Bug 1219320

Summary: [abrt] tracker: gst_memory_unmap(): tracker-extract killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Craig Robson <craig>
Component: gstreamer1-plugins-bad-freeAssignee: Brian Pepple <bdpepple>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: autarch, balay, bdpepple, bztdlinux, cfergeau, craig, dakingun, debarshir, d.fedora, euagelos, fedora, guillaumepoiriermorency, guliver05, ifoolb, ignatenko, jimtahu, jorti, lray+redhatbugzilla, madstitz, matteo, misko.herko, mknepher, p.olivieri13, rene, req1348, revjdc, robin, sergio.pasra, thetaeridanus, timur.kristof, uraeus, vincentezw, wtaymans
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/c360bc7b78099a6c15f25dcaf52be2748d86f312
Whiteboard: abrt_hash:d202c715028e9883170faf2049a41d1b37cf7e99
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-07 09:10:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status none

Description Craig Robson 2015-05-07 02:51:05 UTC 
Version-Release number of selected component:
tracker-1.4.0-1.fc22

Additional info:
reporter:       libreport-2.5.1
backtrace_rating: 4
cmdline:        /usr/libexec/tracker-extract
crash_function: gst_memory_unmap
executable:     /usr/libexec/tracker-extract
global_pid:     5863
kernel:         4.0.1-300.fc22.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000
var_log_messages: [System Logs]:\n-- Logs begin at Wed 2015-01-14 03:01:01 PST, end at Wed 2015-05-06 19:39:36 PDT. --

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 gst_memory_unmap at gstmemory.c:339
 #1 gst_buffer_unmap at gstbuffer.c:1622
 #2 gst_faad_set_format at gstfaad.c:326
 #3 gst_audio_decoder_do_caps at gstaudiodecoder.c:866
 #5 gst_audio_decoder_chain at gstaudiodecoder.c:1756
 #6 gst_pad_push_data at gstpad.c:3830
 #8 gst_pad_push at gstpad.c:4174
 #9 gst_base_parse_push_frame at gstbaseparse.c:2304
 #10 gst_base_parse_chain at gstbaseparse.c:2824
 #11 gst_pad_push_data at gstpad.c:3830
Comment 1 Craig Robson 2015-05-07 02:51:08 UTC 
Created attachment 1022876 [details]
File: backtrace
Comment 2 Craig Robson 2015-05-07 02:51:09 UTC 
Created attachment 1022877 [details]
File: cgroup
Comment 3 Craig Robson 2015-05-07 02:51:10 UTC 
Created attachment 1022878 [details]
File: core_backtrace
Comment 4 Craig Robson 2015-05-07 02:51:11 UTC 
Created attachment 1022879 [details]
File: dso_list
Comment 5 Craig Robson 2015-05-07 02:51:12 UTC 
Created attachment 1022880 [details]
File: environ
Comment 6 Craig Robson 2015-05-07 02:51:13 UTC 
Created attachment 1022881 [details]
File: limits
Comment 7 Craig Robson 2015-05-07 02:51:15 UTC 
Created attachment 1022882 [details]
File: maps
Comment 8 Craig Robson 2015-05-07 02:51:15 UTC 
Created attachment 1022883 [details]
File: mountinfo
Comment 9 Craig Robson 2015-05-07 02:51:16 UTC 
Created attachment 1022884 [details]
File: namespaces
Comment 10 Craig Robson 2015-05-07 02:51:17 UTC 
Created attachment 1022885 [details]
File: open_fds
Comment 11 Craig Robson 2015-05-07 02:51:18 UTC 
Created attachment 1022886 [details]
File: proc_pid_status
Comment 12 Timur Kristóf 2015-05-07 23:50:21 UTC 
This bug happened to me when tracker tried to index a bunch of mp4 audio files.
Comment 13 Robin Stocker 2015-05-08 14:22:13 UTC 
I got the same backtrace when trying to play a movie using Totem, so it's probably a problem in gstreamer.
Comment 14 Christophe Fergeau 2015-05-10 18:41:06 UTC 
And I've been hitting that in firefox when trying to play videos in youtube. However, the backtrace contains  #2 gst_faad_set_format at gstfaad.c:326 which is from gstreamer1-plugins-bad-freeworld-1.4.3-1.fc22.x86_64 which comes from rpmfusion...
Comment 15 Christophe Fergeau 2015-05-10 19:27:34 UTC 
Switching from gstreamer1-plugins-bad-freeworld-1.4.3-1.fc22.x86_64 to gstreamer1-plugins-bad-freeworld-1.4.3-1.fc21.x86_64 avoids this issue (in my specific situation, removing this package is fine too).
Comment 16 Christophe Fergeau 2015-05-11 12:22:01 UTC 
See https://bugzilla.rpmfusion.org/show_bug.cgi?id=3645
Comment 17 Christophe Fergeau 2015-05-12 10:33:44 UTC 
Upstream bug report is https://bugzilla.gnome.org/show_bug.cgi?id=748571
Comment 18 Christophe Fergeau 2015-05-12 10:34:28 UTC 
*** Bug 1220742 has been marked as a duplicate of this bug. ***
Comment 19 Wim Taymans 2015-05-13 10:05:44 UTC 
Build problem,

faacDecInit2() expects an unsigned long * for the samplerate but we pass it a guint32 *, overwriting part of the stack with 0 and messing up the nearby stack allocated GstMapInfo, causing unmap to fail.
Comment 20 Wim Taymans 2015-05-13 10:44:52 UTC 
gst-plugins-bad has trouble detecting the version of faad2 in configure:

checking Checking for FAAD >= 2.0... checking Checking FAAD2 version in neaacdec.h... no idea

This causes it to compile the guint32 * version.
Comment 21 Wim Taymans 2015-05-13 11:09:43 UTC 
cpp output changed causing the regexp to fail:

test.c:

#include <neaacdec.h>
GST_CHECK_FAAD_VERSION FAAD2_VERSION

f21: cpp test.c

# 2 "test.c" 2
GST_CHECK_FAAD_VERSION "2.7"

f22: cpp test.c

# 2 "test.c"
GST_CHECK_FAAD_VERSION
# 2 "test.c" 3 4
                       "2.7"
Comment 22 Wim Taymans 2015-05-13 14:37:13 UTC 
Fixed upstream https://bugzilla.gnome.org/show_bug.cgi?id=748571
Comment 23 Wim Taymans 2015-05-15 09:40:42 UTC 
*** Bug 1221734 has been marked as a duplicate of this bug. ***
Comment 24 Wim Taymans 2015-05-18 09:13:51 UTC 
*** Bug 1222350 has been marked as a duplicate of this bug. ***
Comment 25 Igor Gnatenko 2016-07-07 09:10:14 UTC 
This is very old bug, if you still can reproduce it - please reopen.