Bug 81707 - (NPTL kernel) XMMS missing file crash in libmpg123
(NPTL kernel) XMMS missing file crash in libmpg123
Status: CLOSED UPSTREAM
Product: Red Hat Public Beta
Classification: Retired
Component: glibc (Show other bugs)
phoebe
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-01-12 22:53 EST by Warren Togami
Modified: 2016-11-24 10:26 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-31 04:08:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Warren Togami 2003-01-12 22:53:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021218

Description of problem:
http://bugs.xmms.org/show_bug.cgi?id=1160
Upstream Bug Report

https://listman.redhat.com/pipermail/phoebe-list/2003-January/001129.html
Described here

XMMS seems to crash with the following message when you have a file in 
the playlist that no longer exists on the filesystem.  I suspect this may be a
NPTL related bug, or XMMS itself should be fixed.

read(3, "\1\1O\f\0\0\0\0h\0 \2\0\0\0\0\0\0\0\0\0\0\0\0\300\210\270"..., 
32) = 32brk(0)                                  = 0x8212000
brk(0x8213000)                          = 0x8213000
mmap2(NULL, 8388608, PROT_READ|PROT_WRITE|PROT_EXEC, 
MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4212a000
mprotect(0x4212a000, 4096, PROT_NONE)   = 0
clone(child_stack=0x42929930, 
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|0x790000) = 3006
write(3, ">\0\7\0\360\0 \2f\0 \2s\0 \2\27\0\0\0\'\0X\0\27\0\22\0"..., 
48) = 48
read(3, 0xbffff280, 32)                 = -1 EAGAIN (Resource 
temporarily unavailable)
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
read(3, "\1\1R\f\0\0\0\0h\0 \2\0\0\0\0\0\0\0\0\0\0\0\0\300\210\270"..., 
32) = 32futex(0x42929fb8, FUTEX_WAIT, 3006, NULL
Segmentation fault

You've probably found a bug in XMMS, please visit
http://bugs.xmms.org and fill out a bug report.

) = 0


When running the following kernel and glibc versions, this problem occurs
consistently.
kernel-2.4.20-2.2
kernel-2.4.20-2.11
glibc-2.3.1-21
glibc-2.3.1-32

When running kernel-2.4.18-19.8.0 from Red Hat 8.0, XMMS does not crash.

How reproducible:
Always

Steps to Reproduce:
1. Run NPTL kernel and glibc (Phoebe and Rawhide 1/11/2003)

Actual Results:  
XMMS crashes when you attempt to play a file that doesn't exist.

Expected Results:  
XMMS shouldn't crash.
Comment 1 Jakub Jelinek 2003-01-14 09:23:42 EST
Cannot reproduce.
glibc-2.3.1-34, kernel-2.4.20-2.14, xmms-1.2.7-16.p.
Comment 2 Warren Togami 2003-01-14 17:53:15 EST
Upgraded to the following:
glibc-2.3.1-35
kernel-2.4.20-2.15

I can still reproduce the XMMS crash.  Very similar strace as above.
What system do you have?  This is on an Athlon laptop.  I will test on other
systems within the next few days.
Comment 3 Nathan G. Grennan 2003-01-22 10:03:30 EST
Still see this with phoebe2 and glibc-2.3.1-38. Goes away if you use export
LD_ASSUME_KERNEL=2.2.5 or downgrade to 2.4.18-19.8.0. LD_ASSUME_KERNEL seems to
be the incompatiblity fix all for me lately. I have been able to get Crossover
Plugin and the Nvidia binary only driver working by using it.
Comment 4 Jakub Jelinek 2003-01-22 10:09:55 EST
Can you please download ftp://people.redhat.com/jakub/glibc/2.3.1-38/*debuginfo*
install it (and make sure you have latest rawhide gdb), then run xmms
under gdb and see where it crashes (ie. at least bt, i reg, l)?
Comment 5 Warren Togami 2003-01-23 00:35:33 EST
Need any other info?

