Bug 179654

Summary: totem crashes at startup
Product: [Fedora] Fedora Reporter: Émeric Maschino <emeric.maschino>
Component: gstreamerAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: bnocera, johnp, tim
Target Milestone: ---   
Target Release: ---   
Hardware: ia64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-22 20:41:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150223, 163350, 197822    
Attachments:
Description Flags
totem 1.4.0-2 crash none

Description Émeric Maschino 2006-02-01 21:22:18 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ia64; fr; rv:1.8) Gecko/20060126 Fedora/1.5-5 Firefox/1.5

Description of problem:
totem segfaults at startup (icon on CLI). I don't know if this is a new problem as I'm new on Fedora Core (since January 10th) and didn't try it before. Furthermore, I don't know it this problem is specific to IA-64 architecture only, all 64-bit architectures or affect every architectures. Following the guidelines in the Fedora StackTrace Wiki page, I've installed the debuginfo packages for totem, gtk+ and gtk2. Please find enclosed the corresponding callstack. Hope this helps and let me know if you want that I perform additional testing.

Version-Release number of selected component (if applicable):
totem-1.3.90-1

How reproducible:
Always

Steps to Reproduce:
1. Start totem (icon or CLI)
2.
3.
  

Additional info:

(gdb) run --g-fatal-warnings
Starting program: /usr/bin/totem --g-fatal-warnings
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xa000000000000000
[Thread debugging using libthread_db enabled]
[New Thread 2305843009258860528 (LWP 4816)]
[New Thread 2305843009375220336 (LWP 4819)]
[New Thread 2305843009387098736 (LWP 4820)]
[New Thread 2305843009397584496 (LWP 4821)]
[Thread 2305843009397584496 (LWP 4821) exited]
[New Thread 2305843009397584496 (LWP 4822)]
[Thread 2305843009397584496 (LWP 4822) exited]
[New Thread 2305843009397584496 (LWP 4823)]
Detaching after fork from child process 4824.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009258860528 (LWP 4816)]
0x2000000001847851 in g_type_check_instance_is_a ()
   from /usr/lib/libgobject-2.0.so.0
(gdb) thread apply all bt

Thread 6 (Thread 2305843009397584496 (LWP 4823)):
#0  0xa000000000010621 in __kernel_syscall_via_break ()
#1  0x2000000001cddc60 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
#2  0x20000000005b9a40 in gst_system_clock_async_thread ()
   from /usr/lib/libgstreamer-0.10.so.0
#3  0x2000000001c55ba0 in g_thread_create_proxy ()
   from /usr/lib/libglib-2.0.so.0
#4  0x2000000001cd6a40 in start_thread () from /lib/libpthread.so.0
#5  0x2000000001ea98d0 in __clone2 () from /lib/libc.so.6.1

Thread 5 (Thread 2305843009397584496 (LWP 4822)):
#0  0xa000000000010621 in __kernel_syscall_via_break ()
#1  0x2000000001cddc60 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
#2  0x20000000005b9a40 in gst_system_clock_async_thread ()
   from /usr/lib/libgstreamer-0.10.so.0
#3  0x2000000001c55ba0 in g_thread_create_proxy ()
   from /usr/lib/libglib-2.0.so.0
#4  0x2000000001cd6a40 in start_thread () from /lib/libpthread.so.0
#5  0x2000000001ea98d0 in __clone2 () from /lib/libc.so.6.1

---Type <return> to continue, or q <return> to quit---
Thread 4 (Thread 2305843009397584496 (LWP 4821)):
#0  0xa000000000010621 in __kernel_syscall_via_break ()
#1  0x2000000001cddc60 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
#2  0x20000000005b9a40 in gst_system_clock_async_thread ()
   from /usr/lib/libgstreamer-0.10.so.0
#3  0x2000000001c55ba0 in g_thread_create_proxy ()
   from /usr/lib/libglib-2.0.so.0
#4  0x2000000001cd6a40 in start_thread () from /lib/libpthread.so.0
#5  0x2000000001ea98d0 in __clone2 () from /lib/libc.so.6.1

Thread 3 (Thread 2305843009387098736 (LWP 4820)):
#0  0xa000000000010621 in __kernel_syscall_via_break ()
#1  0x2000000001ce60a0 in __GC___libc_nanosleep () from /lib/libpthread.so.0
#2  0x2000000001c5b2b0 in g_usleep () from /usr/lib/libglib-2.0.so.0
#3  0x20000000069f8d80 in gst_xvimagesink_event_thread ()
   from /usr/lib/gstreamer-0.10/libgstxvimagesink.so
#4  0x2000000001c55ba0 in g_thread_create_proxy ()
   from /usr/lib/libglib-2.0.so.0
#5  0x2000000001cd6a40 in start_thread () from /lib/libpthread.so.0
#6  0x2000000001ea98d0 in __clone2 () from /lib/libc.so.6.1

