GNOME Bugzilla – Bug 667624
totem crashes on playback of MKV file
Last modified: 2012-09-29 16:01:24 UTC
I have totem 3.0.1 installed with Fedora 15. There is a 8GB movie file which crashes Totem. I split off the first 80 and 85 MB. The former crashes totem 3 out of 5 times and the latter crashes it 100%. You can find the file here: https://muelli.cryptobitch.de/tmp/2012-01-10-tbl-totem-crash-85.mkv gst-launch playbin uri=file://... doesn't crash. muelli@bigbox /tmp $ totem /tmp/file.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding Illegal instruction muelli@bigbox /tmp $ totem /tmp/file.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding Segmentation fault muelli@bigbox /tmp $ Notice that it crashes with either Illegal Instruction or Segmentation Fault. So there is something funny going on. I can't make it always crash under GDB, probably because it's way too slow. Anyway, I got it once: (gdb) t a a bt full
+ Trace 229426
Thread 20 (Thread 0x7fff9ffff700 (LWP 13789))
Thread 9 (Thread 0x7fffdc887700 (LWP 13778))
Created attachment 204937 [details] Valgrind log It doesn't crash at all under valgrind. But it might still have an interesting log. muelli@bigbox /tmp $ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log totem /tmp/tbl-totem-crash-85.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding muelli@bigbox /tmp $ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log totem /tmp/tbl-totem-crash-85.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding (totem:14843): GStreamer-CRITICAL **: _gst_util_uint64_scale: assertion `denom != 0' failed muelli@bigbox /tmp $
Created attachment 204938 [details] Valgrind log It doesn't crash at all under valgrind. But it might still have an interesting log. muelli@bigbox /tmp $ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log totem /tmp/tbl-totem-crash-85.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding muelli@bigbox /tmp $ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log totem /tmp/tbl-totem-crash-85.mkv Gtk-Message: Failed to load module "pk-gtk-module" Stream with high frequencies VQ coding Stream with high frequencies VQ coding (totem:14843): GStreamer-CRITICAL **: _gst_util_uint64_scale: assertion `denom != 0' failed muelli@bigbox /tmp $
Does gst-launch playbin2 uri=file:///path/to/mkv/file crash as well?
no
just updated to F16 with totem 3.2.1. Same issue.
This smells like a problem: ==14843== 4 errors in context 9 of 624: ==14843== Thread 5: ==14843== Invalid read of size 1 ==14843== at 0x4A08F33: __GI___rawmemchr (mc_replace_strmem.c:893) ==14843== by 0x3B41A759BF: _IO_str_init_static_internal (strops.c:45) ==14843== by 0x3B41A69EBF: vsscanf (iovsscanf.c:44) ==14843== by 0x3B41A64256: sscanf (sscanf.c:34) ==14843== by 0x34738566E6: microdvd_probe (microdvddec.c:44) ==14843== by 0x20B0CC18: gst_ffmpegdemux_type_find (gstffmpegdemux.c:1302) ==14843== by 0x302EE873D2: gst_type_find_factory_call_function (gsttypefindfactory.c:224) ==14843== by 0x3031038272: gst_type_find_helper_for_buffer (gsttypefindhelper.c:535) ==14843== by 0x1EE78CC5: gst_matroska_demux_parse_attachments (matroska-demux.c:3966) ==14843== by 0x1EE837A4: gst_matroska_demux_parse_id (matroska-demux.c:5860) ==14843== by 0x1EE86474: gst_matroska_demux_parse_contents (matroska-demux.c:5412) ==14843== by 0x1EE851D7: gst_matroska_demux_parse_id (matroska-demux.c:5875) ==14843== by 0x1EE87F2E: gst_matroska_demux_loop (matroska-demux.c:6004) ==14843== by 0x302EE84D6F: gst_task_func (gsttask.c:318) ==14843== by 0x3B4166AA4F: g_thread_pool_thread_proxy (gthreadpool.c:319) ==14843== by 0x3B416683A5: g_thread_create_proxy (gthread.c:1955) ==14843== by 0x3B41E07B30: start_thread (pthread_create.c:305) ==14843== by 0x3B41ADFD2C: clone (clone.S:115) ==14843== Address 0xc0cf0cc is 0 bytes after a block of size 8,508 alloc'd ==14843== at 0x4A049B8: memalign (vg_replace_malloc.c:581) ==14843== by 0x4A04A67: posix_memalign (vg_replace_malloc.c:709) ==14843== by 0x302EE3066F: gst_buffer_new_and_alloc (gstbuffer.c:155) ==14843== by 0x1EE78C92: gst_matroska_demux_parse_attachments (matroska-demux.c:3961) ==14843== by 0x1EE837A4: gst_matroska_demux_parse_id (matroska-demux.c:5860) ==14843== by 0x1EE86474: gst_matroska_demux_parse_contents (matroska-demux.c:5412) ==14843== by 0x1EE851D7: gst_matroska_demux_parse_id (matroska-demux.c:5875) ==14843== by 0x1EE87F2E: gst_matroska_demux_loop (matroska-demux.c:6004) ==14843== by 0x302EE84D6F: gst_task_func (gsttask.c:318) ==14843== by 0x3B4166AA4F: g_thread_pool_thread_proxy (gthreadpool.c:319) ==14843== by 0x3B416683A5: g_thread_create_proxy (gthread.c:1955) ==14843== by 0x3B41E07B30: start_thread (pthread_create.c:305) ==14843== by 0x3B41ADFD2C: clone (clone.S:115)
I haven't been able to reproduce this crash with either 0.10 nor 1.0. Can you still reproduce this with Totem 3.38 and GStreamer 1.x ?
nope