GNOME Bugzilla – Bug 527572
Crash in volume_process_int32
Last modified: 2009-05-14 07:57:52 UTC
Version: 2.20.3 What were you doing when the application crashed? Distribution: Debian lenny/sid Gnome Release: 2.22.0 2008-03-14 (Debian) BugBuddy Version: 2.22.0 System: Linux 2.6.24-1-amd64 #1 SMP Thu Mar 27 16:52:38 UTC 2008 x86_64 X Vendor: The X.Org Foundation X Vendor Release: 10300000 Selinux: No Accessibility: Disabled GTK+ Theme: Industrial Icon Theme: Noia Memory status: size: 632201216 vsize: 632201216 resident: 85602304 share: 44818432 rss: 85602304 rss_rlim: 18446744073709551615 CPU usage: start_time: 1207930768 rtime: 943 utime: 874 stime: 69 cutime:2 cstime: 2 timeout: 0 it_real_value: 0 frequency: 100 Backtrace was generated from '/usr/bin/totem' Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 0x2b1e1120bba0 (LWP 18425)] [New Thread 0x43806950 (LWP 18433)] [New Thread 0x43005950 (LWP 18432)] [New Thread 0x42804950 (LWP 18431)] [New Thread 0x42003950 (LWP 18430)] [New Thread 0x41802950 (LWP 18429)] [New Thread 0x41001950 (LWP 18428)] [New Thread 0x40800950 (LWP 18427)] 0x00002b1e0cab6d04 in __lll_lock_wait () from /lib/libpthread.so.0
+ Trace 194958
Thread 4 (Thread 0x42804950 (LWP 18431))
----------- .xsession-errors (95 sec old) --------------------- Initialising plugin TorrentCreator Initialising plugin TorrentPeers Initialising plugin FlexRSS Applying preferences Starting DHT... Showing window no old fastresume to delete Found TorrentFiles plugin... Found NetworkGraph plugin... Found TorrentPeers plugin... save uploaded memory Pickling state... save uploaded memory Pickling state... Raising error: Aviso do gerenciador de janelas: Janela WM_TRANSIENT_FOR inválida 0x87 especificada para 0x1402ed8 (). --------------------------------------------------
Looks like a GStreamer crash, but a more complete stack trace would be better. Thanks for taking the time to report this bug. Unfortunately, that stack trace is missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://www.gnome.org/projects/totem/#bugs for more information on how to do so and reopen this bug or report a new one. Thanks in advance!
This looks like we failed to catch a negative value somewhere and then it got multiplied and things go downhill from there (but then these values may not be accurate):
+ Trace 195192
alano.br@gmail.com: Can you reproduce this bug?
I've found the same problem and initially reported it with instructions for reproducing it at https://bugs.launchpad.net/bugs/216462 before being redirected here. (In reply to comment #1) > Please see > http://www.gnome.org/projects/totem/#bugs for more information on how to do so > and reopen this bug or report a new one. Thanks in advance! I produced a log using the command line specified on that page. It doesn't look very exciting but I'll attach it anyway. The stack trace is available in the launchpad bug report (I tried to install as many -dbg packages as I could to get symbols but it looks like most of them are in totem itself).
Created attachment 109254 [details] Log of failure generated with GST_DEBUG=*:2
If you can reproduce it, that's great. Any chance you could make that mp3 available somewhere for us (possibly it can be attached to the launchpad bug report)? If not, could you provide a gzipped GST_DEBUG=*:5 log by any chance?
(In reply to comment #5) > If you can reproduce it, that's great. Any chance you could make that mp3 > available somewhere for us (possibly it can be attached to the launchpad bug > report)? The file is over 26MiB long but I've made it (temporarily) available at http://www.fysh.org/~mac/totem-bug-527572.mp3 - unfortunately I only seem to be able to reproduce the problem near the end.
*** Bug 528136 has been marked as a duplicate of this bug. ***
I've provided the file as requested yet this bug has remained in the "NEEDSINFO" state. Is there any more information I can provide? Is there a problem with downloading the file?
> Is there a problem with downloading the file? No, it's fine, thanks. I haven't been able to reproduce this with CVS of things though, but maybe someone else can.
*** Bug 520009 has been marked as a duplicate of this bug. ***
*** Bug 532461 has been marked as a duplicate of this bug. ***
Bug #532461 has another complete stack trace, if that's useful.
+ Trace 197394
Hmmm, 1073735200 samples are many... I guess that's the problem ;)
*** Bug 530873 has been marked as a duplicate of this bug. ***
Ok, so it seems that for all reports there's mad in front of volume... and in bug #530873 there is a debug log, saying that mad has some problems decoding.
This seems to be race condition of change volume and other (change position by UI). On totem, after changing volume, when I change slider of position, this occurs. When pad task for volume is created, pad task is valid. But another task uses same chunk. If another tasks works first, it will be free. So volume_transform_ip will use freed invalid pad. Since It is difficult to reproduce this, I investigate more.
Not sure what you mean. The buffers will only be freed if nobody is using them anymore. But it could very well be, that the buffers that volume gets are unreffed one time too often before volume gets them and the memory is overwritten by something else. The buffer must've been valid at the time the transform_ip method of volume is called though, otherwise this would've never happenend. Another thing I can think of, is that mad outputs invalid buffers in some error cases. The code looks a bit weird IMHO.
Possibly related: https://bugzilla.redhat.com/show_bug.cgi?id=446444 (note the high sample count; also dest==src and src_writable=0 according to the trace).
I installed gstreamer0.10-ffmpeg_0.10, and now haven't this bug (totem's bug, while seeking in an flv file) anymore !
*** Bug 533941 has been marked as a duplicate of this bug. ***
This should be fixed in gst-plugins-ugly CVS now (and latest pre-release 0.10.7.4). Please reopen this bug if it can be still reproduced with that version. 2008-05-19 Edward Hervey <edward.hervey@collabora.co.uk> * ext/mad/gstmad.c: (gst_mad_convert_src), (gst_mad_chain): Fix inconsistent use of rate and channels. Fixes #533581
*** Bug 535364 has been marked as a duplicate of this bug. ***
*** Bug 535329 has been marked as a duplicate of this bug. ***
*** Bug 544179 has been marked as a duplicate of this bug. ***
*** Bug 544180 has been marked as a duplicate of this bug. ***
*** Bug 538423 has been marked as a duplicate of this bug. ***
*** Bug 547195 has been marked as a duplicate of this bug. ***
*** Bug 552510 has been marked as a duplicate of this bug. ***
*** Bug 554043 has been marked as a duplicate of this bug. ***
*** Bug 554211 has been marked as a duplicate of this bug. ***
*** Bug 555072 has been marked as a duplicate of this bug. ***
*** Bug 557013 has been marked as a duplicate of this bug. ***
*** Bug 557012 has been marked as a duplicate of this bug. ***
*** Bug 560020 has been marked as a duplicate of this bug. ***
*** Bug 564382 has been marked as a duplicate of this bug. ***
*** Bug 572934 has been marked as a duplicate of this bug. ***
*** Bug 573676 has been marked as a duplicate of this bug. ***
*** Bug 575890 has been marked as a duplicate of this bug. ***
*** Bug 582568 has been marked as a duplicate of this bug. ***