - so the kernel just sits there waiting for the operation to complete and never gets a response because the attempt to respond to it failed.

I wonder if libfuse normally uses some sort of retry mechanism here...

Good luck
I think this is the relevant part from libfuse (fuse_kern_chan.c)

static int fuse_kern_chan_send(struct fuse_chan *ch, const struct iovec iov[],
			       size_t count)
{
	if (iov) {
		ssize_t res = writev(fuse_chan_fd(ch), iov, count);
		int err = errno;

		if (res == -1) {
			struct fuse_session *se = fuse_chan_session(ch);

			assert(se != NULL);

			/* ENOENT means the operation was interrupted */
			if (!fuse_session_exited(se) && err != ENOENT)
				perror("fuse: writing device");
			return -err;
		}
	}
	return 0;
}

So it looks like operation was interrupted, hmm...

I did an experiment though: When the reply failed, I tried to repeat the writev() in a loop up to 1000 times, but it did not go through.

 

[Red_Vex]

You're the only Hope to risolve this bug. Good works

 

[Entropy512]

Good luck
I think this is the relevant part from libfuse (fuse_kern_chan.c)

static int fuse_kern_chan_send(struct fuse_chan *ch, const struct iovec iov[],
			       size_t count)
{
	if (iov) {
		ssize_t res = writev(fuse_chan_fd(ch), iov, count);
		int err = errno;

		if (res == -1) {
			struct fuse_session *se = fuse_chan_session(ch);

			assert(se != NULL);

			/* ENOENT means the operation was interrupted */
			if (!fuse_session_exited(se) && err != ENOENT)
				perror("fuse: writing device");
			return -err;
		}
	}
	return 0;
}

So it looks like operation was interrupted, hmm...

I did an experiment though: When the reply failed, I tried to repeat the writev() in a loop up to 1000 times, but it did not go through.

It looks like libfuse doesn't do a retry on writev(), at least not here.

However it does pass the error up, so I'm going to see what ntfs-fuse does in this case. (in the case of sdcard fuse - it just passes NO_STATUS anyway which I think is a bug)

 

[Entropy512]

At least on my first attempt to trace "up" from a failure of fuse_kern_chan_send - it seems like the error gets passed up quite a few layers, but does eventually just go "nowhere" and doesn't seem to get handled in any way.

I could have misread things though... There's probably at least 4-5 layers of calls in play here.

 

[D4rK.F0rcE]

As long as @Entrophy512 is (hopefully) trying to figure out what causes the bug, I would like to highlight the post of @kulwinderjj.

Whenever the music stops, run pkill sdcard in the terminal. Here a small tutorial:

1. search for "android terminal emulator" in the play store and install it
2. once installed, run the app, type in "su" and click on enter
3. you should be asked for root rights, accept
4. type in "pkill sdcard" and wait
5. music should continue playing

For me, this is working and an temporary workaround, credits to @kulwinderjj

Keeping my fingers crossed for those who are trying to find this nasty bug!

 

[Red_Vex]

As long as @Entrophy512 is (hopefully) trying to figure out what causes the bug, I would like to highlight the post of @kulwinderjj.

Whenever the music stops, run pkill sdcard in the terminal. Here a small tutorial:

1. search for "android terminal emulator" in the play store and install it
2. once installed, run the app, type in "su" and click on enter
3. you should be asked for root rights, accept
4. type in "pkill sdcard" and wait
5. music should continue playing

For me, this is working and an temporary workaround, credits to @kulwinderjj

Keeping my fingers crossed for those who are trying to find this nasty bug!

I'm not using listen Music but How resolve copy of Big file without Take out the sd card

 

[D4rK.F0rcE]

I'm not using listen Music but How resolve copy of Big file without Take out the sd card

try the same procedure, maybe it works,too.

 

[FrodgE]

So it looks like operation was interrupted, hmm...

However it does pass the error up, so I'm going to see what ntfs-fuse does in this case. (in the case of sdcard fuse - it just passes NO_STATUS anyway which I think is a bug)

This probably doesn't help at all but occasionally peoples observations are useful when getting your head around things like this...

