Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 455014 - Got segfault.... Was inserting F9 install DVD
Summary: Got segfault.... Was inserting F9 install DVD
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: totem-pl-parser
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Bastien Nocera
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-11 13:51 UTC by Tom London
Modified: 2008-07-14 10:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-14 10:11:46 UTC


Attachments (Terms of Use)
valgrind output of rhythmbox crashing when inserting F9 DVD (deleted)
2008-07-11 14:05 UTC, Tom London
no flags Details

Description Tom London 2008-07-11 13:51:25 UTC
Description of problem:
Rhythmbox was up and playing music for about 45 minutes.

I inserted an F9 dvd and rhythmbox crashed (not 100% sure this is connected):

Jul 11 06:46:40 localhost gnome-keyring-daemon[2954]: adding removable location:
volume_label_Fedora_9_i386_DVD at /media/Fedora 9 i386 DVD
Jul 11 06:46:40 localhost hald: mounted /dev/sr0 on behalf of uid 500
Jul 11 06:46:41 localhost console-kit-daemon[2288]: WARNING: Couldn't read
/proc/5455/environ: Error reading file '/proc/5455/environ': No such process
Jul 11 06:46:41 localhost kernel:<6>rhythmbox[5461]: segfault at ad25c3c ip
00664879 sp ae7fdf8c error 4 in libc-2.8.90.so[5f5000+16d000]
Jul 11 06:46:42 localhost pulseaudio[3071]: pcm_hw.c: SNDRV_PCM_IOCTL_DRAIN failed
Jul 11 06:46:42 localhost kernel:<4>ALSA sound/pci/hda/hda_codec.c:725:
hda_codec_cleanup_stream: NID=0x3
Jul 11 06:46:42 localhost kernel:<4>ALSA sound/pci/hda/hda_codec.c:725:
hda_codec_cleanup_stream: NID=0x2
Jul 11 06:46:42 localhost kernel:<4>ALSA sound/pci/hda/hda_codec.c:725:
hda_codec_cleanup_stream: NID=0x3
Jul 11 06:47:25 localhost hald: unmounted /dev/sr0 from '/media/Fedora 9 i386
DVD' on behalf of uid 500
Jul 11 06:47:25 localhost gnome-keyring-daemon[2954]: removing removable
location: volume_label_Fedora_9_i386_DVD

Don't see any other messages.

I'll try to reproduce with gdb.

Version-Release number of selected component (if applicable):
rhythmbox-0.11.5-15.fc10.i386

How reproducible:
Don't know

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2008-07-11 13:56:29 UTC
Got it:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb45fdb90 (LWP 5922)]
malloc_consolidate (av=<value optimized out>) at malloc.c:4846
4846	          nextsize = chunksize(nextchunk);
(gdb) where
#0  malloc_consolidate (av=<value optimized out>) at malloc.c:4846
#1  0x0066662d in _int_malloc (av=<value optimized out>, 
    bytes=<value optimized out>) at malloc.c:4184
#2  0x0066818f in __libc_calloc (n=<value optimized out>, 
    elem_size=<value optimized out>) at malloc.c:3901
#3  0x008375dc in IA__g_malloc0 (n_bytes=<value optimized out>) at gmem.c:151
#4  0x0084d853 in thread_memory_from_self () at gslice.c:444
#5  IA__g_slice_free1 (mem_size=<value optimized out>, 
    mem_block=<value optimized out>) at gslice.c:862
#6  0x0082d1d9 in IA__g_list_free_1 (list=Could not find the frame base for
"IA__g_list_free_1".
) at glist.c:78
#7  0x00840c76 in IA__g_queue_pop_tail (queue=<value optimized out>)
    at gqueue.c:581
#8  0x00808b88 in g_async_queue_pop_intern_unlocked (
    queue=<value optimized out>, try=<value optimized out>, 
    end_time=<value optimized out>) at gasyncqueue.c:373
#9  0x0085b128 in g_thread_pool_wait_for_new_task () at gthreadpool.c:220
#10 g_thread_pool_thread_proxy (data=<value optimized out>)
    at gthreadpool.c:254
#11 0x00859a4f in g_thread_create_proxy (data=<value optimized out>)
    at gthread.c:635
#12 0x007a251f in start_thread (arg=<value optimized out>)
    at pthread_create.c:297
#13 0x006d899e in clone () from /lib/libc.so.6
(gdb) 




Comment 2 Tom London 2008-07-11 14:05:13 UTC
Created attachment 311578 [details]
valgrind output of rhythmbox crashing when inserting F9 DVD

I captured a valgrind log from running rhythmbox when it SIGSEGV'ed on
inserting F9 DVD.

I had to insert DVD twice for the crash to occur.

Comment 3 Bastien Nocera 2008-07-14 09:51:44 UTC
This is a bug in totem-pl-parser, which I fixed about 2 weeks ago. I'm doing a
new release now.

==6046== Invalid free() / delete / delete[]
==6046==    at 0x400590A: free (vg_replace_malloc.c:323)
==6046==    by 0x8374F5: g_free (gmem.c:190)
==6046==    by 0x81F0F8: g_error_free (gerror.c:125)
==6046==    by 0x896289A: rb_audiocd_is_volume_audiocd
(rb-audiocd-source.c:739)
==6046==    by 0x8961EB6: create_source_cb (rb-audiocd-plugin.c:449)
==6046==    by 0x3FBDFD5: rb_marshal_OBJECT__OBJECT (rb-marshal.c:327)
==6046==    by 0xC83152: g_closure_invoke (gclosure.c:767)
==6046==    by 0xC9A1F4: signal_emit_unlocked_R (gsignal.c:3045)
==6046==    by 0xC9B15A: g_signal_emit_valist (gsignal.c:2717)
==6046==    by 0xC9B755: g_signal_emit (gsignal.c:2765)
==6046==    by 0x807C2EC: rb_removable_media_manager_mount_volume
(rb-removable-media-manager.c:438)
==6046==    by 0xC911C9: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636)
==6046==  Address 0x45f3af0 is 0 bytes inside a block of size 65 free'd
==6046==    at 0x400590A: free (vg_replace_malloc.c:323)
==6046==    by 0x8374F5: g_free (gmem.c:190)
==6046==    by 0x81F0F8: g_error_free (gerror.c:125)
==6046==    by 0x27DC9F: cd_cache_open_mountpoint (totem-disc.c:458)
==6046==    by 0x27DD58: cd_cache_disc_is_vcd (totem-disc.c:645)
==6046==    by 0x27DFFF: totem_cd_detect_type_with_url (totem-disc.c:861)
==6046==    by 0x27E2CB: totem_cd_detect_type (totem-disc.c:936)
==6046==    by 0x8962845: rb_audiocd_is_volume_audiocd
(rb-audiocd-source.c:735)
==6046==    by 0x8961EB6: create_source_cb (rb-audiocd-plugin.c:449)
==6046==    by 0x3FBDFD5: rb_marshal_OBJECT__OBJECT (rb-marshal.c:327)
==6046==    by 0xC83152: g_closure_invoke (gclosure.c:767)
==6046==    by 0xC9A1F4: signal_emit_unlocked_R (gsignal.c:3045)


Comment 4 Bastien Nocera 2008-07-14 10:11:46 UTC
Building in rawhide. Please reopen if the problem still occurs.


Note You need to log in before you can comment on or make changes to this bug.