[warren@laptop warren]$ rpm -qa |grep glibc
glibc-debuginfo-2.3.1-38
glibc-devel-2.3.1-38
glibc-2.3.1-38
glibc-debuginfo-common-2.3.1-38
glibc-common-2.3.1-38
[warren@laptop warren]$ rpm -qa |grep gdb-
gdb-5.3post-0.20021129.7


[warren@laptop warren]$ gdb xmms
GNU gdb Red Hat Linux (5.3post-0.20021129.7rh)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)...
(gdb) run
Starting program: /usr/bin/xmms
[New Thread 1077057536 (LWP 25838)]
[New Thread 1088318784 (LWP 25839)]
[New Thread 1101565248 (LWP 25842)]
[New Thread 1116904768 (LWP 25843)]
 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1116904768 (LWP 25843)]
0x4002fe6b in pthread_join (threadid=0x0, thread_return=0x0)
    at pthread_join.c:48
48      pthread_join.c: No such file or directory.
        in pthread_join.c

[warren@laptop warren]$ LD_ASSUME_KERNEL=2.2.5 gdb xmms
GNU gdb Red Hat Linux (5.3post-0.20021129.7rh)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)...
(gdb) run
Starting program: /usr/bin/xmms
[New Thread 16384 (LWP 25830)]
[New Thread 32769 (LWP 25831)]
[New Thread 16386 (LWP 25832)]
[New Thread 32771 (LWP 25835)]
[New Thread 49156 (LWP 25836)]
[Thread 49156 (LWP 25836) exited]
 
Program received signal SIGHUP, Hangup.
[Switching to Thread 32771 (LWP 25835)]
0x40037206 in __libc_nanosleep () at __libc_nanosleep:-1
-1      __libc_nanosleep: No such file or directory.
        in __libc_nanosleep
Comment 6 Jakub Jelinek 2003-01-27 08:21:40 EST
Can you please with NPTL libpthread (ie. without LD_ASSUME_KERNEL=2.2.5), do,
after you get it to segfault:
i reg
bt
If the application or some library really calls pthread_join with 0 as
first argument, then that is a bug.
Comment 7 Warren Togami 2003-01-31 04:08:32 EST
Starting program: /usr/bin/xmms
(no debugging symbols found)...[New Thread 1077102592 (LWP 15162)]
[New Thread 1088355648 (LWP 15163)]
[New Thread 1101528384 (LWP 15166)]
[New Thread 1116904768 (LWP 15167)]
 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1116904768 (LWP 15167)]
0x4003ae6b in pthread_join (threadid=0x0, thread_return=0x0)
    at pthread_join.c:48
48      pthread_join.c: No such file or directory.
        in pthread_join.c
(gdb) i reg
eax            0x0      0
ecx            0x2      2
edx            0x0      0
ebx            0x40040c84       1074007172
esp            0x4292974c       0x4292974c
ebp            0x429297a4       0x429297a4
esi            0x1      1
edi            0x411bf018       1092349976
eip            0x4003ae6b       0x4003ae6b
eflags         0x10246  66118
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x33     51
(gdb) bt
#0  0x4003ae6b in pthread_join (threadid=0x0, thread_return=0x0)
    at pthread_join.c:48
#1  0x411b6422 in mpg123_http_close () from /usr/lib/xmms/Input/libmpg123.so
#2  0x411a6ef5 in mpg123_stream_close () from /usr/lib/xmms/Input/libmpg123.so
#3  0x411a0ad5 in get_iplugin_info () from /usr/lib/xmms/Input/libmpg123.so
#4  0x4003a1ff in start_thread (arg=0x42929d40) at pthread_create.c:213

Tested the same thing with an OGG file, it doesn't crash.  This seems to be
isolated to the MP3 plugin upstream that Red Hat cannot ship anymore?  I guess
this means this report is closed.

Reporting findings upstream:
http://bugs.xmms.org/show_bug.cgi?id=1160
Comment 8 Warren Togami 2003-02-06 04:08:57 EST
Upstream made a patch to libmpg123 that seems to fix the problem.

Until I make a package, here's my test build.
http://videl.ics.hawaii.edu/~warren/temp/libmpg123.so

Note You need to log in before you can comment on or make changes to this bug.