Bug 249278 - Ryhthmbox crashed due to NULL pointer dereference
Ryhthmbox crashed due to NULL pointer dereference
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: rhythmbox (Show other bugs)
6
All Linux
low Severity low
: ---
: ---
Assigned To: Bastien Nocera
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-23 10:36 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 0.10.1-1.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-21 06:59:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-07-23 10:36:53 EDT
Description of problem:

I found a croe file from the dead rhythmbox. I do not know what were the
circumstances of the crash, so I am not able to reproduce it. I open this
bug just in case it might be obvious to someone with X11 programming skills
to see what went wrong.

Feel free to close in case there's not enough information. I might attach
the core file as well (as private attachment).

Version-Release number of selected component (if applicable):

rhythmbox-0.9.8-2.fc6

Actual results:

Core was generated by `rhythmbox'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002aaabca5ee06 in gst_ximagesink_event_thread (ximagesink=0x10bf220) at
ximagesink.c:957
957         while (XCheckWindowEvent (ximagesink->xcontext->disp,
(gdb) l
952
953       {
954         gboolean exposed = FALSE;
955
956         g_mutex_lock (ximagesink->x_lock);
957         while (XCheckWindowEvent (ximagesink->xcontext->disp,
958                 ximagesink->xwindow->win, ExposureMask, &e)) {
959           g_mutex_unlock (ximagesink->x_lock);
960
961           switch (e.type) {
(gdb) print ximagesink->xcontext
$3 = (GstXContext *) 0x0
(gdb) 

Additional info:

(gdb) bt
#0  0x00002aaabca5ee06 in gst_ximagesink_event_thread (ximagesink=0x10bf220) at
ximagesink.c:957
#1  0x0000003fac2490f4 in g_thread_create_proxy (data=0x15bdaf0) at gthread.c:591
#2  0x0000003a96806305 in start_thread () from /lib64/libpthread.so.0
#3  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#4  0x0000000000000000 in ?? ()
(gdb)
Comment 1 Bastien Nocera 2007-07-24 04:54:37 EDT
0.9.8 doesn't have any visualisation support, so I'm not sure where that
imagesink comes from. Could you get backtraces from the other threads as well
please ("bt apply all threads")?
Comment 2 Lubomir Kundrak 2007-07-24 05:32:54 EDT
Sure. Here's it:

(gdb) thread apply all bt

Thread 8 (process 6038):
#0  0x0000003a96807585 in pthread_join (threadid=1084229952,
thread_return=0x7fffa9fd64d0) at pthread_join.c:89
#1  0x0000003faf001ef1 in g_thread_join_posix_impl (thread=<value optimized
out>) at gthread-posix.c:385
#2  0x0000003fac248d0a in IA__g_thread_join (thread=0x15bdaf0) at gthread.c:656
#3  0x00002aaabca5d56d in gst_ximagesink_change_state (element=<value optimized
out>, transition=<value optimized out>) at ximagesink.c:1205
#4  0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstelement.c:2234
#5  0x00000038db23697f in gst_element_set_state_func (element=0x10bf220,
state=GST_STATE_NULL) at gstelement.c:2195
#6  0x00000038db22935f in gst_bin_change_state_func (element=0xc92df0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstbin.c:1760
#7  0x00002aaabc646a9a in gst_auto_video_sink_get_type () from
/usr/lib64/gstreamer-0.10/libgstautodetect.so
#8  0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstelement.c:2234
#9  0x00000038db23697f in gst_element_set_state_func (element=0xc92df0,
state=GST_STATE_NULL) at gstelement.c:2195
#10 0x00000038db22935f in gst_bin_change_state_func (element=0xa68bd0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstbin.c:1760
#11 0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstelement.c:2234
#12 0x00000038db23697f in gst_element_set_state_func (element=0xa68bd0,
state=GST_STATE_NULL) at gstelement.c:2195
#13 0x00000038db22935f in gst_bin_change_state_func (element=0x127c000,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstbin.c:1760
#14 0x00002aaabc219c97 in gst_gconf_video_sink_get_type () from
/usr/lib64/gstreamer-0.10/libgstgconfelements.so
#15 0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstelement.c:2234
#16 0x00000038db23697f in gst_element_set_state_func (element=0x127c000,
state=GST_STATE_NULL) at gstelement.c:2195
#17 0x00000038db22935f in gst_bin_change_state_func (element=0xa68690,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstbin.c:1760
#18 0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_READY_TO_NULL) at gstelement.c:2234
#19 0x00000038db23697f in gst_element_set_state_func (element=0xa68690,
state=GST_STATE_NULL) at gstelement.c:2195
#20 0x00002aaabc005219 in remove_sinks (play_bin=0xd62150) at gstplaybin.c:1272
#21 0x00002aaabc007648 in gst_play_bin_change_state (element=<value optimized
out>, transition=GST_STATE_CHANGE_PAUSED_TO_READY) at gstplaybin.c:1862
#22 0x00000038db233d67 in gst_element_change_state (element=0x40a009d0,
transition=GST_STATE_CHANGE_PAUSED_TO_READY) at gstelement.c:2234
#23 0x00000038db233e44 in gst_element_change_state (element=0xd62150,
transition=GST_STATE_CHANGE_PLAYING_TO_PAUSED) at gstelement.c:2267
#24 0x00000038db23697f in gst_element_set_state_func (element=0xd62150,
state=GST_STATE_NULL) at gstelement.c:2195
#25 0x00000034d5837e6d in rb_player_gst_close (player=<value optimized out>,
error=0x7fffa9fd6e28) at rb-player-gst.c:932
#26 0x00000034d5838828 in rb_player_gst_open (player=0x9e6550, 
    uri=0x1203760
"file:///home/lkundrak/music/rainbow/Stranger%20in%20us%20all/Ritchie%20Blackmore%3Fs%20Raimbow%20-%20Stranger%20in%20us%20all%20-%2005%20-%20Ariel.mp3",
error=0x7fffa9fd6e28) at rb-player-gst.c:807
#27 0x000000000042a93c in rb_shell_player_set_playing_entry (player=0xa68000,
entry=0x2aaab41ff5b0, out_of_order=<value optimized out>, 
    error=0x7fffa9fd6ea8) at rb-shell-player.c:1188
#28 0x000000000042b285 in rb_shell_player_do_next (player=0xa68000,
error=0x7fffa9fd6ea8) at rb-shell-player.c:1687
#29 0x000000000042b57c in rb_shell_player_handle_eos (player=0xa68000) at
rb-shell-player.c:635
#30 0x0000003fac60af19 in IA__g_closure_invoke (closure=0x9dece0,
return_value=0x0, n_param_values=1, param_values=0x7fffa9fd7170, 
    invocation_hint=0x7fffa9fd7030) at gclosure.c:490
#31 0x0000003fac61a788 in signal_emit_unlocked_R (node=0x9e3860, detail=0,
instance=0x9e6550, emission_return=0x0, instance_and_params=0x7fffa9fd7170)
    at gsignal.c:2440
#32 0x0000003fac61bbd4 in IA__g_signal_emit_valist (instance=0x9e6550,
signal_id=<value optimized out>, detail=0, var_args=0x7fffa9fd73f0) at
gsignal.c:2199
#33 0x0000003fac61bda3 in IA__g_signal_emit (instance=0x40a009d0, signal_id=0,
detail=12451) at gsignal.c:2243
#34 0x00000034d58381e8 in rb_player_gst_bus_cb (bus=<value optimized out>,
message=0x133bb30, mp=0x9e6550) at rb-player-gst.c:526
#35 0x00000038db22b7cf in gst_bus_source_dispatch (source=0x11895e0,
callback=0x34d5837f30 <rb_player_gst_bus_cb>, user_data=0x9e6550) at gstbus.c:634
#36 0x0000003fac22cf64 in IA__g_main_context_dispatch (context=0x969570) at
gmain.c:2045
#37 0x0000003fac22fd9d in g_main_context_iterate (context=0x969570, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2677
#38 0x0000003fac2300aa in IA__g_main_loop_run (loop=0xc8bd60) at gmain.c:2881
#39 0x00000038d852cf63 in ?? ()
#40 0x00000038d8411310 in ?? ()
#41 0x0000000000caf2c0 in ?? ()
#42 0x0000000000000001 in ?? ()
#43 0x0000003a958123a2 in _dl_runtime_resolve () from /lib64/ld-linux-x86-64.so.2
---Type <return> to continue, or q <return> to quit---
#44 0x000000000041f9b3 in main (argc=1, argv=0x7fffa9fd7848) at main.c:383

Thread 7 (process 6061):
#0  0x0000003a9680a607 in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x0000003faf0024d0 in g_cond_timed_wait_posix_impl (cond=0x11f0294,
entered_mutex=0x41401060, abs_time=<value optimized out>) at gthread-posix.c:242
#2  0x0000003fac211203 in g_async_queue_pop_intern_unlocked (queue=0x9ece50,
try=<value optimized out>, end_time=0x41401060) at gasyncqueue.c:341
#3  0x0000003fac211311 in IA__g_async_queue_timed_pop (queue=0x9ece50,
end_time=0x41401060) at gasyncqueue.c:467
#4  0x000000000045e97d in action_thread_main (db=0x964380) at rhythmdb.c:2033
#5  0x0000003fac2490f4 in g_thread_create_proxy (data=0x127aa00) at gthread.c:591
#6  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#7  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#8  0x0000000000000000 in ?? ()