Thread 2 (Thread 2305843009375220336 (LWP 4819)):
---Type <return> to continue, or q <return> to quit---
#0  0xa000000000010621 in __kernel_syscall_via_break ()
#1  0x2000000001e94f90 in poll () from /lib/libc.so.6.1
#2  0x2000000001c15e90 in g_main_context_check ()
   from /usr/lib/libglib-2.0.so.0
#3  0x2000000001c167e0 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#4  0x2000000001940580 in link_io_thread_fn () from /usr/lib/libORBit-2.so.0
#5  0x2000000001c55ba0 in g_thread_create_proxy ()
   from /usr/lib/libglib-2.0.so.0
#6  0x2000000001cd6a40 in start_thread () from /lib/libpthread.so.0
#7  0x2000000001ea98d0 in __clone2 () from /lib/libc.so.6.1

Thread 1 (Thread 2305843009258860528 (LWP 4816)):
#0  0x2000000001847851 in g_type_check_instance_is_a ()
   from /usr/lib/libgobject-2.0.so.0
#1  0x200000000053b2f0 in compare_interface ()
   from /usr/lib/libgstreamer-0.10.so.0
#2  0x200000000057f1c0 in find_custom_fold_func ()
   from /usr/lib/libgstreamer-0.10.so.0
#3  0x200000000057fb80 in gst_iterator_fold ()
   from /usr/lib/libgstreamer-0.10.so.0
#4  0x200000000057fc50 in gst_iterator_find_custom ()
   from /usr/lib/libgstreamer-0.10.so.0
#5  0x200000000053d600 in gst_bin_get_by_interface ()
---Type <return> to continue, or q <return> to quit---
   from /usr/lib/libgstreamer-0.10.so.0
#6  0x400000000006d040 in bvw_update_interface_implementations (
    bvw=0x6000000000445370) at bacon-video-widget-gst-0.10.c:3755
#7  0x4000000000077310 in bacon_video_widget_new (width=-1, height=-1,
    type=BVW_USE_TYPE_VIDEO, err=0x60000fffffa47528)
    at bacon-video-widget-gst-0.10.c:4076
#8  0x400000000002da30 in video_widget_create (totem=0x60000000001f7800)
    at totem.c:3256
#9  0x4000000000037e90 in main (argc=2, argv=0x60000fffffa477e8)
    at totem.c:3524
(gdb)
Comment 1 Matthias Clasen 2006-02-08 19:35:21 UTC 
There was a ia64-specific  crasher bug in glib in rawhide for a short while. 
Its conceivable that you are seeing the same.

Can you still reproduce with current rawhide ?
Comment 2 Émeric Maschino 2006-02-08 20:26:11 UTC 
Sure, I'll do. However, I'll wait until "the massive rebuild" is complete before
installing the updated packages.
Comment 3 Émeric Maschino 2006-02-09 22:45:15 UTC 
totem still crashes with today's Rawhide but the stacktrace is different. From gdb:

(gdb) run --g-fatal-warnings
Starting program: /usr/bin/totem --g-fatal-warnings
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xa000000000000000
[Thread debugging using libthread_db enabled]
[New Thread 2305843009258893328 (LWP 3668)]
[New Thread 2305843009375842928 (LWP 3671)]
[New Thread 2305843009387098736 (LWP 3672)]
[New Thread 2305843009397584496 (LWP 3673)]
Detaching after fork from child process 3674.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009258893328 (LWP 3668)]
0x200000000184b8f1 in IA__g_type_check_instance_is_a (type_instance=Variable
"type_instance" is not available.
)
    at gtype.c:2692
2692      if (/* support_inheritance && */
(gdb) thread apply all bt

Thread 4 (Thread 2305843009397584496 (LWP 3673)):
#0  <signal handler called>
#1  0x0000000000006c62 in ?? ()
#2  0x6e6520636e797360 in ?? ()
#3  0x0000000000000000 in ?? ()

Thread 3 (Thread 2305843009387098736 (LWP 3672)):
#0  <signal handler called>
Cannot access memory at address 0x128

Thread 2 (Thread 2305843009375842928 (LWP 3671)):
#0  <signal handler called>
#1  0x0009804c8a746330 in ?? ()