I used to get this issue pretty regularly while listening to music when I had my internal & external SD cards formatted to fat32. Since formatting to exfat it's been fine. HOWEVER, I have noticed occasionally during playback that the music will briefly pause and then continue on. This is a new characteristic since running Omni/KK. Initially I put this down to bad reception since I normally stream with Google Music but it also happens when using wifi and local media. Could this suggest that the source of the "interruption" is still there but the different fuse implementation/driver handles it better ?

---------- Post added at 12:21 AM ---------- Previous post was at 12:16 AM ----------

hehe it's fun (annoying?) issues like this that make me want to set up my linux or OSX installation to build the Android source and go tinkering... but I barely get enough sleep as it is so doing that wouldn't help !

 

[Entropy512]

Yay, got a trace with the file copy hanging!
pid 5050 is the first worker thread of /sdcard
pid 4594 is the second worker thread of /extSdCard

... snip a lot of writes/reads ...
[pid 4594] write(2, "[1] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 4593] write(2, "[0] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 5051] write(2, "[1] READ 0xa62778(15) [email protected]"..., 39) = 39
[pid 4594] write(2, "[1] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 4593] write(2, "[0] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 5051] write(2, "[1] READ 0xa62778(15) [email protected]"..., 39) = 39
[pid 4594] write(2, "[1] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 4593] write(2, "[0] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 5051] write(2, "[1] READ 0xa62778(15) [email protected]"..., 39) = 39
[pid 4594] write(2, "[1] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 4593] write(2, "[0] WRITE 0x1f25188(5) [email protected]"..., 39) = 39
[pid 5050] write(2, "[0] READ 0xa62778(15) [email protected]"..., 39) = 39
[pid 5050] write(2, "*** REPLY FAILED *** 2\n", 23) = 23

Something I just thought of...

Back when Chainfire was trying to figure this out, I know he played around with changing MAX_READ and MAX_WRITE - in that case I think he increased them to reduce the number of calls made but I'm not sure. He's on vacation so I can't ask him.

What happens if you reduce MAX_READ in sdcard.c to half its value or even 1/4 its value?

Actually... hmm, in your trace, all of the reads/writes are half of MAX_READ and MAX_WRITE. I wonder what the read/write sizes of an exFAT trace are.

 

[lerkin]

This probably doesn't help at all but occasionally peoples observations are useful when getting your head around things like this...

I used to get this issue pretty regularly while listening to music when I had my internal & external SD cards formatted to fat32. Since formatting to exfat it's been fine. HOWEVER, I have noticed occasionally during playback that the music will briefly pause and then continue on. This is a new characteristic since running Omni/KK. Initially I put this down to bad reception since I normally stream with Google Music but it also happens when using wifi and local media. Could this suggest that the source of the "interruption" is still there but the different fuse implementation/driver handles it better ?

---------- Post added at 12:21 AM ---------- Previous post was at 12:16 AM ----------

hehe it's fun (annoying?) issues like this that make me want to set up my linux or OSX installation to build the Android source and go tinkering... but I barely get enough sleep as it is so doing that wouldn't help !

It happens on file copying, it freezes for a second, then resumes. on exfat.

 

[D4rK.F0rcE]

This probably doesn't help at all but occasionally peoples observations are useful when getting your head around things like this...

I used to get this issue pretty regularly while listening to music when I had my internal & external SD cards formatted to fat32. Since formatting to exfat it's been fine. HOWEVER, I have noticed occasionally during playback that the music will briefly pause and then continue on. This is a new characteristic since running Omni/KK. Initially I put this down to bad reception since I normally stream with Google Music but it also happens when using wifi and local media. Could this suggest that the source of the "interruption" is still there but the different fuse implementation/driver handles it better ?

did you format internal and external sd card? do you experience any (other) bugs after formatting? Like cpu going crazy, apps not working etc.

 

[cgx]

Something I just thought of...

Back when Chainfire was trying to figure this out, I know he played around with changing MAX_READ and MAX_WRITE - in that case I think he increased them to reduce the number of calls made but I'm not sure. He's on vacation so I can't ask him.