Thread 6 (process 6081):
#0  0x0000003a9680a607 in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x0000003faf0024d0 in g_cond_timed_wait_posix_impl (cond=0x2aaab461ae54,
entered_mutex=0x3fac49d428, abs_time=<value optimized out>)
    at gthread-posix.c:242
#2  0x0000003fac211203 in g_async_queue_pop_intern_unlocked (queue=0x1068a30,
try=<value optimized out>, end_time=0x41e02070) at gasyncqueue.c:341
#3  0x0000003fac24ac35 in g_thread_pool_thread_proxy (data=<value optimized
out>) at gthreadpool.c:220
#4  0x0000003fac2490f4 in g_thread_create_proxy (data=0x1066a80) at gthread.c:591
#5  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#6  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 5 (process 6082):
#0  0x0000003a9680a607 in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x0000003faf0024d0 in g_cond_timed_wait_posix_impl (cond=0x2aaab461ae54,
entered_mutex=0x3fac49d428, abs_time=<value optimized out>)
    at gthread-posix.c:242
#2  0x0000003fac211203 in g_async_queue_pop_intern_unlocked (queue=0x1068a30,
try=<value optimized out>, end_time=0x42803070) at gasyncqueue.c:341
#3  0x0000003fac24ac35 in g_thread_pool_thread_proxy (data=<value optimized
out>) at gthreadpool.c:220
#4  0x0000003fac2490f4 in g_thread_create_proxy (data=0x1063f50) at gthread.c:591
#5  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#6  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 4 (process 6083):
#0  0x0000003a9680a607 in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x0000003faf0024d0 in g_cond_timed_wait_posix_impl (cond=0x2aaab461ae54,
entered_mutex=0x3fac49d428, abs_time=<value optimized out>)
    at gthread-posix.c:242
#2  0x0000003fac211203 in g_async_queue_pop_intern_unlocked (queue=0x1068a30,
try=<value optimized out>, end_time=0x43c05070) at gasyncqueue.c:341
#3  0x0000003fac24ac35 in g_thread_pool_thread_proxy (data=<value optimized
out>) at gthreadpool.c:220
#4  0x0000003fac2490f4 in g_thread_create_proxy (data=0x1066eb0) at gthread.c:591
#5  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#6  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 3 (process 6084):
#0  0x0000003a9680a607 in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x0000003faf0024d0 in g_cond_timed_wait_posix_impl (cond=0x2aaab461ae54,
entered_mutex=0x3fac49d428, abs_time=<value optimized out>)
    at gthread-posix.c:242
#2  0x0000003fac211203 in g_async_queue_pop_intern_unlocked (queue=0x1068a30,
try=<value optimized out>, end_time=0x44606070) at gasyncqueue.c:341
---Type <return> to continue, or q <return> to quit---
#3  0x0000003fac24ac35 in g_thread_pool_thread_proxy (data=<value optimized
out>) at gthreadpool.c:220
#4  0x0000003fac2490f4 in g_thread_create_proxy (data=0x1066f90) at gthread.c:591
#5  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#6  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 2 (process 12452):
#0  0x0000003a9680a416 in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1  0x00000038db25afb8 in gst_system_clock_async_thread (clock=0xc925b0) at
gstsystemclock.c:258
#2  0x0000003fac2490f4 in g_thread_create_proxy (data=0x12882f0) at gthread.c:591
#3  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#4  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#5  0x0000000000000000 in ?? ()

Thread 1 (process 12451):
#0  0x00002aaabca5ee06 in gst_ximagesink_event_thread (ximagesink=0x10bf220) at
ximagesink.c:957
#1  0x0000003fac2490f4 in g_thread_create_proxy (data=0x15bdaf0) at gthread.c:591
#2  0x0000003a96806305 in start_thread (arg=<value optimized out>) at
pthread_create.c:296
#3  0x0000003a95ccd50d in clone () from /lib64/libc.so.6
#4  0x0000000000000000 in ?? ()
(gdb) 
Comment 3 Bastien Nocera 2007-07-27 10:05:45 EDT
0.9.8 has (very old) visualisations support. I'll try to update to the latest
stable version in FC6 when I get back from holidays.
Comment 4 Bastien Nocera 2007-08-21 06:19:18 EDT
rhythmbox-0.10.1-1.fc6 pushed to FC6 updates-testing.
Comment 5 Lubomir Kundrak 2007-09-21 06:59:49 EDT
dist-fc6-updates        rhythmbox-0.10.1-1.fc6                   
dist-fc6-updates      bnocera

I see this in FC6. I assume this is fixed. Thanks, Bastien, I'm closing this.
Comment 6 Bastien Nocera 2007-09-21 07:04:50 EDT
I hope so, you tell me :)

Note You need to log in before you can comment on or make changes to this bug.