Thread 1 (Thread 2305843009258893328 (LWP 3668)):
#0  0x200000000184b8f1 in IA__g_type_check_instance_is_a (type_instance=Variable
"type_instance" is not available.
)
    at gtype.c:2692
#1  0x200000000053b2f0 in compare_interface ()
   from /usr/lib/libgstreamer-0.10.so.0
#2  0x200000000057f1c0 in find_custom_fold_func ()
   from /usr/lib/libgstreamer-0.10.so.0
#3  0x200000000057fb80 in gst_iterator_fold ()
   from /usr/lib/libgstreamer-0.10.so.0
---Type <return> to continue, or q <return> to quit---
#4  0x200000000057fc50 in gst_iterator_find_custom ()
   from /usr/lib/libgstreamer-0.10.so.0
#5  0x200000000053d600 in gst_bin_get_by_interface ()
   from /usr/lib/libgstreamer-0.10.so.0
#6  0x400000000006d040 in bvw_update_interface_implementations (
    bvw=0x6000000000444b70) at bacon-video-widget-gst-0.10.c:3755
#7  0x4000000000077310 in bacon_video_widget_new (width=-1, height=-1,
    type=BVW_USE_TYPE_VIDEO, err=0x60000fffffd77528)
    at bacon-video-widget-gst-0.10.c:4076
#8  0x400000000002da30 in video_widget_create (totem=0x60000000001f7600)
    at totem.c:3256
#9  0x4000000000037e90 in main (argc=2, argv=0x60000fffffd777e8)
    at totem.c:3524
(gdb)

This is with glib-1.2.10-18.2.1 and glib2-2.9.5-1.1
Comment 4 Matthias Clasen 2006-02-21 18:28:15 UTC 
Moving to FC6Target, since we don't ship ia64 for FC5, and this seems to be
ia64-specific.
Comment 5 Émeric Maschino 2006-04-02 10:49:07 UTC 
Created attachment 127200 [details]
totem 1.4.0-2 crash
Comment 6 Émeric Maschino 2006-04-02 10:52:24 UTC 
Brand new totem 1.4.0-2 still crashes at startup. It seems there's something
wrong with glib2 (this is with glib2-2.10.1-1). See attachment 127200 [details] for the
callstack.
Comment 7 John Thacker 2006-04-23 15:50:42 UTC 
Any changes with glib2-2.10.2-1.fc5.1 and other updates since then?
Comment 8 Émeric Maschino 2006-05-16 20:09:07 UTC 
(In reply to comment #7)
> Any changes with glib2-2.10.2-1.fc5.1 and other updates since then?

Unfortunately, still the same issue with glib-1.2.10-18.2.2 and glib2-2.11.1-1.
This is with totem-1.4.0-2. The callstack looks the same as attachment 127200 [details]:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009260105120 (LWP 4127)]
0x2000000001746651 in IA__g_type_check_instance_is_a (type_instance=Variable
"type_instance" is not available.
)
    at gtype.c:2717
2717      if (/* support_inheritance && */
Comment 9 John (J5) Palmieri 2006-05-16 20:15:28 UTC 
Bastien,

Are you aware of any totem issues on IA64?  Totem works fine for me on x86_64
and i386.
Comment 10 Bastien Nocera 2006-05-17 10:40:25 UTC 
No, no known issues, we don't get that many people (euphemism) using Totem on
ia64 machines. This looks GStreamer- or glib-related.
It crashes doing:
  /* We try to get an element supporting XOverlay interface */
  if (GST_IS_BIN (video_sink)) {
    GST_DEBUG ("Retrieving xoverlay from bin ...");
    element = gst_bin_get_by_interface (GST_BIN (video_sink),
                                        GST_TYPE_X_OVERLAY);
  } else {
    element = video_sink;
  }

Which is pretty bizarre...
Comment 11 Matthias Clasen 2006-07-06 21:50:30 UTC 
Add to FC6Destop tracker
Comment 12 Tim-Philipp Müller 2006-07-07 15:46:41 UTC 
It appears gst_bin_get_by_interface() was using GINT_TO_POINTER and
GPOINTER_TO_INT to pass the interface GType around internally. If I'm not
mistaken that might result in the top 4-bytes of the GType being chopped off
when doing GPOINTER_TO_INT, since it probably does (gint) (glong) pointer or so
on ia64, no? 

Any chance this might be the cause of this crash?
Comment 13 Matthias Clasen 2006-07-22 14:16:31 UTC 
Looks likely. 

Here is the change:
http://webcvs.freedesktop.org/gstreamer/gstreamer/gst/gstbin.c?r1=1.335&r2=1.336
Comment 14 John (J5) Palmieri 2006-07-22 19:19:25 UTC 
can you try with the new gstreamer in rawhide? Thanks.
Comment 15 Émeric Maschino 2006-07-22 20:06:56 UTC 
Good news: totem is now working fine! Good job girls and guys. In my opinion,
this bug can be closed. Many thanks!