Bug 522247 – rhythmbox crashed with SIGSEGV in g_type_create_instance()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 522247 - rhythmbox crashed with SIGSEGV in g_type_create_instance()


Summary:	rhythmbox crashed with SIGSEGV in g_type_create_instance()


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gobject
Version:	2.16.x
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Duplicates:	522224 525334 525954 527877 528869 533446 535510 535700 539824 (view as bug list)
Depends on:
Blocks:

Reported:	2008-03-13 15:37 UTC by Kjell Braden
Modified:	2008-11-17 11:12 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch (2.49 KB, patch) 2008-05-06 14:48 UTC, Matt Kraai	none	Details \| Review

Description Kjell Braden 2008-03-13 15:37:33 UTC

Steps to reproduce:
1) launch r-b
2) go to Podcasts section
3) click the refresh button
4) double click on a new podcast to download it
5) *boom*

Stack trace:

+ Trace 192311

#0 IA__g_type_create_instance
at /build/buildd/glib2.0-2.15.6/glib/gbsearcharray.h line 154
#1 g_object_constructor
at /build/buildd/glib2.0-2.15.6/gobject/gobject.c line 1046
#2 IA__g_object_newv
at /build/buildd/glib2.0-2.15.6/gobject/gobject.c line 937
#3 IA__g_object_new_valist
at /build/buildd/glib2.0-2.15.6/gobject/gobject.c line 986
#4 IA__g_object_new
at /build/buildd/glib2.0-2.15.6/gobject/gobject.c line 795
#5 totem_pl_parser_new
at totem-pl-parser.c line 611
#6 rb_podcast_parse_load_feed
at rb-podcast-parse.c line 195
#7 rb_podcast_manager_thread_parse_feed
at rb-podcast-manager.c line 921
#8 g_thread_create_proxy
at /build/buildd/glib2.0-2.15.6/glib/gthread.c line 635
#9 start_thread
from /lib/tls/i686/cmov/libpthread.so.0
#10 clone
from /lib/tls/i686/cmov/libc.so.6


Other information:
This bug was initially reported to ubuntu by Michael R. Head
 and Nicholas Marquez. For more information, eg. a threaded stacktrace see https://bugs.edge.launchpad.net/ubuntu/+source/rhythmbox/+bug/199319

Thanks,

Comment 1 Jonathan Matthew 2008-03-13 22:45:34 UTC

Your steps to reproduce the crash do not match up with the stack trace.  It appears that step 4 is unneccessary.

Comment 2 Michael R Head 2008-03-20 01:34:51 UTC

Yeah, it's not perfectly reproduceable.  I could only report what I remembered doing when the crash happened. I have another crash at https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/204103  which is presumably the same. (I believe) I had just launched r-b and refreshed the podcast feeds.

Comment 3 Sven Arvidsson 2008-04-15 21:31:49 UTC

A similar bug was reported in Debian. There's a stack trace available: http://bugs.debian.org/476207

Comment 4 Jonathan Matthew 2008-04-17 01:24:28 UTC

*** Bug 527877 has been marked as a duplicate of this bug. ***

Comment 5 Matt Kraai 2008-05-06 14:48:17 UTC

Created attachment 110463 [details] [review]
Patch

As I noted in the Debian bug report, I think this is a bug in GObject, since it's creating a TotemPlParser object in one thread while another thread is still initializing the TotemPlParser class.  The attached patch should prevent GObject from creating an object until the class is initialized.

Comment 6 Bastien Nocera 2008-05-09 13:28:15 UTC

Push to glib.

Comment 7 Matthias Clasen 2008-05-15 06:05:49 UTC

Tim, can you review the patch ?

Comment 8 Tim Janik 2008-06-10 11:27:22 UTC

(In reply to comment #5)
> Created an attachment (id=110463) [edit]
> Patch
> 
> As I noted in the Debian bug report, I think this is a bug in GObject, since
> it's creating a TotemPlParser object in one thread while another thread is
> still initializing the TotemPlParser class.  The attached patch should prevent
> GObject from creating an object until the class is initialized.

TypeClass peeking needs to remain possible during class initialization, and I have a more streamlined version of _ref in mind:

2008-06-10 13:15:29  Tim Janik  <timj@imendio.com>
        * gtype.c (g_type_class_ref): fixed race condition where references to
        partially initialized classes could be handed out.

Comment 9 Jonathan Matthew 2008-06-15 13:14:18 UTC

*** Bug 522224 has been marked as a duplicate of this bug. ***

Comment 10 Susana 2008-06-24 07:34:27 UTC

*** Bug 539824 has been marked as a duplicate of this bug. ***

Comment 11 Jonathan Matthew 2008-07-27 06:31:14 UTC

*** Bug 528869 has been marked as a duplicate of this bug. ***

Comment 12 Jonathan Matthew 2008-07-27 06:32:53 UTC

*** Bug 533446 has been marked as a duplicate of this bug. ***

Comment 13 Jonathan Matthew 2008-07-27 06:46:54 UTC

*** Bug 535510 has been marked as a duplicate of this bug. ***

Comment 14 Jonathan Matthew 2008-07-27 06:47:15 UTC

*** Bug 535700 has been marked as a duplicate of this bug. ***

Comment 15 Jonathan Matthew 2008-11-11 02:58:25 UTC

*** Bug 525954 has been marked as a duplicate of this bug. ***

Comment 16 Jonathan Matthew 2008-11-17 11:12:16 UTC

*** Bug 525334 has been marked as a duplicate of this bug. ***