What happens if you reduce MAX_READ in sdcard.c to half its value or even 1/4 its value?

Actually... hmm, in your trace, all of the reads/writes are half of MAX_READ and MAX_WRITE. I wonder what the read/write sizes of an exFAT trace are.

Tried reducing MAX_READ, the operation reverted to 4k blocks, but it still failed.

But I've been trying other things and look at this...
I added more debug prints and looks like something (pread64?) is smashing unique! (among other things)
The reason we are getting errno 2(ENOENT) from fuse is because fuse cannot find the request in queue as unique value has been corrupted

[pid 2749] write(2, "[0] READ 0x18f0158(5) [email protected] unique=a835\n", 50) = 50
[pid 2749] write(2, "[0] READ after pread64 0x18f0158(5) [email protected] unique=a835\n", 64) = 64
[pid 2749] write(2, "[0] READ after fuse_reply 0x18f0158(5) [email protected] unique=a835\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=6509\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650a\n", 50) = 50
[pid 2750] write(2, "[1] READ 0x18f0158(5) [email protected] unique=a836\n", 50) = 50
[pid 2750] write(2, "[1] READ after pread64 0x18f0158(5) [email protected] unique=a836\n", 64) = 64
[pid 2750] write(2, "[1] READ after fuse_reply 0x18f0158(5) [email protected] unique=a836\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650b\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650c\n", 50) = 50
[pid 2749] write(2, "[0] READ 0x18f0158(5) [email protected] unique=a837\n", 50) = 50
[pid 2749] write(2, "[0] READ after pread64 0x18f0158(5) [email protected] unique=a837\n", 64) = 64
[pid 2749] write(2, "[0] READ after fuse_reply 0x18f0158(5) [email protected] unique=a837\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650d\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650e\n", 50) = 50
[pid 2750] write(2, "[1] READ 0x18f0158(5) [email protected] unique=a838\n", 50) = 50
[pid 2750] write(2, "[1] READ after pread64 0x18f0158(5) [email protected] unique=fffffffffeffdfb7\n", 88) = 88
[pid 2750] write(2, "*** REPLY FAILED *** 2 unique=fffffffffeffdfb7\n", 47) = 47
[pid 2750] write(2, "[1] READ after fuse_reply 0x18f0158(5) [email protected] unique=fffffffffeffdfb7\n", 91) = 91

code in handle_read for reference:

TRACE("[%d] READ %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    if (size > sizeof(handler->read_buffer)) {
        return -EINVAL;
    }
    res = pread64(h->fd, handler->read_buffer, size, offset);
    if (res < 0) {
        return -errno;
    }
    TRACE("[%d] READ after pread64 %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    fuse_reply(fuse, unique, handler->read_buffer, res);
    TRACE("[%d] READ after fuse_reply %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    return NO_STATUS;

 

[Entropy512]

Tried reducing MAX_READ, the operation reverted to 4k blocks, but it still failed.

But I've been trying other things and look at this...
I added more debug prints and looks like something (pread64?) is smashing unique! (among other things)
The reason we are getting errno 2(ENOENT) from fuse is because fuse cannot find the request in queue as unique value has been corrupted

[pid 2749] write(2, "[0] READ 0x18f0158(5) [email protected] unique=a835\n", 50) = 50
[pid 2749] write(2, "[0] READ after pread64 0x18f0158(5) [email protected] unique=a835\n", 64) = 64
[pid 2749] write(2, "[0] READ after fuse_reply 0x18f0158(5) [email protected] unique=a835\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=6509\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650a\n", 50) = 50
[pid 2750] write(2, "[1] READ 0x18f0158(5) [email protected] unique=a836\n", 50) = 50
[pid 2750] write(2, "[1] READ after pread64 0x18f0158(5) [email protected] unique=a836\n", 64) = 64
[pid 2750] write(2, "[1] READ after fuse_reply 0x18f0158(5) [email protected] unique=a836\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650b\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650c\n", 50) = 50
[pid 2749] write(2, "[0] READ 0x18f0158(5) [email protected] unique=a837\n", 50) = 50
[pid 2749] write(2, "[0] READ after pread64 0x18f0158(5) [email protected] unique=a837\n", 64) = 64
[pid 2749] write(2, "[0] READ after fuse_reply 0x18f0158(5) [email protected] unique=a837\n", 67) = 67
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650d\n", 50) = 50
[pid 2561] write(2, "[1] WRITE 0x11fd900(5) [email protected] unique=650e\n", 50) = 50
[pid 2750] write(2, "[1] READ 0x18f0158(5) [email protected] unique=a838\n", 50) = 50
[pid 2750] write(2, "[1] READ after pread64 0x18f0158(5) [email protected] unique=fffffffffeffdfb7\n", 88) = 88
[pid 2750] write(2, "*** REPLY FAILED *** 2 unique=fffffffffeffdfb7\n", 47) = 47
[pid 2750] write(2, "[1] READ after fuse_reply 0x18f0158(5) [email protected] unique=fffffffffeffdfb7\n", 91) = 91

code in handle_read for reference:

TRACE("[%d] READ %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    if (size > sizeof(handler->read_buffer)) {
        return -EINVAL;
    }
    res = pread64(h->fd, handler->read_buffer, size, offset);
    if (res < 0) {
        return -errno;
    }
    TRACE("[%d] READ after pread64 %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    fuse_reply(fuse, unique, handler->read_buffer, res);
    TRACE("[%d] READ after fuse_reply %p(%d) %[email protected]%llu unique=%llx\n", handler->token,
            h, h->fd, size, offset, unique);
    return NO_STATUS;

wtf?

both offset and unique are getting really clobbered by pread64... but unique is never passed to pread64 and offset is NOT passed as a pointer so it shouldn't be getting clobbered...

but it is???

WTF?

On the other hand - https://android.googlesource.com/pl...0b435a3f35795600654e9705f4b3fbbcc427a9d^!/#F0 is making changes in EXACTLY this location in the code. I probably should have tested that patch sooner, but the commit message is misleading and implies it should only matter in "special" cases.

Either way something is really weird here.

 

[cgx]

wtf?

both offset and unique are getting really clobbered by pread64... but unique is never passed to pread64 and offset is NOT passed as a pointer so it shouldn't be getting clobbered...

but it is???

WTF?

On the other hand - https://android.googlesource.com/pl...0b435a3f35795600654e9705f4b3fbbcc427a9d^!/#F0 is making changes in EXACTLY this location in the code. I probably should have tested that patch sooner, but the commit message is misleading and implies it should only matter in "special" cases.

Either way something is really weird here.

Tried the patch. Did not help

Looks like there is some variation on the value that overwrites offs/unique
[pid 5496] write(2, "[1] READ 0x57a188(5) [email protected] unique=40a\n", 49) = 49
[pid 5496] write(2, "[1] READ after pread64 0x57a188(5) [email protected] unique=fffffffffeffdff7\n", 87) = 87
[pid 5496] write(2, "*** REPLY FAILED *** 2 unique=fffffffffeffdff7\n", 47) = 47
[pid 5496] write(2, "[1] READx after fuse_reply 0x57a188(5) [email protected] unique=fffffffffeffdff7\n", 91) = 91

 

[Entropy512]

Tried the patch. Did not help

Looks like there is some variation on the value that overwrites offs/unique
[pid 5496] write(2, "[1] READ 0x57a188(5) [email protected] unique=40a\n", 49) = 49
[pid 5496] write(2, "[1] READ after pread64 0x57a188(5) [email protected] unique=fffffffffeffdff7\n", 87) = 87
[pid 5496] write(2, "*** REPLY FAILED *** 2 unique=fffffffffeffdff7\n", 47) = 47
[pid 5496] write(2, "[1] READx after fuse_reply 0x57a188(5) [email protected] unique=fffffffffeffdff7\n", 91) = 91

what the ****?

None of this makes sense, those variables shouldn't be getting clobbered unless we have a compiler bug...